Agency Name: | National Defence Radio Establishment |
Nativename: | Försvarets radioanstalt (FRA) |
Seal: | Försvarets radioanstalt vapen.svg |
Formed: | 1 July 1942 |
Jurisdiction: | Government of Sweden |
Headquarters: | Rörbyvägen, Lovön, Ekerö Municipality, Stockholm County |
Coordinates: | 59.3321°N 17.8539°W |
Employees: | approx. 700 (2009) |
Budget: | SEK 860,262,000 (2014) |
Minister1 Pfo: | |
Chief1 Position: | [1] |
Parent Agency: | Ministry of Defence |
Keydocument1: | Regleringsbrev (2014) |
Website: | www.fra.se |
The National Defence Radio Establishment (Swedish: Försvarets radioanstalt, FRA) is a Swedishgovernment agency organised under the Ministry of Defence. The two main tasks of FRA are signals intelligence (SIGINT), and support to government authorities and state-owned companies regarding computer security.
The FRA is not allowed to initialize any surveillance on their own, and operates purely on assignment from the Government, the Government Offices, the Armed Forces, the Swedish National Police Board and Swedish Security Service (SÄPO).[2] Decisions and oversight regarding information interception is provided by the Defence Intelligence Court and the Defence Intelligence Commission; additional oversight regarding protection of privacy is provided by the Swedish Data Protection Authority.
Signals Intelligence has existed in Sweden since 1905 when Swedish General Staff and Naval Staff respectively, had departments for signals intelligence and cryptanalysis. These departments succeeded, for instance, to decode the Russian Baltic Sea Fleet cipher. After World War I, this ability mostly ceased as politicians did not see its value and did not grant funding. The Swedish Navy still continued in a smaller scale and developed the competence further. One of the first major successes was in 1933 when the cipher of the Russian OGPU (predecessor to KGB) was solved.
In 1937, the Swedish Defence Staff was established and the Crypto Department, with its Crypto Detail IV, was responsible for cryptanalysis. In 1940, when Germany occupied Denmark and Norway, the German Wehrmacht requested to use the Swedish telephone network for its communication. This was accepted and Crypto Detail IV immediately started to intercept. The traffic was almost always encrypted by the German state-of-the-art cipher machine Geheimfernschreiber. This device was believed to produce indecipherable messages, with its 893,622,318,929,520,960 different crypto key settings. After two weeks of single hand work, the Swedish professor of mathematics Arne Beurling, decoded the cipher of the Geheimfernschreiber with only use of pencil and paper. This achievement was described by David Kahn, in his book The Codebreakers: "Quite possibly the finest feat of cryptanalysis performed during the Second World War was Arne Beurling's solution of the secret of the G-schreiber." During World War II, some 296,000 German messages were intercepted and in 1942 the Swedish Government took the decision to establish Försvarets Radioanstalt.
The first stationary collection site was located in the middle of Stockholm, but in 1940 it was moved to a number of villas in the suburban island of Lidingö. More sites were established in Sweden and in 1943, FRA moved its headquarters to Lovön, some 15 km from Stockholm. In the 1960s, even the location of the FRA headquarters was still highly secret.[3]
See main article: Operation Stella Polaris. In the final stage of the Continuation War, 1943–44, when the Soviet Union threatened to occupy Finland, Finnish intelligence requested to transfer about 200 specialists and advanced intelligence equipment to Sweden to establish an exile organisation. A transfer of a small contingent personnel and materials, Operation Stella Polaris, was carried out over a couple of nights in September 1944. Stella Polaris gave Sweden access to a wealth of qualified materials and signals intelligence officers, some of which were also employed. For Finland, it resulted in a domestic political affair and due to the Communist Party's strong influence in the government, several of the so-called "Soviet Hostiles" involved received prison sentences.[4]
See main article: Catalina affair.
On 13 June 1952, the Swedish Air Force aircraft Tp 79 Hugin (DC-3) disappeared during a signal intelligence reconnaissance mission east of the Swedish island of Gotland in the Baltic Sea. The Swedish government initially claimed that the flight was only a navigational exercise, but later admitted that the aeroplane had U.S. electronic surveillance equipment and five specialists from FRA on board. Three days later, a Swedish Air Force search-and-rescue plane of the type Tp 47 (Catalina) was shot down by a Soviet MiG-15 fighter, but the crew was rescued by a nearby West German freighter ship. The Soviet Union denied any involvement in the disappearance of the DC-3, despite the fact that a raft from the aeroplane was found during the search with shrapnel from MiG-15 ammunition. In 1956, the Soviet leader Nikita Khrushchev admitted to Swedish Prime Minister Tage Erlander that the Soviet Union was indeed responsible for shooting down the plane, but this was not made public, not even to the relatives of the crewmen. Russia officially acknowledged the shooting down in 1991. In 2003, the wreck of the shot-down DC-3 was found about 55 km east of Gotland. Several of the crewmen's remains were found in the fuselage and the damage to the plane showed that it really had been shot at by a Soviet MiG-15 fighter.
