World+dog ignores Sweden's Draconian wiretap bill
'If your email crosses our border, we tap it'
Agentless Backup is Not a Myth
Sweden is on the verge of passing a far-reaching wiretapping program that would greatly expand the government's spying capabilities by permitting it to monitor all email and telephone traffic coming in and out of the country.
So far, hacks from the mainstream Swedish press seem to be on holiday, so news about the proposed law is woefully hard to come by. That leaves us turning to this summary from the decidedly partisan Swedish Pirate Party for details. We'd prefer to rely on a more neutral group, but that wasn't possible this time. According to them, here's a broad outline:
The En anpassad försvarsunderrättelseverksamhet bill (which loosely translates to "a better adapted military intelligence gathering") gives Sweden's National Defence Radio Establishment (FRA) direct access to the traffic passing through its borders. Now remember, we're talking about the internet, which frequently routes packets though multiple geographically dispersed hops before they reach their final destination.
This all but guarantees that emails and voice over IP (VoIP) calls between Swedes will routinely be siphoned into a massive monitoring machine. And we wouldn't be surprised if traffic between parties with no tie to the country regularly passes through Sweden's border as well, and that too would be fair game. (For example, email sent from a BT address in London to Finland is likely to pass through Sweden first.)
Once intercepted, the data will be searched for certain keywords, and those that contain the words will be pulled aside for additional scrutiny. A broad array of organizations will have use of the system, including the Department of Transportation, the Department of Agriculture, the police, secret service and customs, and in some cases major businesses. The bill allows Swedes to be singled out, as well.
When the bill was introduced in early 2007, Google was reportedly so concerned about its consequences for privacy that it threatened to limit its ties to the country if the measure passed.
"We have contacted Swedish authorities to give our view of the proposal and we have made it clear that we will never place any servers inside Sweden's borders if the proposal goes through," Peter Fleischer, Google's global privacy counsel, said last year, according to this article. "We simply cannot compromise our users' integrity by allowing Swedish authorities access to data that may not even concern Swedish activity."
But so far, few outside of the pro-privacy universe have bothered to discuss the bill this time around. There have been no similar pronouncements from Google and representatives there didn't respond to a request for comment. The Electronic Frontier Foundation has likewise been reticent about the bill.
"Surprisingly enough, there hasn't been that much written about it, even in the Swedish media," said Patrik Runald, a Swedish national and a security response manager for F-Secure who works in San Jose, California.
"The funny thing is when asked what do you want to look for, [backers of the bill] don't really specify what they're interested in," he continued. "It's a very broad bill. They basically can interpret whatever they like."
One of the few recent press mentions of the bill came from a publication called Cellular News in London. According to this story, Nordic and Baltic telecommunications provider TeliaSonera planned to move email servers out of Sweden to protect the privacy of its Finnish customers.
The bill is scheduled to come up for a vote on June 17. According to the Swedish Pirate Party, a majority of parliament currently backs the bill. ®
COMMENTS
@ Looks like you could prosecute Anders Wik
<< “The duties have been there before, but in this way they will become legal.”
Could be a bad translation, (or misquote) but how can it 'become' legal unless it was previous 'illegal'? >>
I suspect - from context - that it means that a duty that was previously expected but wasn't actually a legal obligation is to become a legal obligation. It's not legal as in the opposite of illegal. It's legal as in the opposite of voluntary or conventional. Mandatory rather than optional.
Different type of surveillance?
As far as I know the Swedish Intelligence has a tradition for not actually collaborating with the Swedish police and certainly not sharing their data with them. While they now and then ask the police for "services" they do not normally disclose much anything to them. So this surveillance is very likely to ignore what commonly is recognized as criminal activity and focus upon national threats. Additionally data that are not deemed relevant for national security are expected to be deleted from their systems as they are not of interest to the military. Also it appears quite obvious that the police will have no access or influence to the system or its usage. So I would not expect that any "pirates" are going to be under investigation because of this surveillance and I would even go so far that I would suggest that criminal activities in general will be completely ignored because of the simple fact that they are of no particular interest for the Swedish national security. While in other countries (such as UK and the US) the spying is done with a general focus on "criminal activities" and thus much of it becomes available to the police for the support of criminal investigations.
As far as I could tell from available information it does not appear to be the case in Sweden that this system would be of any help or give any support to normal criminal investigations. If any one has better info please clarify this issue.
just ignore the lower case
CANibal THEse TErribleXT BOTtleS WOnderRooK OvertUnderTaking WHangerAT I HAValEne TYpexPED tHERrElaxation?
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Cloud based data management
Enabling efficient data center monitoring
Agentless Backup is Not a Myth
