About this blog…

I am employed by Netnod as head of engineering, research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN. You can find CV and photos of me at this page.

As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

What is good legislation?

A lot of people call me today and the last two days. Everyone want to know what happens. I want to do my job. Not talk on the phone all the time… And one question I get a lot is is it possible to know what traffic is within Sweden and not? Like I explained in Swedish, there are better ways of creating legislation like the one that is just proposed in Sweden for wiretap. Because the current proposed legislation have such unclear statements. Sure, it is good if legislation is technology neutral, but, it must still be clear what the idea is.

For example, the proposed legislation suggest FRA must destroy data that is communication between Swedish Entities. But how to define that? Lets say a Swedish Organisation buy a service according to European rules, i.e. from any provider in any country within EU. Lets say in the UK. Then when I, in Sweden, send email to a friend at that organisation (in Sweden) in reality send email between my server in Sweden and a server in the UK. Then a second email communication path is between the UK and the organisation in Sweden that have service over there. Is that domestic or international communication?

Get over with it, legislation today about wiretap, data retention and whatever is today going to have impact on all communication. Country boundaries does not exist anymore. Accept the fact and then discuss what impact it has on privacy and integrity.

Then my friend Oscar point out that another integrity issue that people (including myself) is ignoring is that more and more of what we do in the society is a kind of communication that fall under wiretap rules like these. So arguments like FRA is already allowed to wiretap radio, so this is the same thing is not true. As we do more and more things online, FRA is allowed to wiretap more and more. I.e. already without this new proposed legislation, FRA can get more and more information about us.

So what do I think myself? I have been working with people at FRA. I have friends there. I have been working in the Swedish Navy. I am probably one of the persons that trust them the most. BUT, I am anyway against this legislation, as it is not clear enough. And without a clear legislation that we know what it is, we can not have a proper discussion about the control mechanism, and what mechanisms FRA should use to collect the correct data. So I am against this proposal.

Comments are closed.