An e-Estonia display. Photo Credit: E-Estonia.
I have previously covered e-Estonia and the strategic risks Estonia’s e-government platforms pose for Estonian and NATO cybersecurity by presenting a ready center of gravity for adversarial cyber operations.[i] That risk is calculated against the revolutionary benefits that e-governance has brought Estonia, making the country’s administration incredibly flexible, efficient, and accessible.[ii] In 2017, Estonia opened the world’s first “Data Embassy” in Luxembourg.[iii] Unlike a traditional embassy, this Data Embassy does not serve a diplomatic purpose. Rather, it is a cloud data center that backs up Estonian government institutions’ e-governance networks.[iv] The Data Embassy presents the first example of a country expatriating government-critical servers to a diplomatically-secure location.[v] An experiment in sovereignty, governance security, and continuity of government, the Data Embassy is a backup for Estonia to reboot from if it ever loses its territorial independence.
SOVEREIGNTY IN SHORT
There are two widely recognized concepts of sovereignty in international relations literature. The first is the trinity of sovereignty: the monopoly of force over a population within a territory.[vi] This is de facto sovereignty exercised by an authority with the power to govern internally and independently of other authorities. This definition focuses on the components of what a state is: a populace, a territory, and a supreme authority guaranteed through violence. Though the trinity was first expressed by Max Weber, the above formula of state sovereignty traces its roots back to Hobbes and Locke.[vii]
The second criterion of sovereignty widely discussed in international relations literature is the more contemporary concept of mutually recognized legitimacy.[viii] This legitimacy springs not from the governed but from the governors—specifically, from foreign sovereigns accepting the strategic reality of like, if not equal, external authorities. This more constructivist conception of sovereignty underlines the shift towards normalization in the day-to-day interactions of sovereign states in the post-Westphalia system.[ix] The sovereign legitimation process has shaped both the character and image of the international system today: small and large, weak and powerful, failed and stable states coexist, often side-by-side, with fewer interstate wars and less territorial change through conflict than ever before.[x] Today, the United Nations, treaties filed under its auspices, and diplomatic norms strengthen both individual states’ sovereign claims as well as the norm of internationally-legitimated sovereignty.
There are, nonetheless, spaces in the current system that meet one of the sovereign criteria—trinity or legitimacy—but not both. Taiwan, for example, is a trinity-sovereign island. It was at one time the only ‘China’ recognized in the United Nations. Today, however, just 14 states officially recognize Taiwan, even though it is by many measures a successful nation. Taiwanese goods pour through foreign ports, it has the world’s 21st largest GDP, and 21st highest HDI. Yet Taiwan’s international politics remain severely constrained since it was stripped of statehood in 1971. [xi] Even if American naval vessels regularly navigate the strait between the island and the mainland to assert Taiwanese independence, the community of states refuses to recognize Taiwan’s sovereign rights in the international system. Taiwan is a state which has lost its recognized sovereignty while tacitly retaining its sovereign trinity and the relative independence it affords.
Conversely, consider the world’s ‘failed states’—Libya, the Democratic Republic of the Congo, Somalia, Syria, etc.—all of which have delegations to the United Nations, embassies in foreign states, diplomatic missions within their borders, and all the outward ‘trappings’ of statehood despite lacking a monopoly on violence over their population and/or territory. Failed states bleed instability into their neighborhoods. Bordering states sometimes try to restore a semblance of order, but hardly ever to the effect of annexing territory—perhaps out of respect for the norm of legitimacy-based sovereignty.[xii] Though failed states are exploited in a multitude of ways—their material wealth plundered and their populations subjugated—their borders rarely change, and then almost only to create new, subdivided nations (e.g. South Sudan).[xiii] These states lack a sovereign trinity, yet are protected from outright exploitation by their neighbors due to the norm that some authority internal to their borders should have sovereignty over the people and territory therein.
There are also the ‘self-declared’ states, which attempt to attain sovereign legitimacy through building a sovereign trinity separate from but inside already-recognized states. The world’s breakaway authorities like Somaliland and Puntland maintain some institutional symbols of sovereignty, such as flags, currencies, and stamps, while maintaining a better monopoly of force over territories within internationally recognized states than those states’ recognized authorities. Nonetheless, ‘self-declared’ states remain unrecognized by most established countries, severely constraining their interactions with the wider international system. Whether or not they act like sovereigns within their self-proclaimed borders, they are not treated as sovereigns by the international community.
There are, finally, authorities which have lost their trinity and tried to retain their legitimacy. These ‘governments-in-exile’ were most numerous during WWII. Belgium, Czechoslovakia, France, Greece, Luxembourg, the Netherlands, Norway, Poland, Yugoslavia, and the Philippines operated governments-in-exile while their territories were under Axis occupation.[xiv] Some successfully returned home to continue as sovereign governments, while others dissolved following the Potsdam Conference.
