Link to original: https://translate.google.com/translate?sl=no&tl=en&u=https%3...
The information gathered (oh, they have access to XKeyscore) is then shared within X eyes (nine? fourteen?) program. The extent of FRA's intelligence operations was not known before snowden.
Some of it became more public knowledge in 2008 when there was a new law that gave them permission to do cable interception. It was later confirmed that they had been doing cable interception before the law was enacted, in conflict with the law, but "with acceptance" of the administration.
Sweden is really not much better than other countries. Norway is following suit, but with a slightly "better" law that at least requires secret court orders to store other things than metadata of things passing the border.
Edit: oh, and they are allowed (or at least not strictly disallowed) to do targeted hacking, which they have done in cooperation with other (NSA) intelligence agencies.
But, at least we do not have a secret bugdet like other democracies :) . They got about 1 billion SEK last year, or about 0.1% of the national budget.
There is so much information available in democracies if you have the time to work through it, that they are effectively protected just by the sheer amount of documentation an interested observer has to plough through.
Start with the annual budgets - they´re extremely informative as to what the real issues are.
They could still store metadata like sending IP address, timestamp etc.
Using foreign webmail via HTTPS would not be intercepted in any possible way. Unless they get support from the service provider in question. I think the service providers you mention will comply with law enforcement and give out your data. But those are isolated cases and mass data required by intelligence services is a different thing. National security letters are only for US Govt use and other governments have no access.
I also think legislation like this is years late now that about every protocol has encrypted variants and they don't get any meaningful results compared to the money spent.
(Sarcasm, but a non-zero fear that it's true.)
The problem is that even though you're trivially able to detect that TLS is not in use, the vast majority of mail providers won't act on that knowledge by refusing to send mail unencrypted (except maybe for some hosts explicitly whitelisted for that approach).
Why? Too many broken TLS setups, historically. Might be better now, I vaguely remember some push towards that from the big providers.
Alternatively, the government could also conduct a TLS certificate man-in-the-middle, which would work in most cases since almost no MTAs validate certificates outside of occasionally trying DANE (a spec for pinning certs over DNSSEC).
edit: apologies just realized the latter was Swedish not Norwegian
Whenever I and my girlfriend talk about anything too personal, I always joke about the government's ability to hear our conversation.
WhatsApp and Viber provide cryptographic communication but, if I'm not mistaken, it needs to be explicitly enabled and I've also read there's a bunch of metadata exposed.
But it could be that messages sent to the original owner are received, since WhatsApp automatically re-encrypts and sends messages if the message has not been received yet and the key has been changed. So basically that would mean the message would be sent when the previous owner already changed their number. So the people shouldn't have sent the messages at all.
WhatsApp e2e encryption just makes sure that the only person that can read the message is the owner of the number, not necessarily the person you want to send it to.
I think this is why even simple things such as wiretapping and checking which cell phones registered near the crime scene still work.
edit: just some friendly (immature) banter from another European
Sure you can. There are many how-to's on decrypting SSL/TLS using wireshark, you just have to have the keys. Here's one - https://support.citrix.com/article/CTX116557
Quite a bit of metadata really...
Client X: IP address
Server Y: IP address
Client X request: TLS parameters that can be analyzed through TLS fingerprinting
Server Y response: Hostnames supported by SNI
Server Y response: TLS parameters that can be analyzed thorough TLS fingerprinting