Sweden may extend data retention, splat NAT and register VPNs

Local ISP claims it's seen ABBA-solutely horrific consultation documents

Sweden may be about to adopt increased surveillance of the internet, with new proposals about data retention and network rules leaked to local ISP Bahnhof.

The proposals are contained in submissions to a parliamentary inquiry into Sweden's data retention regime, which came into force in 2010.

The company says it's been passed the documents by an anonymous source, and that they explain Sweden's government wants to extend the holding period under existing data retention legislation. Today, providers have to retain users' IP address information for six months, but a submission to the inquiry asks that be raised to 10 months.

There's also talk of demanding providers rework their networks to reduce sharing of IP addresses between users, Bahnhof claims (translated from the Swedish by Google).

Bahnhof CEO Jon Karlung complains that the law enforcement proposals would need hundreds of millions of Kronor in capex and would impose tens of millions in annual opex.

That's put the whole industry into “rebellion”, Karlung writes, because it looks like Sweden is imitating China, “where the state requires the network to be tailor-made for monitoring, not for the internet to work as well as possible”.

A legislator has also attacked VPN services in the inquiry, Karlung claims, with a demand that ISPs log the first activation of each new anonymisation service.

Rick Falkvinge of Private Internet Access writes that Sweden is ignoring a 2014 European Court of Justice ruling against data retention, instead “doubling down on the forbidden concept of surveillance of people who are not currently any suspicion”.

Sweden's government has already blotted its infosec record when it leaked its entire motor-vehicle registration database in July 2017. ®


Biting the hand that feeds IT © 1998–2017