Freedom on the Net
Key Developments: May 2012 – April 2013
- Estonia continues to be one of the most wired countries in the world, with increasing internet access and online participation among citizens (see Obstacles to Access).
- The appeal of a 2008 court case involving content host liability for comments posted online is still pending at the European Court of Human Rights (see Limits on Content).
- In 2012, the Ministry of Justice initiated the process of amending Estonia’s penal code to comply with an EU directive related to the criminalization of hate speech, which became the topic of significant public debate within Estonia (see Violations of User Rights).
Estonia ranks among the most wired and technologically advanced countries in the world. With a high internet penetration rate, widespread e-commerce, and e-government services embedded into the daily lives of individuals and organizations, Estonia has become a model for free internet access as a development engine for society. When the country regained independence in 1991 after nearly 50 years of Soviet rule, its infrastructure was in a disastrous condition. The country’s new leadership, however, perceived the expansion of information and communication technologies (ICTs) as a key to sustained economic growth and invested heavily in their development.
The first internet connections in the country were introduced in 1992 at academic facilities in Tallinn and Tartu. The national telecommunication monopoly was privatized with the inclusion of Finnish and Swedish telecommunication companies, and a fiber-optic backbone was built with modern fixed and mobile communications services. The government subsequently worked with private and academic entities to initiate a program in 1996 called Tiger Leap, which aimed to establish computers and internet connections in all Estonian schools by 2000. This program helped to build a general level of technological competence and awareness of ICTs among Estonians. Today, with a high level of computer literacy and connectivity already established, the program’s focus has shifted from basic concerns such as access, quality, and cost of internet services to discussions about security, anonymity, the protection of private information, and citizens’ rights on the internet. Children’s safety on the internet is a high priority, and the special program “Targalt Internetis” (Wiser Internet) is dedicated to country-wide training and awareness-building activities on internet safety issues for parents and children. In addition, a majority of users conduct business and e-government transactions over the internet: in 2013, 99.6 percent of banking transactions were done with e-banking services and 95 percent of people declared their income electronically.
Over the past two years, the issue of copyright protection on the internet became a widely debated topic in Estonia, and various organizations that represent the interests of authors and other copyright holders have come forward in an effort to remove copyright-protected content from popular services such as YouTube. Moreover, the issue of legal liability of online forums for the comments posted by anonymous users continues to be watched by free expression advocates, with an important ruling by the European Court of Human Rights expected during 2013.
The number of internet and mobile telephone users in Estonia has grown rapidly in the past 20 years. According to statistics from the International Telecommunication Union (ITU), internet penetration in Estonia reached 79 percent in 2012 (approximately 994,000 people). There were also over 2 million mobile phone subscriptions, translating into a mobile phone penetration rate of 155 percent. This figure is commonly attributed to the widespread use of mobile internet access devices, the growing popularity of machine-to-machine (M2M) services, and the use of more than one mobile phone by individual Estonians.
The first public Wi-Fi area was launched in 2001, and since then the country has developed a system of mobile data networks that enable widespread wireless broadband access. In 2011, the country had over 2,440 free, certified Wi-Fi areas meant for public use, including at cafes, hotels, hospitals, schools, and gas stations, and the government has continued to invest in public Wi-Fi. In addition, a countrywide wireless internet service based on CDMA technology has been deployed and is priced to compete with fixed broadband access. Three mobile operators cover the country with mobile 3G and 3.5G services, and as of May 2013, 4G services covered over 95 percent of Estonian territory. Municipalities in rural areas have been subsidizing local wireless internet deployment efforts, and the country’s regulatory framework presents low barriers to market entry, enabling local startups to proliferate.
Estonians use a large variety of internet applications, including search engines (85 percent of users), e-mail (83 percent of users), local online media, news portals, social-networking sites, instant messaging, and Voice over Internet Protocol (VoIP) services. Estonian Public Broadcasting delivers all radio channels and its own TV production services, including news in real time over the internet; it also offers archives of its radio and television programs at no charge to users.
The Estonian Electronic Communications Act was passed in late 2004 and a number of amendments have been added to help develop and promote a free market and fair competition in electronic communications services. Today, there are over 200 operators offering such services, including six mobile phone companies and numerous internet service providers (ISPs). ISPs and other communications companies are required to register with the Estonian Technical Surveillance Authority (ETSA), a branch of the Ministry of Economic Affairs and Communications, though there is no registration fee.
In 2009, the Estonian Internet Foundation was established to manage Estonia’s top level domain, “.ee.” With its multi-stakeholder foundation, the organization represents the Estonian internet community internationally and has succeeded in overseeing various internet governance issues such as the domain name registration process. After initial concerns over the foundation’s domain registration pricing policy and management capabilities, the foundation’s substantive work has been stabilized in 2012-2013. In February 2012, the Estonian Internet Foundation was admitted to the Council of European National Top Level Domain Registries (CENTR).
