A lot of people call me today and the last two days. Everyone want to know what happens. I want to do my job. Not talk on the phone all the time… And one question I get a lot is is it possible to know what traffic is within Sweden and not? Like I explained in Swedish, there are better ways of creating legislation like the one that is just proposed in Sweden for wiretap. Because the current proposed legislation have such unclear statements. Sure, it is good if legislation is technology neutral, but, it must still be clear what the idea is.
For example, the proposed legislation suggest FRA must destroy data that is communication between Swedish Entities. But how to define that? Lets say a Swedish Organisation buy a service according to European rules, i.e. from any provider in any country within EU. Lets say in the UK. Then when I, in Sweden, send email to a friend at that organisation (in Sweden) in reality send email between my server in Sweden and a server in the UK. Then a second email communication path is between the UK and the organisation in Sweden that have service over there. Is that domestic or international communication?
Get over with it, legislation today about wiretap, data retention and whatever is today going to have impact on all communication. Country boundaries does not exist anymore. Accept the fact and then discuss what impact it has on privacy and integrity.
Then my friend Oscar point out that another integrity issue that people (including myself) is ignoring is that more and more of what we do in the society is a kind of communication that fall under wiretap rules like these. So arguments like FRA is already allowed to wiretap radio, so this is the same thing is not true. As we do more and more things online, FRA is allowed to wiretap more and more. I.e. already without this new proposed legislation, FRA can get more and more information about us.
So what do I think myself? I have been working with people at FRA. I have friends there. I have been working in the Swedish Navy. I am probably one of the persons that trust them the most. BUT, I am anyway against this legislation, as it is not clear enough. And without a clear legislation that we know what it is, we can not have a proper discussion about the control mechanism, and what mechanisms FRA should use to collect the correct data. So I am against this proposal.