|Home » Industry Watch
Lex Orwell & Intent
The new voting's on 17 June.
On 17 June 2008 the Swedish parliament (riksdagen) will vote on 'Lex Orwell' aka en anpassad försvarsunderrättelseverksamhet (an adapted defence intelligence operation) or more formally förslag till lag om ändring i lagen (2000:130) om försvarsunderrättelseverksamhet (proposal for a law for changes in law 2000:130 for defence intelligence operations). The law's already been shelved once and with four new votes can be shelved again.
The law was shelved last year on 14 June 2007. A coalition of two parties were able to muster the 60 votes needed to postpone further considerations with respect to possibly jeopardising personal integrity. The law has encountered considerable opposition and also been commented on in the international press but so far no major Swedish news media have picked up the story.
Rick Falkvinge of the Swedish Pirate Party is desperate for someone to write something so the story gets out. Obviously he's against the proposal. But so are a great number of recognised institutions in Sweden including the national police, the security police, and the Swedish Bar Association.
Lex Orwell has its origins in a 2003 report submitted by former commander in chief Owe Wiktorin. The report became a proposal from the department of defence under the previous social democrat administration but was stopped in 2005 by minister of justice Thomas Bodström. The new minister of justice Mikael Odenberg reintroduced the proposal in 2006. The proposal was sent out for comments at the end of 2006 and voted on in the parliament on 14 June 2007. Being a proposal from the government the voting followed strict party lines with the exception of a single vote and the proposal passed.
But a minority were able to cite a constitutional safeguard to thwart legislation rushed through parliament that may jeopardise personal integrity and so a new vote on the bill was scheduled for 17 June 2008.
The bill concerns the operations of the Swedish försvarets radioanstalt or 'FRA' (defence radio establishment) which have been in the business of intercepting radio communications for some time. FRA successfully cracked Nazi codes during World War II and intercepted key Soviet transmissions during the Cold War but their directive does not formally allow them to also intercept cable traffic. Lex Orwell is intended to rectify that situation.
The Swedish FRA (försvarets radioanstalt) is a SIGINT (signals intelligence) agency that has worked closely with Swedish Uppland regiment S1. S1 can trace their origins back to the 1800s.
The FRA began their operations during World War II with the cryptological work of Swedish mathematics professor Arne Beurling. In 1940 Beurling singlehandedly decrypted the Siemens Geheimfernschreiber used by the Nazis. He also created a device to decrypt intercepted teleprinter traffic between Germany and Nazi occupied Norway. Swedes were thus able to get advance information on Hitler's planned invasion of the Soviet Union. These achievements led to the foundation of the FRA.
Today the FRA are primarily located on the island of Lovön west of Stockholm and near to where the royal family live. The post address is in Bromma, another Stockholm suburb. In 2007 the FRA, today with approximately 700 employees, were budgeted at approximately $80 million.
The FRA are also in possession of a Hewlett-Packard Cluster Platform 3000 BL460c computer capable of operating at 102.8 teraflops and ranked as the fifth most powerful in the world.
The FRA are a civil authority belonging to the department of defence. Their main tasks are to operate signals intelligence (SIGINT) on behalf of their clients and to support information security (INFOSEC) amongst other authorities and government corporations.
The FRA have no board of directors but are run by a general director.
Lex Orwell (formally 'förslag till lag om ändring i lagen (2000:130) om försvarsunderrättelseverksamhet') was sent out for comments on 22 December 2006 with responses to come in no later than 4 January 2007 - a period when almost no one is at their place of work in Sweden. From the proposal's introductory summary.
The proposal suggests changes in the law for defence intelligence operations. The changes mean the mandate for these operations is to be changed from 'external military threats' to 'external threats' and that operations be specifically limited to international situations. The proposal further clarifies the distinction between police operations and defence intelligence operations. It is further suggested rules for the focus and reporting of operations as well as society's functions for focus and control of these operations be strengthened.
The proposal also suggests a new law for signals intelligence. The law comprises signals intelligence for the purposes of defence intelligence regardless of whether the signals are transmitted by radio or through cable. The proposal contains several rules to protect the integrity of the individual. Signals intelligence is conducted in accordance with directives from the government or other affected authorities. A special protocol is to be used in enacting these directives. Rules are further proposed for when information is to be destroyed and how reports are to be filed. The search keys that are to be used as well as the destruction of data and the filing of reports in accordance with existing law shall be controlled by a separate protocol. It is suggested the authority to control these operations shall be given the opportunity to decide when the operations are to cease and information is to be destroyed. Finally it is suggested a special board be founded to protect the integrity of the individual.
It is suggested the law be enacted 1 July 2007.
One of the proposed changes.
'Defence intelligence operations shall be conducted to chart external military threats to the country and in support of Swedish foreign, defence, and security policy.'
