In Sweden the government is rapidly advancing an agenda for more online surveillance. Two public investigations have been launched to look into new rules for search warrants and the introduction of new secret means of surveillance, namely remote equipment and software interference.
Both the search warrant investigation and the the use of “trojans” for investigation have big implications for Swedish individuals. Regardless of whether law enforcement tampers with an electronic system over a network, or while they are in its physical proximity, the end result is that law enforcement gets an operational incentive to be less diligent about fixing security issues that can cause big problems for individuals.
To the credit of the government, both investigations seem to have been given a free hand to determine the suitability of new legislation in the area. In an attempt to bring more balance into the discussion, Swedish EDRi member DFRI has informed the government of civil rights aspects of the issues at stake. If legal liability for electronic transactions will be transferred, as planned, to consumers, public authorities should obviously not also have operational incentives to increase or preserve security weaknesses in consumer equipement.
Because of EU legislation passed in 2014 on electronic identification and signatures, the risk and burden of proof for electronic systems functioning as intended rests on consumers. DFRI has proposed that the Swedish government uses the flexibilities established under article 169(4) of the Treaty of the Functioning of the European Union to increase consumer protection at a national level to remedy this situation, if they choose to move ahead with these plans.
The investigations are also at odds with the Anti-Terrorism Strategy adopted by the ruling coalition of the Swedish government in August 2015, where the government specifically said they were not going to consider new secret means of surveillance.
Additional problems with the search warrant investigation include the task of evaluating the suitability of allowing the government to seize more data from more individuals (such as relatives or friends) whenever they conduct a search, especially an electronic search. To counter this, DFRI has appealed to the understanding of personality rights in digital environments codified by the German constitutional courts in its recent ruling on electronic surveillance in April 2016. The investigation may also lead to problems for end-to-end-encryption, if law enforcement agencies are given a general right to request the decryption of individual files stored in clouds or on harddrives. The mission of the investigation seems, however, to be to circumvent a ruling by the Swedish Supreme Court in August 2015, which stated that a newspaper is not obliged to hand over unpixelated image files depicting alleged suspects, even if they have published such images in a pixelated form as part of their reporting.
DFRI submits a written communication to the inquiry concerning the search and seizure rules (only in Swedish, 26.05.2016)
Modern rules for the search and seizure warrants (only in Swedish, 22.03.2016)
Secret data readings (only in Swedish, 12.05.2016)
Prevent and hinder – the Swedish strategy against terrorism (only in Swedish, 28.08.2015)
Sweden’s new counter-terrorism strategy (only in Swedish, 28.08.2015)
(Contribution by EDRi member DFRI, Sweden)