In the wake of Barack Obama’s visit to my native Sweden this week, the news broke that Swedish defense signal intelligence agency FRA collaborate with the NSA (and supposedly as a part of PRISM) to monitor traffic in the Baltic Sea underwater cables – code-name “Sardine” (of course it would have a code-name, these are secret agents after all). No wonder Sweden’s PM Reinfeldt was so hesitant to bring up PRISM during the visit (instead Danish PM Helle Thorning-Schmidt raised the issue over dinner, where the Nordic heads of state took part). FRA’s internet surveillance was controversial when it was first introduced in Sweden in 2008 and as a result put on a short leash: court approval is required for all monitoring. This is in stark contrast to PRISM, which according to the media reports seems to have had a much larger scope – to the extent that Obama suggested tighter rules may be necessary at the press conference in Stockholm. The question remains, though: the wars of tomorrow will be online to a large extent and defense agencies need to adjust. But no state would ever give the military carte blanche license to achieve its objectives, rather its responsibility and chain-of-command is strictly regulated and always under democratic control (the opposite is a military state, with the current situation in Egypt being a nightmare example). The same should apply to cyber-defense: transparent rules with strong limitations. That actually sounds like a good recipe for most things relating to the online society. The take-away from other areas is crystal clear: just because tech makes something possible does not mean it should be done.