FRA's operational activity are organized into four departments: The Signals Intelligence Service (Swedish: Signalunderrättelsetjänsten), The Department for Internet Operations (Swedish: Avdelningen för cyberverksamhet), The Department for Internal Support Services (Swedish: Avdelningen för verksamhetsstöd) and The Department for Technical Development and Other Technical Assistance (Swedish: Avdelningen för teknisk utveckling och annat tekniskt stöd). In addition to this there is also a command staff and a number of specialist functions reporting directly to the Director-General.[5]
The following is a list of the Director-Generals: | Deputy Director-Generals: | |
|
|
The main headquarters is located on the island of Lovön in Stockholm County.[6] The government allocated a total of SEK 860 million for the FRA in the annual budget for the fiscal year of 2014; an increase in spending with 38 million compared to the previous year, due to "greater technical costs and changes abroad".[7] In 2009, the number of employees was "just below 700", according to the FRA.[8]
Interception of signals is done from fixed sites on Swedish territory, from the SIGINT ship operated by the Swedish Navy, to be replaced by HSwMS Artemis,[9] and from two Gulfstream IV aircraft operated by the Swedish Air Force.
TOP500 credited FRA with owning the world's fifth fastest supercomputer in their November 2007 list.[10] [11] According to the director-general's chief of staff, the computer is being used for "cryptography and information security."[12] By November 2013, the supercomputer had fallen off the list.[13] [14]
The FRA has a long history of intercepting radio signals, as the main intelligence agency producing and managing SIGINT in Sweden since 1942.[15] [16] However, up until 2009 the FRA was limited to wireless communications intelligence (COMINT), including wireless phone and Internet signals, something that was also left largely unregulated.[17] As an ever-increasing amount of communications have transferred from radio to cables, the question of enabling FRA to collect information from cable communication was addressed by Göran Persson's cabinet in a government appointed committee of inquiry led by General Owe Wiktorin in 2003, resulting in a report suggesting a change in legislation (SOU 2003:30). In July 2005, the Minister for Defence Leni Björklund published a memorandum (Ds 2005:30) with proposed legislation changes, later passed on to the Cabinet of Fredrik Reinfeldt and Minister for Defence, Mikael Odenberg.
Prior to the change in legislation, the main law regulating FRA was the defence intelligence act (SFS 2000:130); and the telecommunications act of 1993 (SFS 1993:597) required all companies operating a telecommunication network in Sweden to assist in government COMINT, under confidentiality. This act was replaced in 2003 by the electronic communications act (SFS 2003:389), as a result of changes in EU directives.[18]
The new bill (Prop. 2006/07:63), generally referred to the "FRA law" (Swedish: FRA-lagen), proposed changes in the defence intelligence act, the electronic communications act, the secrecy act of 1980 (SFS 1980:100), and the creation of an all new law regulating SIGINT. These changes would have allowed the FRA to monitor both wireless and cable bound signals passing the Swedish border without a court order, while also introducing several provisions designed to protect the privacy of individuals, according to the original proposal. The law's proponents argued for the need to give FRA new guidelines and a modernised legal framework, in order to regulate Internet surveillance and to combat threats to national security more effectively, such as terrorism and serious transnational crime; while opponents to the law claimed it enabled mass surveillance and violated privacy rights. The Riksdag passed the bill on 18 June 2008, after a heated debate amid public protests, and it went into effect on 1 January 2009.[19] [20] [21]
Criticised for being too far-reaching, in an attempt to address the privacy concerns raised during the parliamentary procedure,[22] the Government soon thereafter proposed an amendment to the law (Prop. 2008/09:201),[23] to strengthen protection of privacy by making court orders a requirement,[24] and imposing several limits on the intelligence-gathering.[25] [26] [27] The amendment passed the Riksdag on 14 October 2009 and went into effect on 1 December 2009 (SFS 2008:717).[28]
According to the law (SFS 2008:717), SIGINT is only permitted in order to assess:
The FRA is not allowed to initialize any surveillance on their own,[29] and only gets access to communication lines as decided by The Defence Intelligence Court.[30] Communications service providers are legally required, under confidentiality, to transfer cable communications crossing Swedish borders to specific "interaction points", where data may be accessed after a court order.[31] [32] [33] The number of companies affected by the legislation was estimated as "being limited (approximately ten)".[34] The law does not permit intelligence-gathering by interception of signals where both the sender and recipient is located in Sweden, only signals crossing the borders of Sweden.[35]
