cryptogon.com

So far, hacks from the mainstream Swedish press seem to be on holiday, so news about the proposed law is woefully hard to come by. That leaves us turning to this summary from the decidedly partisan Swedish Pirate Party for details. We’d prefer to rely on a more neutral group, but that wasn’t possible this time. According to them, here’s a broad outline:

The En anpassad försvarsunderrättelseverksamhet bill (which loosely translates to “a better adapted military intelligence gathering”) gives Sweden’s National Defence Radio Establishment (FRA) direct access to the traffic passing through its borders. Now remember, we’re talking about the internet, which frequently routes packets though multiple geographically dispersed hops before they reach their final destination.

This all but guarantees that emails and voice over IP (VoIP) calls between Swedes will routinely be siphoned into a massive monitoring machine. And we wouldn’t be surprised if traffic between parties with no tie to the country regularly passes through Sweden’s border as well, and that too would be fair game. (For example, email sent from a BT address in London to Finland is likely to pass through Sweden first.)

Once intercepted, the data will be searched for certain keywords, and those that contain the words will be pulled aside for additional scrutiny. A broad array of organizations will have use of the system, including the Department of Transportation, the Department of Agriculture, the police, secret service and customs, and in some cases major businesses. The bill allows Swedes to be singled out, as well.

When the bill was introduced in early 2007, Google was reportedly so concerned about its consequences for privacy that it threatened to limit its ties to the country if the measure passed.

“We have contacted Swedish authorities to give our view of the proposal and we have made it clear that we will never place any servers inside Sweden’s borders if the proposal goes through,” Peter Fleischer, Google’s global privacy counsel, said last year, according to this article. “We simply cannot compromise our users’ integrity by allowing Swedish authorities access to data that may not even concern Swedish activity.”

But so far, few outside of the pro-privacy universe have bothered to discuss the bill this time around. There have been no similar pronouncements from Google and representatives there didn’t respond to a request for comment. The Electronic Frontier Foundation has likewise been reticent about the bill.

“Surprisingly enough, there hasn’t been that much written about it, even in the Swedish media,” said Patrik Runald, a Swedish national and a security response manager for F-Secure who works in San Jose, California.

“The funny thing is when asked what do you want to look for, [backers of the bill] don’t really specify what they’re interested in,” he continued. “It’s a very broad bill. They basically can interpret whatever they like.”

One of the few recent press mentions of the bill came from a publication called Cellular News in London. According to this story, Nordic and Baltic telecommunications provider TeliaSonera planned to move email servers out of Sweden to protect the privacy of its Finnish customers.