The head of Sweden's National IT Crime Unit says that following the introduction of IPRED anti-piracy legislation it has become more difficult to track down serious criminals. This unfortunate eventuality is a side-effect of ISPs throwing away logging data to protect the privacy of their customers. While this protects casual file-sharers, it unfortunately protects serious criminals too.

On April 1st 2009, Sweden introduced the controversial Intellectual Property Rights Enforcement Directive (IPRED). The law, which gives rights holders the authority to request the personal details of alleged copyright infringers, was met with stiff resistance from ISPs.

Jon Karlung, CEO of ISP Bahnhof and one of the most outspoken opponents of IPRED, quickly announced that he would take measures to protect the privacy of his customers.

Although IPRED should’ve made it easier to track down file-sharers, there is nothing in Sweden’s Electronic Communications Law that dictates that ISPs have to store information about the IP addresses they allocate to their customers. To that end, Bahnhof stopped storing user data. No matter how many requests they received from copyright holders, there would be no data to hand over.

Later Bahnhof was joined by Tele2, with CEO Niclas Palmstierna announcing that his company would also stop storing IP address information. Through an increasing number of ISPs, IPRED had effectively been neutralized.

While Swedish ISPs clearly felt they had little choice but to protect the privacy of their customers against civil action related to petty file-sharing, it seems that their response to IPRED has generated an unwanted side-effect.

Anders Ahlqvist, chief of the National IT crime unit says that due to a lack of customer logging data at ISPs, it is becoming harder for the police to track down criminals carrying out serious crimes.

“It is a major concern, for example, when minors are exploited for sexual purposes via the Internet but we can not trace the perpetrators because logging information is missing,” says Ahlqvist.

Taking IPRED out of the equation is not an option, though. It appears there will be a new push to introduce a data-retention directive which will close the loophole and force ISPs to store customer IP address data in future, an eventuality predicted by IFPI lawyer Peter Danowsky back in April 2009.