'Defence intelligence operations shall be conducted in support of Swedish foreign, defence, and security policy. Defence intelligence operations may only concern foreign situations. The government shall decide the focus of operations. Within this framework authorities chosen by the government may request a more detailed agenda for these operations.'
The proposal also contains details of defence intelligence operations in other countries such as Holland, Switzerland, England, and Germany.
Following is a partial list of the authorities whose comments were requested.
Riksdagens ombudsmän, Hovrätten över Skåne och Blekinge, Hovrätten för Övre Norrland, Kammarrätten i Stockholm, Kammarrätten i Jönköping, Stockholms tingsrätt, Malmö tingsrätt, Göteborgs tingsrätt, Justitiekanslern, Åklagarmyndigheten, Ekobrottsmyndigheten, Rikspolisstyrelsen, Säkerhetspolisen, Registernämnden, Inspektionen för strategiska produkter, Försvarsmakten, Försvarets materielverk, Försvarets radioanstalt, Krisberedskapsmyndigheten, Försvarshögskolan, Totalförsvarets forskningsinstitut, Försvarets underrättelsenämnd, Statens räddningsverk, Kustbevakningen, Tullverket, Finansinspektionen, Ekonomistyrningsverket, Skatteverket, Premiepensionsmyndigheten, Datainspektionen, Kammarkollegiet, Stockholms universitet, Örebro universitet, Göteborgs universitet, Umeå universitet, Riksarkivet, Radio- och TVverket, Statens kärnkraftsinspektion, Affärsverket svenska kraftnät, Elsäkerhetsverket, Statens energimyndighet, Konkurrensverket, Post- och telestyrelsen, Banverket, Luftfartsstyrelsen, Verket för näringslivsutveckling, Sveriges advokatsamfund, Svenska polisförbundet, Tryck- och yttrandefrihetsberedningen (Ju 2003:04), Amnesty International, Länssamverkan Bredband, Svenska bankföreningen, Svenska IT-företagens organisation, Svenska Journalistförbundet, Tidningsutgivarna, Svenska Stadsnätsföreningen, Svenskt näringsliv, Swedish Network Users Society, Swedish University Network, E ON AB, Stokab AB, TeliaSonera AB och Vattenfall AB, Sveriges Riksbank.
Given the severe time constraints it's not surprising responses were as meager as they were. Here are a few.
|'It's not been possible given the time constraints to perform a more thorough analysis of the proposal as one should. We also see principle issues with authorities in the area of military defence being given tasks which intend to thwart crime. We ascertain that the proposal would give us a system which can be described as telephone tapping without control by the courts and we are of the opinion this is a highly disquieting development.
In addition to what's already been conveyed there is good reason to challenge the way this request has been presented. To treat a legislative question concerning such a comprehensive and serious invasion of fundamental human rights in a memo written by clerks in a department instead of through parliamentary inquiry seems highly remarkable.'
(Data Inspection Board)
|'A similar general surveillance method is currently being used in Sweden as a result of the EU directive on retention of telephony traffic data. But signals intelligence also refers to the contents of telephone conversations and messages. Such general methods have the risk of influencing people's opinion negatively and increase their concern for personal integrity and protection of their privacy.
We have previously pointed out such comprehensive proposals need to be carefully deliberated by committees working with the parliament.
These opinions have been assembled during this holiday period when staff who usually handle such tasks are absent. Presumably the situation was the same at other authorities who have also been sent the proposal for comments. Even this and the fact it's being done underhandedly speaks for the need for further preparation as regards the central issues.'
|'This proposal shows a frightening lack of understanding of the demands as regards protecting personal integrity which are in accordance with the constitution and and the European convention for the protection of fundamental human rights.'
|'The Security Service are critical of the way this proposal has been prepared. The proposal is so fundamental and has such consequences for society and individual that it should be grounded in parliamentary review and not a memo written by clerks in the department of defence.
This proposal would create an operation which for the most part would work in parallel and overlap operations currently conducted by the police. This arouses strong misgivings from the perspective of personal integrity.
This is about massive wiretapping and the proposal represents a violation of personal integrity which far exceeds the violations other proposals for bugging and preventive coercion represent.'
|'We share the opinion of the department of justice that the proposal exposes several serious deficiencies and therefore cannot be used as the basis for legislation.'
(Economic Crimes Bureau)
|'Anyone who's harboured any doubts because of personal integrity issues about accepting retention of traffic data, bugging, and so called preventive coercion cannot possibly accept this proposal for rules for signals intelligence as they're presently formulated.'
|Lagrådet (Law Council)
||'We remark that this invasion, in contast with what's been given in the law council recommendations but in accordance with what's been conveyed in several responses, already occurs by virtue of the fact the state obtain access to telephony traffic and not first when a particular message is plucked out for analysis through search keywords. The character of invasion is not lessened because searches occur through automated processing.'
