Men tanke på debatten kring FRA-debatten i Sverige kanske det skulle vara av intresse för en del att läsa en europeisk bedömning av vad den svenska riksdagen skulle rösta igenom. Det är värt att notera att de digitala rättigheterna och kampen för dem gäller inte enbart Sverige.
Även om vi som vanligt i Sverige stuckit huvudet i sanden och låtsas om att det är bara vi som berörs av vad som händer i Europa.
ERDI biweekly newsletter about digital civil rights in Europe
Number 6.13, 2 July 2008
============================================================
8. ENDitorial: Sweden is listening to all internet and phone conversations
============================================================
In Denmark we already have Data Retention in place and the rest of
Europe will follow soon. That means that our own countries demand that
Internet companies and phone companies log who we phone, email with,
chat with, which websites we visit, etc. This is something that the
IT-Political Associations of Denmark (IT-Pol) fights against.
Sweden has now taken one more step towards the complete surveillance of
its citizens as well as citizens of the rest of the world.
The Swedish Parliament (Riksdagen) passed a law that instructs all
telephone and Internet operators to deliver a copy of all phone and
Internet communication crossing Swedish borders to the Swedish
intelligence service FRA. FRA will then use a big spying network and one
of the most powerful supercomputers in the world to investigate the
content of this communication.
For a phone or Internet customer inside or outside Sweden, it is for all
practical purposes impossible to know if a phone call or Internet
connection crosses the Swedish border. For example, Denmark is located
next to Sweden, several big Swedish phone and Internet companies operate
in Denmark, and there are many high capacity sea cables between Denmark
and Sweden. Much of the traffic from Russia also passes Sweden and that
is probably one of the motivations for the law.
It is not possible to know beforehand whether e.g. an email or web-page
viewing will go through Sweden and after all you can never be sure that your
traffic did not go through Sweden. However in some cases you can tell
if your traffic did go through Sweden. IT-Pol has investigated various
uses of the Internet and has discovered that for example Internet
traffic to the Ministry of Ecclesiastical Affairs goes through
Sweden. That means that the Swedish FRA intelligence will listen to
every email from Danes to a Danish priest. Computerworld Denmark wrote that
communication from the Danish intelligence also passes through Sweden.
IT-Pol believes that Internet users should not be subjected to such a
massive and systematic surveillance and bugging. There are probably many
intelligence organizations around the world that try to tap Internet
traffic. But in our part of the world it is exceptional that a
government require all operators to deliver a copy of internet users’
private data to the intelligence service.
IT-Pol has twice contacted the Swedish Parliament. The letters (in
Danish) are available at itpol.dk.
This law has caused massive public opposition in Sweden and the vote
barely got passed in the Parliament.
It is important that citizens, politicians, and organizations outside of
Sweden also speak out and make it clear that this monitoring madness is
not acceptable.
Internet providers outside of Sweden can alleviate the effects of the
Swedish monitoring by not sending Internet traffic through Sweden unless
the recipient is in Sweden. Alternatively, they can encrypt all traffic
going through Sweden. Tolstrup from the Telecommunication Industries
Association in Denmark said in a statement to the Internet magazine
ComOn that FRA can require Danish operators to hand over encryption
keys. This is not obvious from the text of the FRA-law and IT-Pol is
still investigating if this is really true. We have asked some members
of the Swedish Parliament about it, but received no answer. If it is
true, it is an even more serious attack on the freedom of the users of
the Internet.
Content providers inside and outside of Sweden can encrypt their
content. On most webservers a simple change in the configuration will
enable SSL-encryption so that users of the website are protected against
the Swedish snooping, even if the content passes the Swedish border.
Users can also protect their privacy, even against FRA. They can use
encrypted IP telephony, they can use the TOR network to surf the Web, they
can send and receive their e-mail encrypted, etc.
IT-Pol has taken the initiative of the Polippix project, which provides a
live CD, enabling users to take advantage of these technologies. Polippix is
now an international project, translated into several languages and used in
many countries including Denmark, Germany, France, Thailand and Sweden.
IT-Political Association of Denmark
http://www.itpol.dk/presentation-of-it-pol
TOR Project
http://www.torproject.org
Polippix
http://www.polippix.org
’Yes’ to surveillance law (18.06.2008)
http://www.thelocal.se/12534/20080618/
EDRi-gram: ENDitorial: A new ”NSA FRAnchise” set up in Sweden? (4.06.2008)
http://www.edri.org/edrigram/number6.11/nsa-fra-sweden
(Contribution by Niels Elgaard Larsen – Chairman, IT-Political Association
of Denmark)
============================================================
9. Recommended Action
============================================================
The Commission has opened a public consultation by 31 July 2008 on age
verification, cross media rating & classification and online social
networking
The purpose of the public consultation is to gather the knowledge and views
of all relevant stakeholders (including public bodies, child safety and
consumer organisations, industry). The gathered information will be fed into
this year’s Safer Internet Forum 2008, which will be dedicated to the above
mentioned topics.
http://ec.europa.eu/information_society/activities/sip/public_consultation/index_en.htm
============================================================
10. Recommended Reading
============================================================
Article 29 Working Party – Opinion 2/2007 on information to passengers about
the transfer of PNR data to US authorities, Adopted on 15 February 2007 and
revised and updated on 24 June 2008
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp151_en.pdf
Kieran Poynter’s Review of information security at HM Revenue and Customs
http://www.hm-treasury.gov.uk/media/0/1/poynter_review250608.pdf
Independent Police Complaints Commission report into loss of data at HMRC
http://www.ipcc.gov.uk/final_hmrc_report_25062008.pdf
Sir Gus O’Donnell’s report on Data Handling Procedures in government
http://www.cabinetoffice.gov.uk/~/media/assets/www.cabinetoffice.gov.uk/csia/dhr/dhr080625%20pdf.ashx
Sir Edmund Burton’s report into the Loss of MOD Personal Data
http://www.mod.uk/NR/rdonlyres/3E756D20-E762-4FC1-BAB0-08C68FDC2383/0/burton_review_rpt20080430.pdf
============================================================
11. Agenda
============================================================
7-8 July 2008, London, UK
Developing New Models Of Content Delivery Online & Innovative Strategies For
Effectively Tackling Copyright Infringement
http://www.isp-content-regulation.com/conference.agenda.asp
7-9 July 2008, Cambridge, UK
Privacy Laws & Business 21st Annual International Conference
http://www.privacylaws.com/templates/AnnualConferences.aspx?id=641
19-20 July 2008, Stockholm, Sweden
International Association for Media and Communication Research
pre-conference – Civil Rights in Mediatized Societies: Which data privacy
against whom and how ?
http://www.iamcr.org/content/view/301/1/
23-25 July 2008, Leuven, Belgium
The 8th Privacy Enhancing Technologies Symposium (PETS 2008)
http://petsymposium.org/2008/
8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/
22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/
24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm
============================================================
12. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Bogdan Manolea
Information about EDRI and its members:
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring