To the knowledge of President Toomas Hendrik Ilves, Estonia’s special security services have not been in cooperation with America’s NSA to make use of its PRISM programme total surveillance data.
Is Edward Snowden, the man who leaked confidential documents regarding the US total surveillance, a whistle-blower doing a service to the societies of USA and the West, or a traitor in the order of Herman Simm?
Neither. However, as a rule, whistleblowers do not flee. The most well-known case being that of Daniel Ellsberg who leaked New York Times the «Pentagon papers». He did not escape, but was sent to court and won. It is not yet totally clear for me whether a person who, after the act of leaking flees to Russia, is necessarily a whistleblower.
Do Estonian security agencies cooperate with NSA and use data collected via the PRISM programme?
To my knowledge not. I assume that should this be the case, the Estonian president would know. But I have not been told this is being done.
US embassy has not warned you of some documents coming from Mr Snowden regarding Estonia?
In seven years, I have never run into things like that. We know, of course, that there are criminal investigations involving the tapping of phones. But I have no information on total surveillance of internet content here.
Surely massive collection of data as performed by Facebook and other companies, as reported in certain places, is simply unlikely with Estonia.
Based on Mr Snowden’s revelations, USA has also monitored EU institutions. Causing a sharp reaction in Europe – can friends be snooped this way? Is that normal?
I do not consider that normal. I agree with the 18th century liberals that every human has the right to privacy which needs to be respected.
But I believe that in the field of economic espionage, for instance, many states spy about their friends. They do not consider it hostile activity, rather competition.
In my opinion, the occasional indignation by some politicians ought to be eased a bit. These past days, it has been in the news what Germany, France, the Brits are doing.
Would we all be lily white virgins, over here, the just indignation might be somewhat understandable. But it is very difficult to understand it, knowing how some large European states have acted in like manner.
Free trade talks are about to start between EU and USA. How do you hold such talks as the Americans will, all the while, know our positions?
I believe that should it become a hindrance, we will also be tapping in, in the opposite direction.
Does it not seem a bit hypocritical that, in words, Europe is against the US snooping; however, the man who revealed this is getting no asylum from Europe?
I have also heard wonderings why Estonia won’t grant asylum...
Rainer Nõlvak did, indeed, set forth the idea.
Why did Snowden go to Hong Kong? They had a weak extradition contract. In Russia, it is weaker still with the extradition business. European states, however, have agreements with the United States, that should the US so desire, he will be extradited. We also have an agreement.
What sense do the EU and Estonian data protection rules make if any hit on any keyboard may be stored in Utah deserts? Is it not ridiculous that we, at the same time, are debating whether it is wise to publish lists of school graduates in local newspapers?
That is a wider issue. For Europe, data protection law is the strictest in Germany. Estonia’s rules are somewhat lighter; even so, in Estonia, every citizen is the owner of his/her personal data.
In Germany, that is not totally the case anymore. There, your health data belongs to the doctor. You do not know what is happening with these. In this regard, Estonian law leads the way.
Malta’s president, while visiting Estonia, happened to mention that over there, health files are not electronic; rather these are stored on paper, every file bearing the warning: «Not to be shown to patient».
Our understanding of privacy has developed to the level where we no longer take the hermit stand: I will not communicate over the web, I will avoid modern technology. NSA, however, has been mainly collecting these same data that the people themselves have uploaded.
Why, for instance, do they produce free apps, downloaded without charge? Somebody is monetizing that and the data is being distributed. Facebook is free, but it is business. And it is you, yourself, who uploads the content.
I advise reading of the book Big Data: A Revolution That Will Transform How We Live, Work, and Think, written by Viktor Mayer-Schönberger and Kenneth Cukier. They provide numerous examples of how «Big Data» knows more about you than you do yourself.
They had one story of a company which has searched out products purchased by women during pregnancy. They received a phone call by an enraged father: why have you sent ads to my 16 years old daughter? The company thought they would need to apologise. Sorry it happened, the profile must not have been to the point.
The next day, it was the father’s turn to keep humble. He had just talked with the daughter, who – lo and behold – was pregnant indeed.
What then should be done?
We had a very fruitful meeting with the European cloud data processing council, thanks to that very NSA leakage. Earlier, there was no impetus to do anything of the kind in Europe, the vital services like Google, Amazon or Dropbox all mainly being US companies. They may be keeping their servers in Finland or Sweden – where it is nice and cold, the servers will not overheat. But it is all under US law.
Now, it is possible for us to start building our European cloud, under European law. In many European countries, data protection is stronger than in the States. Meaning that as we use the European cloud, NSA would not get the data.
Actually, it is not the problem of Big Brother, rather that of Little Sister. If you have a little sister then she will know all you do and she will be happy to let others know. Such «Big Data» exists anyway. Other things, like who is talking to whom, are rather secondary.
Such metadata does, however, say quite much about a person.
I would not be too paranoid. If indeed you are in constant telephone connection with a Mr Atta who dwells in Hamburg and intents to attack the twin towers, then I believe even Estonians would say it is good to know who this guy is communicating with.
