Text size




Defending personal freedom in cyberspace

Post by Jaan Priisalu, Deputy General of Estonian Information System's Authority at the Security Jam 2012:

Discussion here has focused narrowly on cyber defence. I want to expand discussion to ask how we can build secure, modern information socities.

This forum needs no convincing of the threat cyber attacks pose to our economies and strategic security. But they also threaten to undermine rights, privacy, and the conventional relationship state and citizen. Cybercrime groups, hacktivists, malicious state actors are a more clear and present danger to rights and civil liberties than any liberal democratic state in the last 60 years. For instance:

  • Website defacements and denial of service attacks weaken free speech.
  • Online bank fraud undermines property and ownership.
  • Data theft weakens privacy.

To protect citizens, governments will need to make them more responsible for their own security. This can include awareness campaigns and notifying users of infected computers, but it also requires a paradigm shift in some areas, including the ownership of data.

Consider the old model of citizens or consumers giving the government and companies their personal data: your data goes into a black box with almost no information about how it is being used. You just had to trust the government to have good privacy regulations and industry to follow them.

That model is now antiquated – technology allows us to share data widely, but also give citizens real ownership. Estonia’s e-health system is a good example. Estonians’ entire medical records are online, along with prescriptions. This is convenient and potentially life-saving (walk into any hospital in the country and they immediately know your allergies, blood type, etc.).

Understandably, Estonians are concerned about privacy. In addition to viewing their records online (and discovering potential errors), they can also restrict which nurses and doctors can access their file and retrieve a full log of who has looked at their information. In sum, Estonian’s medical data is more secure, more accurate, more private than any paper-based system could allow.

For governments everywhere to give citizens more security and control over their data, several steps would help:

  • Provide public services that give citizens more control over their data,
  • Implement secure national systems for authentication and digital signature. So far, the best solution is national ID cards with smart chips, though this is not the only alternative,
  • Give citizens a right to demand their personal data in machine-readable form from any private or public entity that has collected it,
  • Set standards for the privacy and security policies industry must follow.

Don’t just use technology to replicate offline processes online. Instead, find new ways of doing things that are both more secure and give citizens more control. This is just as important as expensive military capabilities or monitoring solutions for ensuring 21st century cybersecurity.

Added 20.03.2012

Back to page "News"