Sweden's parliament has approved amendments limiting the scope of a controversial new law that allows all emails and telephone calls to be
monitored in the name of national security.
The amendments were supported by 158 members of parliament following a heated debate in the chamber, and rejected by 153 deputies. One MP abstained.
The original legislation was adopted by a thin majority in June 2008. But an outcry erupted afterwards when it emerged that many of the MPs did not know the details of the law and critics within the four-party government claimed they were
pressured to tow their party lines and support it.
As a result, Prime Minister Fredrik Reinfeldt's centre-right government agreed to make changes. The law, which went into effect in January 2009, gives the National Defence Radio Establishment (FRA), a civilian agency despite its name, the right to
tap all cross-border Internet and telephone communication.
Among other things, the amendment specifies that only the government and the military can ask FRA to carry out surveillance, that a special court must grant an authorisation for each case of monitoring, and that all raw material must be destroyed
after one year.
It also limits eavesdropping to cases defined as external military threats, peacemaking or humanitarian efforts abroad, international terrorism, and development and proliferation of weapons of mass destruction, among others.
It also bars FRA from monitoring emails where both the senders and recipients are in Sweden, after critics pointed out that even emails sent between two people in Sweden can cross the border to be transmitted by servers located abroad.
Those who have been monitored must also be informed.
Despite the changes, the law remains controversial in Sweden, and the left-wing opposition said it would tear up the legislation if it came to power in next year's general election.
The Swedish government has put off implementing the EU Data Retention Directive, risking a fine from the European Court of Justice.
The Data Retention Directive requires requires ISPs and other providers of publicly available electronic communications services to keep user data, including IP address and details of the time, sender and recipient of email communications, for at least
24 months. This information must be made available to the national authorities on receipt of a court order.
The Left Party and the Greens have managed to postpone its implementation using a constitutional provision whereby a vote of one sixth of MPs can postpone a decision for a year. The parties believe that the Directive violates basic freedoms, and are
calling for the Swedish government renegotiate the Directive at the EU level.
Swedish parliament proposals for an extension to mass internet snooping have been leaked local ISP Bahnhof.
Sweden's government wants to extend the holding period under existing data retention legislation. Today, providers have to retain users' IP address information for six months, but a submission to the inquiry asks that be raised to 10 months.
The use of VPNs is also under fire with a demand that ISPs log the first activation of each new anonymisation service.
There's also talk of demanding providers rework their networks to reduce sharing of IP addresses between users.
Bahnhof CEO Jon Karlung writes that it looks like Sweden is imitating China, where the state requires the network to be tailor-made for monitoring, not for the internet to work as well as possible.
Rick Falkvinge of Private Internet Access writes that Sweden is ignoring a 2014 European Court of Justice ruling against data retention , instead doubling down on the forbidden concept of surveillance of people who are not currently any suspicion.