
Sweden warrantlessly wiretaps all Internet traffic crossing its borders - Sami_Lehtinen
https://en.wikipedia.org/wiki/FRA_law
======
tommis
This is actually old news, but what is interesting is that recently Finlands
gov. approved plans to layout new cable to the sea, so that internet traffic
can be routed from Finland to Germany, bypassing Sweden all together...

[http://yle.fi/uutiset/suomi_haluaa_oman_tietoliikennereitin_...](http://yle.fi/uutiset/suomi_haluaa_oman_tietoliikennereitin_eurooppaan/6559072)

Picture from the article shows how the connection towards Europe/US goes
trough Germany and the connections towards Asia will be directed trough
nothern part of Finland, trough Norway - instead of Sweden:

[http://yle.fi/uutiset/kotimaa/article6559090.ece/ALTERNATES/...](http://yle.fi/uutiset/kotimaa/article6559090.ece/ALTERNATES/w580h326/koillisv%C3%A4yl%C3%A4+tietoliikennekaapeli.jpg)

~~~
gasull
Would it be feasible to just encrypt the traffic?

~~~
notimetorelax
I don't know how much it would cost in latency, but I think one of the
concerns is that all traffic is stored for future decryption.

------
belorn
The Wikipedia article is quite focused on the discussion before the law was
made into effect, and are thus missing how the focus on terrorism was changed
before even a year had passed.

Before the law was voted in, political leaders and columnist promised high and
low that FRA would never be used for anything other than counter terrorism.
Anyone who said otherwise was a tinfoil hat, and just didn't understand the
issue. The law was about preventing terrorists from killing our children and
nothing more!

A little less than a year after the law was passed, and the secret police got
access to the collected data. Soon after, the legislative assembly and
diplomats. After that, the police wanted in and was also granted access.

Today, go to their website and they talk very little about terrorism. The
focus currently is on it-threats, malware and pen-testing[1], and thus calling
out how great help they are currently providing in connection with the regular
police and secret-police[2]. The "mission" description sounds more like the
slogan of a pen-test company than that of counter-terrorism, mostly noticeable
because the word terrorism is not even mentioned most of the time, and on the
list of services, the word "terrorism" is demoted to the bottom part of a
bullet point list.[3]

The last attempt to expand the "goal" of FRA was when the Swedish version of
IRS asked for access. I don't know if they were granted, and the media don't
care much anymore.

[1][http://www.fra.se/verksamhet/informationssakerhet/regeringsu...](http://www.fra.se/verksamhet/informationssakerhet/regeringsuppdragtillfra.121.html)

[2][http://www.fra.se/verksamhet/informationssakerhet/tjanster.7...](http://www.fra.se/verksamhet/informationssakerhet/tjanster.78.html)

[3][http://www.fra.se/verksamhet/signalunderrattelseverksamhet.6...](http://www.fra.se/verksamhet/signalunderrattelseverksamhet.68.html)

* Correction *

The IRS has not asked yet for FRA data. They have asked ISP's and webhosting
providers for customers data, but not from FRA. There have been speculation on
where the FRA scope would go next after that the police got access, but from
what I can find, nothing official.

~~~
plainhold
That the Swedish IRS would be given access to FRA is still only speculation. I
haven't seen any article saying that it is even something they are planning to
do. It could happen, but I'm sure it will be a public outcry if it ever is
proposed

~~~
coldtea
> _That the Swedish IRS would be given access to FRA is still only
> speculation. I haven 't seen any article saying that it is even something
> they are planning to do._

They do a lot more that is let out in articles. I don't understand people that
expect to be informed about what secret services and government covert
operations do by the press. Any leaks to the press would obviously be the
exception.

The only reasonable thing to do for such things, is to try to estimate and
deduce what's happening from their (the secret services, government etc)
historical behaviour, the times they've been caught lying and what little
leaks are available. And, probably, fear the worse.

> _It could happen, but I 'm sure it will be a public outcry if it ever is
> proposed_

As if the public will do anything about it...

Worse things have been proposed and passed.

~~~
plainhold
Well it's still speculations. Some speculations can of course be plausible
even if far fetched. And i do think there will be a outcry if the land with
one of the highest income taxes in the world decides to hunt people down with
data designed to catch terrorists and organised crime.

------
sebcat
Just want to emphasize the difference between the FRA law and what's happening
in the U.S. right now: FRA (swedish agency doing SIGINT) don't need a warrant.
This is all supported by law.

"Nothing to hide" dominated the pro-debate for this. Only populist
representatives like Fredrick Federley and Annie Lööf voiced their discontent
with the proposed changes in law, and they happily agreed to it while some
minor things where changed. Common people just didn't care. Still don't.

~~~
ralfd
Doesn't Sweden (or was that Norway?) publicly release the tax data of every
citizen? Seems like a different approach to privacy/openness.

~~~
davedx
Somewhat public in the Netherlands, too - I found out the other day our
landlords can access our tax data to decide how much to increase our rent by.
Grrr.

~~~
radicalbyte
Wow, you live just around the corner from me O_o

..and you're English too?

------
m_eiman
It's widely known and acknowledged that the information gathered this way is
used not only by Swedish agencies, but also traded with foreign agencies in
exchange for information gathered in whatever way is possible to them. In
effect it means that communication that crosses _any_ border is likely
collected, analyzed and available to all western intelligence agencies. Good
luck trying to hide.

~~~
Sami_Lehtinen
"The records were exploited by Swedish Intelligence. They were also shared
with Japan, Britain, France and the USA."
[https://en.wikipedia.org/wiki/Operation_Stella_Polaris](https://en.wikipedia.org/wiki/Operation_Stella_Polaris)

------
effn
It's worth noting that Facebook's European datacenter is in Sweden so a large
part of Facebook traffic passes Swedish borders.

