My new project: Tact, a simple chat app.

How I and some other bloggers had an encounter with the Estonian Security Police regarding freedom of information

June 10, 2007

Perhaps it’s a long and confusing title, but it sums up the content. So if you won’t bother to read any further, here’s my take of what happened: I and some other Estonian bloggers had an encounter with the Estonian Security Police where we asked them to publish in the Internet some information about their work that they had been distributing publically on paper, and that they are required to publish on the Internet according to Estonian law. There was some back and forth, but in the end, our laws, democracy, freedom of information and common sense prevailed and they published the information on their homepage.

I didn’t want to publish this story in English before simply because things were changing too rapidly as new information and events came along. But the story had a happy end already a few weeks ago, and I guess it’s now OK to publish here as it has now become history instead of current news.

What this is about and how it got started

The Estonian Security Police, or “kapo” as it’s commontly known, is a state institution whose job it is to deal with domestic threats to the Estonian constitutional order – undoubtedly a critical task in the current elevated international security situation in this region. This involves many important things like counterintelligence, counterterrorism, anticorruption investigations and such. Most European and world countries have similar agencies. In the US, this is similar to the National Security Branch of the FBI.

Due to the nature of their work, these organizations operate in a fairly closed manner and no one has a problem with that or is challenging it. But there was something that personally upset me and I guess this is how this encounter got started.

Every spring, kapo publishes an “annual report”, or “yearbook”, about their work during the previous year. This is a public document that contains no secret operational information and is by the nature of its content suitable and indeed intended for public distribution. It is always anticipated by Estonian journalists and receives a lot of media interest and comments, since it provides important insight into the past year’s internal security developments. Publishing similar yearbooks on the Internet is a common practice in both the public and private sectors and also for similar agencies in other countries. For example, here is the 2006 report for Finnish Security Police, and here’s the UK one for 2004-2005, and German for 2006.

So far, all is good and well. But what upset me is the distribution and (non)availability of the actual publication online. It was referred to in the media as “public document”, yet it wasn’t published online anywhere in its entirety, and was nowhere to be found on the Internet. The kapo homepage contained their yearbooks from earlier years up to 2004, but only in Estonian. Yet I know that it was actually published on paper in both English and Estonian, and in the current era of information warfare, every piece of objective public information from official sources helps. And I do not want to stick with what the media has selectively chosen to report about the document – I want to study the actual full document from its original source without any mediation, and I want other Estonian citizens and people from other countries to be able to do the same.

So I set off to a mission to make sure that these publications were available online, preferrably on kapo’s homepage, but if that wasn’t possible then other methods would work as well. And after a while, I got my hands on the PDF-s of both the English and Estonian versions. For the sake of this argument and to make things simpler, let’s assume that I was walking on the street in Tallinn and found a USB memory stick with the PDF-s on them. I may as well have obtained a paper copy that was freely distributed, and scanned it.

Publishing the documents

So now I was sitting on the electronic version of the documents and had a choice of what to do with them. I know that since the yearbook was reported in the media, some people actually asked kapo about publishing it online, since the earlier versions were available on their website. And they were told something like “we’ll publish it at a later time”, without specifying what conditions need to be met for that to happen or when exactly is “later”.

This didn’t really click for me. And it’s a general lesson for everyone in the information age: public information is public regardless of its publication channel. And in this day, it will end up being on the Internet even though you may want to limit its distribution to some other channel, such as paper only.

Note that I said “public information”. Laws certainly exist to protect state secrets and other official information with limited distribution rights. And businesses have similar internal rules. It has never been my intent and never will be, either in my own daily work or in relation with state agencies, to “leak” something. This is why I took extra care to read through the PDF-s, looking for both notices about limited distribution, and for content that may be unappropriate (damaging state interests or security) when published on the Internet.

I found neither. There were no notices about distribution limits, and all the content was basically just a condensed version of the public news that had been reported throughout 2006, with some analysis and comments added.

So I decided, heck, this is public information that can be distributed freely according to our Public Information Act, and I can help here, so let’s post both of them to this blog so that people can read them. Ideally, I would have linked to the kapo site as the official source. And I could have asked them to upload it to their site. But it may also have taken me nowhere, and time is always of essence and things can change quickly in the public international information space. I thought that it was important that the Estonian and international community should swiftly have access to this very important public document.

I knew I was taking a risk publishing the document since I was not its initial author or “owner of the information”. Yet I somewhat was entitled to access to this public info that was produced with my tax money and was already public on paper. So having weighed all the sides, I decided that the right thing to do was to publish them and thus set in motion a sequence of developments that followed. I know that a little drama sometimes helps to get the point across much more quickly and clearly.

The takedown, further development and laws

I published the PDF-s on my blog on a late Tuesday night. In less than a day, the next Wednesday, I was contacted by kapo and talked with one of their officials by e-mail and phone. They asked me a very simple thing – to remove the PDF-s from my blog. It was then that it occurred to me that I may actually have something wrong, even though I studied the laws a bit and didn’t really find any paragraph that I may have violated with this action. But at that point, I was busy doing a lot of other stuff and was at a moral low point. I didn’t care whether I was right or wrong, I just didn’t want to have anything to do directly with the kapo people at that time any more. And I had already made my point – I had nothing further to prove by keeping the files available on my blog. By that moment, I knew that the story was already bigger and beyond my humble blog or person. So we just agreed that I remove the documents, we ended the call and I removed the files and links to them.

