FOR MEMBERS

Five things to know about Sweden’s new digital surveillance law

Five things to know about Sweden's new digital surveillance law
National police chief Anders Thornberg. Photo: Janerik Henriksson / TT
On April 1st, a new law comes into force giving Swedish police extra powers to access the devices and encrypted messages of people suspected of serious crimes. Here are five things to know about the law and what it means for Sweden.

What is the new law?

The new proposal would give the police, as well as bodies including security police Säpo, the Economic Crime Authority, and customs, the power to install software or take other measures allowing them to access information in suspects' devices.

Unlike current methods of communications interception, which only apply to sent messages, police would also be able to access files stored on the devices such as images and files.

Police would only be able to use these methods if the person in question was suspected of a crime with a minimum sentence of at least two years' jail time.

And in order to activate cameras or microphones in a suspects' computer or mobile phone, the person must be suspected of a crime with a four-year minimum sentence, the same requirement currently in place for bugging — using hidden microphones in a room or building.

Why do police say this law is necessary?

Encrypting messages have become easier in recent years.

Swedish police state that 90 percent of the digital communication they have tried to monitor has been encrypted and therefore not legible. Being able to read this communication is important for the police to gain insight into the activities of criminal organizations and ultimately prevent crime or bring those responsible for criminal activity to justice.

Where you used to need special software to encrypt messages, secret communication is now much more accessible. For example, so-called 'end-to-end encryption' is activated as standard with apps like WhatsApp and Signal.

“In order to reach the most serious criminals, you need to be able to keep an eye on their communication” national police chief Anders Thornberg told TT. “Otherwise you will always be blind or half-blind. As criminals turn to encrypted messaging, we need to be able to follow them.”

What are the advantages?

“Police in Malmö believe that there is not a single murder in Malmö about recent years which has not been preceded by encrypted communications between gang members,” Interior Minister Mikael Damberg said in October last year.

The new law makes it possible for police to access devices to view encrypted communication directly at the source, instead of tapping the messages while they are being sent. In this way police believe the law will help them to gain insight into communication within criminal organisations and prevent crimes.

Interior Minister Mikael Damberg. Photo: Ali Lorestani / TT

What are the disadvantages?

The biggest criticism of the new law is that the Swedish government may promote a vulnerable digital environment, because they would have an interest in using these vulnerabilities for surveillance.

The Digital Freedom and Rights Association (DFRI), a Swedish organisation that promotes human rights in the digital sphere, is strongly against this new law.

“If someone finds a new vulnerability, this person has a choice,” says Peter Michanek from DFRI. “Report it, or sell it. You can get a small reward if you report it, but you can get a lot of money. This gives the police the possibility to buy unknown vulnerabilities to hack into computers and smartphones. It is actually more profitable to not report them and sell them instead. “

There are examples of known vulnerabilities that have been exploited by criminals in the past.

“A few years ago there was a vulnerability that was actively exploited by some ransomware criminals,” says Peter. “A large computer virus outbreak called 'WannaCry' hit a lot of hospitals, companies and even private persons. The cost of that attack is in the millions, billions maybe. Later it was revealed that the vulnerability that the attackers used was a vulnerability that was previously known and used by the American intelligence authority NSA. They had opted not to report this vulnerability. If they had done that attack could have been avoided.”

The DFRI states that the law therefore increases the risk of crime instead of decreasing it.

What does this law mean for Sweden's image as a mecca for internet freedom and online privacy?

This law cannot be considered as mass surveillance, since it will be used in a targeted manner only when someone is suspected of a serious crime. Police have estimated that they will need to use the law about 50 to 100 times a year.

Sweden is consistently rated as one of the countries with the highest levels of internet freedom and online privacy. Now that stricter laws are being introduced in which online privacy is not a central element, that could change.

Peter Michanek from DFRI also sees that there is a shift in policy towards a less free internet.

“This new law is not the only example of that”, he says. “We also have a data retention law that has been effected for a few years. That law has actually been struck down by the Court of Justice of the European Union (CJEU) as a violation of human rights. In my view human rights are being violated in Sweden by these new laws.

“If the police could show that these new laws and measures were very effective, you might say that it was worth it. A small intrusion in our privacy might be tolerated if that means we can catch a lot of criminals. But so far, the police have not been able to show this. The invasion of privacy is great, while the increase in efficiency for law enforcement agencies is so small. It's disproportionate.”


Member comments

Become a Member to leave a comment.Or login here.