Signal is a big deal in Sweden, with even the Armed Forces using the secure messaging app. However, the company might leave the country if a certain proposal to introduce a technical backdoor for the police becomes a reality.
Meredith Whittaker is probably used to this by now. As soon as one country or another introduces a proposal to force the communications providers to allow police or security services access to message content, she speaks out.
This time, the CEO of Signal, the encrypted messaging app, has singled out Sweden, where the government wants to force the company (and other messaging platforms) to store all messages sent by users – in other words, to do something Signal doesn’t do.
This would mean installing a technical backdoor for the police and Säpo, the security service, and, in practice, asking Signal to break the end-to-end encryption – which is, of course, the very point of the company’s entire business.
Säpo and the police, naturally, support the proposal and say they simply want to see the message history of criminal suspects.
Minister of Justice Gunnar Strömmer said recently: “The possibility for law enforcement authorities to effectively gain access to electronic communications is absolutely crucial.”
However, Whittaker told SVT, the Swedish public broadcaster, this week that “if this proposal becomes reality, we will leave Sweden. Asking us to store data would undermine our entire architecture, and we would never do that. We would rather leave the Swedish market completely.”
Experts agree and say that the proposal – which is to be discussed by the government next month – has “major shortcomings.”
Fredrik Lindeberg, the board member of the Swedish Chapter (ISOC-SE) of the Internet Society, a global nonprofit, told Cybernews that such a backdoor would undoubtedly weaken end-to-end encryption.
The bad guys wouldn’t waste any time
“There is no good way to break end-to-end encryption without also introducing backdoors which can be used by third parties. On a sunny day, this third party is the police or another law enforcement agency in your country,” said Lindeberg.
“But on a bad day, that third party could be another country hunting for political dissidents in your country.”
In January, ISOC-SE, the Swedish Network Users Society (SNUS), and the Association for Digital Freedom and Rights (DFRI) jointly said in a statement (PDF) that the proposal currently being discussed can’t be said to be “proportionate or reasonable.”
Moreover, the proposal – if it becomes a legal bill – might lead to “privacy violations in the form of surveillance of hundreds of thousands of innocent citizens who are not suspects of crimes.”
Fighting crime more effectively is an argument often deployed by Swedish officials these days. The country has seen a massive surge in gang violence over the last decade, and only Albania and Montenegro are ahead of Sweden in the rankings of gun deaths per capita within Europe.
"If you introduce those backdoors, they cannot only be used by the police to look at the communications of criminals and other bad actors. It can also be used by bad actors to look at what good actors are doing."
Fredrik Lindeberg.
One anonymous young man told Euronews late last year he regularly plants explosions or carries out shootings after responding to ads placed on encrypted messaging platforms like Signal.
Naturally, the government has been looking for ways to rectify the situation. SVT actually asked Whittaker whether she didn’t think that Signal had a responsibility to support efforts to combat crime.
But the Signal CEO replied: “Our responsibility is to offer technology that upholds human rights in an era where those rights are being violated in more and more places. In today's digital world, there are very few places where we can communicate privately or blow the whistle.”
Lindeberg also told Cybernews that in this day and age, there’s no way to make sure only the police and the security agencies would be accessing the message history on Signal.
“If you introduce those backdoors, they cannot only be used by the police to look at the communications of criminals and other bad actors. It can also be used by bad actors to look at what good actors are doing,” said Lindeberg.
“If the police need to look at the communications, they should do the old school detective work. They should find a suspect, and they should get the suspect's phone. They should look at the phone.”
Lindeberg added that ISOC-SE is, of course, not implying that the communication providers should break the law: “The problem from our perspective here is the ex-ante nature of the proposal regarding end-to-end encryption.”
A technical and a moral question
To activists, this is a moral as well as a technical question. Yes, Lindeberg says, it’s simply practically impossible to limit the backdoor usage to a set amount of third parties, the so-called good guys.
Yes, he adds, the proposal is also based on an old assumption that the web, the networks, and the digital society are vertically integrated, and that the operator should be in full control of the entire service – in the case of Signal and, actually, the entire modern web architecture, this isn’t true.
“But we also think that everybody should have the right to communicate in an encrypted fashion. Privacy and integrity are very important,” Lindeberg says.
In the aforementioned statement, ISOC-SE, SNUS, and DFRI also stressed: “Personal privacy, data protection, and the right to secure communication on an open Internet are the foundations of society, invaluable to democracy. They must not be undermined by short-term political interests.”
Revealing some sort of a schism within the government, the Swedish Armed Forces seem to agree with the criticism of the proposal. In a letter to the government, the military said that the bill will not be able to be implemented “without introducing vulnerabilities and backdoors that could be exploited by third parties.”
Obviously, the motivations and priorities are quite different. The Armed Forces recently urged their personnel to begin using Signal to reduce the risk of Sweden’s adversaries intercepting sensitive chats.
Still, there’s obviously still a lot to hash out. Thankfully, the proposal is not a bill yet and hasn’t yet been politically vetted in parliament, where it needs to be passed in order to become part of the law. This means that there’s still time to have a proper debate.
“It's possible that the ones who are in favor of this proposal do not fully understand the technical ramifications of the proposal,” Lindeberg told Cybernews.
Pressure might also help the opponents of the draft bill. When Whittaker threatened to leave the United Kingdom in 2023 over the idea to mandate backdoors in its Online Safety Act, the government eventually backed out after Meta also implied it could pull services from the UK market.
Your email address will not be published. Required fields are markedmarked