There are contemporary governments-in-exile, the most well-known being the Central Tibetan Administration (CTA). Led by the 14th Dalai Lama and headquartered in Dharamshala, India, the CTA advocates, organizes, and administers cultural and educational services to the Tibetan diaspora.[xv] It functions abroad not as a legitimated government but rather as a lobbying organization with variably overt or tacit approval in several other countries. The CTA has no recognized embassies and no nation recognizes its sovereignty over Tibet. The CTA’s website blames a lack of international recognition in 1950 (Tibet was not a UN member state at the time) for other nations’ failure to act then and for the CTA’s continued struggle to gain sovereign recognition.[xvi]
The discussion above shows that independence and sovereignty are different phenomena. While in exile during WWII, the governments of Belgium, Free France, and the Netherlands signed treaties, directly benefitting from being recognized by the Allied powers as legitimate sovereign authorities.[xvii] Conversely, while the Republic of China’s government in Taipei rules Taiwan, the country does not enjoy the same sovereign rights as the United Nations’ 193 recognized members. While Taiwan is the only state ever stripped of UN membership, small states (e.g., Estonia) on the periphery of powerful and expansionist states (e.g., Russia) nonetheless fear that they will face a fate more similar to Tibet than Free France if invaded. Exiled governments are in constant danger of their continuity of government lapsing, their cause losing momentum, and their claims to legitimacy evaporating along with their territorial independence. This is where Estonia’s revolutionary e-governance policies and Data Embassies program come in.
E-GOVERNANCE, SOVEREIGNTY, AND LEGITIMACY
The purpose of Estonia’s Data Embassy is more than providing the server space for a data-storage cloud. Estonia has demonstrated the technical capability to not only host but also build and operate a variety of complex high-tech systems. The country maintains a robust system of servers within its territory meant to support its e-governance operations in case one or several are knocked out by either a cyber- or physical attack.[xviii] Nonetheless, Estonia is a small country, and attacks against its cybersphere or territory might collaterally or strategically destroy its entire e-governance infrastructure. Placing a cloud backup in Luxembourg provides the country’s government with a secondary system almost a thousand miles away.
Importantly, Estonia’s move to an expatriated cloud was not accomplished by partnering with a private entity, whose offices or infrastructure might be subject to the jurisdiction of another state. Instead, Estonia partnered with Luxembourg to create an entirely novel institution in international law. The Data Embassy is Estonian sovereign diplomatic territory within Luxembourg—no state, no company, no entity has the right to access its infrastructure or information without the Estonian government’s consent.[xix] A cyberattack against Microsoft or AWS cannot bring down Estonia’s e-governance cloud because Estonia’s e-governance cloud is managed by Estonia.
Moreover, Estonia hopes that creating more cloud data centers will deter rather than embolden possible attackers. An attack against Estonia’s e-governance capabilities through their Data Embassies in other countries might risk causing an international incident with a third power. Additionally, while the question of whether cyberattacks fall under NATO’s Article V is still up for debate, Estonia believes that cyberattacks against diplomatic compounds in foreign countries might galvanize the alliance to take a more proactive approach to cyber- and Baltic security. The Data Embassy’s theoretical utility does not end there.
In the case of an outright occupation of Estonian territory, the Data Embassy in Luxembourg would stop serving as a backup and would become the Estonian government-in-exile’s primary e-governance infrastructure. What does that mean? It means the Estonian government could continue to provide the same critical administrative services it already does online, even in exile. By migrating to e-governance, the Estonian government has preemptively set itself up to survive in exile in as decentralized a form as necessary. With, or even without, the permission of foreign countries, a theoretical Estonian diaspora might continue to vote, pay taxes, receive citizenship, and interact in a myriad of administrative (but territorially unbounded) ways with its government-in-exile.[xx]
Though territorially-occupied, Estonia’s international legitimacy, ingrained through its place in the United Nations, NATO, and the European Union, would likely provide it with ample international political space to operate either out of a series of embassies or even an office-in-exile, akin to the occupied Allies in London during WWII. Connected to its e-governance cloud infrastructure, the Estonian government could actively and routinely support its citizens by continuing to use the exact same modes and means of governance it has been developing over the last decade. Estonians abroad, or perhaps even still in Estonia, could connect with their government in the same virtual manner to which they have become accustomed. Estonia already has an e-Residency program by which foreigners might join their ‘digital nation’; it is not a leap to imagine an exiled Estonian government continuing to grant citizenship to newborns, diplomas to teenagers, and documentation to Estonians and their expatriated businesses.[xxi] By expanding its e-governance infrastructure and backing it up abroad, Estonia has not just prepared for an extreme continuity-of-government scenario, they have created the foundation to continue the legitimacy of their sovereign claims and governance rights over their populace even if Estonia loses its territory.
