Hacker News new | comments | show | ask | jobs | submit login
Sweden warrantlessly wiretaps all Internet traffic crossing its borders (wikipedia.org)
279 points by Sami_Lehtinen on June 10, 2013 | hide | past | web | favorite | 59 comments



This is actually old news, but what is interesting is that recently Finlands gov. approved plans to layout new cable to the sea, so that internet traffic can be routed from Finland to Germany, bypassing Sweden all together...

http://yle.fi/uutiset/suomi_haluaa_oman_tietoliikennereitin_...

Picture from the article shows how the connection towards Europe/US goes trough Germany and the connections towards Asia will be directed trough nothern part of Finland, trough Norway - instead of Sweden:

http://yle.fi/uutiset/kotimaa/article6559090.ece/ALTERNATES/...


Strange blip then.

In Finland:

* Your Tax Return is public http://taxjustice.blogspot.co.uk/2009/07/paying-taxes-is-pub...

* Random people can find out your telephone number from your car number plate. I met a Finnish girl who got called on her mobile phones while driving... being asked out on a date by the guy driving behind her (not me LoL). They also can find your home address ( spooky )

* Driving fines are proportional to your income... earn more and your speeding fine is more


"Your Tax Return is public"

That has always been pretty odd to me. Our laws seem to have a decent focus on privacy, but in this case there was a compromise between transparency (perhaps our political history can explain why income is public information).

* Random people can find out your telephone number from your car number plate. I met a Finnish girl who got called on her mobile phones while driving... being asked out on a date by the guy driving behind her (not me LoL). They also can find your home address

Yes, but you can prevent that from happening by notifying Trafi.

* Driving fines are proportional to your income... earn more and your speeding fine is more

Not sure why you mention this. Proportional fines make sense if the point of fines is deterrence.


> * Driving fines are proportional to your income... earn more and your speeding fine is more

> Not sure why you mention this. Proportional fines make sense if the point of fines is deterrence.

Just as a curio...


I'm sure that Germany is also running their own more or less secret intelligence operations. Great if we (Finland) get more international traffic, so we can wiretap it. https://en.wikipedia.org/wiki/Finnish_Intelligence_Research_...


http://en.wikipedia.org/wiki/Bundesnachrichtendienst "It depends heavily on wiretapping and electronic surveillance of international communications."


Would it be feasible to just encrypt the traffic?


I don't know how much it would cost in latency, but I think one of the concerns is that all traffic is stored for future decryption.


The underwater SEA-ME-WE 4 cable between Europe and India has a capacity of 1.28 Tbits/s. I am unsure about the current capacity. I think it would be possible to encrypt at those line rates, given enough parallelism.

https://en.wikipedia.org/wiki/SEA-ME-WE_4


The Wikipedia article is quite focused on the discussion before the law was made into effect, and are thus missing how the focus on terrorism was changed before even a year had passed.

Before the law was voted in, political leaders and columnist promised high and low that FRA would never be used for anything other than counter terrorism. Anyone who said otherwise was a tinfoil hat, and just didn't understand the issue. The law was about preventing terrorists from killing our children and nothing more!

A little less than a year after the law was passed, and the secret police got access to the collected data. Soon after, the legislative assembly and diplomats. After that, the police wanted in and was also granted access.

Today, go to their website and they talk very little about terrorism. The focus currently is on it-threats, malware and pen-testing[1], and thus calling out how great help they are currently providing in connection with the regular police and secret-police[2]. The "mission" description sounds more like the slogan of a pen-test company than that of counter-terrorism, mostly noticeable because the word terrorism is not even mentioned most of the time, and on the list of services, the word "terrorism" is demoted to the bottom part of a bullet point list.[3]

The last attempt to expand the "goal" of FRA was when the Swedish version of IRS asked for access. I don't know if they were granted, and the media don't care much anymore.

[1]http://www.fra.se/verksamhet/informationssakerhet/regeringsu...

[2]http://www.fra.se/verksamhet/informationssakerhet/tjanster.7...

[3]http://www.fra.se/verksamhet/signalunderrattelseverksamhet.6...

* Correction *

The IRS has not asked yet for FRA data. They have asked ISP's and webhosting providers for customers data, but not from FRA. There have been speculation on where the FRA scope would go next after that the police got access, but from what I can find, nothing official.


That the Swedish IRS would be given access to FRA is still only speculation. I haven't seen any article saying that it is even something they are planning to do. It could happen, but I'm sure it will be a public outcry if it ever is proposed


>That the Swedish IRS would be given access to FRA is still only speculation. I haven't seen any article saying that it is even something they are planning to do.

