Estonia is entrusting terabytes of information on its citizens to an ally in the hope of improving the security of its crucial government systems.
Decades of political stability and prosperity have made the tiny European nation of Luxembourg a trusted destination for the storage of sensitive data.
The country boasts 23 high-tech data centers, the majority of which were built in the last 10 years, and high-speed international connectivity. For several years now, it has been entrusted with storing data for NATO and the European Union — and now, the country of Estonia.
In early June, Estonia transferred four core databases of information, including land and business registries, to servers at one of Luxembourg’s high-security data centers, the exact location of which was not disclosed to NBC News because of the sensitivity of the matter.
Six more are on the way and should be transferred by September. It is believed to be the world’s first “data embassy.”
“Our government provided data center services along with immunity. This is the innovative part of it,” Patrick Houtsch, director of Luxembourg’s government information technology center, said. “Of course, they could have stored their data in some public cloud or service provider, but they would not have the same guarantees in terms of being able to completely protect and know where the information is.”
At a time when tech giants face growing distrust, Estonia is entrusting terabytes of information on its citizens to an ally in the hope of improving the security of its crucial government systems. The former Soviet republic is one of the most wired nations in the world. Using a system of high-tech national ID cards, Estonia’s 1.3 million citizens can do their taxes, vote, bank, make travel arrangements and access health care records online, often in a matter of minutes.
Estonia’s tech reliance has pushed the country’s leaders to take precautions that few other nations have had to consider. In 2007, Estonia suffered a series of crippling cyber attacks that shut down private and government websites. It blamed the attacks on Russia, but the Kremlin denied involvement.
And when Russia annexed the Crimean Peninsula from Ukraine in 2014, the question of “data continuity” — should a military crisis develop — came to the forefront of public discourse.