We have been following the FRA controversy since just about the first report that said how legislation was tabled. Since that time, it seems as though controversy has been growing just about exponentially. While warrantless wiretapping is, by far, not unique to Sweden, the aftermath alone has made the debates a sight to behold.

Of course, the aftermath expands beyond a few concerned privacy rights advocates. More recently, Swedish news site ‘The Local’ has been following the developments at least since the controversy over the laws took off and their more recent stories seem particularly noteworthy. The first story discusses how the new surveillance law would ‘drive businesses out of the country’.

“Take us, for example. We are a fast-growing internet company offering mobile email services to a global market. Since all our international services pass through a network operations centre in Sweden,” writes Roger Grönberg, CEO of Momail, “our customers’ communications are now going to be subject to surveillance regardless of the prevailing laws in their home countries.”

He continues:

An email exchange between two Danes for instance is first sent to Momail’s operations centre, where it is optimized and tailored to meet the customer’s specific needs. This means that the email will “cross Sweden’s borders” and, as such, will be scanned by Sweden’s National Defence Radio Establishment (FRA).

It will not be easy to explain this to our private Danish customers or to the Danish mobile operators who are our clients.

Since the internet has become such a fundamental carrier of information, it is natural for many companies to base their businesses on the success of the phenomenon. But just as it is beginning to really find its feet, the development of web-based business in Sweden may well be dealt a deadly blow by the introduction next year of a law that is certain to do more harm than good.

Judging by previous reports we published, the FRA law seems to have been seen as an idea that is bad for society in Sweden. These comments clearly fulfill the idea that the surveillance laws is basically bad for businesses in Sweden as well.

Meanwhile, it seems natural that the FRA had become unhappy with the whole situation. Two days earlier, The Local pointed to an interesting article in Svenska Dagbladet (Swedish Newspaper) where the head of the FRA suggested that they were disappointed by the level of government support. From the posting:

“We are a punching-bag, dragged through the dirt, we are running the gauntlet. It would have been good had our employers, the government and the Ministry of Defence for example, stood up for us and explained just why they think that the FRA law is necessary,” he said to the newspaper.

He recognized that the prime minister and defence minister had engaged in a couple of debates, but added that it has generally been “very quiet.”

Åkesson at the same time rejected one defence of the law, forwarded by defence inister Sten Tolgfors, among others, that Swedish troops in Afghanistan would be protected. Åkesson pointed out however that it is unlikely that the Taliban would send an email via a cable under surveillance by the FRA.

“It is not a good argument for the law. Communications there are mostly conducted by air,” said Ingvar Åkesson.

The last point is extremely interesting considering this seemed to be one of the big trump cards for proponents of the legislation. If it’s not for the war in Afghanistan, then what is the snoop law for in the first place? One possibility has presented itself, but more on that later.

Shortly afterwards came an additional report that Swedish MPs were being completely bombarded with e-mail. The report suggested that MPs who either voted for, abstained or were absent during the vote have received a total of nearly a half a million e-mails. From the report:

The MPs began receiving an a avalanche of emails after newspaper Expressen published a protest form on its website for readers to fill in.

Once completed, the forms are automatically forwarded to all parliamentarians who supported the new law or failed to turn up in parliament for the vote.

Former Justice Minister Thomas Bodström told Expressen that there was “more action in the parliament than there has been for ten years”.

Political commentator Stig-Björn Ljunggren told the newspaper that the powerful response to the campaign could have “a massive effect”.

If there was anything to suggest that this new law is currently front and center in the Swedish public conscious, it’s probably that. Though recently, the CBC has reported that protest e-mails are actually figured at 1.1 million, not ‘nearly half a million’ as ‘The Local’ reports. Nearly half a million or well over a million, either way, it’s a huge issue for the Swedish.

Of course, many know full well that the internet is a global community and this next report certainly proves, among other things, this is especially true.

A Swedish news website known as ‘Rapport’ published an internal document from the FRA that shows some very interesting facts about the spying program in it’s pre-legislation phase of operation. From Rapport (Google translation):

Although the FRA say they are focused on reconnaissance against foreign threats can Report now show that even American communications have long been caught in and stored by the intelligence.

Svenskarnas telephone calls and datakontakter under Reports sources collected and stored in around ten years. FRA’s Director-General Ingvar Åkesson says that the material is stored but that it cleared out after 18 months.

And the FRA really looking actively for American traffic, we can see when an employee asks how the law will affect FRA’s keywords, the so-called parameters that govern what is collected. The answer would be: “According to the bill will not have prior authorisation of the search to be done, not even by all our Swedish parameters.”

