Sweden cooperated with the United States in operations to hack into computers and carry out internet surveillance on Swedes, according to documents leaked by NSA-whistleblower Edward Snowden.
The documents, reviewed by Svergies Television (SVT) investigative news programme Uppdrag Granskning, show that Sweden's signals intelligence agency, the National Defence Radio Establishment (Svenska Försvarets radioanstalt - FRA) worked with the US National Security Agency (NSA) in its efforts to gain unauthorized access to computers.
An internal NSA memo from a planned meeting between Swedish and US spy chiefs in April 2013 explains that the Swedes wanted to be updated on operation "Winterlight (Quantum Project)".
While it's unclear to what Winterlight refers, Quantum is known as a powerful system for hacking into computers.Computers are hijacked, information is collected, and then sent on for analysis. The leaked documents from Snowden testify that the programme has been used against Belgian telecoms operator Belgacom, which has EU institutions as customers. The breach is under investigation by police.
The NSA memo explains that the US spy agency cooperates with FRA and their UK counterpart GCHQ in the hacker attacks. The Swedish intelligence agency fired "100 shots, of which five successful have been redirected to GCHQ's servers".While the British agency is planning to pull out of the programme over concerns it may violate UK law, officials at the NSA seem unconcerned.
"The fact is that NSA's goal the entire time has been to transfer this work to a bilateral agreement with the Swedish partners," the document reads.
BACKGROUND: Sweden sits on pipeline of 'intelligence gold'
The hacking is controversial in Sweden. In 2010, then FRA-head Ingvar Åkesson assured the Riksdag defence committee that FRA was not involved in hacking and that doing so would be illegal.
"We have authorization from the Defence Intelligence Court (Försvarsunderrättelsedomstolen) for the data collection we carry out," current FRA spokesman Fredrik Wallin told SVT in response to the new revelations.
FRA also has access to the NSA's most powerful surveillance system, the wide-ranging Xkeyscore, the leaked documents show. It has been described as a "Google for spies" and the NSA claims it reaches "nearly everything a regular internet user does" in real time and a short time back, including email, Facebook entries, chats, web surfing history, and more.
"With this tool, I can get at anyone in the world if I just have the person's email address," Snowden said in a previous interview.
FRA's statutes say that the agency can only spy on foreign targets, but Xkeyscore also reaches Swedes. A leaked manual from the NSA describes how it happens: "In this example, I'm looking for anyone in Sweden that visited a certain extremist forum on the web."
Hacking can be compared with how one "during analogue times" gained access to communication systems and cracked codes, Lund University intelligence analysis professor Wilhelm Agrell explained.
But the law has lagged behind.
"Sweden only gets to share some of the intelligence that we've collected for our national needs and should keep a close eye on the information that's handed over to foreign powers. But joint operations aren't covered by the law. The closer the relationship, the harder it is to stay within the limits of the law," Agrell told the TT news agency.
"This doesn't leave the legal and political oversight of the Swedish intelligence system with very high marks."
BACKGROUND: Sweden passes divisive wiretapping law
FRA cannot check information from a hacking operation that is funneled through British servers, Agrell believed.
"It's not about the information that's processed and reviewed before it goes on to a foreign power. It's clear that's not the case. That's where we get closer to a situation where it must be subject to judicial approval," he said.
Agrell also wondered if FRA, through Xkeyscore, could get around the law and receive intelligence about conditions in Sweden from foreign partners.
"When you carry out intelligence work together in an integrated system, the FRA law appears to be a rather thin and flimsy support to lean on to secure the rights of citizens," he added.