Armani Pogosjan: the National Defense Chapter of the Constitution of the Republic of Estonia deserves a more thorough interpretation than has been done so far
Armani Pogosjan, lawyer at Ellex in Estonia, views the Constitution of the Republic of Estonia in the context of cyber security.
An analysis of the commentaries on Chapter 10 of the Constitution “National Defense” showed that it was only in 2017 when the need to interpret the chapter to include cyber security was indicated. When thinking about cyber security, it appears that the most important bottleneck is the lack of clarity about which chain of responsibility is triggered in case of cyberspace protection or an attack on it. Legal clarity could be created by a more comprehensive interpretation of cyber security in the commentaries of the Constitution.
In the context of national security, one of the purposes of the constitution is to protect the country and population from threats. Today, threats also lie in cyberspace, so according to the spirit of the Constitution, the state must be protected in cyberspace as well. National defense, which ensures national security, is not limited to military national defense but is a broader and changing concept that depends on the security risks that threaten the country and the country’s security policy. However, in addition to military defense, the main activities of national defense are also the civilian sector’s support for military defense, international activities, ensuring internal security, securing the continuity of the state and society, and strategic communication. The effective operation of all these lines of activity is increasingly dependent on functioning ICT and cyber security in general.
Thus, it must be concluded that cyber security involves the country as a whole and, therefore, ensuring cyber security in ensuring national security must be formulated in the commentaries of the Constitution as clearly as it has been done for the principles of ensuring national defense.
Until now the authors of the annotated editions of the Constitution have stuck to a flexible interpretation when it comes to cyber security but when thinking about the new annotated edition, it could be significantly more detailed.
For example, there could be an open legal definition of cyberspace that clarifies for both the holders of state power and other legal entities the scope of this space and the limits of responsibility. In addition, the principles which the state relies on to protect the rights of the subjects and which the individuals themselves should proceed from. Also, opening the chain of institutional responsibility for threats and cyberattacks that lie in cyberspace would contribute to national defense in cyberspace. If we can assume that each of us knows how to behave and who to notify in the event of a fire or an accident involving a person, then the same chain of behaviour should be clear to everyone in case of cyberspace incidents. Considering the large-scale damage that can be caused with paralyzing strategic objects by organizing attacks in cyberspace, a clearer definition of the principles of national defense and the chain of responsibility is relevant and essential in understanding the Constitution.
The formulation of the national organization of cyber security in the commentaries of the Constitution can set the direction for the legal space as well as for all those who are responsible for ensuring cyber security. A clearly worded cyber security arrangement solves the situation where the parties concerned interpret the arrangement as they see fit. A clear wording can be a solution to the ambiguity of the management system, including the division of tasks and the chain of responsibility. This way the commentaries can provide clearer guidelines which would be the basis for the legal system and, in the final stage, also for all those that implement the law.