They do a lot more that is let out in articles. I don't understand people that expect to be informed about what secret services and government covert operations do by the press. Any leaks to the press would obviously be the exception.

The only reasonable thing to do for such things, is to try to estimate and deduce what's happening from their (the secret services, government etc) historical behaviour, the times they've been caught lying and what little leaks are available. And, probably, fear the worse.

>It could happen, but I'm sure it will be a public outcry if it ever is proposed

As if the public will do anything about it...

Worse things have been proposed and passed.


Well it's still speculations. Some speculations can of course be plausible even if far fetched. And i do think there will be a outcry if the land with one of the highest income taxes in the world decides to hunt people down with data designed to catch terrorists and organised crime.


Just want to emphasize the difference between the FRA law and what's happening in the U.S. right now: FRA (swedish agency doing SIGINT) don't need a warrant. This is all supported by law.

"Nothing to hide" dominated the pro-debate for this. Only populist representatives like Fredrick Federley and Annie Lööf voiced their discontent with the proposed changes in law, and they happily agreed to it while some minor things where changed. Common people just didn't care. Still don't.


Doesn't Sweden (or was that Norway?) publicly release the tax data of every citizen? Seems like a different approach to privacy/openness.


Tax data is public in Finland, Sweden and Norway.


Yes, as are all company annual reports (true for Norway as well). There are several sites publishing financials, where the 'overview' is free while the actual annual reports costs a few bucks. You can of course just request the data from the tax authority.

Example: Klarna's financials can be found here http://www.allabolag.se/5567370431/Klarna_AB


Somewhat public in the Netherlands, too - I found out the other day our landlords can access our tax data to decide how much to increase our rent by. Grrr.


Wow, you live just around the corner from me O_o

..and you're English too?


Yeah, the U.S. is set up as a private society (originally) and capitalistic. Where as Sweden, Norway, Finland, they all are set up as socialistic societies communal rather than private.


I didn't realize that Annie Lööf was on the discontent side. How did she vote in the end? Was it not Fredrick that cried in the end, in the speakers chair?


Annie Lööf voted for the law in the end after some minor changes were made and "promises" where given. Didn't know about Fredrick Federley crying, but I found it on youtube: https://www.youtube.com/watch?v=iyfL4hSL-9E Pretty funny.


It's widely known and acknowledged that the information gathered this way is used not only by Swedish agencies, but also traded with foreign agencies in exchange for information gathered in whatever way is possible to them. In effect it means that communication that crosses any border is likely collected, analyzed and available to all western intelligence agencies. Good luck trying to hide.


"The records were exploited by Swedish Intelligence. They were also shared with Japan, Britain, France and the USA." https://en.wikipedia.org/wiki/Operation_Stella_Polaris


If you try, you probably can hide. These kind of operations are best at taking people unawares...


It's worth noting that Facebook's European datacenter is in Sweden so a large part of Facebook traffic passes Swedish borders.


> It's worth noting that Facebook's European datacenter is in Sweden so a large part of Facebook traffic passes Swedish borders

It's also worth noting that Google said in 2007 that if the FRA snoop law is passed, they will locate their servers outside Sweden. They placed them in Finland instead.

Peter Fleischer from Google said "By introducing these new measures, the Swedish government is following the examples set by governments ranging from China and Saudi Arabia to the US government’s widely criticised eavesdropping programme. Do Swedish citizens really want their country to have the most aggressive government surveillance laws in Europe?" http://peterfleischer.blogspot.se/2007/05/sweden-and-governm... http://internetworld.idg.se/2.1006/1.109576

Facebook knew they would be listened to, but put their datacenter in Sweden anyway. http://www.theregister.co.uk/2011/10/31/facebook_swedish_dat...


It's also worth noting that Google said in 2007 that if the FRA snoop law is passed, they will locate their servers outside Sweden. They placed them in Finland instead.

Doesn't really help when almost all international Internet traffic from/to Finland goes through Sweden...


It does the encrypted parts.


But the encrypted parts would be safe from eavesdropping even if hosted in Sweden, no? If that's the case, hosting it in Finland makes zero difference apart from political pressure.


but encrypted..


Do we know they don't have access to the private keys?


Sweden has no realistic leverage here. Why would a foreign company wanting to host something there give out those when there are alternatives? (Like, say, Iceland.)


Those would be supplied only by facebook, so in that respect it wouldn't matter where the servers are.


