Sweden and the Borders of the Surveillance State
A proposed new law in Sweden (voted on this week, after much delay) will, if passed, allow a secretive government agency ostensibly concerned with signals intelligence to install technology in twenty public hubs across the country. There it will be permitted to conduct a huge mass data-mining project, processing and analysing the telephony, emails, and web traffic of millions of innocent individuals. Allegedly these monitoring stations will be restricted to data passing across Sweden's borders with other countries for the purposes of monitoring terrorist activity: but there seems few judicial or technical safeguards to prevent domestic communications from being swept up in the dragnet. Sound familiar?
The passing of the FRA law (or "Lex Orwell", as the Swedish are calling it) next week is by no means guaranteed. Many Swedes are up in arms over its provisions (the protest Facebook group has over 5000 members; the chief protest site links to thousands of angry commenters across the Web). With the governing alliance managing the barest of majorities in the Swedish Parliament, it would only take four MPs in the governing coalition opposing this bill to effectively remove it from the government's agenda.
As with the debate over the NSA warrantless wiretapping program in the United States, much of this domestic Swedish debate revolves around how much their own nationals will be caught up with this dragnet surveillance. But as anyone who has sat outside the US debate will know, there is a wider international dimension to such pervasive spying systems. No promise that a dragnet surveillance system will do its best to eliminate domestic traffic removes the fact that it *will* pick up terabytes of the innocent communications of, and with, foreigners - especially those of Sweden's supposed allies and friends.
Sweden is a part of the European Union: a community of states which places a strong emphasis on the values of privacy, proportionality, and the mutual defence of those values by its members. But even as the EU aspires to being a closer, borderless community, it seems Sweden is determined to set its spies on every entry and exit to Sweden. When the citizens of the EU talk to their Swedish colleagues, what happens to their private communications then?
When revelations regarding the United Kingdom's involvement in a UK-US surveillance agreement emerged in 2000, the European Parliament produced a highly critical report (and recommended that EU adopt strong pervasive encryption to protect its citizens' privacy).
Back then, UK's cavalier attitude to European communications, and its willingness to hand that data to the United States and other non-EU countries, greatly concerned Europe's elected legislators. Already questions are being asked in the European Parliament about Sweden's new plans and their effect on European citizen's personal data. Commercial companies like TeliaSonera have moved servers out of Sweden to prevent their customers from being wiretapped by the Swedish Department of Defence. Sweden's own business community have expressed concern that companies may move out of Sweden to protect their private financial data.
Sweden has often led the charge for government openness and consumer advocacy, and has, understandably, much national pride in seeing its past policies exported and reflected in Europe and beyond. Before Sweden's MPs vote next week to allow its government surveillance access to whole Net, they should certainly consider its effect on their Swedish citizens' privacy. But it should also ponder exactly how their vote will be seen by their closest neighbors. If the Lex Orwell passes, Sweden may not need something so sophisticated as a supercomputer to hear what the rest of the world thinks about their new values.