Today, with a high level of computer literacy and connectivity already established, the focus has shifted from basic concerns such as access, quality, and cost of internet services to discussions about security, anonymity, the protection of private information, and citizens’ rights on the internet. Local and international social-media services are used by more than 60 percent of internet users, and a majority of users conduct business and e-government transactions over the internet. The most serious threat to internet freedom in Estonia emerged in late April and early May 2007, when a campaign of cyberattacks targeted various Estonian institutions and “Estonia Became Internet Savvy ‘Thanks’ to Occupation—Ilves,” Baltic News Service, April 15, 2008, available at http://www.estemb.org/news/aid-1549.
Kristina Randver, “Kodanike rahulolu riigi poolt pakutavate avalike e-teenustega” [Citizens’ Satisfaction with the Provision of Public E-Services], TNS Emor, May 11, 2010, available at http://www.riso.ee/et/files/Randver_infohommik_11.05.2010.pdf.
ESTONIA FREEDOM HOUSE Freedom on the Net infrastructure. The experience led to increased awareness of the dangers of cyberattacks and a greater policy focus on improving technical competencies to make the internet more secure.
OBSTACLES TO ACCESS The number of internet and mobile-telephone users in Estonia has grown rapidly in the past 15 years. According to 2009 estimates, the internet is regularly accessed by 72 percent of Estonia’s population, or approximately 970,000 people.3 There are also 2.7 million mobilephone subscriptions—more than twice the number of people in Estonia. This outsized figure is commonly attributed to the growing popularity of machine-to-machine (M2M) services, widespread use of mobile internet-access devices, use of more than one mobile phone by individual Estonians, and the growing number of visitors who use local subscriptions while in the country.
The first public WiFi area was launched in 2001, and since then the country has developed a system of mobile data networks that enable widespread wireless broadband access. In 2009, the country had over 2,000 free, certified WiFi areas meant for public use, including cafes, hotels, hospitals, schools, and even gas stations, and the government has continued to invest in public WiFi. In addition, a countrywide wireless internet service based on CDMA technology has been deployed and priced to compete with fixed broadband access. Municipalities in rural areas have been subsidizing local wireless internet deployment efforts, and the country’s regulatory framework presents low barriers to market entry, enabling local start-ups to proliferate.
Estonians use a large variety of internet applications, including search engines (percent of users), e-mail (83 percent), local online media, news portals, social-networking sites, instant messaging, and internet-based voice service.4 In addition, 83 percent of the population uses the internet for online banking—the second highest percentage in the European Union.5 Estonian Public Broadcasting delivers all radio channels in real time over the internet, and offers archives of its radio and television programs at no charge to users.
YouTube, Facebook, LinkedIn, Orkut, and many other international video-sharing and social-networking sites are widely available and popular. According to December estimates, nearly 312,000 Estonians use Facebook, representing 23 percent of the overall International Telecommunication Union (ITU), “ICT Eye: Estonia,” http://www.itu.int/ITUD/ICTEYE/DisplayCountry.aspxcode=EST#jump, accessed August 11, 2010.
Pille Pruulmann-Vengerfeldt, Margit Keller, and Kristina Reinsalu, “Quality of Life and Civic Involvement in Information Society,” chap. 1.1.4 in Information Society Yearbook 2009 (Tallinn: Ministry of Economic Affairs and Communications, 2010), http://www.riso.ee/en/pub/2009it/#p=1-1-4.
“Estonians tend to avoid e-shopping—survey,” Baltic News Service, February 8, 2008, available at http://www.estemb.org/news/aid-1247.
Nonetheless, the Estonian courts ruled in favor of the plaintiff, making web portals responsible for all comments posted; the ruling was appealed to the European Court of Human Rights.
In January 2010, a new law on online gambling came into force, requiring all domestic and foreign gambling sites to obtain a special license or face access restrictions. As of July 2010, the Estonian Tax and Customs Board had placed 298 websites on its list of Socialbakers, “Estonia Facebook Statistics,” http://www.facebakers.com/countries-with-facebook/EE, accessed December 26, 2010.
Eurostat, “Individuals Using the Internet for Uploading Self-Created Content to Any Website to Be Shared,” European Commission, http://epp.eurostat.ec.europa.eu/tgm/table.dotab=table&init=1&plugin=1&language=en&pcode=tin00119, accessed June 10, 2010.
Ministry of Economic Affairs and Communications, “Electronic Communications Act,” http://www.mkm.ee/index.phpid=9576, accessed March 26, 2009.
Estonian Technical Surveillance Authority (ETSA), “Commencement of Provision of Communications Service,” http://www.tja.ee/index.phpid=11703, accessed February 21, 2011.
Kaja Koovit, “Big Businessman Goes to War Against Web Portals,” Baltic Business News, March 18, 2008, http://www.balticbusinessnews.com/PublicationId=48694078-50cc-4fe1-b3e4-6e10bc6a5ec1.
