19.10 Kairi Saar

Andrus Raudsepp: Kokkuvõte Kairi Saare loengust

Teisipäeval, 19. oktoobril käis Rahvusvaheliste Suhete Ringile loengut pidamas Välisministeeriumi rahvusvahelise koostöö büroo direktor Kairi Saar, kes rääkis teemal "OECD ja Eesti".

Üldiselt organisatsioonist

Majandusliku Koostöö ja Arengu Organisatsioon (OECD ehk Organisation for Economic Co-operation and Development) loodi 1961. aastal, kuid ta on algselt eksisteerinud ka varem (Marshalli plaan Teise maailmasõja järel). OECD peakorter asub Pariisis. OECD asutajateks on Põhja-Ameerika ja Euroopa riigid. OECD-l on ka allasutusi: rahvusvaheline energiaagentuur ja rahvusvaheline tuumaenergiaagentuur. Liikmeid on 33 riiki.

Liikmeks saamine, liikmelisus, laienemine, organisatsioonist väljaastumine

Liikmeid valitakse nii, et võimalikult palju kontinente oleks esindatud. Hetkel kuuluvad OECD-sse järgnevad riigid: USA, Mehhiko, Kanada, Lõuna-Korea, Jaapan, Türgi, Soome, Rootsi, Taani, Norra, Austraalia, Belgia, Prantsusmaa, Austria, Saksamaa, Iirimaa, Itaalia, Iisrael, Jaapan, Luksemburg, Suurbritannia, Šveits, Hispaania, Sloveenia, Slovakkia, Portugal, Poola, Uus-Meremaa, Holland, Island, Kreeka, Tšiili, Tšehhi. Mainitud organisatsiooni saamiseks ei ole kindlaid kriteeriume: rikaste riikide klubiks kutsutud ühenduse liikmed otsustavad, kes saab organisatsiooni liikmeks. Kui organisatsioon on laienenud, siis on silmas peetud geograafilist tasakaalu: ühest regioonist ei tohiks olla liiga palju liikmeid. 2007. aastal otsustati, et organisatsioon laieneb, seega kutsuti liituma Venemaa, Eesti, Tšiili, Iisrael ja Sloveenia, kellest Eesti ja Venemaa ei ole veel täisliikmed. Venemaa liitumisläbirääkimised kulgevad aeglasemalt, sest Venemaa liitumise kriteeriumiks on liitumine WTO-ga.1996. aastal esitas Eesti koos Läti ja Leedu valitsusega OECD-le ühisdeklaratsiooni, milles väljendati soovi OECD-ga liitumiseks, kuid valiti välja ainult Eesti, mille üheks põhjuseks võib olla see, et Eesti tegi paremini lobby-tööd. Organisatsiooni liikmemaks on 2008. aasta baasil, milleks on 2,4 miljonit eurot (liikmemaks suureneb Prantsusmaa inflatsiooni järgi, sest peakorter asub Prantsusmaal). Organisatsioonist saab ka välja astuda, kui nõukogule avaldus teha, kuid keegi pole veel välja astunud. Samas on ebatõenäoline, et keegi tahaks välja astuda, sest lahkumine oleks väga suur samm.

Tegevusvaldkonnad, eesmärgid

OECD on majandusanalüüsi ja majandusliku statistika keskus, kus on suur rõhk võrreldavusel (näiteks PISA on üks OECD uuring). OECD töötajad koostavad umbes iga pooleteise aasta tagant riikide kohta majandusaruande (näiteks Eesti kohta koostati 2009. aastal ning järgmine koostatakse 2011. aastal). OECD tegeleb erinevate majandusvaldkondadega (põllumajanduse, tööhõivega jne), et kogemusi teistele riikidele jagada. OECD eesmärgiks on maailma majandust parandada, kogudes parimaid praktikaid riikide kohta, et liikmed saaksid teiste vigadest ja kogemustest õppida, rakendades neid oma poliitikas. OECD-l on hargmaisele ettevõttele suunis: sihtmärgiks on multinatsionaalsed ettevõtted, mis tegutsevad mitmetes riikides. OECD on A&O arenguabi valdkonnas, jälgides seda, kui palju mingi riik annab mingil aastal arenguabi. OECD mudelil põhinevad lepingud, mida riigid sõlmivad, et vältida topeltmaksustamist. OECD on välja töötanud pöördmaksustamise lepingud. OECD hääletab aastas paar korda formaalselt (näiteks eelarve ja aastaruande puhul), muudel juhtudel töötatakse nii kaua, kui leitakse konsensus. Kord aastas mais-juunis kohtuvad OECD ministrid, kus oleneb teemast, milline minister osaleb. OECD teeb tihendatud koostööd 5 riigiga (Hiina, India, Indoneesia, Brasiilia ja LAV), keda hiljem OECD-sse tuua. OECD on kombanud pinda ka Araabia Ühendemiraatides ja Põhja-Aafrikas (näiteks Egiptuses). OECD sihid pole väga palju aastatega muutunud: alati on eesmärkideks fiskaaltasakaal, elatustaseme paranemine, tööhõive ja majanduskasv. Samas on tulnud juurde uusi teemasid: roheline majanduskasv ning arengukoostöö. OECD ütleb ise, et nemad hakkasid esimesena keskkonna küsimustega tegelema.

