Sat. Jun 25th, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    ru flag
    es flag

    Content Assessment: Data Embassies - Sovereignty, Security, and Continuity for Nation-States

    Information - 97%
    Insight - 96%
    Relevance - 95%
    Objectivity - 96%
    Authority - 92%

    95%

    Excellent

    A short percentage-based assessment of the qualitative benefit of the post highlighting the concept of data embassies through the lens of eight articles, agreements, and reports.

    Editor’s Note: Data embassies are an innovative approach to the digital continuity of nation-states as they serve as extensions of a nation-state’s cloud through state-owned server resources outside of the nation-state’s physical territorial boundaries. The data embassy approach is unique as nation-states historically have stored their information within their physical territorial boundaries. This recent approach provides the capability for a nation-state to host data and service resources in a secure data center outside its physical territorial borders and operate those resources in times of crisis ranging from large-scale cyberattacks to military invasions by hostile nation-states. This approach is also designed to provide sovereignty, security, and continuity for nation-states in situations where the operation of hosted data and service resources inside physical territorial boundaries is diminished, denied, or destroyed. By having an established data embassy, a nation-state can expatriate government-critical data and services to a diplomatically-secure location, enabling continuity of government with the protections of immunity and inviolability.

    Provided in this post is a non-all-inclusive compilation of informational articles, agreements, and reports that may be helpful for those seeking to learn more about the concept of data embassies and the sovereignty, security, and continuity implications of data embassies for cybersecurity, information governance, and legal discovery professionals.


    Extract from Wikipedia

    Data Embassy [1]

    What is a data embassy?

    A data embassy is a solution traditionally implemented by nation-states to ensure a country’s digital continuity with particular respect to critical databases. It consists of a set of servers that store one country’s data and are under that country’s jurisdiction while being located in another country.

    What is the purpose of a data embassy?

    Data embassies are regarded as a tool to ensure a government’s digital continuity, meaning the survival of critical databases to allow the continuation of government even in a situation where governing from within the country’s borders is no longer an option. Among threats that might lead to such situations are natural disasters, large-scale cyberattacks, and military invasion. In the worst-case scenario, a data embassy could enable the government to provide its digital services without the national territory under its control. This makes data embassies particularly attractive to countries that have already digitalized their most crucial databases and are situated in the vicinity of the aforementioned threat vectors. Additionally, data embassies can offer additional computing power for heightened server traffic, for example during election season or the period of electronic tax return filing.

    Read the complete article.


    Extract from Georgetown Security Studies Review by Nikolai F. Rice (October 10, 2019)

    Estonia’s Digital Embassies and the Concept of Sovereignty [2]

    In 2017, Estonia opened the world’s first “Data Embassy” in Luxembourg. Unlike a traditional embassy, this Data Embassy does not serve a diplomatic purpose. Rather, it is a cloud data center that backs up Estonian government institutions’ e-governance networks. The Data Embassy presents the first example of a country expatriating government-critical servers to a diplomatically-secure location. An experiment in sovereignty, governance security, and continuity of government, the Data Embassy is a backup for Estonia to reboot from if it ever loses its territorial independence.

    Estonia’s move to an expatriated cloud was not accomplished by partnering with a private entity, whose offices or infrastructure might be subject to the jurisdiction of another state. Instead, Estonia partnered with Luxembourg to create an entirely novel institution in international law. The Data Embassy is Estonian sovereign diplomatic territory within Luxembourg—no state, no company, no entity has the right to access its infrastructure or information without the Estonian government’s consent. A cyberattack against Microsoft or AWS cannot bring down Estonia’s e-governance cloud because Estonia’s e-governance cloud is managed by Estonia.

    Read the complete article.


    Extract from NBC News Article by Yuliya Talmazan

    Data Security Meets Diplomacy: Why Estonia is Storing its Data in Luxembourg [3]

    Estonia’s tech reliance has pushed the country’s leaders to take precautions that few other nations have had to consider. In 2007, Estonia suffered a series of crippling cyberattacks that shut down private and government websites. It blamed the attacks on Russia, but the Kremlin denied involvement.

