When is a government database actually safe?

How can data still be protected even when a government can’t access the servers that hold it? Taavi Kotka makes the case for “Data Embassies” as a backup for governments to use in times of emergency.

Both prior to and now thanks to Covid-19, we see governments rushing to digitalise their bureaucracies, both internally and with solutions facing the citizen/user. This is laudable, albeit long overdue, progress.

The question that all governments around the world must now ask themselves is: How do you protect your data if you can’t access the servers that hold your data?

If you, dear reader, are a smart cookie – and as you chose to read my column, I suspect you are – you hold a backup of the data you have on your home computer, such as family photos, important contracts or your birth certificate on a separate hard drive. Also, I don’t think I’m going out on a limb when I say that you probably use some sort of recovery system at your workplace as well. This system works well for individuals and organisations – but what about a country that contends with natural disasters more frequently than it would like? What about a nation state at risk of being attacked by a global superpower?

New problems require new solutions

I would argue that the best solution to this predicament is what we call a Data Embassy.

Put simply, the Data Embassy consists of a set of servers that store critical national databases outside of that nation’s territory. So far this sounds like just another cloud storage solution, but there’s one notable difference: just like with a traditional embassy, this server room enjoys diplomatic immunity (meaning the host nation can’t simply take over the premises) and the laws of the Data Embassy’s nation apply.

Following the (largely unsuccessful, but still remarkable) 2007 cyberattacks on its infrastructure, Estonia was the first country to implement this system as a safeguard against both digital and physical attacks on critical databases. In their first iterations, the aforementioned servers were simply stored inside some of Estonia’s traditional embassies around the world. This solution was sufficient in its aim to provide a secure environment for backups, however it created bottlenecks of its own. Because the physical embassy relies on the local ISP to maintain a stable internet connection – which in turn could easily be shut down by a well-prepared attacker.

The second Issue was that Estonia also sought to use its Data Embassy for additional computational power in situations of heightened traffic to government websites. One good example would be the first day that the Tax and Customs Board opens its portal for income tax declarations each year. Because it only takes three minutes on average to do, thousands of people do it on the day that portal opens, and this rush frequently pushed the servers of the tax authority to their very limits. This challenge, however, could not be solved by simply putting a few servers in a traditional embassy because the buildings were simply not made to house such extensive systems.

At this point you might be asking: „Okay then, why wouldn’t you use a trusted service provider, whether it’s AWS, Google or any other multinational?“ First of all, trust is an incredibly fluid thing and even if you find a service provider with security standards beyond reproach, that provider is also subject to laws which the national government could change at a moment’s notice.

“Island states threatened by climate change and countries located around geopolitical hotspots will see the Data Embassy as part of their strategy to ensure their survival”

Nonetheless, the Estonian government actually tested the idea of a Virtual Data Embassy with Microsoft – and while the solution was found to be technically workable, the legal questions were too complex to be solved within that project’s scope. After all, most countries’ legislations simply don’t allow for national databases to exist outside of their own borders. This is a logical step to prevent data leaks but further complicates the use of third-party providers.

As a result of these obstacles, Estonia turned its attention toward a slightly different direction. The government decided to rent a server room in a Level 4 data centre in Luxembourg and signed an agreement with the Luxembourgish government to ensure the diplomatic immunity of that server room.

This means that the host country can’t simply enter and that Estonian law applies on those premises. Thanks to this solution, Estonia is now better prepared than most other countries in the world because its services, its infrastructure and most importantly its datasets will continue to exist regardless of military invasion, environmental catastrophes, or extended power cuts.

Data Embassies are not a “luxury option”

The truth is that both big corporations and nation states wield a great amount of power through the nature of the datasets in their possession alone and as such they have to worry about threat vectors from every angle.

This means that we have to move to a more agile risk management model which addresses those threats. Some of them can be mitigated through software, others by teaching cyber hygiene skills to users and employees alike.

But at the end of the day, I would argue that Data Embassies represent the nuclear option – the ultimate failsafe for when things go south.

It is not a luxury that many countries will be able to forego; island states threatened by climate change and countries located around geopolitical hotspots will see the Data Embassy as part of their strategy to ensure their survival.

I sincerely hope that no country will ever have to use its Data Embassy for the reasons mentioned above. Still, knowing that the Data Embassy is at your disposal provides peace of mind like very few other things on earth.

By Taavi Kotka, Former CIO of Estonia and Founder of Proud Engineers

Register for free to receive the latest privacy, security and data protection news and analysis straight to your inbox

Taava Kotka was a speaker at FinCrime World Forum 2020. Watch all the sessions on demand here for free.

The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.