torsdag, augusti 28, 2008

Wiretapping - the Swedish way

Artikel i "Digital Civil Rights in Europe" den 27 augusti 2008

ENDitorial: Wiretapping - the Swedish way
27 August, 2008

The Swedish Parliament, Riksdagen, adopted 18 June 2008 a law which obliges all telecom and Internet providers to transfer all communication that passes the Swedish border to Försvarets radioanstalt (FRA), or the National Defence Radio Establishment as it is officially called in English. It is the Swedish national authority for signals intelligence.

Even though domestic Internet communication is between two persons residing Sweden, the same information may cross national borders through Germany, Denmark and USA. That is how the Internet works. This means that all Swedes as well as people residing outside of Sweden may be subject to the surveillance of FRA. FRA may transfer information to other countries and the Guardian has recently reported (7 August 2008) of a Secret EU security draft which would give USA "Wholesale exchange of (personal) data". It is within a greater international perspective one should view the Swedish legislation.

It is possible that Sweden has the most valuable information. 80 % of the Russian telecom and internet communication passes through Sweden. Thus, it is not an accident that FRA has one of the most powerful computers in the world, together with some computers in the USA and one computer in the UK which operates computations on nuclear weapons. There is an ongoing debate over the true motive for the adoption of the law. This is only one of the theories. Many countries and companies, including Finland, Norway, Google and TeliaSonera, use the Swedish cables and are very critical of the FRA wiretapping law.

The FRA wiretapping law adopted in June 2008 consists of four statutes, including a newly adopted statute on signals intelligence and changes in three other statutes.

The law will enter into force by 1 January 2009 and the actual operations will start later in the year. FRA has a mandate to search for "external threats", which involves everything from military threats, terrorism, IT-security, supply problems, ecological imbalances, ethnic and religious conflicts, migration to economic challenges in the form of currency and interest speculation. This very broad mandate has attracted a lot of criticism. There is no requirement that the FRA should have a reason to suspect crime or a court order before a Swedish citizen is to be under surveillance. This must be seen against the background that the police may ask FRA for support in its efforts of crime control.

In contrast to what the law actually says, the Government denies that the police may use the FRA and say that FRA will only monitor "phenomena" and not individuals. The critics ask how it is possible to monitor phenomena without monitoring individuals.

As one of the critics, I have accused the Government of "doublethink" and "newspeak" in their defence of the law. The Governments statements are full of contradictions, which they ignore. The main Government Party in a coalition of four parties even deny the core of the law, which obligates all telecom and Internet providers to transfer all communication that passes the Swedish border to FRA.

In the eve of the vote of 18 June 2008 there were strong indications that more than the necessary four parliamentarians of the centre-right coalition would shift side and thus deny the adoption of the statutes. There was intense pressure on these parliamentarians and on the day before the vote, Fredrick Federley, a critic in the centre party, struck a deal with the Minister of Defence, Sten Tolgfors, which involved that additional protection would be added in the interest of privacy at a later point in time. This made the resistance in the coalition parties to crumble.

In the end, only one parliamentarian shifted sides, Camilla Lindberg, of the liberal party who became a national hero while Fredrick Federley, in the eyes of many, lost a lot of credibility as a civil rights promoter. Another member of the liberal group, Birgitta Ohlsson, abstained. The two members of the liberal group had concerns that the additional protection would not change the fact that the law obliges all telecom and Internet providers to transfer all communication that passes the Swedish border to FRA.

This did not quiet the critics. By 14 July 2008 the resistance in the liberal party had regrouped and they published an op-editorial in the daily Dagens Nyheter signed by the necessary four parliamentarians and three previous party leaders representing 25 years of leadership in the liberal party, all demanding the Government should recall the law. Later, two liberal parliamentarians joined the other four and stated live on TV that they were willing to support a motion to recall the law. The Government is making serious efforts to divide the group and make one or several of them return to the Government side.

As of this date, the Government has not been successful. The six liberal parliamentarians must team up with the social democrats, the green party and the left before the end of September 2008. After that, it is impossible to table motions from the opposition which will enter into force during 2009 and recall the law.

To conclude, the showdown for Swedish wiretapping by FRA is in September 2008.

Government Proposal on Defence Intelligence (only in Swedish, 8.03.2007)

Secret EU security draft risks uproar with call to pool policing and give US personal data (7.08.2008)

EDRi-gram: ENDitorial: Sweden is listening to all internet and phone conversations (2.07.2008)

EDRi-gram: ENDitorial: A new "NSA FRAnchise" set up in Sweden? (4.06.2008)

(contribution by Mark Klamberg - Doctoral candidate, Stockholm University - Department of Law)

Christian Engström, Opassande, Farmorgun, Satmaran, ProjektPåRiktigt, Maria Ferm

4 kommentarer:

Hans J sa...

