FRA Leak – American Communications Captured and Stored, Storm Continues

To say that the new FRA law in Sweden is controversial is really an understatement at this point.

Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes

New reports have surfaced that say how not only MPs of the Swedish government are currently being bombarded by a huge flood of e-mail over the new law, but now an investigation by the Chancellor of Justice has been launched into the leak of a secret document from the internal FRA website – a leak that shows American communications were captured in the system.

We have been following the FRA controversy since just about the first report that said how legislation was tabled. Since that time, it seems as though controversy has been growing just about exponentially. While warrantless wiretapping is, by far, not unique to Sweden, the aftermath alone has made the debates a sight to behold.

Of course, the aftermath expands beyond a few concerned privacy rights advocates. More recently, Swedish news site ‘The Local’ has been following the developments at least since the controversy over the laws took off and their more recent stories seem particularly noteworthy. The first story discusses how the new surveillance law would ‘drive businesses out of the country’.

“Take us, for example. We are a fast-growing internet company offering mobile email services to a global market. Since all our international services pass through a network operations centre in Sweden,” writes Roger Grönberg, CEO of Momail, “our customers’ communications are now going to be subject to surveillance regardless of the prevailing laws in their home countries.”

He continues:

An email exchange between two Danes for instance is first sent to Momail’s operations centre, where it is optimized and tailored to meet the customer’s specific needs. This means that the email will “cross Sweden’s borders” and, as such, will be scanned by Sweden’s National Defence Radio Establishment (FRA).

It will not be easy to explain this to our private Danish customers or to the Danish mobile operators who are our clients.

Since the internet has become such a fundamental carrier of information, it is natural for many companies to base their businesses on the success of the phenomenon. But just as it is beginning to really find its feet, the development of web-based business in Sweden may well be dealt a deadly blow by the introduction next year of a law that is certain to do more harm than good.

Judging by previous reports we published, the FRA law seems to have been seen as an idea that is bad for society in Sweden. These comments clearly fulfill the idea that the surveillance laws is basically bad for businesses in Sweden as well.

Meanwhile, it seems natural that the FRA had become unhappy with the whole situation. Two days earlier, The Local pointed to an interesting article in Svenska Dagbladet (Swedish Newspaper) where the head of the FRA suggested that they were disappointed by the level of government support. From the posting:

“We are a punching-bag, dragged through the dirt, we are running the gauntlet. It would have been good had our employers, the government and the Ministry of Defence for example, stood up for us and explained just why they think that the FRA law is necessary,” he said to the newspaper.

He recognized that the prime minister and defence minister had engaged in a couple of debates, but added that it has generally been “very quiet.”

Ã…kesson at the same time rejected one defence of the law, forwarded by defence inister Sten Tolgfors, among others, that Swedish troops in Afghanistan would be protected. Ã…kesson pointed out however that it is unlikely that the Taliban would send an email via a cable under surveillance by the FRA.

“It is not a good argument for the law. Communications there are mostly conducted by air,” said Ingvar Ã…kesson.

The last point is extremely interesting considering this seemed to be one of the big trump cards for proponents of the legislation. If it’s not for the war in Afghanistan, then what is the snoop law for in the first place? One possibility has presented itself, but more on that later.

Shortly afterwards came an additional report that Swedish MPs were being completely bombarded with e-mail. The report suggested that MPs who either voted for, abstained or were absent during the vote have received a total of nearly a half a million e-mails. From the report:

The MPs began receiving an a avalanche of emails after newspaper Expressen published a protest form on its website for readers to fill in.

Once completed, the forms are automatically forwarded to all parliamentarians who supported the new law or failed to turn up in parliament for the vote.

Former Justice Minister Thomas Bodström told Expressen that there was “more action in the parliament than there has been for ten years”.

Political commentator Stig-Björn Ljunggren told the newspaper that the powerful response to the campaign could have “a massive effect”.

If there was anything to suggest that this new law is currently front and center in the Swedish public conscious, it’s probably that. Though recently, the CBC has reported that protest e-mails are actually figured at 1.1 million, not ‘nearly half a million’ as ‘The Local’ reports. Nearly half a million or well over a million, either way, it’s a huge issue for the Swedish.