    And when Russia annexed the Crimean Peninsula from Ukraine in 2014, the question of “data continuity” — should a military crisis develop — came to the forefront of public discourse.

    So, Estonia looked outside its borders to secure its data in the case of a military attack or other major emergency. Wanting full control and jurisdiction over its data, it opted for a so-called data embassy — no ambassadors or diplomatic missions attached.

    Unlike a conventional embassy, it would be nothing more than a room full of servers, storing data essential to keep the Estonian government and its core public services running should the country’s main servers get wiped out back home.

    Read the complete article.


    Abstract from Research by Nick Robinson and Laura Cast (2018)

    Applicability of the Vienna Convention: An Exploratory Analysis [4]

    The Vienna Convention has been long enshrined as the cornerstone of modern diplomacy. However, recent technological advances may have shifted this landscape, with international law requiring to adapt in the face of novel and unique challenges. Taking the case of the Estonian Data Embassy in Luxembourg, we assess the applicability of the Vienna Convention outside of the traditional diplomatic mission and within a government-operated data center. Evaluating the legal challenges and reinterpretations made by the Estonian government so far, this early analysis hopes to invigorate and advance discussions around the wider applicability of the Vienna Convention. Can similar diplomatic protections and inviolability be afforded to State data and information systems, or should such an international legal framework be updated to fit within a digital era?

    Read the complete paper.


    Parliament of Estonia Press Announcement (February 21. 2018)

    The Riigikogu Approved Establishing of Luxembourg Data Embassy [5]

    At today’s sitting, the Riigikogu (Parliament of Estonia) passed the Act on the Ratification of the Agreement between the Republic of Estonia and the Grand Duchy of Luxembourg on the Hosting of Data and Information Systems (563 SE), initiated by the Government.

    On the basis of the ratified Agreement, the data and critical databases relevant for ensuring the continuity of the Estonian state can be hosted in Luxembourg’s national data center. It will increase the security of the Estonian digital society and the quality of the hosting of data.

    The explanatory memorandum notes that Luxembourg has been chosen as a partner in the hosting of data and information systems because it has state-owned high-security data centers that have been certified at Tier 4 level. There are no such data centers in Estonia. Luxembourg is also ready to ensure the immunity of the Estonian data and information systems. Luxembourg is a digitally advanced society with whom it is possible to effectively cooperate in the field of digital services. Besides that, Luxembourg has very good data communication connections.

    “The data embassy” is a national cloud solution through which it is possible to host data and services and, if necessary, to operate them from a secure data center outside the territorial borders of the state. This will enable to ensure the functioning of the Estonian state also when the functioning of the data centers located on the territory of the country has stopped or is disturbed.

    The concept as a whole is novel, and, as far as is known, no such national system for hosting data have been taken into use yet. As the “data embassy” is not a diplomatic mission on which the same privileges and immunity are applied as on embassies, it was necessary to enter into an agreement. The Agreement determines the obligations and rights of both countries that are necessary to protect the integrity of the critical data and information systems of Estonia.

    It is an innovative solution in international relations, and the conclusion of this agreement also constitutes a precedent in international law.

    The Agreement was signed by the Prime Minister of Estonia Jüri Ratas and the Prime Minister of Luxembourg Xavier Bettel in Luxembourg on 20 June last year. The document had to be ratified by the parliaments of both countries. Now it has been ratified both by the Parliament of Luxembourg and the Riigikogu.

    Read the complete release.


    Microsoft Blog Article (December 17, 2017)

    Diplomatic Immunity for Data: Estonia Creates a Virtual Embassy [6]

    Article Extract

    What springs to mind when you think of an embassy? Grand buildings lining Avenue de Tervuren in Brussels, Massachusetts Avenue in Washington D.C., or dotted across Mayfair in London? Perhaps a black-tie reception? Probably not a line of server racks humming away in a data center.