From Hook to Net
The bill was first put to the Swedish parliament on 13 March 2007. Operations will require an initial investment of up to $150 million and annual operating costs of $35 million. It will be telecom providers and not the government or the FRA who pay for the operations in accordance with legislation from 2005.
Minister of justice Mikael Odenberg claimed the new law was necessary inasmuch as most traffic today is through cables and not based on airwaves.
'It's about collecting information for our country's foreign, security, and defence policy and protecting Sweden from foreign threats. We want to be able to detect military threats at an early stage and also map other foreign threats such as terrorism, IT attacks, or the spread of weapons of mass destruction.'
Surprisingly one of the fiercest critics of the proposal has been former attorney general Thomas Bodström who was suspected of ministerstyre in connection with the raid on The Pirate Bay and who sponsored his own data retention law several years ago.
'This is about giving permission to wiretap maybe millions of telephone calls, emails, and text messages. Do we want this change? And if we do want it shouldn't we carry out a proper inquiry first?'
The bill doesn't require the FRA obtain a court order before tapping wires. As before the FRA can just pick up whatever they want whenever they want it. They are further limited in how they can tap - only permitted to use pattern analysis and key word searches. Which is about the only way they could go about it anyway. But they are specifically not allowed to target individuals. Unless of course they find someone that needs further looking into.
Swedish privacy advocate Pär Ström says the law crosses a very fundamental border. 'They're going from fishing with a hook to fishing with a net', says Ström.
- Chief legal counsel for the security police Lars-Åke Johansson says the proposal 'may lead to drastic violations of personal integrity. The government will have direct control over operations within areas that not even the police can follow since they're not criminal operations.'
- The Swedish department of justice call the bill 'completely alien to our form of government'.
- The Rikspolisstyrelsen (police board) say the bill 'indicates a frightening lack of understanding for the requirements regarding the protection of citizens' privacy that follow from our constitution and the European Convention on Human Rights'.
- The Registreringsnämnden (register board) say the bill is 'compatible with neither the Swedish Constitution nor the European Convention on Human Rights. Such an immense expansion of wiretapping of telephony and other forms of communication cannot be legislated under any circumstance'.
- Rick Falkvinge points out the bill was sent out for comments at a time when everyone was away for the holidays.
- Odenberg's party colleague MP Henrik von Sydow is also against it. 'We can't assume those in power always mean well. It's risky setting up a system that can be used by another government at another time for purposes other than those for which it was intended.'
- Head of the Swedish Bar Association Anne Ramberg is also critical. 'If the proposal is adopted we're going to be among the most advanced in monitoring our citizens - the US included.'
Google global privacy counsel Peter Fleischer visited Sweden on 28 May 2007 precisely because of Lex Orwell. He had the following to say.
'We have contacted the Swedish authorities to give our view of the proposal and we've made it clear we will never place any servers inside Sweden's borders if the proposal goes through. We simply cannot compromise our users' integrity by allowing Swedish authorities access to data that may not even concern Swedish activity.'
Fleischer likened the proposal to things found in totalitarian states.
'The proposal stems from a tradition begun by Saudi Arabia and China and simply has no place in a Western democracy.'
Google submitted a criticism of the proposal to the Swedish department of justice.
The FRA dismiss Fleischer's claims as sensationalistic. 'We can point to several other western democracies already involved in similar SIGINT - such as England, Germany, Holland, and the United States', says the FRA website.
They further clarify the proposal specifies they may not intercept local signals - only foreign ones - and that this restriction has never before been specified in law.
'The proposal would give FRA the right to intercept international traffic and intelligence operations would be directed outside the country. The most important thing from our perspective is the new law would give us better a capability to contribute to a safer Sweden.'
Deputy PM Maud Olofsson seemed intent on defending Lex Orwell with Speak Orwell.
'Sweden has always listened in as a means of ensuring we have the information we need to protect national security. I don't think that's a secret. Now we'll get legislation which also means we protect personal integrity.'
Mikael Odenberg was asked to corroborate Olofsson's assertions but said he couldn't say with certainty they were true and the FRA were leaving the country wide open.
'All I know is we don't currently have surveillance on the cable network. For six decades we had a surveillance system with no regulation and absolutely no protection for private individuals. I think that's forgotten sometimes in this discussion.'
Security expert Wilhelm Agrell claims there's no consensus whether FRA are actually wiretapping. He also points out Swedish telephony is no longer a state monopoly and therefore must be regulated.
'In April 1948 the government reached a secret agreement to make traffic available to FRA on a limited basis. This concerned telegraphs to and from foreign missions in Sweden. That agreement has been made public so it is somewhat difficult to deny.'
'We don't know if this was successively extended but it's not in any way unthinkable they actually have access to more traffic than they care to admit. I have a suspicion this unpopular law the government are trying to launch has come about as a result of a wish to legalise an activity which is some respects already exists in reality.'