Eesti ja OECD

Me oleme lõpetanud liitumisläbirääkimised, mis kestsid 2007. aasta lõpust kuni 2010. aasta kevadeni, kuid Eesti peab veel liitumislepingu Riigikogus ratifitseerima. Kui Eesti ratifitseerib liitumislepingu, saab ta liikmeks 2010. aasta lõpus. Kuna Eesti pole veel täisliige, siis meil ei ole veel organisatsioonis oma suursaadikut. Eesti jaoks on ainus vastuargument liikmelisuse vastu suur liikmemaks. Selle ajani kui Eesti polnud liitumisläbirääkimisi pidanud, sai ta saata ainult vaatlejaid komiteedesse, kuid tihtipeale ei õnnestunud Eestil saada sinna kohti, kuigi spetsialistide seas oli suur huvi. Kui Eesti sai liitumisläbirääkimistele, siis tekkis kohe võimalus osaleda rohkemate komiteede töödes. Kui Eestis lükataks tagasi liitumise otsus, siis see mõjutaks kaudselt Eestit. Samas on liikmemaks juba järgmise aasta eelarves sees ning oli seda ka selle aasta omas, sest ei teatud, kui kaua liitumisläbirääkimised kestavad. Eesti jaoks on oluline aru saada, kuidas seda organisatsiooni võimalikult kasulikult ära kasutada. OECD-ga liitumine ei too Eestile ametnike kohti juurde. OECD väljaanded on kättesaadavad Rahvusraamatukogus, mis on OECD kontaktraamatukogu Eestis.

Konspekteeris Andrus Raudsepp

On 28th November, the guest lecturer in RSR was Marina Kaljurand who gave lecture on “Cyber Security – challenges and potential responses”. She has served as the Ambassador of Estonia to USA, Mexico, Russia, Kazahstan and Israel. She has also been the Minister of Foreign Affairs of Estonia. Currently, she is a Chair of the Global Commission on the Stability of Cyberspace.

First time when Marina Kaljurand learned about cyber security was in 2007 when Estonia was under politically motivated cyberattacks. Back then she was an Estonian ambassador to Russia and she had to explain what is happening in Estonia – DDoS-attacks. It was important to talk about this because cyber does not have borders and in this field, cooperation is necessary. She said that states are not allowed to take any illegal actions and according to international law they must stop every illegal action that is transiting their country. It was known back then that cyberattacks came from Russian territory – Estonia had all the legal instruments in place, but the will was missing (there was a cooperation between allies but not with Russia).

In year of Snowden’s disclosure, Kaljurand was posted to the US. She said that the US changed a lot during these times and question of trust was the most important. Estonia was the first country to have a bilateral agreement in cyber security with the US and it was used as a hook to bring Obama to Tallinn (he came later, though). For Estonian diplomats, it is very important to represent our country because usually nobody cares about us and many even do not know (still think that we are part of the USSR). That was the reason we had to find our niche – which is cyber (e-lifestyle, cyber security) – and now it opens the doors and starts the conversations.

Currently there are 84 global bodies dealing with cyber security. Marina Kaljurand is the Chair of the Global Commission on the Stability of Cyberspace. At first, they were hesitating to include Russian and Chinese experts but as it is a global commission, they need people from different countries. They also have Jeff Moss and Joseph Nye, also human rights activists, and civil society experts. Commission is a multistakeholder. Governments need to cooperate in order to be successful because there are a lot of actors in cyber area. There is an ideological division in between of how the ICT is seen – one side (especially the West) sees it beneficial (lets do it!) and another (i.e. Russia and China) side sees the use of the ICT as interfering (colour revolutions, influencing internal politics). It is difficult to cooperate between two divisions.

Cyber is not only for IT geeks, there are so many fields – diplomacy, international affairs, law, etc. For Kaljurand, cyber security is about stability, it is an open, secure, stable, and accessible Internet. 65% of people are not online yet, they are to join us and we need to have stable and secure Internet. She said that we have to raise the awareness to countries who have no idea what is happening in cyber field. Thus, although she had no idea what all the 84 bodies are doing, she was happy that there are so many of them who are raising the awareness.