    But just as the nature of statehood and sovereignty is undergoing profound change in the digital age, the concept of the embassy is evolving as well. And as with so many other aspects of digital transformation, Estonia is at the leading edge of this change. With no paper records for laws, the land registry, or other key national records, digital continuity is crucial for the Baltic state. That’s why next year they’ll open the world’s first data embassy in Luxembourg.

    Estonia is more aware than most countries of the importance of cybersecurity and digital continuity.
    In April 2007, the country was the victim of a cyberattack that shut down government, bank, and media websites. Crucial internet infrastructure ground to a halt — in a country with no paper backup.

    “Being close to Russia we know that we have to pay attention to cybersecurity,” says Taimar Peterkop, Director-General of the RIA, the Estonian Information System Authority. “All our digital services have to be secure to work — our resilience is built through not having all our data in only one or two sites.”

    Throughout the 20th century, diplomats from countries at war would board a steam train carrying a diplomatic pouch full of documents, seeking refuge in a sympathetic capital. In the 21st century, governments need to stay online as well.

    Read the complete article.


    Agreement Between Estonia and Luxembourg (June 20, 2017)

    Agreement Between the Republic of Estonia and the Grand Duchy of Luxembourg on the Hosting of Data and Information Systems [7]

    Complete Agreement (PDF)

    Luxembourg-Info-Agreement

     


    Extract and Complete Joint Report by Microsoft and Estonia (February 3, 2015)

    Implementation of the Virtual Data Embassy Solution [8]

    Summary Report of the Research Project on Public Cloud Usage for Government, Conducted by Estonian Ministry of Economic Affairs and Communications and Microsoft Corporation

    In 2013, the Estonian government began pursuing a Data Embassy Initiative, reflective of its innovative approach to e-government and of its need to ensure national digital continuity no matter what. Cloud computing, with its immense opportunities for resilience, security, and continuity in light of physical or cyber emergencies, was a potential solution. In September 2014, the Ministry of Economic Affairs and Communications, the Ministry of Justice (Center of Registers and Information Systems), and the Office of the President of Estonia agreed with Microsoft to work on a research project to assess the feasibility of the virtual aspects of the Data Embassy Initiative. In particular, the collaborative project tested how two separate government services – the official website of the President of Estonia and the Riigi Teataja, or electronic State Gazette – could be migrated and hosted on the Microsoft Azure cloud computing platform.

    In the following report, the project team summarizes its research, which took place over three months. It addresses the Estonian Virtual Data Embassy Solution, a key part of the Data Embassy Initiative. It also looks at the current Estonian government ICT architecture, for context, and describes the “data embassy” concept, the website migration process, and the verification testing that was conducted to ensure that the migration was successful and to assess the security and resilience of the cloud computing services.

    Particular focus was given to the potential legal protections of a Virtual Data Embassy, as the success of the initiative fundamentally relies on the ability of citizens to trust the security and privacy of such embassies. The latter naturally draws in at least three actors: the Estonian government, the cloud service provider, and the country wherein the cloud provider is headquartered. The technical outcomes are also outlined, i.e. storage, network, and compute architecture, with operational lessons, as well as security, identity, and data architecture findings set out. The report concludes with high-level recommendations, which could be applicable to any government, as they consider cloud computing to achieve their national objectives.

    Complete Report: Implementation of the Virtual Data Embassy Solution (PDF)

    Implementation-of-the-Virtual-Data-Embassy-Solution-Summary-Report

     