In 2008, a debate over self-censorship and pre-publication censorship took center stage when the victim of unflattering and largely anonymous comments on a news story filed suit, claiming that web portals must be held responsible for reader comments and screen them before they become public. Website owners argued that they did not have the capacity to monitor and edit all comments made on their sites. Nonetheless, the Estonian courts ruled in favor of the plaintiff, making web portals responsible for all comments posted. The ruling is currently under appeal at the European Court of Human Rights and a decision is expected later in 2013.
In January 2010, a new law on online gambling came into force, requiring all domestic and foreign gambling sites to obtain a special license or face access restrictions. As of June 2012, the Estonian Tax and Customs Board had placed 771 websites on its list of illegal online gambling sites, requiring Estonian ISPs to block them. The list of blocked sites is transparent and is available to the public.
In 2012, the removal of online content related to possible copyright infringement on YouTube and other streaming services increased, resulting in the removal of over 80,000 videos. This process was greatly facilitated by requests of copyright enforcement organizations representing Estonian authors. Hundreds of videos have been removed from YouTube for copyright violations even though some of the videos were posted by the authors themselves who were apparently not aware of the activities of copyright enforcement organizations representing their rights. All of these requests came from individuals or companies; the Estonian government has not issued any requests for removal of content on any of Google’s platforms, including YouTube, since at least 2010.
There are over 70,000 active Estonian-language blogs on the internet, including an increasing number of group, project, and corporate blogs. The vibrancy and activities of the blogosphere are frequently covered by traditional media, particularly when blog discussions center on civic issues. The fact that so many Estonians are both computer literate and connected to the internet has created unique opportunities for the Estonian government. In addition to hosting virtual trade fairs and an online embassy, the Estonian president’s office has its own Twitter and Facebook accounts, and releases messages on its YouTube channel.
Estonia has the largest functioning public-key infrastructure in Europe, based on the use of electronic certificates maintained on the national identification (ID) card. More than 1.2 million active ID cards are in use, which enable both electronic authentication and digital signing, and over 40 percent of active ID cards have been used for authentication and digital signature purposes. The Digital Signature Act, adopted in 2000, gives an individual’s digital signature the same weight as a handwritten one and requires public authorities to accept digitally-signed documents. Estonian ID cards were used to facilitate electronic voting during the parliamentary elections in 2007 and were used again in the 2009 municipal and European Parliament elections. During the 2011 national parliamentary elections, 140,846 votes were cast over the internet, representing over 20 percent of all votes. In 2013, 95 percent of citizens filed their taxes online, making the web services offered by the tax department the most popular public e-service. Over 63 percent of internet users regularly use e-government services, and 77 percent have indicated their satisfaction with such services.
Freedom of speech and freedom of expression are protected by Estonia’s constitution and by the country’s obligations as an EU member state. Anonymity is unrestricted, and there have been extensive public discussions on anonymity and the respectful use of the internet. Internet access at public access points can be obtained without prior registration.
The Personal Data Protection Act (PDPA), first passed in 1996, restricts the collection and public dissemination of an individual’s personal data. No personal information that is considered sensitive—such as political opinions, religious or philosophical beliefs, ethnic or racial origin, sexual behavior, health, or criminal convictions—can be processed without the consent of the individual. The Data Protection Inspectorate (DPI) is the supervisory authority for the PDPA, tasked with “state supervision of the processing of personal data, management of databases and access to public information.” The current version of the PDPA came into force in 2008. In 2012, the Estonian DPI initiated 595 investigations on both public and private sector practices in implementing PDPA, an increase of 24 percent from the previous year.
Estonia is currently in the process of amending the Penal Code to comply with the European Council Framework Decision 2008/913/JHA of 28 November 2008 on “combating certain forms and expressions of racism and xenophobia by means of criminal law” in order to establish a framework on hate speech criminalization in the country. In July 2012, the Ministry of Justice initiated proceedings to amend sections 151 and 152 of the penal code, which would lead to a new situation regarding hate speech-related legislation in Estonia. This process is still ongoing and has become the topic of significant public debate within the country.
Estonia launched the Electronic Communications Act on January 1, 2005, aligning itself with EU legislation and replacing the Telecommunications Act. Since January 2008, electronic communications companies have been required to preserve traffic and location data for one year, as defined by the EU Data Retention Directive (2006/24/EC). Companies have been required to retain data on internet access, telephony, and e-mail since March 2009, and must only retain such data that becomes known to them in the course of providing communications services. They must also provide the surveillance agency or security authority with the information at their disposal only when presented with a court order. According to the report of the Estonian Parliament Security Authorities Surveillance Select Committee that oversees the practices of surveillance agencies and security agencies, there were over 7,400 cases of requests for information based on court orders in 2012, an increase of 9 percent from the previous year. The select committee has been established to exercise supervision over the legality of surveillance and the activities of the Security Police. The committee monitors the conformity of the activities of the Security Police Board with the constitution, the Surveillance Act, and other regulations on security agencies.
There have been no physical attacks against bloggers or online journalists in Estonia, though online discussions are sometimes inflammatory. Following instances of online bullying, sexual harassment, and the misuse of social media in 2009-2010, discussions and public awareness campaigns were launched to involved parents in increasing the protection of children on the internet.
