The proposed law, known as the Swedish Data Storage and Access to Electronic Information Legislation, has been made public at a similar time as the Swedish Armed Forces encouraged the use of encrypted chat apps like Signal to protect communication from foreign espionage. A contradiction in itself, politicians still want to force encrypted communication providers like Signal and Tuta Mail to undermine their quantum-resistant encryption.

Today, a broad coalition of civil society organizations, technology companies, and cybersecurity experts is calling on the Swedish Riksdag to reject proposed legislation “Ju2024/02286 Datalagring och åtkomst till elektronisk information”, which threatens to compromise the privacy, security, and fundamental rights of everyone in Sweden and beyond.

”Security experts have warned again and again: If encryption is weakened for law authorities, it is weakened for everyone. A “master key for the good guys only” simply does not exist”, says Matthias Pfau, CEO of Tuta Mail.

Comic showing Apple CEO Tim Cook unlocking the iPhone while the FBI, hackers, repressive regimes and more stand in line to get access to the decrypted data.

Yet, under the proposed law, platforms would face an impossible choice: weaken their security or exit the Swedish market entirely. Already, Signal - one of the most trusted encrypted platforms - has announced it would withdraw from Sweden rather than comply with the law.

Matthias Pfau, CEO at Tuta states: “We would never undermine the quantum-safe encryption of Tuta Mail. And our open source code is proof of that.”

Turn ON Privacy in one click.

Get

The recent Salt Typhoon hacks, the worst hack in US history where Chinese attackers infiltrated American communications providers’ network to listen in on not-encrypted calls and messages, is proof of why we all need end-to-end encryption. Weakening it now would be akin to lowering one’s defenses at a time of heightened digital threat.

Instead of compromising encryption, the coalition urges lawmakers to invest in modern, targeted investigative tools that respect privacy and strengthen public safety.

The open letter to the Swedish Riksdag ends on exactly this note:

“End-to-end encryption is vital to protecting Sweden’s interests. In light of the severe risks to security, privacy, and human rights, we strongly urge the Riksdag to reject “Ju2024/02286 Datalagring och åtkomst till elektronisk information.” Passing this legislation would damage Sweden’s cybersecurity, digital economy, and commitment to human rights. It would create a legacy of vulnerability that would persist for generations.”

---

Open Letter to Swedish Riksdag

The undersigned civil society organizations, companies, and cybersecurity experts, including members of the Global Encryption Coalition, urgently call for the Swedish Riksdag to reject the legislation, “Ju2024/02286 Datalagring och åtkomst till elektronisk information.” This legislation, if enacted, would greatly undermine the security and privacy of Swedish citizens, companies, and institutions. Despite its intention of combating serious crime, the legislation presents a dangerous approach which would instead create vulnerabilities that criminals and other malicious actors could readily exploit. Compromising encryption would leave Sweden’s citizens and institutions less safe than before.

The legislation would force companies to store and provide law enforcement with access to their users’ communications, including those that are end-to-end encrypted. The consensus among cybersecurity experts is that complying with this requirement for end-to-end encrypted communications services will be impossible without forcing providers to create an encryption backdoor — akin to a master key that unlocks every door in a building.

The creation of an encryption backdoor creates vulnerabilities that would leave Sweden less safe against cyber threats and foreign adversaries. This concern is echoed by the Swedish Armed Forces, which has stated that access requirements in End-to-end encrypted communication “cannot be fulfilled without introducing vulnerabilities and backdoors that third parties can exploit.”

If passed, the legislation leaves platforms offering end-to-end encrypted services with an impossible choice. They will either need to comply and undermine the security of their services, or they will be forced to leave the Swedish market. In either scenario, the result is less secure and private communications for the Swedish citizens, companies, and institutions who rely on these tools. Over 40% of Swedish Internet users benefit directly from the security and privacy provided by end-to-end encrypted messaging services.