This comprehensive collection and storage of Swedish communications have thus gone a long time, at least 18 months under the FRA’s Director-General and according to sources Reports, it may be about 10-15 years for telecommunications traffic and nearly eight years of IP addresses.

So, basically, no new keywords would be added without approval to deal with the flow of American traffic (which is, of course, in English, not Swedish) Otherwise, if an American types out a communication that matches a certain keyword and flows through Swedish borders, it would be quite possible to land in the FRAs vast database for analysis and stored between anywhere between 18 months to 15 years – depending on traffic.

Of course, it gets better. According to The Local, the Swedish Chancellor of Justice is now going to investigate how that leak made it to Rapport. The punchline?

As a result, FRA filed a complaint to the Chancellor of Justice (JK) asking it to investigate if the handing over of the document constituted a crime against freedom of expression.

The FRA said that the leaking of the document that highlights numerous disturbing allegations about the wiretapping actions of the FRA is a crime against freedom of expression. While we admit to not knowing much about Swedish law, our western viewpoint might suggest that this is a complete paradox. Also from The Local:

According to FRA, the document is a public secret according to Sweden’s secrecy laws.

In a partial ruling issued on Friday, the JK stated that there is reason to believe that a crime against the duty to protect secrecy was committed when the document was handed over and has launched an investigation into the matter.

The Chancellor has given Thomas Lindstrand, head prosecutor of the Swedish Prosecution Authority’s office for security cases, responsibility for carrying out the investigation as to whether a crime was committed.

While all this is going on, an additional report from the New York Times clearly adds a brand new dimension to the privacy debates in Sweden. From the NYTimes:

The United States and the European Union are nearing completion of an agreement allowing law enforcement and security agencies to obtain private information — like credit card transactions, travel histories and Internet browsing habits — about people on the other side of the Atlantic Ocean.

The potential agreement, as outlined in an internal report obtained by The New York Times, would represent a diplomatic breakthrough for American counterterrorism officials, who have clashed with the European Union over demands for personal data. Europe generally has more stringent laws restricting how governments and businesses can collect and transfer such information.

Paul M. Schwartz, a law professor at the University of California, Berkeley, said such a blanket agreement could transform international privacy law by eliminating a problem that has led to negotiations of “staggering” complexity between Europe and the United States.

“The reason it’s a big deal is that it is going to lower the whole transaction cost for the U.S. government to get information from Europe,” Mr. Schwartz said. “Most of the negotiations will already be completed. They will just be able to say, ‘Look, we provide adequate protection, so you’re required to turn it over.’ ”

So, judging by this turn of events, whatever the FRA doesn’t get, the new “agreement” between the US an Europe would get. All this seems to be happening in the wake of a delay in the warrantless wiretapping law in the US from within the US senate. It’s difficult to say whether this new international agreement would become a sort of backdoor for wiretapping should the FISA legislation somehow fail in the Republican controlled senate. Either way, one has to wonder if international agreements will eventually be used to circumvent domestic laws in different countries. One way or another, it’s an international issue that could have dramatic effects beyond what’s going on in Sweden.

The recent revelation won’t quiet critics of conventional email, more like give them more ammunition to say that email was never private. According to the report posted by the Electronic Frontier Foundation, the access was not authorized. It led the FBI to subsequently destroy the records they didn’t want, blaming it on an “apparent miscommunication”. The paper can be found on the EFFs website (PDF)

The document itself says the following:

In late February 2006, a surge in data being collected by the FBI’s Engineering Research Faculty (ERF) was identified by ERF personnel. As a result ERF investigated the issue and recognized that the collection tools used to collect email communication from the subject of the investigation were improperly set and appeared to be collecting data on the entire email domain. Due to an apparent miscommunication, the private internet provider accidentally collected mail from the entire domain and susequently conveyed the email to ERF. FBI informed the private internet provider of the error and instructed them to reset their filters to collect only those communications from the subject of the investigation’s e-mail address.

The New York Times covered the story and provided the following:

The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.

The problem has received no discussion as part of the fierce debate in Congress about whether to expand the government’s wiretapping authorities and give legal immunity to private telecommunications companies that have helped in those operations.

But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: “It’s inevitable that these things will happen. It’s not weekly, but it’s common.”

One thing is for sure, even email domains that tout superior privatizing systems might not be so secure in ensuring the privacy of their customers. Late last year, stories surfaced over Hushmail not being that private after all. For email providers selling privacy as a feature for their emails, these revelations strike a blow to their ability to sell privacy in the first place, though could be great news to companies offering a secondary layer of encryption over emails – whether or not they work is another story entirely. This goes over top of the debate on just how much privacy a person is entitled to when online in the first place – at least in the United States.