In 2008, the Swedish parliament passed legislation giving intelligence officials at the National Defence Radio Establishment (FRA) the right to view all telecommunications that pass its borders – even if the final recipient does not live in Sweden.
Practically all of Finland’s foreign telecommunications travel through Sweden. That means most international phone calls and emails sent abroad are now subject to prying eyes and ears.
The controversial legislation sparked outrage across Sweden, as well as concern in Finland, when it was passed. However lawmakers insisted they were acting in the interest of national security.
What are Swedish authorities homing in on? For security reasons, FRA says it can’t divulge its methods.
“Exactly what we are looking at is strictly confidential. But I can tell you that purely private communications without any relevance to the issues which we are to follow are not being monitored,” says Anni Bölenius, a spokesperson at FRA.
The agency adds that it can only monitor certain international issues related to national security or defence.
“Of the traffic that we do have access to, only a very small part is being analysed by FRA. Most of it is thrown away as it does not match our criteria,” she says.
Meanwhile domestic traffic sent within Sweden is exempt from monitoring under Swedish law.
The Price of Privacy
In Finland, the law guarantees the confidentiality of electronic communications. However Finland has no jurisdiction once messages cross its own borders.
“Privacy protection is very important in Finland. But there are different laws in different countries, and we cannot say what they can or cannot do,” says Mari Herranen, a ministerial adviser in the communications networks unit at Finland’s Ministry of Transport and Communications.
Although Finland says it’s committed to safeguarding citizens’ privacy, many of the country’s servers are actually located across the gulf in Sweden.
Erka Koivunen, who heads the Finnish National Computer Emergency Response Team CERT-FI, says server networks were built in Sweden out of convenience.
“Historically, I guess that was the easier and most economical way to build communications networks. Only recently have there been discussions on whether we should have alternative routes,” he says.
Koivunen says if Finland wants alternative networks, it has to be willing to pay. But he adds preventing someone from gathering this type of intelligence is no reason to dish out an exorbitant amount of cash.
Nevertheless government is developing an information security plan, the National Information Security Strategy, to try to ensure safety and privacy in the information world. One of its goals is to turn Finland into a global information security leader by the year 2015.
Some action has already been taken to protect citizens’ privacy. For example, domestic email traffic from Nordic telecommunications operator TeliaSonera used to travel to Sweden before looping back to Finland. The company has since moved its servers from Sweden to Finland to help ensure customers’ privacy.
“We are very pleased that this happened. Their internal traffic is not going to Sweden anymore,” says Herranen.
Confidentiality Hard to Come by
Experts warn that Finnish customers may have a false sense of security when using a seemingly domestic service that actually crosses Finland’s borders. Although telecommunications companies are legally obligated to clarify their service terms to customers, Finnish residents can do more to ensure their privacy.
For example, officials recommend that email users encrypt their messages. The Finnish Communications Regulatory Authority offers some instructions in English on how to do so.
“But that is easier said than done. It is not that common place for people to have sophisticated enough software,” says Koivunen.
He adds that everyday users should follow the lead of governments and businesses which avoid public networks or limit sending sensitive material.
“Everyone should be aware that when using public networks, there might be people, authorities or criminals who could get access to information that is sent over the wire.”