Undermining the confidentiality of end-to-end encrypted services would have a particularly harmful impact on those already at most significant risk: journalists and activists who rely on secure communication to protect sources and organize safely, families and domestic violence survivors who use encryption to shield themselves from abuse, LGBTQ+ individuals who depend on secure platforms for safety and community, and many more who rely on the protection and privacy provided by end-to-end encrypted services. International human rights bodies, including the European Data Protection Board and European Court of Human Rights, have recognized the importance of end-to-end encryption to protect the right to privacy and to promote the exercise of other rights.

Swedish companies, government services, and institutions all benefit from end-to-end encryption. The Swedish Armed Forces recognized this when they recently endorsed the use of Signal, an end-to-end encrypted messaging application, to protect the non-classified communications of national security professionals. If the legislation passes, Signal has already indicated that they would choose to leave the Swedish market rather than comply.

Ensuring the security and privacy of government officials and national security professionals is vital for helping prevent extortion or coercion attempts, which could lead to more significant national security damage. The Swedish Armed Forces have noted in January 2025 that “the country is subject to regular cyberattacks”, and in such an environment, ensuring Swedish citizens, companies, and institutions have access to uncompromised end-to-end encrypted communications is more vital than ever.

Weakening encryption would be akin to lowering defenses during heightened risk. Amid such national security challenges and the fallout of the Salt Typhoon hack, the reliance by the Swedish government, citizens, and businesses on end-to-end encryption to keep themselves safe and secure has never been greater.

Rather than undermining encryption, the government should invest in and utilize modern investigative techniques that are targeted and do not compromise the security of all users. These include enhanced digital forensics, improved data analysis, and international cooperation.

End-to-end encryption is vital to protecting Sweden’s interests. In light of the severe risks to security, privacy, and human rights, we strongly urge the Riksdag to reject “Ju2024/02286 Datalagring och åtkomst till elektronisk information.” Passing this legislation would damage Sweden’s cybersecurity, digital economy, and commitment to human rights. It would create a legacy of vulnerability that would persist for generations.

We implore you to protect Swedish citizens’ communications and fundamental rights, safeguard Sweden’s digital future, and prioritize policies that strengthen rather than weaken cybersecurity. Sweden’s security, prosperity, and freedom depend on it.

Signatories

Access Now

Africa Media and Information Technology Initiative (AfriMITI)

African Academic Network on Internet Policy

Betapersei, SC

Bits of Freedom

Center for the Study of Organized Hate (CSOH)

Centre for Democracy & Technology Europe

Character Works AB

Comunitatea Internet Association

Cyberstorm.global

Danes je nov dan, Inštitut za druga vprašanja

Dataföreningen västra (Swedish Computer Association)

Deutsche Vereinigung für Datenschutz e.V. (DVD)

DFRI (Föreningen för Digitala Fri- och Rättigheter)

Egyptian Initiative for Personal Rights (EIPR)

Electronic Frontier Finland - Effi ry

Electronic Frontier Foundation

Elektronisk Forpost Norge

Encryption Advocates Council

European Digital Rights (EDRi)

European Roma Rights Centre

European Sex Workers Rights Alliance (ESWA)

Fight for the Future

Freedom of the Press Foundation

Global Partners Digital

Homo Digitalis

Index on Censorship

Internet Society

Internet Society Benin Chapter (ISOC BENIN)

Internet Society Cameroon Chapter

Internet Society Capítulo Venezuela

Internet Society Catalan Chapter (ISOC-CAT)

Internet Society Chad chapter

Internet Society Comoros Chapter

Internet Society Dominican Republic Chapter

Internet Society Ecuador Chapter

Internet Society Ethiopia Chapter

Internet Society German Chapter ISOC.DE

Internet Society Ghana Chapter

Internet Society Guinea Chapter

Internet Society Mali Chapter

Internet Society Niger Chapter

Internet Society Norway Chapter

Internet Society Paraguay Chapter

Internet Society Portugal Chapter

Internet Society Puerto Rico Chapter

Internet Society Senegal Chapter

Internet Society Slovenia Chapter

Internet Society Sierra Leone Chapter

Internet Society Sweden Chapter

Internet Society Taiwan Taipei Chapter

Internet Society Togo Chapter

Internet Society Uruguay Chapter

Internet Society Zambia Chapter

IT-Pol Denmark

JCA-NET(Japan)

