In an interview with uudised.err.ee, President Toomas Hendrik Ilves said America's online surveillance activities have gone too far, causing undue harm to the privacy of citizens.
Does it worry you that the PRISM surveillance program also tracks Europeans' online communications?
Yes. I am certainly concerned, having read assertions from which it can be concluded that the privacy of Estonian and other European Union citizens has been invaded. We all want to get more information on this. I know that officials plan to raise the issue on June 14 at a EU-US summit between interior and justice ministers where the EU will be represented by European Commissioners Reding and Malmström.
How do you react to the US's justification that the program aims to fight terrorism?
One again, we are faced with the question of finding a balance between national security and the citizen's privacy. It seems to me that the pendulum has currently swung to one side, to the detriment of privacy. And to the detriment of EU citizens.
Estonian law is based on the principle that the citizen must know what private information the state has and who uses it. It is a relatively unique situation and the foundation of our state e-services portal. Unfortunately, these principles are not followed by all companies, search engines, social networks and e-services that we use and whose information has purportedly been tracked.
How, if at all, is it possible to protect ourselves against PRISM?
I have said previously that we should be concerned about Big Data rather than Big Brother. Through Internet communication channels and web applications owned by private companies that are not subject to EU laws, people voluntarily give away many times more information about themselves than any government agency is capable of collecting.
We have a responsibility here too. Every time that we "like" something, it reveals information about ourselves that we give up to a social network company. Perhaps to draw a person's profile, in order to determine, through an algorithm of some sort, what kind of advertising to direct to an individual. Not to mention other personal information that people voluntarily post about themselves.
Naturally, the government's cooperation with data-storing private companies should not endanger users' constitutional rights.
In the case of suspicions of terrorism and preventing attacks, access to the information of a suspect is reasonable, but collecting information on every single individual online can in no way be justified.
Abuses of personal information are grist for the mill for those who want to restrict internet freedom, and there are many such countries and governments. But it is not in the interest of Estonia, Europe or the US.
You were recently appointed head of the EU's cloud computing working group. Does that empower you to intervene?
The largest cloud-based global ICT companies are from the US and are therefore regulated by US laws even outside of American territory. We would have more control over the use of information being collected under European laws. For that reason, we must invest more into developing Europe's ICT sector and creating clearer rules for international companies operating in Europe.
Without a cloud that is subject solely to EU laws, we cannot be sure that our data is secure. I plan to address this issue with the European Commission's digital development commissioner, Neelie Kroes, at a meeting in July with the European cloud working group that I head.
One of the solutions could be to provide, through US-EU negotiations, protection for the data of EU citizens using the services of American ICT firms, especially cloud services. On its behalf, the Estonian government could support the speedy preparation of such an agreement.
How concerned should Estonians be about the privacy of their online communication?
In light of the information that I currently have, it seems that the so-called PRISM program has chiefly been used for mapping the communication networks of suspects. But for those in Estonia who are concerned that someone is tracking the content of their electronic messages, I emphasize that Estonia is the only country in Europe and probably in the world that offers all residents over 16 years of age the opportunity for encrypted communication: through Estonia's national ID card and the state data exchange system.
This means, of course, that communication can be a bit more cumbersome, but if you live in an unsecured environment, which cyberspace has in recent years become, then you need to do more to preserve your security. Just as we lock our doors because we no longer live in an idyll where the family let others know they weren't home by leaning a broom up against the farmhouse door handle.