Rick Falkvinge, pirate

Swedish NSA to wiretap all phones, internet

On my Swedish blog, I’m just running a pull-down-their-pants series on how the national security agencies have been violating the Swedish Constitution for several years, with the most damning evidence yet to be presented.

The context is the fact that a bill in the Swedish Parliament will mandate the national security agency (FRA, Försvarets Radioanstalt, translates roughly to Radio Agency of the Defensive Forces) to wiretap all phone calls and all Internet communications that happen to cross one of about 20 key points in the national infrastructure, typically placed along the Swedish borders.

All communications will be screened in real time according to automatic criteria. All of it. The communications that match will be automatically saved for manual inspection. These criteria are known only to the FRA and to an equally secret political oversight board, and will be changing constantly depending on what the FRA wants to find.

What this does is to change the default from “you have a right to privacy” to “all your private communications is always wiretapped”. The only difference between this and when the East German security agency Stasi opened all letters and selected some of them for closer inspection, depending on a number of criteria, is that the capacity and scale of this system is immensely larger.

The way it looks now, this bill will pass in a vote on June 17. The parties have put so much prestige into passing this bill they can’t back down without crashing hard.

(UPDATE: Also see the follow-up post for some of the key points of the bill, including that the adminstration will be able to order political wiretapping, and that major businesses will have access to the wiretapping grid.)

The rhetoric from the politicians pushing (hard!) for this proposal is mainly threefold:

• it’s only going to affect traffic crossing the country borders;
• it’s only for spying on international conditions, never on Swedish citizens;
• that traffic that is picked out for closer inspection is going to be so rare you’ll never notice.

Let’s inspect these three points one at a time. (I have references to official documents for all of this in my Swedish blog.)

It’s only going to affect traffic crossing the country borders: anybody who has the slightest clue about how telephony or the Internet works know this to be absolute bollocks. E-mail and telephone calls take the shortest route from a topological view, which is never the same as how the bird flies. Practically all mobile phones are bounced across the country borders for tariff regulation reasons, and anything on the Internet… well, let me put it this way: a guy in Sweden just tested what the route was between two of his rooms in the same apartment (which had different service providers), and the closest route went through Spain. While technically all traffic will not be wiretapped, it’s the lion’s share and close enough to all.

It’s only for spying on international conditions: this is the most outright lie. When stated, this is worded “the defense intelligence activity is only allowed to spy on international conditions”. What they don’t mention in the same sentence, but damn well should, is that the same agency are also doing regular wiretaps for the police using the exact same equipment and wiretapping mesh — an activity which, by definition, is not defence intelligence activity, and so is not restricted to the no-Swedish-citizens clause. So while the spoken words are true, the message communicated is a lie: those spoken words are designed to be interpreted as though the agency will not spy on Swedish citizens. It’s like if somebody asking if there’s any rotten fruit in the market today, they’d provide the response “the bananas are excellent, ma’am”, only crafted in a way so that it won’t be as obvious but will actually be interpreted as “the whole market”.

Very little traffic will actually be inspected: I have no clue how MPs can buy this. The rhetoric goes that while all traffic will be wiretapped and automatically scanned according to about a quarter million criteria, very little traffic will actually match the criteria and therefore be automatically saved for manual, closer inspection, and it’s only this traffic that will be subject to wiretapping and an invasion of privacy. This is just plain false, untrue and dishonest. The wiretapping and intrusion happens when the governmental agency gives itself access to the private communication for screening against criteria, and not when a criterion is matched. The closest thing that Sweden has to a constitutional court, the Lagråd (Council of Law), explicitly stated this as well in its comments to the bill, a comment which has been completely ignored by the proponents who keep pushing this blatant dishonesty.

(Swedish courts generally don’t have the right to strike down laws as unconstitutional.)

What’s more, I have evidence that this agency is already wiretapping in violation of the Constitution as well as the European Convention on Human Rights, and that they are in full knowledge of that fact.