Estonia’s Data Embassy program has enhanced the stickiness of its sovereign institutions by increasing the survivability of its cyber-institutions. This is a type of cyber-sovereignty entirely different from the kind authoritarian regimes want to impose over their citizens. Instead of declaring a monopoly on information access, Estonia has used technology to expand its governance efficiency over its people (increasing the legitimacy of its institutions among its population) and to make those cyber-institutions durable in the case of territorial occupation, thus increasing the staying power of its sovereign claims.
Perhaps the argument over sovereign staying power is moot given Estonia’s membership in NATO, which would ostensibly intervene to at least reverse, if not prevent, an occupation of Estonia’s territory. Estonia’s caution, however, is warranted even if it expects NATO to come to its defense. Almost to a case, the WWII governments-in-exile did not end up being their respective countries’ sovereign authorities following the end of the war. Estonia’s Data Embassy provides any returning or reconstituted Estonian government with an ample administrative launching point to make succession at least less painful if not less politically complicated. By decentralizing and expatriating e-governance infrastructure, Estonia has increased the likelihood not only of its sovereign institutions surviving exile but also succeeding through the process of reoccupation and normalization. Estonia’s is a twenty-first century strategy for continuity-of-government, and it relies greatly on using ‘cyber’ and ‘tech’ as more than just tools that increase governance efficiency. By creatively expanding its e-governance capabilities, Estonia has laid the foundation to govern through the cybersphere and extend the legitimacy and longevity of its sovereignty through a domain other than population, territory, or violence.
[i] Nikolai F. Rice, “Estonia’s Cybersphere as an Asset and a Vulnerability,” Georgetown Security Studies Review (Georgetown Security Studies Review, July 29, 2019), https://georgetownsecuritystudiesreview.org/2019/03/12/estonias-cybersphere-as-an-asset-and-a-vulnerability/.
[ii] Nathan Heller, “Estonia, the Digital Republic,” The New Yorker (The New Yorker, July 9, 2019), https://www.newyorker.com/magazine/2017/12/18/estonia-the-digital-republic.
[iii] Yuliya Talmazan, “Data Security Meets Diplomacy: Why Estonia Is Storing Its Data in Luxembourg,” NBCNews.com (NBCUniversal News Group, June 25, 2019), https://www.nbcnews.com/news/world/data-security-meets-diplomacy-why-estonia-storing-its-data-luxembourg-n1018171.
[iv] “Data Embassy – e-Estonia,” e-Estonia (Government of Estonia, 2019), https://e-estonia.com/solutions/e-governance/data-embassy/.
[vii] Note: ‘right’ as the opposite of privilege, not the opposite of wrong.
[viii] Immanuel Maurice Wallerstein, World-Systems Analysis: An Introduction (Durham, NC: Duke University Press, 2004)42-44.
[ix] “Westphalian State System,” Oxford Reference (Oxford University, June 16, 2017), https://www.oxfordreference.com/view/10.1093/oi/authority.20110803121924198.
[x] Tir, Jaroslav, Philip Schafer, Paul Diehl, and Gary Goertz. 2019. “Territorial Changes, 1816-2018: Procedures and Data (v6)”, http://www.correlatesofwar.org/data-sets/territorial-change.
[xi] United Nations. 2019. “General Assembly resolution 2758, Restoration of the lawful rights of the People’s Republic of China in the United Nations,” https://www.un.org/ga/search/view_doc.asp?symbol=A/RES/2758(XXVI).
[xii] Susan L. Woodward, The Ideology of Failed States: Why Intervention Fails (Cambridge, United Kingdom: Cambridge University Press, 2017).
[xiii] Jaroslav Tir, Philip Schafer, Paul Diehl, and Gary Goertz, “Territorial Changes, 1816-2018: Procedures and Data (v6),” (2019), http://www.correlatesofwar.org/data-sets/territorial-change.
[xiv] “Allied Governments-in-Exile during the 1939-45 War,” CLIK (Commonwealth of Australia Department of Veterans’ Affairs, October 14, 2014), http://clik.dva.gov.au/history-library/part-1-military-history/ch-2-world-war-ii/s-2-commonwealth-allied-and-neutral-countries/allied-governments-exile-during-1939-45-war.
[xvi] “Issues Facing Tibet Today,” Central Tibetan Administration (Central Tibetan Administration, 2019), https://tibet.net/important-issues/issues-facing-tibet-today/.
[xvii] Daniel Bell and Leon Dennen, “The System of Governments in Exile,” The Annals of the American Academy of Political and Social Science 232, no. 1 (March 1944): 134-147.
[xviii] “Security and Safety – e-Estonia,” e-Estonia (Government of Estonia, 2019), https://e-estonia.com/solutions/security-and-safety/.
[xix] “Data Embassy – e-Estonia,” e-Estonia (Government of Estonia, 2019), https://e-estonia.com/solutions/e-governance/data-embassy/.