Sweden passed a new law which the Swedish government to plant hardware and software bugs in electronic devices this week. The law goes into effect on April 1st, 2020.
The new law allows government employees to use remote exploits to place malware in computers, phones and smart devices like smart refrigerators, stereos and everything else for that matter. It does, in effect, turn all electronic devices into potential government surveillance devices.
There was very little public discussion before the new law was passed.
The Swedish government publishes documents called a "Lagrådsremiss" when new laws are considered. The government document explaining the new law is 285 pages long. You can read
hemlig-dataavlasning.pdf for details if you can read Swedish.
The more important and distribution points one should understand is:
- Government agents can now legally plant hardware bugs in electronic hardware. This includes intercepting hardware you ordered on-line while it is on-route to you.
- Using back-doors, automatic updates and other means to install spyware on specific devices is now allowed.
- The document mentions that early access to software vulnerabilities can be bought from third parties.
- No warrant is required to install hardware and/or software bugs and do secret surveillance of citizens.
- There is one requirement for doing secret surveillance: A police offers needs to suspect that a crime which would could results in of 2 years of prison is being committed. That is a rather low requirement. Actually serious crimes can give you 5 or 10 years in prison. Most of the crimes which can result in a maximum sentence of 2 years are minor offences.
Keep in mind that online "hate speech" is a supposed crime with a maximum sentence of 2 years in Sweden. The new law does, in effect, mean that a blog post which is critical of the Swedish regime is enough. The new law is a disaster from a human right perspective and it is, in effect, the end of any pretense that Sweden is a democracy.