Awareness of the importance of ICT security in both private and business use has increased significantly since the cyberattacks that occurred in the spring of 2007. To protect the country from future attacks, the government adopted a five-year Cyber Security Strategy in 2008 that focuses on the development and implementation of new security measures, increasing competence in cyber security, improving the legal framework, bolstering international cooperation, and raising public awareness. Estonia’s cybersecurity strategy is built on strong private-public collaboration and a unique voluntary structure through the National Cyber Defense League. With more than 150 experts participating, the league has simulated different security threat scenarios over the past few years as defense exercises that have served to improve the technical resilience of Estonia’s telecommunication networks and other critical infrastructure.
Also in 2008, the North Atlantic Treaty Organization (NATO) established a joint cyberdefense center in Estonia to improve cyberdefense interoperability and provide security support for all NATO members. Since its founding, the center has supported awareness campaigns and academic research on the topic and hosted several high-profile conferences, among other activities. From 2009, the NATO Cooperative Cyber Defense Centre of Excellence has organized an annual International Conference on Cyber Conflict, or CyCon, targeting international experts from governments, the private sector, and academia. CyCon has focused on international cooperation and the legal, regulatory, military, and paramilitary aspects of cybersecurity, with the goal of ensuring the development of a free and secure internet.
 International Telecommunication Union (ITU), “Percentage of individuals using the Internet, fixed (wired) Internet subscriptions, fixed (wired)-broadband subscriptions,” 2012, accessed July 1, 2013, http://www.itu.int/ITU-D/ICTEYE/Indicators/Indicators.aspx#.
 International Telecommunication Union (ITU), “Mobile-cellular subscriptions,” 2012, accessed July 11, 2013, http://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx
 Pille Pruulmann-Vengerfeldt, Margit Keller, and Kristina Reinsalu, “1.1.4 Quality of Life and Civic Involvement in Information Society,” Information Society Yearbook 2009 (Tallinn: Ministry of Economic Affairs and Communications, 2010), http://www.riso.ee/en/pub/2009it/#p=1-1-4.
 The activities of the Estonian Internet Foundation are not subsidized from the state budget; the registration fee covers infrastructure investments, operating costs, and reserve funds.
 Kaja Koovit, “Big Businessman Goes to War Against Web Portals,” Baltic Business News, March 18, 2008, http://www.balticbusinessnews.com/?PublicationId=48694078-50cc-4fe1-b3e4-6e10bc6a5ec1.
 The list of restricted websites can be found on the Estonian Tax and Customs Board website: “Ebaseadusliku kaughasartmängu serverite domeeninimed” [Illegal gaming servers, domain names], Tax and Customs Board, accessed June 10, 2013, http://www.emta.ee/public/Kontroll/Must_nimekiri_17.04.2013.pdf .
 Google Transparency Report, “Estonia – Removal Requests,” accessed July 11, 2013, http://www.google.com/transparencyreport/removals/government/EE/
 “Estonia Launches Embassy in Virtual World Second Life,” Sydney Morning Herald, December 5, 2007, http://www.smh.com.au/news/Technology/Estonia-launches-embassy-in-virtual-world-Second-Life/2007/12/05/1196530704693.html; “Estonian President Launches YouTube Video Blog,” TopNews.in, December 9, 2008, http://www.topnews.in/estonian-president-launches-youtube-video-blog-297028.
 A public-key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates, which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates that map public keys to entities, securely stores these certificates in a central repository, and revokes them if needed.
 Ibid., accessed July 15, 2013.
 Kristina Randver, Kodanike rahulolu riigi poolt pakutavate avalike e-teenustega, Jaanuar 2010 [Citizens’ Satisfaction with the Provision of Public E-Services, January 2010] (Tallinn: TNS Emor, 2010), http://www.riso.ee/et/files/kodanike_rahulolu_avalike_eteenustega_2010.pdf.
 Electronic Privacy Information Center (EPIC) and Privacy International, “Republic of Estonia,” in Privacy and Human Rights 2006: An International Survey of Privacy Laws and Developments (Washington: EPIC, 2007), http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-Republic-8.html.
 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32008F0913:en:NOT, accessed May 5, 2013
 Office of the High Commissioner for Human Rights, “Tenth and Eleventh Periodic Report on the implementation of the International Convention on the Elimination of all forms of Racial Discrimination in Estonia,” January 2013, http://www2.ohchr.org/English/bodies/cerd/docs/CERD.C.EST.10-11.docx.
 Overview of Parliament Select Committe activities, http://www.riigikogu.ee/public/Riigikogu/Dokumendid/julgeolekuasutuste_jarelevalve_erikomisjon_2012_.pdf.
 “Security Authorities Surveillance Select Committee,” Riigikogu: The Parliament of Estonia, April 4, 2011, http://www.riigikogu.ee/index.php?id=42701&parent_id=34615.
 Cyber Security Strategy Committee, Cyber Security Strategy (Tallinn: Ministry of Defence, 2008), http://www.mod.gov.ee/files/kmin/img/files/Kuberjulgeoleku_strateegia_2008-2013_ENG.pdf.