As I wrote on Sunday, I had a bit of a discussion with Makan Afshinnejad, press secretary for the Liberal frontrunner Marit Paulsen's, on election day. First a bit of background for those of you who aren't very well versed in Swedish politics:
During the past couple of years there have been two new laws which threaten our rights and privacy as citizens.
One of the laws is IPRED. That's the one that gives the film and record companies the right to request identifying information from ISPs without having to prove that the person has broken a law. That's information that our police can only get when they are investigating a crime that carries a prison sentence of 2 years - but the record companies can get it whenever they like.
The other is known as the FRA law. It says that the defense radio analysis agency is allowed to search through any Internet traffic going to or from a foreign country. And, given how the Internet works, that means that they can also search through a lot of the traffic between Swedish citizens within Sweden. In other words, the agency that is supposed to spy on other countries is now also going to spy on us. Both these laws have been widely discussed and criticized, not least in the Swedish blogosphere.
Both of these laws are highly problematic from a privacy and integrity standpoint. As for IPRED, I find it ludicrous that record companies should have greater investigative powers than the police. If I have broken a law, it's the job of the police to investigate and charge me. Those powers should not be given to another interested party!
And as for FRA, it's even worse. It's simply not possible for them to restrict their surveillance to packets to and from foreigners. If I use Google mail, and my mother uses Hotmail, then according to FRA we are using foreign sites and thus they are allowed to monitor our emails! And even supposing that we both use mail servers physically placed in Sweden, and owned by Swedish companies/people, the traffic may still be routed via the international routers. That is simply the way Internet works. Even if the law says they are not allowed to look at that traffic, there is no way to reliably exclude it from their filters.
That was what I tried to explaine to Makan Afshinnejad. His response was that I must be wrong, because all the instances that were invited to express opinions on the FRA law said it wouldn't be a problem, including the Data Inspection Board. And, he said, they wouldn't have approved of the proposal if there were an integrity problem.
At that point I wasn't certain of what the DI had said in their opinion, so I didn't respond directly. Now, however, I have had time to check things up. I went to their website
and looked at their opinions. Interestingly enough, what I found was that they had not
approved of the law. In fact, they had brought up the very same points that I did.
So I sent an email off to Mr Afshinnejad:
I'm the one who was giving out Piratpartiet ballots on Sunday. I was thinking over the conversation we had afterwards. I remember you saying that all opinions, including the one from the Data Inspection Board, approved of the law. As I at that point wasn't sure of what the DI had said I didn't argue; I don't like making a claim unless I have all the facts, so I just talked about what I know about how the Internet works and why it doesn't work to restrict the surveillance to one "carrier".
Now I have looked at the opinion from Datainspektionen. To my amazement, they have exactly the same arguments as I do! On page 5 it says "It is the opinion of the Data Inspection Board reasonable to suppose that the signal surveillance agency will still to a large extent have technical access to traffic that is not covered by the judicial access", and "The proposition may thus mean that signals between senders and recpients in Sweden will be routinely gathered despite the standard prohibition."
The DI had several more reservations, and I really recommend that you read their opinion. I myself will gladly take back any less than positive statements I made about them."
(In Swedish: Hej! Det var jag som stod och delade ut valsedlar för Piratpartiet i söndags. Jag funderade en del efteråt på samtalet vi hade. Jag minns att du sade att alla remissinstanser, inklusive Datainspektionen, hade godkänt FRA-lagen. Eftersom jag själv då var osäker på vad just DI hade sagt ville jag inte säga emot; jag tycker inte om att uttala mig i frågor där jag inte är säker på fakta, så jag nöjde mig med att förklara vad jag själv vet om hur Internet fungerar och varför det inte fungerar att begränsa spaningen till en "signalbärare".
Nu har jag tittat på Datainspektionens remissvar. Hör och häpna, de har exakt samma invändningar som jag har! Det står på sidan 5 "Det är enligt Datainspektionens mening rimligt att anta att signalspaningsmyndigheten fortfarande i rätt stor utsträckning kan komma att ha teknisk tillgång till trafik som inte omfattas av den rättsliga åtkomsten", och "Den föreslagna bestämmelsen kan alltså komma att innebära att signaler mellan sändare och mottagare i Sverige regelmässigt hämtas in trots det principiella förbudet."
DI hade en hel del ytterligare invändningar, och jag kan verkligen rekommendera dig att läsa igenom deras remissvar. Själv tar jag gladeligen tillbaka mina mindre positiva uttalanden om dem.)
It will be interesting to see if I ever get a response. I don't really think I will...
And I can't help finding it very interesting that the press secretary of their major candidate for the EU would argue without knowing the facts. I certainly got the feeling that he was convinced of the truth of his own words, so I don't think he was deliberately lying to me. But the truth is so very easy to find in this case that I still find it a bit strange that he would take the debate without having a basic grasp of the facts. And he did give it as a well-established fact - according to him, the DI had approved of the law. Which they didn't.
I don't really think I'll get an answer from him.