Transcript Bild 1

Surveillance of cables for civil
communication by the
National Defence Radio
Establishment (FRA)
Mark Klamberg, doctoral candidate
1
5 October 2008
Us humans leave electronic footprints after us, in the form of
credit card payments, visits to websites, phone calls and e-mail.
Imagine that somebody could collect everything and process it
through a powerful computer. With the right tools one could
find patterns that in detail describe what kind of person you are.
This is called social network analysis, a term included by the
wider concept data mining.
2
Key feature of the “FRA-law”
IT- and telecom operators are obligated to transfer all traffic in
cables crossing Swedish borders to the State
3
Definitions
Distinguish between
• Transfer to the state (stage 1) – collection and processing
(stage 2)
• Content data (text of the message) and traffic data (who is
contacting who, when and how)
4
Collection and processing of data (stage 2)
The FRA has a mandate to monitor and collect content data for
certain purposes including external military threats, terrorism and
IT-attacks. The Agreement of September 25th specifies these
certain purposes. The FRA may under certain conditions collect
and process content data when an individual is targeted.
FRA can also provide assistance to the Police within the
parameters set by the specific purposes of the “FRA-law”.
The question about assistance to the Police has not been finally
settled.
5
Intelligence court
According to the agreement September 25th the collection of
data would be placed under the control of an “intelligence court”
which operates behind closed doors. The court will, among
others things, limit FRA’s collection and processing of content
data.
6
Traffic Data
No restrictions on collection of traffic data, the basis of the FRA
operations (analysis of traffic patterns)
Traffic data on Swedes (and others) have been collected for
more than 10 years without legal basis. The FRA has in an
internal document stated that they intend to continue to collect
traffic data to the same extent.
According to the adopted law the FRA has the mandate to
collect, process and store all available traffic data. This is
necessary for analysis and targeting. Targeting relates to the
what content data should be collected and processed.
7
Targeting
Targeting can be done using phone
numbers and technical parameters
(for example internet protocol
address)
In addition, according to the law a
person’s race, ethnicity, political
views, religious and philosophical
beliefs, membership of a labour union,
health or sexuality may under certain
conditions be used for targeting.
Targeting is, inter alia, done by the
use of traffic data
8
Transfer of personal data
According to the law personal data collected by the
FRA may be transferred to other countries.
9
A critical remark
Is this kind of data collection and surveillance…
• Consistent with the right to privacy? This is both a
human right and a constitutional right.
• Efficient?
• Proportional?
• Confident and reliable in the sense that it gives
accurate results and not false alarms?
10
Questions?
11
Thanks!
Contact:
[email protected]
+46 8 16 11 90
12