ESTONIA FREEDOM HOUSE Freedom on the Net illegal online gambling sites, requiring Estonian ISPs to block them.There are over 54,000 active Estonian-language blogs on the internet, including an increasing number of group, project, and corporate blogs. The vibrancy and activities of the blogosphere are frequently covered by traditional media, particularly when blog discussions center on civic issues. The fact that so many Estonians are both computer literate and connected to the internet has created unique opportunities for the Estonian government. In addition to hosting virtual trade fairs and an online embassy, the Estonian president’s office has its own YouTube channel, with messages released exclusively on YouTube.Estonia has the largest functioning public-key infrastructure in Europe, based on the use of electronic certificates maintained on the national identification (ID) card.13 More than 1.12 million active ID cards are in use, which enable both electronic authentication and digital signing.14 The law gives the digital signature the same weight as a handwritten one, and requires public authorities to accept digitally signed documents. Estonian ID cards were used to facilitate electronic voting during parliamentary elections in 2007, and they were used again in 2009 municipal and European Parliament elections. In 2009, over 91 percent of citizens filed their taxes over the internet, making the online services offered by the tax department the most popular public e-service. Over 63 percent of internet users regularly use e-government services, and 77 percent have indicated their satisfaction with such services.In April 2007, blogs and mobile-phone text messaging (SMS) played an important role in protests over the removal of a Soviet war monument. While it was known that the Estonian government was planning to remove the monument, no official announcement had been made. When the police cordoned off the area and covered the monument, word quickly spread via mobile phone and the internet, and within a few hours a crowd of several thousand had assembled.16 Two days of rioting followed, mostly by ethnic Russians.
However, as the physical violence receded, an unprecedented wave of cyberattacks against the Estonian government began. These “dedicated denial of service” (DDoS) attacks affected all of the government’s websites, Estonia’s largest bank, and the sites of several daily newspapers. Because of Estonia’s level of connectivity, even simple activities like reading e The list of restricted websites can be found on the Estonian Tax and Customs Board website:
http://www.emta.ee/index.phpid=27399, accessed July 10, 2010.
Agence France-Presse, “Estonia Launches Embassy in Virtual World Second Life,” Sydney Morning Herald, December 5, 2007, http://www.smh.com.au/news/Technology/Estonia-launches-embassy-in-virtual-world-SecondLife/2007/12/05/1196530704693.html; “Estonian President Launches YouTube Video Blog,” TopNews.in, December 9, 2008, http://www.topnews.in/estonian-president-launches-youtube-video-blog-297028.
See the web portal for the ID-card system at http://id.ee/lang=en.
Ibid., accessed July 15, 2010.
Kristina Randver, Kodanike rahulolu riigi poolt pakutavate avalike e-teenustega, Jaanuary 2010 [Citizens’ Satisfaction with the Provision of Public E-Services, January 2010] (Tallinn: TNS Emor, 2010), available at http://www.riso.ee/et/files/kodanike_rahulolu_avalike_eteenustega_2010.pdf.
Veronica Khokhlova, “Estonia: ‘A Russian Rebellion,’” Global Voices, April 27, 2007, http://globalvoicesonline.org/2007/04/27/estonia-a-russian-rebellion/.
ESTONIA FREEDOM HOUSE Freedom on the Net mail and paying for a parking space were impossible. Officials were finally forced to block access to Estonian sites from IP addresses outside of Estonia in an effort to stop the attacks.Throughout the three-week period of unrest, internet appeals and SMS messages continued to call for protests against the Estonian government.VIOLATIONS OF USER RIGHTS Freedom of speech and freedom of expression are strongly protected by Estonia’s constitution and by the country’s obligations as a European Union (EU) member state.
Anonymity is allowed, and there have been extensive public discussions on anonymity and the respectful use of the internet. Internet access at public access points can be obtained without prior registration. The Personal Data Protection Act (PDPA), first passed in 1996, restricts the collection and public dissemination of an individual’s personal data. No personal information that is considered sensitive—such as political opinions, religious or philosophical beliefs, ethnic or racial origin, sexual behavior, health, or criminal convictions—can be processed without the consent of the individual. The Data Protection Inspectorate (DPI) is the supervisory authority for the PDPA, tasked with “state supervision of the processing of personal data, management of databases and access to public information.”19 The current version of the PDPA entered into force in 2008.There have been no physical attacks against bloggers or online journalists in Estonia, but online discussions are sometimes inflammatory. Following instances of online bullying and sexual harassment and misuse of social media, discussions and public-awareness campaigns were recently launched to raise parental involvement and increase protection of children on the internet.
Awareness of the importance of ICT security in both private and business use has increased significantly since the spring 2007 cyberattacks. To protect the country from future attacks, the government in 2008 adopted a Cyber Security Strategy for the next five years, which focuses on development and implementation of new security measures, increasing competence in cybersecurity, improvement of the legal framework, bolstering international cooperation, and raising public awareness.21 Also in 2008, NATO established a joint cyberdefense center in Estonia to improve cyberdefense interoperability and provide “Estonia Hit by ‘Moscow Cyber War,’” British Broadcasting Corporation (BBC), May 17, 2007, http://news.bbc.co.uk/2/hi/europe/6665145.stm.
“Estonia Launches Probe into Internet Call for Armed Uprising,” Agence France-Presse, May 3, 2007.
Electronic Privacy Information Center (EPIC) and Privacy International, “Republic of Estonia,” in Privacy and Human Rights 2006: An International Survey of Privacy Laws and Developments (Washington: EPIC, 2007), available at http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-Republic-8.html.
See the homepage of the Estonian Data Protection Inspectorate at http://www.aki.ee/eng.
ESTONIA FREEDOM HOUSE Freedom on the Net cyberdefense support for all NATO members. Since its founding, the center has, among other activities, supported awareness campaigns and academic research on the topic, and hosted several high-profile conferences. Cooperative Cyber Defence Centre of Excellence (CCD COE), “Conference on Cyber Conflict,” http://www.ccdcoe.org/conference2010/, accessed July 15, 2010.