LGBT Tech

L. Jean Camp, Indiana U

MyData Sweden

Myntex

NetTek Ltd

Omnifi Foundation

OneMore Secure AB

Open Rights Group

OpenMedia

Peergos Ltd

Phoenix R&D GmbH

Politiscope

Proton

Privacy International

Privacy & Access Council of Canada

Quilibrium

Recurity Labs GmbH

SecureCom

SECURECRYPT

SHARE Foundation

SkypLabs

Statewatch

Surfshark

Swedish Network Users Society

Tech for Good Asia

The Cybersecurity Advisors Network (CyAN)

The Tor Project

Thomson Reuters Holdings AB

Tuta Mail

Virtual School on Internet Governance

XPD AB

3 Steps Data

Individual Experts

Viktor Alakörkkö

Vivi Andersson, KTH Royal Institute of Technology

Jan Andersson

Daniel Appelquist, W3C TAG Co-chair and OpenSSF Global Cybersecurity working group co-chair

Martin Bergling, RISE - Research Institutes of Sweden

Anders Boström, Net Insight

Simon Bouget, RISE Research Institutes of Sweden

Carl Magnus Bruhner

Randy Bush, RGnet

Jon Callas, Indiana University

Sofia Celi, Brave

Dr Duncan Campbell, University of Sussex, School of Law Politics and Socioogy,, Brighton, UK

Anders Darander

Per Darnell

Lars Delhage, Nohup AB

Orr Dunkelman, University of Haifa

Javier Ruiz Diaz, Sussex Centre for Law and Technology (SCLT)

Sven Dietrich, City University of New York (CUNY)

Tobias Ekbom, F.d. styrelseledampt Defensor, patenterat deduplicering i kombination med source-side encryption. Arkitekt i cybersäkerhet.

Torbjörn Eklöv

Peter Eriksson, Noproduct AB

Nicola Fabiano, Studio Legale Fabiano

Stephen Farrell, Trinity College Dublin

Dr. Simone Fischer-Hübner, Professor at Karlstad University

Dr. Richard Forno, UMBC

Amir Gaber

Simson L. Garfinkel, Association for Computing Machinery

Marcus Glaad

Dr. Ian Goldberg, University of Waterloo

Dr. Christine Grosse, LTU

Masayuki Hatta, Surugadai University

Leif Henriksson

Kent Illemann, illemann konsult ab

Dr. Leonardo Horn Iwaya, Karlstad University

Prof. Dr.-Ing. Meiko Jensen, Karlstad University

Olle E. Johansson, Edvina AB

Samuel Kelemen, Principal Security Engineer at King

Staffan Kerker, Splisado AB

Gabriel Kihlman, ABC-Klubben

Agnieszka Kitkowska

Håkan Kvarnström, Independent consultant

Susan Landau, Tufts University

Andreas Lindh, Recurity Labs GmbH

Anne-Marie Eklund Löwinder, Amelsec AB

Dr. Kaspar Rosager Ludvigsen, Durham University

Johan Lundberg

Martin Lundgren, University of Skövde

Victor Morel, Chalmers University of Technology

Renzo Navas, IMT Atlantique

Gustav Petersson

Ivan Pettersson, Cybersecurity evangelist, Arrow ECS sweden

Fredrik Pettai

Riana Pfefferkorn, Stanford University

Tobias Pulls, Karlstad University

Dr Gnanajeyaraman Rajaram, Saveetha University

Francisco Blas Izquierdo Riera (klondike), KITS AB and Chalmers University of Technology and University of Gothenburg

Jakob Schlyter, Kirei AB

Dr Jessica Shurson, University of Sussex

Eugene H. Spafford, Purdue University, USA

Daniel Stenberg, the curl project, president of the European Open Source Academy

Mats Strålberg, Inforing AB

Magnus Ström

Peter Sunde Kolmisoppi, ex The Pirate Bay/Wikileaks

Marco Tiloca, RISE Research Institutes of Sweden

Ulrich Wisser

Paul Wouters, IETF Security Area Director

Mališa Vučinić, Inria

Dr. Karin Zackari, Lund University

Daniel Zappala, Brigham Young University