Even in Estonia, standpoints greatly vary. The Internet community thinks the government must guarantee constitutional rights in the web – if US special services have been collecting Estonians’ private data, this is infringement of their rights. Tiit Pruuli, however, says that undemocratic means are also to be utilised in order to protect democracy. I do not know what they have been doing here, with there was a map published in the media with Estonia being in the lightest of colours – meaning we have been the least interesting.
Are we arriving at a place like Iran, everyone getting a state e-mail address?
That’s an interesting question. In Russia, for instance, the law has prescribed that all internet provider’s cables go via FSB. That’s the way it has been for a decade.
Which reminds me of a joke, with Vladimir Putin saying: why would I need Facebook, seeing we have our very own FSBook, with much more data.
We might take a look at what we have got: we are the only country in Europe enabling use if ID cards to send encrypted e-mails. This protection is almost impossible to crack – but, engaging all computers all at once, it will of course be achieved.
Do you personally use encrypted e-mail?
Yes, from time to time. If I want to communicate with another head of state in a sensitive matter, then I opt for this. It is easy: you insert the card and press «Encrypt». Sure: possibly a letter like that will go into a file of letters of priority interest. However, I doubt anybody takes too much of an interest in what I write with some state institution, back and forth.
You have your MacBook web camera still taped over?
Once when I shared that many laughed, Ilves looked real funny... But I did read an unbelievable article of a pervert hacker visiting women’s computers and filming them, then blackmailing the victims.
And the article made you tape the camera?
No, I would have taped it anyway. I just knew the theoretical option existed. Should you ever happen to have to communicate to special services folks, you will notice they have their computer cameras taped over. The article just being a striking example.
The issue not being just that you may be watched. You may also be listened to. A telephone is to be treated as a microphone. Visiting some local state institutions, mobile phones have to be handed in. Then there was the New York Times article on Snowden, saying that when he met his lawyers, he ordered them to stick their phones into the fridge – which works like a Faraday cage. They added that a steel Martini shaker would be better yet.
Also: whoever is watching you may not be NSA at all. We know, don’t we, what the [Rupert] Murdoch company did in England, for instance.
When correspondence of Hannes Rumm was discovered at the office of a political party, you criticised it sharply. President Lennart Meri, in his time, condemned secret recordings of talks of politicians. When British intelligence, however, stores the entire Internet traffic for three days – which is by far larger in scale – nobody seems too disturbed.
I do not know British law, their court guarantees etc. But is e-mails stolen from somebody are found in the office of a political party, this is forbidden. This must be avoided, completely.
What is weirder still, a publication of ours said that had they obtained that and had it contained anything interesting, they would surely have published that. So, we may conclude, their own correspondence would also been allowed to be published.
We are living in a new situation where all rules are not fully developed yet. An example being the DDoS attacks against Israel during the Palestinian rocket attacks. All over the world, they took to declaring their support to Palestinians and attacking Israeli sites. Israel then asked these people: do you know what this means? You are getting involved in the war.
Meaning cyber war?
Not necessarily. Americans said three years also, already, that in case of digital attacks, they may not respond in like manner.
Meaning kinetic means may be used to respond?
Well, I would not like to be the private citizen who thinks that now I’m going to spend some time attacking Israeli defence systems. I would think twice. This example serves to show us that we do not yet have common understanding what may or may not be done [in cyber space]. Therefore, for some, consequences may be awful.
Then, we may recall the internet attacks to harm the computers of the Saudi oil company Aramco.
Had somebody physically destroyed 30,000 computers of a Saudi Arabian oil company, a counteraction would have been ensured....
From global perspective, there was an even more dangerous example last fall, the attack against the US financial centre at Wall Street. It is believed to be Iranians, but no one knows for a fact. Should anybody succeed in deleting financial data, we would suffer all of us. Neither am I convinced the reaction would be too nice.
Some arks ought to never be opened.
With some arks, we may not even know what they may contain. However, there is one more thing that makes me worry. Estonia is member of the Internet freedom coalition, and some states for whom Internet freedom is not top priority – like Russia, China and others – wish to have more control over the Internet. We have always been resisting that. I personally having been among the most vocal in saying this ought not to be.
Now, however, the PRISM case has considerably weakened the Western states leverage speaking up for Internet freedom. Those who wish to take control over Internet will now say: see, you do likewise.
If states desiring to take control of the Internet start to press the case hard and other major powers, which stand for Internet freedom, are caught red handed themselves, Estonia as a small country will have a much more difficult time standing for Internet freedom.
You are painting a rather dark future...
Digital devices have developed to the level of all kinds of harm made possible, anywhere. I believe some day something really bad will happen. After which we will be forced to agree that certain thinks just won’t do – not on state level, at least.
It is almost impossible to remain totally anonymous over the Internet. Should you cause trouble there, often nobody bothers to monitor that. But once the trouble is big enough, they will tackle it and find out who did it.
Like Karl Ristikivi once said: «All that has ever been is still around, someplace.»