Initially, only the Government, the Government Offices and the Swedish Armed Forces could use FRA's SIGINT capabilities. But after criticism from Swedish Security Service (SÄPO),[36] a change was made allowing The Swedish National Police Board and SÄPO to make use of the FRA as well, under otherwise unchanged regulations. The bill (Prop. 2011/12:179) passed in the Riksdag on 28 November 2012 with the help of the Social Democratic Party, and went into force on 1 January 2013.[37] [38] [39]
Any personal data that may have been retained can not be stored for longer than 12 months, which is a year less than the maximum allowed by the Data Retention Directive.[40] In 2008, prior to the change in legislation, a news report from SVT, based on an account from an anonymous source, alleged the FRA had been storing personal information for much longer;[41] leading to a private citizen lodging a complaint with the police. Ultimately, a prosecutor did not launch a full-scale investigation, as it was deemed not illegal at the time.[42]
FRA is subject to regular reviews by several external government agencies.[43]
All SIGINT has to be authorized by the Defence Intelligence Court (Swedish: ), a special court based in Kista, independent of the FRA and appointed by the Government.[44] It is composed of a chairman, assisted by one or two vice-chairmen, and 2-6 special members of the court, holding office for four years. The quorum of the court is a chairman and two special members,[45] and each case is assessed and approved individually. A special ombudsman from the court is also tasked to monitor and argue for the privacy rights of individuals. The decisions of the court cannot be appealed, something that is motivated, in part, by information sensitivity and the fact that special knowledge and physical protection of infrastructure and documents is needed.[46] A government agency of legal experts reviewed the amendment (Prop. 2008/09:201) in 2009, and did not express any objection:
The court has been led by former district court chairman Lieutenant Colonel Runar Viksten since 2009.[47]
The Defence Intelligence Commission (Swedish: Statens inspektion för försvarsunderrättelseverksamheten, SIUN) is the management authority tasked to supervise the FRA, ensuring it follows court orders issued by the Defence Intelligence Court, and that all laws and regulations governing FRA is followed, including privacy laws.[48] SIUN obtains possession over all signals, and they are only made available to the FRA by permission of the court.[49] Furthermore, the commission is obliged to launch an investigation whenever someone suspects they are the target of unauthorized SIGINT.[50] The commission is not tasked or authorized to review decisions made by the court.[51]
The Swedish Data Protection Authority is a public authority, organized under the Ministry of Justice, tasked to protect the individual's privacy.[52] As such, it audits the FRA on how they process personal data. In December 2010, after a two-year-long audit, a special mission led by the board examining FRA concluded its operations are within bounds of applicable legislation.
See also: Global surveillance disclosure.
The legislation allows for the transfer of data to other states, if authorized by the Government, enabling exchanges of intelligence.[53] [54] In return, Sweden could receive information of importance to the national interest, something the Director-General of FRA Ingvar Åkesson and the Minister for Foreign Affairs Carl Bildt both stressed when the legislation was debated in 2008.[55] [56] [57] [58]
In 2013, documents provided to the media by Edward Snowden appeared to confirm Sweden had shared intelligence with foreign intelligence agencies, revealing Sweden had provided the NSA with a "unique collection on high-priority Russian targets such as leadership, internal politics, and energy."[59] [60] In response, Minister for Defence Karin Enström was quoted as saying that Sweden's intelligence exchange with other countries is "critical for our security" and that "intelligence operations occur within a framework with clear legislation, strict controls and under parliamentary oversight."[61] [62] Anni Bölenius, head of communications at the FRA, told Reuters: "We do in general have international cooperation with a number of countries, which is supported in Swedish legislation, but we do not comment on which ones we cooperate with".[63]
See also: Mass surveillance.
The FRA have been contested since the change in its legislation, mainly because of the public perception the change would enable mass surveillance.[64] The FRA categorically deny this allegation.[65] Anni Bölenius, head of communications at the FRA, believes the public perception of mass surveillance is incorrect, saying: "It is not as we can turn on the traffic ourselves. We have to show cause and seek authorization."
The Social Democratic Party expressed their opposition to the legislation changes initially, but have since changed their views.[66] In 2013, they provided support for an expansion of the law, to also include SÄPO and The Swedish National Police Board. This change comes after the amendment to the law, with the establishment of The Defence Intelligence Court and a narrowed scope, giving it more emphasis on defence intelligence. The court also hear each case on an individual basis, something Minister for Defence Sten Tolgfors have been quoted as saying, "should render the debate on mass surveillance invalid."
Similar government agencies in other countries: