Sweden has passed a new secret surveillance law which allows law enforcement to secretly install spyware as well as malicious hardware on or in any and all electronic devices on the mere suspicion that someone could be doing something criminal. Warrants are not required to install spyware on computers, smartphones and other "smart" devices like routers, HiFi receivers, refrigerators and smart home assistants. The law goes into effect on April 1st.

written by 林慧 (Wai Lin). published 2020-02-21 - last edited 2020-03-23



Sweden is now, for all practical purposes, a large prison.

Sweden passed a new secret surveillance law with little opposition on February 20th, 2020. The law allows anyone from law enforcement to secretly install hardware bugs or spyware on electronic devices on the mere suspicion that a "suspect" who is believed to be near the device on a regular basis is involved with some kind of criminal activity which could lead to more than two years in prison.

The Swedish police do not need a warrant to break into people's homes and confiscate some items, which are listed as "evidence", and steal other items, which are never mentioned in writing. Warrants are not a thing in Sweden which is why the new law will not require law enforcement to obtain warrants or ask anyone before they install spyware on a victims electronic device.

Only one of the parties in the the Swedish Riksdagm, "V", voted against the new secret surveillance law.



Only one party voted against the new draconian big brother on steroids surveillance law. Source: riksdagen.se.

A 285 pages long "Lagrådsremiss" for the new law (Hemlig-dataavlasning.pdf) makes it clear that law enforcement can install spyware on any device in any place believe a "suspect" may visit once the new law goes into effect.

There are few concrete details explaining how representatives from the soon grossly human-rights violating Swedish regime plan to remotely and secretly install spyware on computers, cellphones and other electronic devices. Page 56 of the Swedish "Lagrådsremiss" (Hemlig-dataavlasning.pdf) mentions that the law enforcement should "identify vulnerabilities in the target's computer systems" and use both "technical" and "human" vulnerabilities. The document explains that "Exploiting vulnerabilities in computer systems can be used to access private information". "Exploits" are explained as "logging into someone else's e-mail account using this person's login credentials" (that's not an exploit) or "downloading malicious code". The document goes on to mention that "special" hardware could be used to gather data and "log keystrokes".

Those who are in more democratic countries who assume that this law will only affect actual criminals should consider that less democratic countries like Sweden and North Korea have very draconian "hate speech" laws forbidding statements that could be considered to be critical of the ruling regime and its policies. Thought-crimes ("hatbrott") are, in Sweden, classed as crimes which are "serious" enough to allow secret surveillance using software or hardware back-doors when the new secret data surveillance law goes into effect on April 1st, 2020. Page 60 of the "Lagrådsremiss" mentions the rise of "IT-related crimes" on "social media" as one of the motivations for the new law. Organized crime and "terrorism" are mentioned after "social media" related "crimes". Title 22 of the US Code, Section 2656f(d), defines "terrorism" as

"The term "terrorism" means premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents." Title 22 of the US Code, Section 2656f(d)

The Swedish police, who regularly use of violence against ordinary citizens who criticize government policies on social media platforms, appears to be an organization which fits the American definition of a terrorist organization.

Sweden has, in effect, ended the illusion of being a democratic country and turned any and all electronic devices into potential government surveillance devices. Learning from how quickly and quietly it happened in Sweden may be wise if there is a even a slim chance of preserving basic human rights in the country you are in.

Linux users should be careful not to download .ISO images from Sweden and always verify that a distribution images match the signature the ISO image is supposed to have. It is also vital to not install .deb or .rpm packages from mirrors in countries known to distribute malware. Be very careful if your package manager prompts you to accept new gpg keys. And do use full disk encryption. It won't prevent someone from tampering with /boot but it does prevent someone from tampering with your root file system when you are not looking. A law allowing government-employed criminals to legally install malware and spyware as well as hardware devices is a game-changer when it comes to how one ought to think about security.