IT&Telecom companies' views on the new, revised FRA law

Data storage Digital infrastructure

In October, Parliament voted through the updated FRA Act. The Act will come into force for telecom operators on December 1, 2009 and the changes are mainly aimed at increasing the protection of personal integrity and regulating the purposes for which signals intelligence may be conducted. In the debate that prompted the changes, a number of operators, together with IT&Telekomföretagen, have expressed concern that Sweden's reputation as an open and growth-oriented IT nation is deteriorating and that the international competitiveness of the Swedish IT industry is also at risk of being weakened

Background information

On October 14, 2009, the Parliament voted through the updated FRA Act. The changes compared to the original, heavily criticized bill, which the Riksdag approved and referred back for supplementation in June 2008, are mainly aimed at increasing the protection of personal privacy and regulating the purposes for which signals intelligence may be conducted. The additions mean, among other things, that the FRA must apply for permission for its collection missions from a new Defense Intelligence Court and that the authority has an obligation to destroy material that is not relevant to the mission. The amendments also include regulations concerning reporting to clients.

The new updated law will enter into force on December 1, 2009. At the same time, the previously decided obligations for network owners and operators will enter into force. The obligations mean that operators must notify so-called collaboration points where the authorities can obtain signals for their missions. (The Swedish National Inspectorate for Defence Intelligence has to ensure that the FRA only has access to the traffic that the FRA has been authorized by the Swedish Defence Intelligence Agency to spy on.) The FRA bears the costs of establishing its part of the collaboration points, while the operators must provide such information that makes it easier for the FRA to handle the signals. Operators are also obliged to handle this in a way that does not disclose their activities.

Impact on the industry

In the debate that prompted the changes to the FRA Act, a number of operators and IT&Telecom companies have expressed concern that Sweden's reputation as an open and growth-oriented IT nation is deteriorating and that the competitiveness of the Swedish IT industry internationally also risks being weakened. Some operators have, for example, announced that they will move servers from Sweden. Against this background, IT&Telekomföretagen considers it unfortunate that Sweden is not harmonizing to a greater extent with the rest of the EU in dealing with this issue. Concerns have also been expressed regarding the cost aspect of implementing the law. The direct installation costs of transferring traffic to the interconnection points are not likely to be negligible for operators. The implications of the obligation to make it easier for the FRA to handle the signals are not yet clear, nor are the financial effects. What is clear is that it will put an additional burden on the industry. IT&Telecom companies generally believe that government obligations should be financed by the state and not by a particular industry.

Another very important issue is trust in the industry. The handling is still untested in Sweden but can be perceived as an invasion of privacy - something that has also been expressed in the sometimes heated debate that prompted the changes to the law. This may provide an incentive for service providers to choose to purchase operator solutions from abroad instead. There is thus a significant risk that Sweden will lose business opportunities abroad with the introduction of the FRA Act, despite the revision.