Equipment interference - Telia company's view on new legislation in Sweden
New Swedish legislation on lawful hacking or equipment interference (Swedish: ‘Hemlig Dataavläsning’) was proposed in November 2017 in order to fight terrorism and other serious crimes.
New legislation, separation of powers
Lawful hacking is a method where equipment is secretly installed in a PC, mobile phone, e-mail account, cloud service etc. in order to obtain information real time. The method is intended to complement lawful interception and bugging as a tool for the police and secret police in serious crime investigations (crimes which give a minimum of two years in prison, sometimes a minimum of four years) and in intelligence activities to prevent such serious crimes.
According to the proposed new law, lawful hacking or equipment interference will only happen based on a court decision.
If the police sees that it needs the assistance of a telecom operator to execute the decision then the operator, according to the proposal, may give such assistance, but is not obliged to.
The full text of the legislative proposal is available, in Swedish, here. The law is proposed to be enacted January 1st 2019 and apply until the end of 2023. The proposal is presently out for public consultation until March 6th 2018.
"Clear and transparent"
Telia Company engages in dialogue regarding regulations that affect our business and customers of companies in which we have ownership interests. Telia Company, as further defined in our Group Policy, advocates clear and transparent legal provisions on proportionality and necessity for all government legislation, and its implementation, in the context of surveillance and control over communications.
Minimum requirements, our views
Telia Company notes that hacking and equipment interference is a very far-reaching action. Telia Company welcomes that any use of the tool will need to be based on a court decision. It will also be important that both the legislator and, subsequently, the courts thoroughly and fully take the principles of necessity and proportionality, and the rule of law, into account.
The Swedish Government is using best practice transparency by publishing yearly reports with statistics on law enforcement requests. Telia Company urges the Government to add information about this tool, if and when implemented, to its transparency reports.
From a rule of law perspective the proposal to leave it up to each operator at each specific occasion to decide if or not to assist in the law enforcement, is problematic. Law enforcement decisions and deliberations should not be transferred to private entities. It is not the role of operators, which are therefore not equipped, to balance between law enforcement needs and the privacy of users. Not in general, not as to any specific case.
Finally, Government hacking operations should not compel private entities to engage in activities that imparts their own products and services with the intention of undermining digital security. Should Telia Company identify a security problem in its systems and networks, our role is to fix that problem forcefully and as soon as possible. There should not be a quest to keep the system vulnerable for, any, hacking.
Telia Company will continue to promote these views, also when interacting with the Government of Sweden in relation to this new legislation.