Former FRA chief Per Kjellnäs admits his organisation did listen in on telecommunications but insists they never tapped the cable network.
'It must be a misunderstanding. We tapped into satellite communications. I don't want to reveal the extent to which we did but the legal possibility was available. Previously we weren't allowed to wiretap; we had access only to radio waves.'
Rick Falkvinge of the Swedish Pirate Party has the following to say about Lex Orwell.
- At about 20 points in the national information infrastructure network all traffic is teed off and fed into FRA computers. These 20 points catch all traffic crossing Swedish borders but naturally catch much if not most domestic traffic as well because of the way the Internet routes traffic. Electronic traffic always takes the scenic route.
- This surveillance affects all Internet and telephony traffic - web surfing, electronic mail, fax transmissions, phone conversations, SMS, et al.
- The FRA scan all traffic in realtime using a quarter million search criteria. The traffic that matches is automatically saved for manual intelligence analysis. This obviously takes a lot of computing power. We don't know the exact extent of FRA's computing power but we do know that they have the world's fifth most powerful computer: an HP Cluster Platform 3000 BL460c capable of operating at 102.8 teraflops.
- Clients allowed to place requests for searches include all authorities - all some 500 of them including the departments of transportation, agriculture, et al but also notably the police, the secret service, and customs.
- The political administration may order (not merely request) political wiretapping for communications they're interested in.
- Major businesses will also get access to the wiretapping grid but will have to go through an authority.
- The bill specifically allows for singling out Swedish people for specific wiretapping although only under certain conditions.
- The scope of the agency is broadened from 'external military threats' to 'external threats' such as international crime; trafficking in drugs, weapons, or people; migration movements; religious or cultural conflicts; environmental imbalances and threats; raw materials shortages; and currency speculation.
Rick Falkvinge also caught former FRA överdirektör (second in command) Anders Wik on tape stating the FRA were already conducting such surveillance - in direct violation of the Swedish constitution.
RF: But about that: there was something you said first time we met that I've given some thought. And that was how the FRA eavesdrop radio and wire. You mentioned at one point the eavesdropping on wireless traffic FRA have done for several years violates the European Convention on Human Rights? I checked article 8. It leaves lots of room for national surveillance by security agencies and so on.
AW: Yes it does but what's also some kind of legal precedent is that you need positive law support. It's not enough that it's not forbidden. So it must be explicitly legal - it must be explicitly said this particular authority is to do this particular task. The intrusion of privacy must be specified. The duties have been there before but in this way they will become legal.
The FRA usually point out that anyone can listen to radio traffic. But the interpretation that radio traffic is free is absurd, says professor Dennis Töllborg. The old law prescribed absolute confidentiality for anyone who happened to eavesdrop on a private conversation transmitted by radio - they weren't even allowed to tell people they'd heard a conversation.
Telia to Finland
Internet provider Sonera will be moving their servers with approximately half a million electronic mail accounts to Finland if Lex Orwell passes.
'We decided to move our services back to Finland in order to protect the privacy of our Finnish customers. After the migration the mail sent from one Finn to another won't cross our borders at any stage', says senior Finland VP Juha-Pekka Weckström.
Drew Wilson of ZeroPaid puts the final twist on it.
'Somewhere in all of this someone from the US entertainment industry is licking their chops over a law that would push Sweden into 'total surveillance' since the country is moving towards a society that is one pen stroke away from making file sharing impossible - all paid for by the taxpayers themselves. No need to hire any private investigators anymore: the local government will foot the bills and efforts from now on.'
EDRI: A new NSA FRAnchise Set Up in Sweden?
Staffan Danielsson: Thomas Bodström och Signalspaning - En Analys
Digitalidag: Sammanfattning av Remissvaren
Digitalidag: En Anpassad Försvarsunderrättelseverksamhet (Departementspromemoria)
Swedish Bar Association: Comments on Proposal (PDF)
ZeroPaid: Sweden on Track to Becoming the Next Surveillance Society?
Rick Falkvinge: Conversation with Anders Wik (MP3)
IDG: Telefonavlyssning Inget Nytt för FRA
Lars Ulfving: The Geheimschreiber Secret
Svenska Regeringskansliet: En Anpassad Försvarsunderrättelseverksamhet
Svenska Försvarets Radioanstalt: Hemsida
Svenska Försvarets Radioanstalt: Klartext!
Svenska Försvarets Radioanstalt: Remissyttrande 2007-09-03 (PDF)
Svenska Piratpartiet: Hemsida
The Register: World+Dog Ignores Sweden's Draconian Wiretap Bill
Cellular-News: Sonera Move Mail Servers to Avoid Swedish Spy Laws
Rick Falkvinge: More on the Ubiquitous Wiretapping Bill