Legal framework[edit]Change in legislation[edit]The FRA has a long history o

1. Legal framework[edit]
2. Change in legislation[edit]
3. The FRA has a long history of intercepting radio signals, as the main intelligence agency producing and managing SIGINT in Sweden since 1942.[19][20] However, up until 2009 the FRA was limited to wireless communications intelligence (COMINT), including wireless phone and Internet signals, something that was also left largely unregulated.[21] As an ever-increasing amount of communications have transferred from radio to cables, the question of enabling FRA to collect information from cable communication was addressed by Göran Persson's cabinet in a government appointed committee of inquiry led by General Owe Wiktorin in 2003, resulting in a report suggesting a change in legislation (SOU 2003:30). In July 2005, the Minister for Defence Leni Björklund published a memorandum (Ds 2005:30) with proposed legislation changes, later passed on to the Cabinet of Fredrik Reinfeldt and Minister for Defence, Mikael Odenberg.[22]
4.  
5. Prior to the change in legislation, the main law regulating FRA was the defence intelligence act (SFS 2000:130); and the telecommunications act of 1993 (SFS 1993:597) required all companies operating a telecommunication network in Sweden to assist in government COMINT, under confidentiality. This act was replaced in 2003 by the electronic communications act (SFS 2003:389), as a result of changes in EU directives.[23]
6.  
7. The new bill (Prop. 2006/07:63), informally known as the "FRA law" (Swedish: FRA lagen), proposed changes in the defence intelligence act, the electronic communications act, the secrecy act of 1980 (SFS 1980:100), and the creation of an all new law regulating SIGINT.[23] These changes would have allowed the FRA to monitor both wireless and cable bound signals passing the Swedish border without a court order,[24] while also introducing several provisions designed to protect the privacy of individuals, according to the original proposal.[23] The law's proponents argued for the need to give FRA new guidelines and a modernized legal framework, in order to regulate Internet surveillance and to combat threats to national security more effectively, such as terrorism and serious transnational crime; while opponents to the law claimed it enabled mass surveillance and violated privacy rights.[25] The Riksdag passed the bill on June 18, 2008, after a heated debate amid public protests, and it went into effect January 1, 2009.[24][25][26]
8.  
9. Criticized for being too far-reaching, in an attempt to address the privacy concerns raised during the parliamentary procedure,[27] the Government soon thereafter proposed an amendment to the law (Prop. 2008/09:201),[28] to strengthen protection of privacy by making court orders a requirement,[29] and imposing several limits on the intelligence-gathering.[30][31][32] The amendment passed the Riksdag October 14, 2009, and went into effect December 1, 2009 (SFS 2008:717).[22]
10.  
11. Current legal framework[edit]
12. According to the law (SFS 2008:717), SIGINT is only permitted in order to assess:[29][31]
13.  
14. external military threats to the country,
15. conditions for Swedish participation in peace support operations and international humanitarian efforts or any threat to the security of national interests in the implementation of such efforts,
16. strategic matters regarding international terrorism or other serious transnational crime that could threaten important national interests,
17. development and proliferation of weapons of mass destruction, military equipment and items referred to in the law on the control of dual-use items and technical assistance,
18. serious external threats to the public infrastructure,
19. conflicts abroad with ramifications for international security,
20. foreign intelligence operations against national interests, or
21. a foreign powers actions or intentions of vital importance to Swedish foreign policy or security and defence policy.
22. The FRA is not allowed to initialize any surveillance on their own,[8] and only gets access to communication lines as decided by the The Defence Intelligence Court.[22][30][33] Communications service providers are legally required, under confidentiality, to transfer cable communications crossing Swedish borders to specific "interaction points", where data may be accessed after a court order.[34][35][36] The number of companies affected by the legislation was estimated as "being limited (approximately ten)".[37] The law does not permit intelligence-gathering by interception of signals where both the sender and recipient is located in Sweden, only signals crossing the borders of Sweden.[38]
23.  
24. Initially, only the Government, the Government Offices and the Swedish Armed Forces could use FRA's SIGINT capabilities.[8][22] But after criticism from Swedish Security Service (SÄPO),[39] a change was made allowing The Swedish National Police Board and SÄPO to make use of the FRA as well, under otherwise unchanged regulations. The bill (Prop. 2011/12:179) passed in the Riksdag November 28, 2012, with the help of the The Social Democratic Party, and went into force Januari 1, 2013.[40][41][42]
25.  
26. Data retention[edit]
27. Any personal data that may have been retained can not be stored for longer than 12 months, which is a year less than the maximum allowed by the Data Retention Directive.[43] In 2008, prior to the change in legislation, a news report from SVT, based on an account from an anonymous source, alleged the FRA had been storing personal information for much longer;[44] leading to a private citizen lodging a complaint with the police. Ultimately, a prosecutor did not launch a full-scale investigation, as it was deemed not illegal at the time.[45]
28.  
29. Oversight[edit]
30. FRA is subject to regular reviews by several external government agencies.[9]
31.  