Not only is the actual voting in parliament a very strange affair. Afterwards the government has been very reluctant to discuss any matter about the law and consequences of it.

A lot of incriminating facts has come to surface that makes it clear that the FRA has committed - if not directly criminal acts so - at least acts not in the spirit of their mandate. Safeguarding agencies have refused to perform investigations into allegations.

The fact that FRA will in future and is since long time exchanging information with other intelligence services in different parts of the world clearly makes this issue an issue of interest for the whole world!

Anders Andersson sa...

I'm seriously interested in comments from native speakers of English familiar with the technology involved concerning the Swedish government's use of the term signals intelligence (Sw. "signalspaning") to describe what actually amounts to administratively ordered wiretapping of commercial telephone lines (typically optical fibers, or sometimes perhaps electrical wires, here transmitting multiple simultaneous connections across national boundaries).

To me, and as I interpret the Wikipedia article on the subject, signals intelligence is about the detection and analysis of airborne electromagnetic signals, primarily radio waves. It may also involve detecting electromagnetic radiation leaking from electrical communication systems either directly via the communication wires, or indirectly via the power transmission lines.

However, the Swedish law is not about allowing the FRA to set up sensitive radio receivers outside major telecommunications hubs that are insufficiently secured against unwanted electromagnetic emissions. Instead, as Mark describes, the law requires the telecom operators to provide special access points to the FRA. We are talking optical fiber splits here.

In addition to that, the operators are supposed to assist the FRA in decoding the optical signals by offering information on coding formats and protocols, rather than have the FRA perform their own spectrum analysis on the light received.

Consider the hypothetical military equivalent: Instead of secretly detecting the transmission frequencies and patterns of an enemy radar station, you use your overwhelming force to actually take command of the station and force the enemy to hand over the technical specifications for their radar system. The same for any encryption keys used for their radio communications, so that you may conveniently listen to their channel indefinitely, regardless of the enemy knowing it. You also attach a galvanic wiretap to their wired intercom, in plain sight of the enemy. This is signals intelligence?

This may seem like a non-issue of limited interest only to a small group of communications buffs. I'm still curious, because the Swedish law is labeled (in English translation) "Act on Signals Intelligence for the Purpose of Defence Intelligence". The text of the law mentions "interception of signals in wires" as one means of conducting signals intelligence, and regulates its use by the FRA.

Apart from the technical means used to access the physical "signals", the law applies the very same formal regulation to the use of information obtained either by radio or by wire (fiber). The government, and other advocates of the law, have even used the appearant similarity between radio and wire communications as a political argument for letting the FRA apply wiretaps to private telecom wires, just as they may use antennas to listen to anything in the entire radio spectrum, including international phone calls transmitted via satellite links.

Anders Wik, former head of the FRA, has admitted to the agency having systematically listened in on commercial satellite links since 1976, citing "freedom of the airwaves" as their legal basis. As more and more international phone calls are now transmitted via wires, the government wants the FRA to continue this interception of information regardless of transmission medium.

In case you are uncomfortable leaving your comments here on Mark's blog, I'd welcome any comments on this issue sent to my e-mail address, which you may find on my website (linked to my name above). I'm sure you are already aware that even e-mail isn't necessarily "private" in the sense you may want it to be, considering the number of jurisdictions the message will cross physically. I'm sorry, I haven't issued a public key for encrypted e-mail to myself yet.

Jens O sa...

And i get's even better. Acording to SvT (Swedish National Television).
FRA get's even greater power, thru a new law. A law that so far, has pased annoticed.
They are going to bee, the master of security. Fore all of the most importent, and high level security in Sweden.
On the governmental side. High level security funktions, like cryptology-, digital security.

"Beslutet, som fattats i all tysthet av riksdagen, innebär att hanteringen av så kallade krypton och kryptonycklar
för en lång rad centrala svenska myndigheter förs över till FRA. I våras lade regeringen fram ett förslag till riksdagen
om att lägga ner bl.a. krisberedskapsmyndigheten för att bilda en helt ny myndighet som ska hantera kriser och katatsrofer.
I slutet av regeringens propositionen fanns ett förslag som hittills inte uppmärksammats alls.
En viktig del av Krisberedskapsmyndighetens verksamhet skulle föras över till FRA.
Det rör sig om delen som handlar om signalskydd, dvs hur myndigheter skyddar sin kommunikation mot bl a avlyssning och olagliga intrång.
I praktiken rör det sig om att hantera krypton för att skydda information och kryptonycklar så att mottagaren
har möjlighet att läsa innehållet."

They are fore sure, consolidating them selvs. As a center, of governmenatal power.

Mary sa...

Här komemr ett längre inslag fråb Svt om FRAs ökade befogenheter. Från imorse.