Some people asked me later about the call whether they referred to any legal statutes empowering them to demand such takedown, versus my freedom of press/speech/information. Or, whether we talked about what might happen if I didn’t comply and take down the files. But we didn’t get to such finesses. I believe in simple communication between people, and this is what happened. They asked me to take down the information that they supposedly owned, and I chose to respect their right to ask this and complied, knowing that the story wouldn’t yet be over then and there.

Kapo then set off to find and communicate with the other people who had published the file, asking them similarly to take down the files. This has been documented in other places, such as Larko’s story. But where they shot themselves in the foot was the legal grounds for this. Kapo argued that since they are the copyright owners for the yearbook, they have every right to choose its distribution channels according to copyright rules. Yet we know that the original reason that copyright came long was simply to ensure private authors appropriate compensation and limited monopoly for their original creations. The implementations of copyright continue to evolve in the digital work, but one thing that’s for sure is that in most cases, copyright is limited to private authors and does not fully extend to government. In the U.S., federal government works are specifically excluded from copyright (I believe this is to ensure democracy and freedom of information).

So on one hand, we had the copyright argument. On the other hand, we had the Estonian Public Information Act that’s generally very progressive and appropriate and specifies the obligation of public sector to generally publish any information that’s not limited-distribution, with Internet being the preferred channel for information distribution. Even though kapo argued otherwise, the yearbook seemed to meet every criteria of the information that’s specifically listed in the Public Information Act as documents that their publishers MUST publish on their website.

So we kept pressing the matter. I knew I was right then, and received a lot of support from many people I knew on the blogosphere and otherwise. Thanks :) And “pressing” meant that several people went directly back and forth with kapo, asking for the same simple thing – publication of the yearbook so that it would be available to readers on the Internet, similarly as it’s available on paper (but with much more efficient and cheaper distribution).

A happy ending

By now, the story has had a happy ending and I achieved my objective. The kapo yearbook of 2006, together with some earlier editions, is available for everyone to downloading and reading from the official source in Estonian or English (scroll down). You can read this public information and draw your own conclusions, which I believe is generally the right of every self-aware citizen of the democratic world that can be limited only under very specific circumstances.

To be precise, what’s published online is only the text. It lacks the layout, photos etc that were in the paper edition. But those extra things were only illustrations – it’s the text and content that matters, and this is now available.

Learnings

There are quite a few learnings and implications here.

There are two very simple principles. If the kapo had followed them and published the yearbook on the web right away, none of this confusion would have happened.

First, in any given organization (be it a business or a country), information is either public or private/secret. There is no third option. Furthermore, as specified in the laws of democratic countries and in Estonia specifically in the Public Information Act, any information produced by the government and its agencies is public unless it falls specifically into “secret information” category according to the relevant laws. Yes, there is always an aura of mystery and secrecy around security agencies, but in a modern democratic e-state, freedom of information and other laws apply also to them (or should we say, ESPECIALLY to them). There are no agencies that are above and beyond the law ,and the rules must be written in laws instead of arbitrarily invented and implemented by officials individually – this is what distinguishes free countries from others that are not so free, and democracies from tyrannies.

Regarding government information, there can’t be any “grey zones” where information is only public to some people who are “more equal” but not to others, or where it can only be distributed in one form but not another, but none of this would be codified in law and so officials could exercise their own authority and discretion. Such unwritten limitations to freedom of information have been characteristic to antidemocratic states and tyrannies. Estonia likes to think of itself as an “e-state” and all the government officials love to talk about it with their colleagues and in all sorts of international venues. I believe that next to simply being able to interact with the government online, an inalienable part of being a modern democratic e-state is making all public information available to everyone on the Internet.

Secondly, Internet is the cheapest and most efficient form of information distribution. Kapo spent a lot of tax money producing their paper yearbook and paying for all the nice layout that’s only available to those that read the yearbook on paper. Instead, they could have put the whole thing on the Internet (with or without layout) right away and saved all this production cost that could then have been spent on their core tasks. We may argue that they used e.g photographs that only had licenses for paper distribution, but this is then their production error. In a modern democratic public sector and e-state, it’s wise to assume that all public information and documents produced will also go to the web and Internet, and then make sure that the licenses of all assets (photos, videos etc) that are produced using the tax money comply with this.

I don’t want to overexaggerate my own role in this story. To me as an Estonian citizen, this was an exercise in seeing whether it’s possible for a simple citizen (together with some others) to enforce the Public Information Act and freedom of information. I had some personal ups and downs in the story and we didn’t agree with kapo about all the legal nuances in the end (such as whether or not the yearbook falls into the scope of specific paragraphs in the Public Information Act), but what matters is the end result – that public information is available from the official source on the Internet to everyone. To me, this is proof that I continue to live in a democratic country with rule of law and general freedom of information.