In 2013, it was decided by the UN GGE that international law applies to cyber space. The question is about how (jurisdiction and sovereignty). When is the sovereignty of a state violated (for example, in case of malware or when somebody really dies because of a cyber-attack?) UN is the only global organization, but it is from the 1940s. UN will never agree on everything, thus we need a division of like-minded states who have the same understanding and norms on how to behave in cyber space. For example, norm is that it is not okay to attack financial institutions during the peace time. Every country should be interested in having common norms, but it is not possible to agree because of the ideological divisions. If UN cannot work on that, then a group of likeminded countries can. Other bodies are the EU and NATO and both have its roles, for example, cyber is the 5th domain of operations (in addition to air, space, land, maritime). There is a NATO Centre of Excellence in Tallinn. The aim of cyber stability is to avoid misunderstandings (confidence building is getting people together, OECD is doing an excellent work there).

Kaljurand also spoke about Estonia’s e-voting. She used Hack the Pentagon – hackers were asked to hack a system to find vulnerabilities – example and she wants to do the same in Estonia with e-voting. She believes that we have a good system but there is so much criticism from abroad and we need a PR-event - Hack Estonian e-voting. We need international hackers for that. Government is not ready yet but she is still convincing it. We need to face challenges but not to step back. It may happen that people perceive it as negative PR (hackers are hacking Estonia) but we need to explain a lot what are we doing and why. We were lucky to have an ID-crisis in 2017 because we started to feel ourselves too comfortable.

What is the future of UN GGE? Has it failed because in the last meeting the participating countries did not reach a consensus?

Internet of Things, terrorism, international law, norms, confidence building measures, capacity building – GGE is looking these five fields. GGE was supposed to write a report (goal was not to go back from what was agreed two years earlier). Kaljurand does not think that coming years show a will of agreeing on something, she said that coming years will be for educating.

She also said that we need to start asking something for return. For example, if some country wants assistance in e-taxation, then it must make a political statement (international law applies to cyber space or a statement about human rights). If a country is not willing to make a statement, then it should ask for an assistance from some other country.

How to deal with Russia and China?

She has no answer to that. Balkanization of Internet (different countries have different Internets). She does not see that we could find common ground with China or Russia because of the big ideological differences. It may happen that states reach the point where they agree that cyberattacks are not okay. 2007 nobody died, it was just humiliating. All the cyberattacks have been kind of mild but if cyber 9/11 happens then the world would come together, and states would have more will and intentions to agree on some rules. It is a grey zone if you do not have rules. People get to together usually when something bad happens, it has not happened with cyber yet.

Tech-people can do attribution, but it has a political dimension as well, as it depends on the politicians (do they have the courage to say it out or not). She referred to former Minister of Defence Jaak Aaviksoo who said that we did reasonable attribution and our conclusion is that when somebody does everything like a dog then most probably it is a dog. Attribution is a political question and increasingly states should say that they were attacked by this or that country.

You can buy cyber weapons from the black market but it’s too primitive. It will change with Artificial Intelligence (AI) and internet of things, it will be cheaper for terrorists. So far it has not been used. KRATT – Estonian law on AI (obligations, responsibilities). Finland, company who has AI in its board, EE-FIN are competing on who will have the law first.

Why are there so many diplomatic efforts (84)?

She does not know what all of them are doing. On the one side, it is good that so many institutions are discussing cyber security. 2004 or 2007 nobody was discussing cyber but today everybody is discussing it. Her commission tries to look at what others are doing. It is good to have so many even if they duplicate. It is important to discuss and educate people.

Cyber security is connected to open internet. Are the EU and US values the same if something goes south?

US is very vocal about open internet, freedom of the Internet. They are strong supporters of human rights online and open internet. There are differences how countries see intelligence etc but basically, we are on the same side. We may disagree on small things, but we share the same principles and understanding.

Could you elaborate more on EU’s role (EU diplomacy toolbox) concerning cyber security?

Cyber diplomacy toolbox – if something happens how do we react. International law allows retaliation. We have regulations. What are the measures in case of cyberattack against a member state? All the rules apply to cyber security (political statements, sanctions etc). The same as the EU has done in the case of Crimea. In the EU it is easier than in NATO. In NATO, there is no mechanism of what to do in case of an attack.

However, there is a problem with the EU and overregulation - EU is very happy when it can regulate something. EU is not a single market, with cyber it is more complicated, there are more regulations. Some regulations are needed because you need to have some frames. You have to know what is allowed and what is not. It is difficult to find a balance.

How Is the cooperation with industries?

Estonia is cooperating pretty well with the industries. All industries (Microsoft, Facebook) complained that governments were not cooperating enough. Industries have ideas. States will not give away authority on retaliation, attribution etc. It is about attitudes (I know how to do my job!). Governments are starting to understand that they can’t do anything without industries. In the end, they have IT-nerds, governments cannot afford them. Hackers are going to school and teach cyber hygiene to students. Teachers were negative until they started to cooperate with the policemen. She said that hackers despite their image are not bad guys.

How much is Estonia an ideal case? How to implement it to other countries?

Estonia is doing well. Other countries need to find what is suitable to them. They don’t need to copy; every country (state) can find something what is interesting to them. Estonia needs to introduce what we are doing and urge others to find what is interesting to them. You can always do the same thing but with going around the corner.

Konspekteeris Kert Ajamaa