About this blog…

I am employed by Netnod as head of engineering, research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN. You can find CV and photos of me at this page.

As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

FRA: Filtering the signals

Given that the signals that are collected are photons, it is interesting to see statements like filters based on search terms:

3 § Inhämtning av signaler i tråd skall ske automatiserat. Sådan inhämt-
ning får endast avse signaler som identifierats genom sökbegrepp. Även
vid annan automatiserad inhämtning skall sökbegrepp användas för iden-
tifiering av signaler.

Sökbegreppen skall utformas och användas så att de medför ett så be-
gränsat intrång som möjligt i den personliga integriteten. Sökbegreppen
får inte vara direkt hänförliga till en viss fysisk person om det inte är av
synnerlig vikt för verksamheten.

I know regular expressions, but do not know how to match on photons. Of course, data is to be given to FRA so that they can interpret the light. From the light comes transmission, and from transmission comes packets. Inside the packets are bits of data, and the bits together form messages. It is these messages, I think, that is to match the search terms. Hmmm… To me this make it really weird that light is to be collected. When finally some matches can be done based on the search terms, statistics is already collected about the light, the transmission, the packets and the content. And flows must be identified so that matches can be made across packets in the same flow.

In short, to be able to match with search terms, FRA have to already have recreated the flows (the data flow) given the light in the fiber. And with help of some information they have got from operators that are not covered by the legislation. Hope you, my dear reader, start to see why I think this legislation is not complete. Someone has not been thinking enough on the implications given the Internet Architecture.

The next problematic part of this legislation is the requirement to throw away some of the data:

7 § Upptagning eller uppteckning av uppgifter som inhämtats enligt den-
na lag skall omgående förstöras om innehållet
1. berör en viss fysisk person och har bedömts sakna betydelse för
verksamhet som avses i 1 §,
2. avser uppgifter för vilka tystnadsplikt gäller enligt 3 kap. 3 § tryck-
frihetsförordningen eller 2 kap. 3 § yttrandefrihetsgrundlagen, eller som
omfattas av efterforskningsförbudet i 3 kap. 4 § tryckfrihetsförordningen
eller 2 kap. 4 § yttrandefrihetsgrundlagen, eller
3. omfattar uppgifter i meddelanden som avses i 27 kap. 22 § rätte-
gångsbalken.

To be able to know whether the data falls under one of those points, even more (deeper) inspection is required. Not less. But of course, if there is a match, then the data is to be erased. What is the implication of erasing the data? Is also statistics removed?

Comments are closed.