    References

    1. Wikipedia contributors. (2021, August 23). Data embassy. In Wikipedia, The Free Encyclopedia. Retrieved 11:31, February 9, 2022, from https://en.wikipedia.org/w/index.php?title=Data_embassy&oldid=1040202577
    2. Rice, N. F. (2019, October 10). Estonia’s digital embassies and the concept of sovereignty. Georgetown Security Studies Review. Retrieved February 9, 2022, from https://georgetownsecuritystudiesreview.org/2019/10/10/estonias-digital-embassies-and-the-concept-of-sovereignty/
    3. Talmazan, Y. (2019, June 25). Data Security Meets Diplomacy: Why Estonia is storing its data in Luxembourg. NBCNews.com. Retrieved February 9, 2022, from https://www.nbcnews.com/news/world/data-security-meets-diplomacy-why-estonia-storing-its-data-luxembourg-n1018171.
    4. Robinson, N., & Kask, L. (2018). (rep.). The Estonian Data Embassy and the Applicability of the Vienna Convention: An Exploratory Analysis. ICEGOV’19. Retrieved February 8, 2022, from https://www.academia.edu/38236565.
    5. Parliament of Estonia. (2018, March 21). The Riigikogu approved establishing of Luxembourg data embassy. Retrieved February 9, 2022, from https://www.riigikogu.ee/en/press-releases/plenary-assembly/riigikogu-approved-establishing-luxembourg-data-embassy/.
    6. Microsoft Corporation. (2017, December 17). Diplomatic Immunity for Data: Estonia Creates a Virtual Embassy. Retrieved February 9, 2022, from https://blogs.microsoft.com/eupolicy/2017/12/14/diplomatic-immunity-data-estonia-creates-virtual-embassy/.
    7. The Republic of Estonia and the Grand Duchy of Luxembourg. (2017, June 20). Agreement Between the Republic of Estonia and the Grand Duchy of Luxembourg on the Hosting of Data and Information Systems. Luxembourg.
    8. Estonian Ministry of Economic Affairs and Microsoft Corporation. (2015, February 3). Implementation of the Virtual Data Embassy Solution.

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    Early Lessons from the Cyber War: A New Microsoft Report on Defending Ukraine

    According to a new report from Microsoft, the Russian invasion relies...

    From Continuity to Culture? Preserving and Securing Ukrainian Public and Private Sector Data

    Highlighted by ComplexDiscovery prior to the start of the current Ukrainian...

    Considering Access Control Policy Models? Blockchain for Access Control Systems (NIST)

    As current information systems and network architectures evolve to be more...

    Friends in Low Places? The 2022 Data Breach Investigations Report from Verizon

    The 15th Annual Data Breach Investigations Report (DBIR) from Verizon looked...

    TCDI to Acquire Aon’s eDiscovery Practice

    According to TCDI Founder and CEO Bill Johnson, “For 30 years,...

    Smarsh to Acquire TeleMessage

    “As in many other service industries, mobile communication is ubiquitous in...

    A Milestone Quarter? DISCO Announces First Quarter 2022 Financial Results

    According to Kiwi Camara, Co-Founder and CEO of DISCO, “This quarter...

    New from Nuix? Macquarie Australia Conference 2022 Presentation and Trading Update

    From a rebalanced leadership team to three concurrent horizons to drive...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for June 2022

    From eDiscovery ecosystem players and pricing to data breach investigations and...

    Five Great Reads on Cyber, Data, and Legal Discovery for May 2022

    From eDiscovery pricing and buyers to cyberattacks and incident response, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for April 2022

    From cyber attack statistics and frameworks to eDiscovery investments and providers,...

    Five Great Reads on Cyber, Data, and Legal Discovery for March 2022

    From new privacy frameworks and disinformation to business confidence and the...

    Hot or Not? Summer 2022 eDiscovery Business Confidence Survey

    Since January 2016, 2,701 individual responses to twenty-six quarterly eDiscovery Business...

    Inflection or Deflection? An Aggregate Overview of Eight Semi-Annual eDiscovery Pricing Surveys

    Initiated in the winter of 2019 and conducted eight times with...

    Feeding the Frenzy? Summer 2022 eDiscovery Pricing Survey Results

    Initiated in the winter of 2019 and conducted eight times with...

    Surge or Splurge? Eighteen Observations on eDiscovery Business Confidence in the Spring of 2022

    In the spring of 2022, 63.5% of survey respondents felt that...