Tiny Estonia might seem an unlikely place to see the future of technology.
(Credit: Wikimedia Commons/Norman Einstein)
With just 1.3 million people, the country has fewer people than San Diego and is just three decades removed from Soviet rule. But "E-stonia," as its known, has also brought the world Skype as well as up-and-coming startups like robotics firm Starship Technologies and payments provider TransferWise.
Yet Estonia's technology prowess has also made it something of a laboratory for the dangers of the threats posed by hackers backed by neighboring Russia. In a country where 90 percent use online banking, 95 percent file taxes online and 30 percent cast their ballots from a computer, Estonia is a target-rich environment for cyberattacks.
Indeed the NATO-member country is the site of what may have been the world's first politically-motivated digital attack in 2007. In that year, Estonia angered Russia by relocating a World War II era memorial to Soviet troops. Soon, the networks of government ministries, banks and leading Estonian newspapers went down, the result of a massive and sophisticated botnet attack.
Holger Roonemaa
"Everyone thinks or agrees that they were organized or orchestrated by Russia, but no hard evidence has been presented as far as I know," says Holger Roonemaa, a journalist with the Baltic Center for Investigative Journalism and a former editor at Eesti Päevaleht, one of the country's leading newspapers.
In hindsight, those decade-old attacks were a precursor for Russian cyberattacks in Ukraine, the U.S. and France in recent years. Roonemaa, who has covered the issue extensively, spoke with Global Journalist's Maria Callejon about how a country dubbed the "most-wired country in Europe" is trying to head off potential future attacks, including efforts to derail its 2019 parliamentary elections. Below, an edited version of their interview:
Controversy over the relocation of this bronze statue of a Soviet soldier came just before a massive cyberattack on Estonia in 2007. (European Pressphoto Agency)
Holger Roonemaa: The advantages are simple: It is an easier tool for people to take part in the elections. The more legitimate the elections are, the more legitimate democracies are. We had municipal elections [in October] and more than 30 percent of the people used e-voting.
But the disadvantages — I think that the most obvious one is that e-election can be attacked. By attacked I mean especially in propaganda and selling the idea that it can be hacked, that it can be manipulated and so on.
Estonia has had e-elections going on for 12 years [since 2005] and we haven’t witnessed any manipulation attempts or any attacks. Up until today, this system has been thought of as being unhackable.
Roonemaa: I think it's too little. Elections are, for a lot of people, almost like a holy thing. They dress-up beautifully and they go to the polling station and they cast a vote and in the evening you have a cake or something. It's the most important day of a democracy.
But 95 percent of Estonians file their taxes on the internet. If you compare that to 32 percent voting on the internet, it seems small. And the participation rate in elections is still 50 or 60 percent. So I think there is a lot of space to improve the number.
Roonemaa: A lot of people have this idea — but it has to do with computers, they don’t trust them. And it is very difficult to debate or argue with these people. If you don’t trust something, how can you prove that the system is not hackable? It could prove to be hackable if you hack through the system. But to prove that something is not hackable is impossible. But a lot of people, especially younger generations are using the e-voting and, personally, I think that the last time I went to cast a paper vote was maybe 2009.
Roonemaa: You enter the ID card in your computer through a USB card reader. You have two pin codes, one to verify yourself and the other is your digital signature. So, first you log in to the voting system by entering your pin code and verifying it is actually you who is sitting behind the computer and then you choose the candidate you want to vote for. Then you sign your vote. The Electoral Commission won't know whom you voted for.
A man holds a device for e-voting in European parliamentary elections in Estonia in 2014. (Credit: European Parliament/Creative Commons)
One of the main arguments that e-voting is not safe is that the chairman of a company could force all employees to sit behind the desk and vote for a specific candidate. But the system allows you to change your vote as many times as you want. If you are forced to vote for Candidate A, you can go home and cast your vote again.
Roonemaa: Yes, but not necessarily [only] Russia. We are very proud of our e-system and e-voting. That would seem like an obvious place to attack, to humiliate us and the country, to prove that they hacked us. We have the next elections in 2019, but I think that the fact that we are wary about the possibility of the attack makes us more prepared.
Roonemaa: It is to gain political influence, to create a chance for more pro-Kremlin parties to succeed. And to have political leverage on issues such as the sanctions against Russia, the situation about Crimea and Ukrraine, gas deals, NATO and collective defense and NATO's presence near Russia's borders. What they are trying to do is also to create confusion and uncertainty.
The more vulnerable societies are, the more unstable their government and the more relevant Russia becomes for negotiations.