~~~
draugadrotten
> It's worth noting that Facebook's European datacenter is in Sweden so a
> large part of Facebook traffic passes Swedish borders

It's also worth noting that Google said in 2007 that if the FRA snoop law is
passed, they will locate their servers outside Sweden. They placed them in
Finland instead.

Peter Fleischer from Google said _" By introducing these new measures, the
Swedish government is following the examples set by governments ranging from
China and Saudi Arabia to the US government’s widely criticised eavesdropping
programme. Do Swedish citizens really want their country to have the most
aggressive government surveillance laws in Europe?"_
[http://peterfleischer.blogspot.se/2007/05/sweden-and-
governm...](http://peterfleischer.blogspot.se/2007/05/sweden-and-government-
surveillance.html)
[http://internetworld.idg.se/2.1006/1.109576](http://internetworld.idg.se/2.1006/1.109576)

Facebook knew they would be listened to, but put their datacenter in Sweden
anyway.
[http://www.theregister.co.uk/2011/10/31/facebook_swedish_dat...](http://www.theregister.co.uk/2011/10/31/facebook_swedish_data_centre_privacy_law/)

~~~
Sharlin
_It 's also worth noting that Google said in 2007 that if the FRA snoop law is
passed, they will locate their servers outside Sweden. They placed them in
Finland instead._

Doesn't really help when almost all international Internet traffic from/to
Finland goes through Sweden...

~~~
okamiueru
It does the encrypted parts.

~~~
blaabjerg
But the encrypted parts would be safe from eavesdropping even if hosted in
Sweden, no? If that's the case, hosting it in Finland makes zero difference
apart from political pressure.

------
NicoJuicy
Sweden used to be the most open country for internet access.

Since America threatened it with economic sanctions (because of the piratebay,
sweden was sued by America and their entertainment industry), Sweden has
changed a lot.

A pitty America has to threaten every other country in the world... :-) .

~~~
pekk
Everything everywhere is America's fault and everyone else just sits and
watches helplessly. Right...

~~~
NicoJuicy
I didn't say that, but some countries have more power than others..
(obviously)

Although i'd rather have Europe then America to "trust" (their no saints
either, don't get me wrong - but it's more democraticly and corporations have
less influence).

My second choice would be America though..

And unless there is freedom of speech, i can still say what i want. You don't
have to listen.

------
znowi
Well, this is getting really grim. There seems to be no safe place left.

Although, this is to be expected. The US is a common trend-maker and the world
is looking up to them. Of course who can sit this one out when the US itself
is at full speed spearheading it. And very likely gently forcing to abide.

We're all at fault in what is happening.

------
jonke
overall moral: even if your own country don't collected your internet traffic,
always assume that another country does.

~~~
beagle3
... and will hand it to your country willingly.

------
Legogris
Not that it gives Sweden any real excuse here, but I believe most countries do
SIGINT at least on a level comparable to that enabled by the FRA law already.
That we did already have a law disabling the government to do so legally was
mostly percieved as an inconvenience that had to be "fixed". The real issue
here should not be the miltary SIGINT that is performed today, but what will
happen years from now when these possibilities might be used for gradually
varying purposes.

------
venomsnake
That is not such a big problem. When a government does something like that in
the open you can use appropriate protection if you feel you need it. There is
not information asymmetry. You just remove all sweden related certificates
from the CA bundle and use VPN to other country.

If tomorrow the US says openly - we collect all data you send to
Apple,Facebook,Google and Yahoo although stupid you can use or not them
depending on how you feel about it.

------
plainhold
What should be noted is that before Sweden gave FRA authority to increase it's
surveillance the swedish public was well awere of what was happening. There
was a public debate, the adversaries would say it was only for the curtains,
but the people still had a chance to rally up against it before the
legislatures reached their decision. But the public majority didnt care that
much.

------
mercurial
It's reassuring to see how "terrorism" is still the magic word to pass all
manners of freedom-trampling laws.

------
cupcake-unicorn
But it's something that people voted on, something that people knew about,
something that people had a chance to protest...which was not the case with
PRISM. I mean, yes, people did vote on the Patriot act, but I wonder if things
would have been different if there was more transparency in putting this
system into place.

------
Murk
I expect most countries either monitor traffic endpoints or capture data. I
know the one one in which I live does.

------
temp453463343
The difference is that this program is public and the Swedish public can
debate it.

------
namank
I have no sources but I'd be willing to bet that so do India and China.

------
bjhoops1
Swedish government - or Lisbeth Salander?

------
parski
I'm fine with traffic going in and out being tappable. As long as they have
good reason I have trust in the FRA.

~~~
flyinRyan
>As long as Hitler has a good reason I have to trust the Nazi's.

FTFY

------
sandstrom
I think the Swedish wiretapping is wrong and that the law should be torn up.

That said, in practice it's less intrusive than the recently revealed US
wiretapping-programs. Since more or less all software encrypt their traffic,
the FRA-wiretapping is pretty useless.

~~~
fekberg
> Since more or less all software encrypt their traffic

I suggest that you open Wireshark and start browsing the internet and use your
applications that you normally do, then check the packages sent from/to the
servers. If you think that "more or less all software" encrypts their data,
you'll be really surprised what the dumps will show you.

