The terrifying expansion of Sweden’s state surveillance

For the last couple of years the Swedish parliament has been expanding the surveillance capabilities of law enforcement. After the European Court of Justice struck down Sweden’s data retention law, the national parliament passed a replacement that did nothing to address any of the issues criticized in the first law. If telecom providers were to challenge it, which no one has shown any willingness to do, it would most likely be struck down again.

Next, the Swedish parliament passed a hugely problematic law that gave the police and security service the ability to hack into people’s phones to collect evidence or even in certain circumstances prevent “serious crimes”. It also gave the prosecutor discretion to approve these hacking warrants, which would only later be referred to a court for oversight. However, if the court finds that such a warrant was unlawful then the evidence, that was gathered under the prosecutor’s approval, cannot be used to make a case. Thus, the suspects’ privacy would be violated without a legitimate reason.

Now, the Swedish government has proposed changes to the so called “FRA-law” (National Defense Radio Establishment or henceforth shortened to FRA), a law that gave the Swedish intelligence service the authority to conduct surveillance on any cable traffic passing Swedish borders. After years of litigation by the non-profit “Center for justice”, the European Court of Human Rights in a judgement earlier this year, declared several objections to the law as presently written.

In the decision, the court said that the oversight of the bulk interception was not adequate and that the responsible oversight departments exists “to whitewash the FRA’s choice and that the oversight agencies treat the people whose rights may have been violated inhumanely”. The court stated that: “The complainant is treated as a subject, deprived of privacy rights, in the hands of the Kafkian all-mighty State, not as a person empowered with rights before and against the State.”

The court also said that the safeguards against privacy invasions when transferring data to a foreign country was severely lacking. “Since no oversight body is vested with powers to exercise actual control over whether or not foreign intelligence cooperation is being used to circumvent national law, and the recipient States protect the data with the same or similar safeguards as those under Swedish law, the FIIs monitoring of the FRA’s international cooperation activities, invoked by the Government, is irrelevant”.

Despite being forced to propose changes to the FRA law, these changes, like the data retention redo, does nothing to fix the issues pointed out by the courts. Arguably it makes the law worse by making it easier for FRA to share collected data with other nations and in some cases allow them to get direct access to data. It also expands the cases where bulk collection is legal. In the current law FRA are only allowed to collect data if it pertains to Swedish national security or “national interests”. The proposed changes adds a case where FRA would be allowed to collect data even if it doesn’t have any bearing on threats to Sweden or Swedish interests, if it is “necessary for intelligence collaboration with other countries and international organisations”.

Image credit: Niv Singer/ Unsplash

(Contribution by: EricSkoglund, EDRi observer Dataskydd.net)