I have given several references to official documents on my Swedish blog as to why and how the FRA activities and mission have been in violation of the Constituation and therefore extremely illegal; I won’t repeat them here, as they wouldn’t provide value if you can’t read finer points of Swedish legalese. The only person defending it in my blog comments has been the former Minister of Defense, Mikael Odenberg, who was the person to submit the bill to Parliament under this administration. (He later resigned from the ministry for a totally unrelated reason.)

In my last post, I wrote that I am in possession of a covert recording with a very senior intelligence official, who – during our conversation – said outright that the FRA duties are in violation of the constitution. The full weight of this recording won’t be recognized until the identity of the official is revealed, which I will do on May 31, revealing it here and on my Swedish blog at 15:00 CET (13:00 UTC). But as a teaser, I will provide a transcript of the covert recording of my conversation with this official, whom I will call Pseudo Nonymousson for now.

As a brief background, the European Convention on Human Rights is explicitly referenced in the Swedish Constitution, and as such, part of the Constitution itself. Our first conversation was about a year ago, when we were discussing conspiracy theorists, and both sighing heavily about them (there were plenty of rumors flying about the intelligence agencies even then, and I was amazed at the amount of conspiracy theories directed at me and the leadership of the Pirate Party). “You know“, I said, “there are some people who even believe you have been wiretapping phonecalls and internet traffic all along, and this bill is just going to legalize it.”

“No, no,” he said, “we don’t eavesdrop on wires. We eavesdrop on satellite traffic. We’ve done that since 1976. That’s in violation of the European Convention of Human Rights and the Constitution.”

…

…what did he just say?…

I was recording that conversation too, but it came out no good — there was just dinner noise all around. Between this time and our next conversation, I learned from one of the best Swedish reporters how to mount covert recording equipment to get a good result. The next recording was good quality, and I started with referring to our previous conversation. Note how he doesn’t deny the constutional violations or pretend the earlier conversation never happened, but instead insist on explaining exactly how the European Convention on Human Rights is being violated:

Rick: But, with regards to that… there was something you said first time we met that I’ve given some thought, and that was how the FRA eavesdrops into radio vs. wire. You mention at some occasion that the eavesdropping on wireless traffic that FRA has done for several years violates the European Convention on Human Rights? I checked article 8, and it leaves lots of room for national surveillance by security agencies and so on?

Pseudo: Yes, but… It does, but what’s not… what there… what’s also some… kind of legal precedent for, is that you need… positive law support. It’s not enough that, that it’s not forbidden.

Rick: Mhm-hm.

Pseudo: So it must be explicitly legal, it must be explicitly said that this, this particular authority is to do this task.

Rick: Ok, so that’s what…

Pseudo: The intrusion of privacy must be specified.

Rick: Ok, so that’s what being changed with the new surveillance bill where it’s said that –

Pseudo: Yes.

Rick: …the FRA is to carry out these duties? And the duties have not been there before, and that’s what you mean –

Pseudo: No, the duties have been there before, but in this way they will become legal. Or… eh… you can… or I would say that… the lawyers sug- won’t agree to…

Note how Pseudo states with a straight face like it’s the most natural thing in the world that FRA’s eavesdropping duties have been there for a long time, but will be legal only with the passing of this bill (and only then realizes what he just said). Mr. Nonymousson is senior enough to know exactly what he’s talking about in these matters. Next Saturday, May 31, I will reveal his identity and publish the recording (in Swedish). For those of you who understand Swedish and happen to be visiting Stockholm on that date, I will reveal it first on the Pirate Party’s rally at Medborgarplatsen (Citizen Square) at 2pm.

Nevertheless, the conclusion is obvious: the FRA is violating the Swedish constituation and they know about it full damn well. And if the FRA knows, then its clients – the Foreign Ministry, the Defense Ministry, etc – know too.

I repeat what I’ve said my Swedish blog posts:

The normal thing to happen when felonious organized crime has been going on at the administration and authority level for decades is not to change the law to make the actions legal, and then pretend it’s raining. The normal and expected would be to immediately cease the unlawful activities and bring the responsible criminals to justice.