Why is it so quiet about police Trojans?

This week saw the end of the consultation period for the government report "Secret data reading - an important tool in the fight against serious crime". The report proposes that law enforcement authorities, such as police and customs, should be allowed to secretly install spyware on citizens' mobile phones and computers in order to better investigate and prevent crime. The proposal is motivated by the fact that digital developments are making it easier to encrypt digital communications, making it increasingly difficult for police and other authorities to intercept or monitor suspects.

The flip side of the proposal is that the digital investigative tools proposed are so powerful that they may pose privacy and security risks that far outweigh the benefits the investigators hope to achieve. Those concerned about strengthening our increasingly digital society should ask themselves the following questions:

Does the proposal on police Trojans violate privacy? The report proposes that a court order should be required to obtain the right to hack and install secret eavesdropping programs, and that a government board should exercise oversight. This may seem reassuring, but surely no court, delimitation or supervisory body can shake the fact that the proposal entails a previously unprecedented right for authorities to map and eavesdrop in detail?

Does the proposal pose a security threat? In order to get a secret interception program in place in, for example, a suspect's mobile phone, the mobile phone must be hacked. To do this, there must be a weakness, a bug, in the software of the device. The authority wishing to intercept must be aware of the weakness and, in order to exploit it, refrain from reporting it both to the developer of the mobile phone and to the authorities tasked with countering security threats in the digital environment. What risks does this pose? What happens if unauthorized persons come across the same information and exploit the weakness?

Last year, for example, hundreds of thousands of computers around the world, including in hospitals, ports and other critical functions, were taken hostage by the WannaCry ransomware. It took advantage of an NSA-engineered loophole in the Windows operating system. If the world's most resourceful intelligence agency is not able to keep such information to itself, why should Swedish authorities be able to do so?

Overall, it is difficult to accept the report's proposals. Despite the good ambition of facilitating the work of law enforcement authorities, measures are being introduced that could seriously change the conditions for our personal integrity and also entail extensive risks to society.

By adopting the committee's proposals, society will move towards an increasingly monitored existence. If the government wants to safeguard Swedish citizens' right to privacy and the long-term security of society, a rethink is needed. The issue is far too important to be decided in a little-noticed government inquiry without prior debate and open discussion.

Want to know more? Read our response to the consultation!