Sweden used to be the most open country for internet access.

Since America threatened it with economic sanctions (because of the piratebay, sweden was sued by America and their entertainment industry), Sweden has changed a lot.

A pitty America has to threaten every other country in the world... :-) .


Or the politicians just used this as way to forward their agenda.


Europe isn't "sponsored" by multinationals for their elections, bribes are probably happening, but the impact is pretty low, i suppose.

Haven't suspected much "multinational sponsorship" (except for the EU Commissioner for Trade named Karel De Gucht)


Everything everywhere is America's fault and everyone else just sits and watches helplessly. Right...


I didn't say that, but some countries have more power than others.. (obviously)

Although i'd rather have Europe then America to "trust" (their no saints either, don't get me wrong - but it's more democraticly and corporations have less influence).

My second choice would be America though..

And unless there is freedom of speech, i can still say what i want. You don't have to listen.


Sweden was sued by America, really?


Not sued, threatened with putting Sweden on the list of "Special 301 Report".

So it would impact Sweden's economy if they wouldn't do anything about Piratebay / piracy.

Ever since piratebay moved away from Sweden (stricter rules), it has gotten much worse.

See it's description (from Wikipedia): Impact of Special 301 Reports [edit]

According to the International Intellectual Property Alliance (IIPA) the Special 301 Report and the Watchlists is used to pressure other nations to adopt stricter copyright laws and take a more active role in combating Copyright infringements.[12]


Well, this is getting really grim. There seems to be no safe place left.

Although, this is to be expected. The US is a common trend-maker and the world is looking up to them. Of course who can sit this one out when the US itself is at full speed spearheading it. And very likely gently forcing to abide.

We're all at fault in what is happening.


overall moral: even if your own country don't collected your internet traffic, always assume that another country does.


... and will hand it to your country willingly.


Not that it gives Sweden any real excuse here, but I believe most countries do SIGINT at least on a level comparable to that enabled by the FRA law already. That we did already have a law disabling the government to do so legally was mostly percieved as an inconvenience that had to be "fixed". The real issue here should not be the miltary SIGINT that is performed today, but what will happen years from now when these possibilities might be used for gradually varying purposes.


That is not such a big problem. When a government does something like that in the open you can use appropriate protection if you feel you need it. There is not information asymmetry. You just remove all sweden related certificates from the CA bundle and use VPN to other country.

If tomorrow the US says openly - we collect all data you send to Apple,Facebook,Google and Yahoo although stupid you can use or not them depending on how you feel about it.


What should be noted is that before Sweden gave FRA authority to increase it's surveillance the swedish public was well awere of what was happening. There was a public debate, the adversaries would say it was only for the curtains, but the people still had a chance to rally up against it before the legislatures reached their decision. But the public majority didnt care that much.


It's reassuring to see how "terrorism" is still the magic word to pass all manners of freedom-trampling laws.


But it's something that people voted on, something that people knew about, something that people had a chance to protest...which was not the case with PRISM. I mean, yes, people did vote on the Patriot act, but I wonder if things would have been different if there was more transparency in putting this system into place.


I expect most countries either monitor traffic endpoints or capture data. I know the one one in which I live does.


The difference is that this program is public and the Swedish public can debate it.


I have no sources but I'd be willing to bet that so do India and China.


Swedish government - or Lisbeth Salander?


I'm fine with traffic going in and out being tappable. As long as they have good reason I have trust in the FRA.


>As long as Hitler has a good reason I have to trust the Nazi's.

FTFY


I think the Swedish wiretapping is wrong and that the law should be torn up.

That said, in practice it's less intrusive than the recently revealed US wiretapping-programs. Since more or less all software encrypt their traffic, the FRA-wiretapping is pretty useless.


> Since more or less all software encrypt their traffic

I suggest that you open Wireshark and start browsing the internet and use your applications that you normally do, then check the packages sent from/to the servers. If you think that "more or less all software" encrypts their data, you'll be really surprised what the dumps will show you.


Since more or less all software encrypt their traffic, the FRA-wiretapping is pretty useless.

Huh? Forgive me if I'm mistaken, but are you saying everybody uses SSL?


"Since more or less all software encrypt their traffic." Just not true.

However dosn't matter in the context of the fra law as it only allows meta data to be taped like somthing like.

{ from:'145.23.45.34:89047', to:'214.56.4.67:443', size:23456, when:'June 9 2013 12:34 13.234' }




Applications are open for YC Winter 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: