Swedish police cleared to deploy spyware against crime suspects

Sweden’s police force has been granted new powers this week, including the ability to deploy spyware on suspects’ devices to intercept encrypted communications and turn on microphones and cameras.

The decision was announced by Sweden’s Interior Minister Mikael Damberg in a press conference on Tuesday, October 22.

The new technical capabilities granted to Swedish police are part of a 34-point plan to upgrade law enforcement powers when investigating gang or violent crimes.

Damberg said that granting police the legal and technical capabilities to intercept encrypted communications was a top priority, as they were being left behind by criminal groups who now often use services like Signal and WhatsApp to coordinate operations.

The minister told local press [1, 2, 3, 4] that 90% of all the communications police have intercepted for investigations in recent years have been encrypted.

Damberg told local news outlet Omni that Malmö Police believe that there has not been a single murder in the city of Malmö in recent years that has not been preceded by communication between gang members in encrypted form.

Spyware instead of encryption backdoors

But unlike countries like Australia, where the local government has passed a law forcing tech companies to introduce encryption backdoors, Swedish police will take the sensible route — aka the German route.

More than a decade ago, German authorities began deploying a malware strain named the Bundestrojaner (Federal Trojan) as part of their investigations.

Sweden’s police plan is similar, and they plan to deploy malware with spyware-like capabilities on suspects’ devices. The idea is to listen in on encrypted audio or video calls in real-time, or extract chat logs from encrypted instant messaging apps.

How Swedish authorities will do this is unclear, but there are at least two routes. They can create the malware themselves, or they can buy it from contractors. The last option has been popular with law enforcement agencies across the world, and there’s now a booming market for companies that sell hacking tools and exploits (also referred to as lawful intercept tools) to law enforcement agencies.

Damberg also mentioned that Swedish police could also choose to deploy hardware devices capable of bypassing encryption, but he did not elaborate.

The new rules and capabilities are set to enter into effect on March 1, 2020. According to Damberg, police can only use these new capabilities if the crime someone is suspected is punishable by a penalty of four years or higher.