When neighbours are peeping through your windows..

On June 18 the Swedish parliament accepted a law that enforces the Swedish Armed Forces (Försvarets Radioanstalt) to listen into the content of all electronic traffic going in and out of Sweden.
This is – on a European scale – quite remarkable, as the surveillance directive for tele services so far has only required that the ID’s of telecommunication between sender and receiver to be logged and stored for a limited period of time.

It created a lot of critical articles in Sweden and even demonstrations in front of the Parliament. http://www.vasabladet.fi/story.aspx?storyID=22256 – but the law was passed with only 4 members majority. (See also http://www.aftonbladet.se/nyheter/article2712002.ab )
The new law covers e-mails, SMS, on-line traffic as well as phone conversations.
According to Computerworld a similar legislation is on it’s way in UK.
http://www.computerworld.dk/art/46358?a=rss&i=0

This may not be a major issue if not for the fact that some of the major Swedish tele companies like Telia is also servicing customers in other countries, among them Denmark and – behold – the Danish Parliament. http://www.computerworld.dk/art/46613?

At the first glance this seems to be in direct conflict with the European Human Rights declaration:

http://www.hri.org/docs/ECHR50.html#P1

ARTICLE 8

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

But in Article 8, paragraph 2, it is stated:

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

So the real question is whether or not the threat level in Sweden (or for that matter, in Europe) has risen to the point where it can said that it is politically acceptable to have a major surveillance of every kind of correspondence from every citizen or company.

To my knowledge this has not yet been discussed in the committee that are the official watch dogs of the Human Rights declaration. The so-called WP29 – Working Party or sub-committee responsible for advising the European Parliament on human rights issues as stated in Article 29, has not yet discussed the Swedish legislation. (See http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559540 for a description of the WP29).

The question is if the Swedish Law is in conflict with the Data Protection Directive 94/96.

As this has not yet been discussed by WP29, it is obvious that we can look at the outcome of a similar case just a few years back where it suddenly came to the attention of the authorities that the data content of data in international money transfer using the Belgium based SWIFT system, was actually decoded by US authorities. This was discussed by the WP29 that concluded that SWIFT had to adhere to the 94/96 European directive on data protection.(See www.cbpweb.nl/downloads_int/Opinie%20WP29%20zoekmachines.pdf )

It seems that the Swedish are on a thin ice, and I expect that the case will be brought up for the WP29. In the meantime, Swedish critics suggests that everybody encrypts their data; this may be OK, but you have to take into account that the Swedish Defense actually owns a 128 Terraflop supercomputer and has asked for additional funding, so ..

In a follow-on article I will dig into the recommendations on protection of personal data as proposed by the PRISE consortium and the result of the EU project to describe policies and best practices when investing EU funds in IT projects that might infringe on individual’s privacy.

http://prise.oeaw.ac.at/