32. The Defence Intelligence Court[edit]
33. All SIGINT has to be authorized by the The Defence Intelligence Court (Swedish: Försvarsunderrättelsedomstolen), a special court based in Kista, independent of the FRA and appointed by the Government.[46] It is composed of a chairman, assisted by one or two vice-chairmen, and 2-6 special members of the court, holding office for four years. The quorum of the court is a chairman and two special members,[47] and each case is assessed and approved individually.[22] A special ombudsman from the court is also tasked to monitor and argue for the privacy rights of individuals.[29] The decisions of the court cannot be appealed, something that is motivated, in part, by information sensitivity and the fact that special knowledge and physical protection of infrastructure and documents is needed.[48] A government agency of legal experts reviewed the amendment (Prop. 2008/09:201) in 2009, and did not did not express any objection:
34.  
35. The ban on appeal deviates from the perceived main rule in Swedish law, namely that a decision of a court may be appealed. In reality, however, a leave to appeal is mostly required nowadays for a case to be considered by a higher court, which is why the first court decision is also the final instance for most cases. [...] The marginal benefits to be gained with a right of appeal by the special ombudsman can equally well be achieved with high-quality court members and delegates. [The Council] considers the proposed appointment process a guarantee for high-quality members and delegates.
36.  
37. — The Council on Legislation, Opinion 2009-05-07[48]
38. The court has been led by former district court chairman Lieutenant Colonel Runar Viksten since 2009.[49]
39.  
40. The Defence Intelligence Commission[edit]
41. The Defence Intelligence Commission (Swedish: Statens inspektion för försvarsunderrättelseverksamheten, SIUN) is the management authority tasked to supervise the FRA, ensuring it follows court orders issued by the The Defence Intelligence Court, and that all laws and regulations governing FRA is followed, including privacy laws.[50] SIUN obtains possession over all signals, and they are only made available to the FRA by permission of the court.[51] Furthermore, the commission is obliged to launch an investigation whenever someone suspects they are the target of unauthorized SIGINT.[29][52] The commission is not tasked or authorized to review decisions made by the court.[53]
42.  
43. The Swedish Data Inspection Board[edit]
44. The Swedish Data Inspection Board is a public authority, organized under the Ministry of Justice, tasked to protect the individual's privacy.[54] As such, it audits the FRA on how they process personal data. In December 2010, after a two-year-long audit, a special mission led by the board examining FRA concluded its operations are within bounds of applicable legislation.[8][55][56]
45.  
46. International cooperation[edit]
47. See also: Global surveillance disclosure
48. The legislation allows for the transfer of data to other states, if authorized by the Government, enabling exchanges of intelligence.[57][58] In return, Sweden could receive information of importance to the national interest, something the Director-General of FRA Ingvar Åkesson and the Minister for Foreign Affairs Carl Bildt both stressed when the legislation was debated in 2008.[59][60][61][62]
49.  
50. In 2013, documents provided to the media by Edward Snowden appeared to confirm Sweden had shared intelligence with foreign intelligence agencies, revealing Sweden had provided the NSA with a "unique collection on high-priority Russian targets such as leadership, internal politics, and energy."[63][64] In response, Minister for Defence Karin Enström was quoted as saying that Sweden's intelligence exchange with other countries is "critical for our security" and that "intelligence operations occur within a framework with clear legislation, strict controls and under parliamentary oversight."[65][66] Anni Bölenius, head of communications at the FRA, told Reuters: "We do in general have international cooperation with a number of countries, which is supported in Swedish legislation, but we do not comment on which ones we cooperate with".[67]
51.  
52. Mass surveillance[edit]
53. See also: Current legal framework and Mass surveillance
54. The FRA have been contested since the change in its legislation, mainly because of the public perception the change would enable mass surveillance.[68] The FRA categorically deny this allegation.[22][69] Anni Bölenius, head of communications at the FRA, believes the public perception of mass surveillance is incorrect, saying: "It is not as we can turn on the traffic ourselves. We have to show cause and seek authorization."[22]
55.  
56. The The Social Democratic Party expressed their opposition to the legislation changes initially, but have since changed their views.[70] In 2013, they provided support for an expansion of the law, to also include SÄPO and The Swedish National Police Board.[42] This change comes after the amendment to the law, with the establishment of The Defence Intelligence Court and a narrowed scope, giving it more emphasis on defense intelligence.[22] The court also hear each case on an individual basis, something Minister for Defence Sten Tolgfors have been quoted as saying, "should render the debate on mass surveillance invalid."[30]
57.  
58. Reports and reviews[edit]
59. Since 2008, a number of organizations have lodged complaints with the European Court of Human Rights (ECtHR), asserting the legislation is in breach of Article 8 of the ECHR, but the court has not exercised its jurisdiction on the matter. Most cases brought to the ECtHR are simply discarded, without further action.[71][72][73]
60. In 2009, The Council on Legislation expressed its opinion on the amendment (Prop. 2008/09:201), saying it results in "significant changes", "strengthening protection of privacy, as protected by the constitution and conventions", because "SIGINT may only take place with expressly stated purposes in accordance with the law, which does not include general criminal investigation or prevention."[74]
61. In 2010, a report issued after a two year long review by the The Swedish Data Inspection Board said, "they hadn't made any observations indicating FRA process personal data in order to map general Internet usage."[8][55][56]
62. In 2014, as a result of the NSA leaks, LIBE passed a motion for a European parliament non-binding resolution, calling on Sweden to ensure its legislative frameworks were in line with the standards of ECHR and EU data protection legislation.[75][76]