Estonia, Microsoft Plan World’s First E-Embassy—Sorry, No Virtual Passport Office Staffed by Pokemon


Estonia—the Eastern European country that brought e-citizenship to folks who had never lived there—is considering launching an e-embassy in Luxembourg, according to an Estonian government and Microsoft Corp. report.

The world’s first Virtual Data Embassy would create a storehouse on servers located in Luxembourg for Estonian government data. Folks needing real-world help won’t be able to visit the new Virtual Data Embassy, but it would make Estonian government data accessible to NATO and other European Union  countries. It will also allow Estonia to continue providing core government services if its servers at home are down.

Given how much activity in the country is conducted online—including 98 percent of bank transactions—the preservation of data is particularly important in Estonia, the report said. A government cloud policy determined that Estonia need a physical embassy for data in a friendly foreign country, and a virtual embassy for data in a privately-owned public cloud.

Of particular importance are the legal protections that a Virtual Data Embassy would have, because the project “relies on the ability of citizens to trust the security and privacy of such embassies.” Third-party auditors could review the storage of Estonian data abroad to verify cloud security measures, including the use of encryption, regular data backup, and access limitations, the report said. Auditors could also ensure that EU privacy standards are maintained before any data was transferred from the virtual embassy to countries outside the bloc. 

The report found that there are no legal barriers in Estonian law to prevent moving government data to the cloud, but legal changes may be needed to ensure faster adoption of cloud computing. The crucial legal challenge is that the concept of a Virtual Data Embassy hasn’t been tested under international law, but international law could protect the data from compelled disclosure, the report found.

The Estonian Ministry of Economic Affairs and Communications partnered with Microsoft to rethink the way the government stores data and continue its operations in times of crisis or war. Although the report was commissioned with Estonia’s particular history and circumstances in mind, the ideas in the report could apply to any government that wants to back itself up in the cloud.

Estonia, which suffered a suspected Russian cyberattack in 2007 on its government, media, and bank websites after it re-located a Soviet-era monument, has been backing up critical data on servers outside the country for nearly a decade.

“Estonia must be able to continue to function as a government, and as a people, even in the direst of scenarios, including the loss of our territory,” the report says. 

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.