Safeguard end-to-end encryption – Oderland signs joint letter addressed to the Swedish Riksdag

Together with 236 other stakeholders, we have signed a joint letter with a call to the Swedish Riksdag: Safeguard end-to-end encryption.

Värna stark kryptering – Oderland skriver under gemensamt brev om svensk lagstiftning om datalagring
  1. Good purpose – but counterproductive
  2. “Weakening encryption would be akin to lowering defenses during heightened risk”
  3. End-to-end encryption is a must-have

Safeguard end-to-end encryption in Swedish legislation on data retention and access to electronic information

Cybersecurity and strong data protection are two hugely important pillars for us at Oderland. Not least because, as a Swedish hosting provider, according to the Swedish Post and Telecom Authority (PTS), we’re a provider of essential services in the digital infrastructure sector.

Not only does that mean that we comply with several security requirements, but also provides a general sense of responsibility. In short: we take data protection and cybersecurity issues seriously.

An important part of that is ensuring strong encryption, also known as end-to-end encryption.

– As a provider of secure IT services, we take strong encryption for granted. It is one of the most important building blocks of a safe and free internet,” says Martin Stenröse, Operations & Security Manager at Oderland.

“Overall, the bill risks undermining the security of the actors who are forced to make an impossible choice between complying with the law or leaving the Swedish market.”

Good intention – but counterproductive

The joint letter, which we are signing together with, among others, the Swedish Defence Management Agency and the Swedish Internet Foundation, is a response to the proposed legislation called “Ju2024/02286 Data retention and access to electronic information”.

The proposed legislation states that:

“The data retention framework includes obligations for providers of electronic communications networks and services to retain certain information for law enforcement purposes […] while ensuring respect for fundamental rights and freedoms.”

End-to-end encryption

Technology that allows only the sender and receiver of a message to read it decoded (in plain text). Think of it as client-to-client encryption.

However, we believe that, to quote the letter:

“This legislation, if enacted, would greatly undermine the security and privacy of Swedish citizens, companies, and institutions. Despite its intention of combating serious crime, the legislation presents a dangerous approach which would instead create vulnerabilities that criminals and other malicious actors could readily exploit. Compromising encryption would leave Sweden’s citizens and institutions less safe than before.”

– The intention of the proposal is good, but there’s no getting away from the fact that the right to private communication is crucial. Not just to protect data, but to protect people, businesses and the open society, says Martin.

“Weakening encryption would be akin to lowering defenses during heightened risk”

The letter goes on to say:

“The consensus among cybersecurity experts is that complying with this requirement (to store end-to-end encrypted data) for end-to-end encrypted communications services will be impossible without forcing providers to create an encryption backdoor — akin to a master key that unlocks every door in a building. The creation of an encryption backdoor creates vulnerabilities that would leave Sweden less safe against cyber threats and foreign adversaries.”

Overall, then, the bill risks undermining the security of operators who are forced to make an impossible choice between complying with the law or leaving the Swedish market. For example, Signal has hinted that they will leave Sweden if the bill is passed.

Svensk lagstiftning om datalagring: Stark kryptering en självklarhet

End-to-end encryption is a must-have

Our call and position is clear: Safeguard end-to-end encryption.

Without it, we risk an internet that is less secure, less free – and ultimately less democratic. As put in the letter:

“We implore you to protect Swedish citizens’ communications and fundamental rights, safeguard Sweden’s digital future, and prioritize policies that strengthen rather than weaken cybersecurity. Sweden’s security, prosperity, and freedom depend on it.”

Here’s the full letter published by the Global Encryption Coalition here, available in English as well as Swedish.

About the Global Encryption Coalition

The Global Encryption Coalition has over 400 members in 103 countries and works to promote and defend encryption in key countries and multilateral forums where encryption is under threat. The Coalition also supports the efforts of businesses to offer encrypted services to their users.

More blog posts & news from Oderland