ENDitorial: Sweden is listening to all internet and phone conversations

By EDRi · July 2, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

In Denmark we already have Data Retention in place and the rest of
Europe will follow soon. That means that our own countries demand that
Internet companies and phone companies log who we phone, email with,
chat with, which websites we visit, etc. This is something that the
IT-Political Associations of Denmark (IT-Pol) fights against.

Sweden has now taken one more step towards the complete surveillance of
its citizens as well as citizens of the rest of the world.

The Swedish Parliament (Riksdagen) passed a law that instructs all
telephone and Internet operators to deliver a copy of all phone and
Internet communication crossing Swedish borders to the Swedish
intelligence service FRA. FRA will then use a big spying network and one
of the most powerful supercomputers in the world to investigate the
content of this communication.

For a phone or Internet customer inside or outside Sweden, it is for all
practical purposes impossible to know if a phone call or Internet
connection crosses the Swedish border. For example, Denmark is located
next to Sweden, several big Swedish phone and Internet companies operate
in Denmark, and there are many high capacity sea cables between Denmark
and Sweden. Much of the traffic from Russia also passes Sweden and that
is probably one of the motivations for the law.

It is not possible to know beforehand whether e.g. an email or web-page
viewing will go through Sweden and after all you can never be sure that your
traffic did not go through Sweden. However in some cases you can tell
if your traffic did go through Sweden. IT-Pol has investigated various
uses of the Internet and has discovered that for example Internet
traffic to the Ministry of Ecclesiastical Affairs goes through
Sweden. That means that the Swedish FRA intelligence will listen to
every email from Danes to a Danish priest. Computerworld Denmark wrote that
communication from the Danish intelligence also passes through Sweden.

IT-Pol believes that Internet users should not be subjected to such a
massive and systematic surveillance and bugging. There are probably many
intelligence organizations around the world that try to tap Internet
traffic. But in our part of the world it is exceptional that a
government require all operators to deliver a copy of internet users’
private data to the intelligence service.

IT-Pol has twice contacted the Swedish Parliament. The letters (in
Danish) are available at itpol.dk.

This law has caused massive public opposition in Sweden and the vote
barely got passed in the Parliament.

It is important that citizens, politicians, and organizations outside of
Sweden also speak out and make it clear that this monitoring madness is
not acceptable.

Internet providers outside of Sweden can alleviate the effects of the
Swedish monitoring by not sending Internet traffic through Sweden unless
the recipient is in Sweden. Alternatively, they can encrypt all traffic
going through Sweden. Tolstrup from the Telecommunication Industries
Association in Denmark said in a statement to the Internet magazine
ComOn that FRA can require Danish operators to hand over encryption
keys. This is not obvious from the text of the FRA-law and IT-Pol is
still investigating if this is really true. We have asked some members
of the Swedish Parliament about it, but received no answer. If it is
true, it is an even more serious attack on the freedom of the users of
the Internet.

Content providers inside and outside of Sweden can encrypt their
content. On most webservers a simple change in the configuration will
enable SSL-encryption so that users of the website are protected against
the Swedish snooping, even if the content passes the Swedish border.

Users can also protect their privacy, even against FRA. They can use
encrypted IP telephony, they can use the TOR network to surf the Web, they
can send and receive their e-mail encrypted, etc.

IT-Pol has taken the initiative of the Polippix project, which provides a
live CD, enabling users to take advantage of these technologies. Polippix is
now an international project, translated into several languages and used in
many countries including Denmark, Germany, France, Thailand and Sweden.

IT-Political Association of Denmark

TOR Project


‘Yes’ to surveillance law (18.06.2008)

EDRi-gram: ENDitorial: A new “NSA FRAnchise” set up in Sweden? (4.06.2008)

(Contribution by Niels Elgaard Larsen – Chairman, IT-Political Association
of Denmark)