Home / Blogs

Swedish National Defense Radio Agency to Wiretap All Internet Traffic

Several people abroad have started mailing me and others asking if rumors of new legislation to be passed in Sweden on the 17th of June is for real. There are also reports in international forums starting to pop up. This is fairly old news, and I think that most of us are surprised that this has not generated more press both inside and outside Sweden earlier. This legislation will allow for the Swedish National Defense Radio Agency (FRA) to wiretap Internet traffic leaving the country.

Many people seem to have interpreted the text in the proposed law on performing the intercept at co-operation points to mean the Swedish Internet Exchange Points (IXPs), which I guess is part of the reason why I get these questions. Now, when it comes to the implementation of the law, I am a foreigner living in Sweden so I will probably be the last to know :-). That said, I do have a few view points on this topic.

1) If you are to intercept Internet traffic on a larger scale, IXPs are actually quite poor locations to do so. First of all (At least for Sweden) there is a rule of thumb that we only see around 50% of the national traffic (the rest is private peering) and only 50% of all traffic stays in the country (the rest is Internet transit traffic). The figures are surely not exact, and peer2peer traffic means that probably some more is national traffic, but let's assume this is a valid estimation. IXPs further the drawback that they are normally one or more Ethernet switches. So you will need to drop all traffic or mirror certain ports. The problem with the latter is that the collected traffic no longer fits on one port on the switch and you need to start doing fancy aggregation of your mirrored traffic (if it is at all doable).

2) If you want to do traffic interception effectively, or if I where to do it. I would concentrate on the top 5 transit providers. I would intercept traffic between their routers and their WDM system leaving the country. You would most likely intercept 80% of the traffic leaving the country (Which is what FRA says they are interested in). If you want to also intercept traffic inside the country it becomes much trickier as a lot of traffic stays inside the wholesale DSL product of the former monopoly.

3) I am sure that the public reasons why FRA want this capability, to intercept terrorist and criminal traffic is true, but the problem with that intelligence is that you only know what you are looking for after an event has happened, and as you are screening traffic based keywords and discarding the rest (I will assume that is the only scalable way — and also what FRA have said in public what they are and will be doing), it's then a bit late to look for that data. However, Sweden also happens to be a large transit country for cable based traffic out of Russia, the baltic states, Finland and several of the former USSR countries. I would guess that much more interesting to FRA, and for intelligence in general, is trying to find encrypted (and non-encrypted) traffic from other states, that passes through Sweden. This encrypted material would be useful to the code-breakers at FRA (which is also one of their operating areas — but one that is less talked about). It would also probably be hard currency at the worlds Intelligence agencies flea-markets. What is more interesting is that if that would be FRAs true motives, that would be a much easier sell to the public, but it would not be acceptable in Sweden's relations with other countries.

4) What the legislation proposes is hardly unique in the intelligence business — and is actually what they have been doing without any oversight for radio communications for a long time. To ask for permission to continue, is either very clever or extremely naive.

Personally I am a bit split in this question. I partly believe that we are heading to a society where privacy is fundamentally being given up by our politicians. On the other hand, I also believe we are just starting to become aware of what has always been going on. FRA actually used to have permission to intercept traffic during and after WWII. So in reality the proposed legislation won't change much. However, it's also the case that the current legislation does not really provide for proper oversight, control and what I would like to see — clear and hard punishment for violation of the oversight, leakage and use of the data collected. So I think the law as written should not pass, but I have less issues with the fundamentals behind it.

By Kurtis Lindqvist, CEO. More blog posts from Kurtis Lindqvist can also be read here.

Related topics: Cybersecurity, Internet Governance, Policy & Regulation, Privacy


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services

IP Addressing

Sponsored by Avenue4 LLC


Sponsored by Verisign

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks