e-Residencies, e-States, And The Risk of Cyberattacks on Digital Societies

In recent times, e-residencies (a/k/a “electronic residency”) have become a trend in some European societies. For example, the Republic of Estonia implemented this concept into its banking systems in order to permit people to manage their funds in an electronic environment. According to the Information System Authority, in 2001, the first nation-wide ID-card was introduced as the primary identity document for Estonian citizens both in the real and digital world. It is possible to attach a digital signature to the ID-card that constitutes a handwritten signature.

The Republic of Estonia is operating on the cutting-edge of technology. It has created an electronic state (“e-State”) where almost all transactions are completed by using technology. For example, Estonians developed Skype. The government permits its citizens to start a business online, pay taxes online, administer schools online, and pay their car park fees by mobile phone. It seems that their logistics transcend most societies. However, their achievements have not been without problems. In 2007, a cyberattack took place against its government’s websites and data communication networks.

What are the legal ramifications?

One legal issue comes up in the context of cyberwars. Before cyberwars, data assembly about an adversary that wasn’t espionage or treason was fair game and not an act of war. However, cyberattacks have blurred the line between espionage and information warfare. According to the Council on Foreign Relations, Russia has been accused of launching cyberattacks against Estonia and Georgia, China has been accused of launching them against the U.S. government and U.S. companies (e.g., Google), and the United States has been accused of launching them against Iran. So, the legal ramifications can cause political friction between nations. On a side note, such conduct can cause lawsuits between governmental and non-governmental agencies.

What are the pros or cons of running an e-State?

First, the advantage is efficiency. It can allow the public and private sectors to run their operations in a less arduous way.   The disadvantage can be risk. For example, the United States government has been subject to cyberattacks. In November 2008, there was a significant breach of Department of Defense’s networks at the Central Command, wherein the infiltration allowed an unnamed foreign intelligence agency to extract critical operational plans without detection.

iWars may emerge. This type of technological warfare will increase in probability as nations embrace the internet. iWar can manipulate low security infrastructure and be instigated by individuals, corporations, and communities. For example, the network infrastructure can be instigated by a Denial-of-Service (“DoS”) attack which bombards a high volume of information requests to overwhelm a network system. This form of attack can cause significant discrepancies, wherein the network system becomes unable to respond to legitimate requests.

A Distributed Denial-of-Service (“DDoS”) attack occurs when many computers attack an individual system. When conducting a DDoS attack, the culprit uses thousands of infected computers (e.g., zombies, bots) to concurrently attack a single system. Or even worse, a Permanent Denial-of-Service (“PDoS”) attack may occur, which damages a system so badly that it requires hardware replacement or reinstallation. Unlike a DDoS attack, which is used to sabotage a service or website, a PDoS is usually a hardware sabotage.

At our law firm, we assist clients in legal issues related to internet, cyberspace and technology. You may contact us in order to setup a free consultation.