Of course, many know full well that the internet is a global community and this next report certainly proves, among other things, this is especially true.

A Swedish news website known as ‘Rapport’ published an internal document from the FRA that shows some very interesting facts about the spying program in it’s pre-legislation phase of operation. From Rapport (Google translation):

Although the FRA say they are focused on reconnaissance against foreign threats can Report now show that even American communications have long been caught in and stored by the intelligence.

Svenskarnas telephone calls and datakontakter under Reports sources collected and stored in around ten years. FRA’s Director-General Ingvar Ã…kesson says that the material is stored but that it cleared out after 18 months.

And the FRA really looking actively for American traffic, we can see when an employee asks how the law will affect FRA’s keywords, the so-called parameters that govern what is collected. The answer would be: “According to the bill will not have prior authorisation of the search to be done, not even by all our Swedish parameters.”

This comprehensive collection and storage of Swedish communications have thus gone a long time, at least 18 months under the FRA’s Director-General and according to sources Reports, it may be about 10-15 years for telecommunications traffic and nearly eight years of IP addresses.

So, basically, no new keywords would be added without approval to deal with the flow of American traffic (which is, of course, in English, not Swedish) Otherwise, if an American types out a communication that matches a certain keyword and flows through Swedish borders, it would be quite possible to land in the FRAs vast database for analysis and stored between anywhere between 18 months to 15 years – depending on traffic.

Of course, it gets better. According to The Local, the Swedish Chancellor of Justice is now going to investigate how that leak made it to Rapport. The punchline?

As a result, FRA filed a complaint to the Chancellor of Justice (JK) asking it to investigate if the handing over of the document constituted a crime against freedom of expression.

The FRA said that the leaking of the document that highlights numerous disturbing allegations about the wiretapping actions of the FRA is a crime against freedom of expression. While we admit to not knowing much about Swedish law, our western viewpoint might suggest that this is a complete paradox. Also from The Local:

According to FRA, the document is a public secret according to Sweden’s secrecy laws.

In a partial ruling issued on Friday, the JK stated that there is reason to believe that a crime against the duty to protect secrecy was committed when the document was handed over and has launched an investigation into the matter.

The Chancellor has given Thomas Lindstrand, head prosecutor of the Swedish Prosecution Authority’s office for security cases, responsibility for carrying out the investigation as to whether a crime was committed.

While all this is going on, an additional report from the New York Times clearly adds a brand new dimension to the privacy debates in Sweden. From the NYTimes:

The United States and the European Union are nearing completion of an agreement allowing law enforcement and security agencies to obtain private information — like credit card transactions, travel histories and Internet browsing habits — about people on the other side of the Atlantic Ocean.

The potential agreement, as outlined in an internal report obtained by The New York Times, would represent a diplomatic breakthrough for American counterterrorism officials, who have clashed with the European Union over demands for personal data. Europe generally has more stringent laws restricting how governments and businesses can collect and transfer such information.

Paul M. Schwartz, a law professor at the University of California, Berkeley, said such a blanket agreement could transform international privacy law by eliminating a problem that has led to negotiations of “staggering” complexity between Europe and the United States.

“The reason it’s a big deal is that it is going to lower the whole transaction cost for the U.S. government to get information from Europe,” Mr. Schwartz said. “Most of the negotiations will already be completed. They will just be able to say, ‘Look, we provide adequate protection, so you’re required to turn it over.’ ”

So, judging by this turn of events, whatever the FRA doesn’t get, the new “agreement” between the US an Europe would get. All this seems to be happening in the wake of a delay in the warrantless wiretapping law in the US from within the US senate. It’s difficult to say whether this new international agreement would become a sort of backdoor for wiretapping should the FISA legislation somehow fail in the Republican controlled senate. Either way, one has to wonder if international agreements will eventually be used to circumvent domestic laws in different countries. One way or another, it’s an international issue that could have dramatic effects beyond what’s going on in Sweden.

Drew Wilson on Twitter: @icecube85 and Google+.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: