Netnod response to the Swedish Data Storage Act (2)

On 22 November 2024, the Ministry of Justice gave Netnod the opportunity to comment on the consultation of the current regulations on retention of and access to electronic communications data for law enforcement purposes. Netnod is still of the firm belief that it is never a good strategy to enforce backdoors in technical products, no matter how well-intentioned the reasoning.

This response largely mirrors Netnod's previous response, with slightly adjusted arguments to further clarify our position.

The consultation proposes aligning the legal frameworks for number-dependent and number-independent services, particularly for interpersonal communication services. Netnod contends that this harmonization lacks justification due to the inherent differences in architecture and principles between these services. As previously argued, Internet-based networks and vertically integrated networks operate on distinct models. Internet-based networks deliver services through collaboration among many actors across multiple layers, with the end-user usually interacting with the top layer. In contrast, vertical networks depend on only one or a few entities to provide the entire service and retain full control.

The consultation's claim that end-to-end encryption can allow third-party access to messages is fundamentally incorrect. End-to-end encryption ensures that only the involved parties, possessing the necessary keys, can decrypt and read messages. Third-party access to clear text messages would necessitate either compromising the involved devices with backdoors or obtaining the private keys used for the session.

Netnod is concerned that the proposed legislation could lead to the criminalization of encryption. This would be a problematic development, as both businesses and individuals depend on the confidentiality provided by encryption to protect business secrets and personal privacy.