Sweden doubles down on data retention surveillance, includes VPN surveillance in new leaked proposal

The Swedish government is doubling down on the court-banned and hated data retention surveillance. As a Western first, they’re also planning to introduce VPN surveillance, taking a page out of Russia’s and China’s oppression playbooks, and are mandating that the Internet be built not to optimize speed and throughput, but to optimize governmental surveillance. This is according to a leaked law proposal, which has been obtained by the Swedish internet provider Bahnhof.

Sweden was one of the latecomers to the sparse group of European states who did data retention, mandating it at the state level when it had practically already been banned by the European Courts, incredulously with the mantra “we’re forced to do this mass surveillance by the European Union”. The Swedish government introduced the hated, ineffective, and expensive practice as late as 2010, several years after the German Constitutional Court had declared it fundamentally incompatible with human rights at the conceptual level, but before the European Court of Justice had reiterated the German verdict.

Data Retention is the practice of putting everybody under criminal surveillance before they’re suspects of any crime, on the odd chance that they should become suspects of a crime at a later time, and therefore revokes all privacy rights wholesale from an innocent populace. The European courts recognized this for what it was, wholesale abolition of privacy, and basically says “this practice is so illegal it’s not enough to say that it’s cancelled as of now; we rule it to be so illegal that it has retroactively never been in force”. The European Court of Justice – the European Supreme Court – was ridiculously clear on this point, that it was the very concept of pre-emptive mass surveillance that was the problem: “The member states may not impose a general obligation to retain data on providers on communications services”.

Despite this super-clear wording, a Swedish legislative committee was appointed to see how the previous Swedish law could be changed to be “in line with the Court’s directives” while continuing to impose exactly such an obligation. That committee has either chosen to completely ignore or not understand a thing the European Court of Justice has ruled, and is instead doubling down on the forbidden concept of surveillance of people who are not currently under any suspicion. However, there is some contention within the committee about this, which is why there is a leak of the Swedish government’s plans to drastically widen the forbidden practice.

According to the leak in Swedish (Google Translate), the government isn’t just planning an increase in the retention period from 6 to 10 months (during which all your telecommunications records and physical movements are being stored with the explicit purpose of using them against you), but is also making a Western first in demanding that VPN activation is logged. It is quite unclear what the legislators mean by requiring the logging of “activation” of a VPN connection. Furthermore, the leaked proposal is making a first in requiring the technical topology of the Internet to be optimized for surveillance, instead of for technical function.

“The entire [Swedish] Internet industry is in mutiny”, says Jon Karlung, CEO of Bahnhof, in a statement. “Sweden is copying China, where the government demands that the net is tailored for maximum surveillance, instead of for maximum function. It’s a big monetary cost, but the worst part is that our technicians must spend their time doing the wrong things. We want to put all our focus into continuously improving the speed of the network.”

Privacy remains your own responsibility.