National Security Surveillance in Sweden

November 15, 2023

Executive Summary

  • Introduction. Swedish law provides different rules for monitoring domestic threats and collecting foreign intelligence.
    • Authorization and oversight also track this foreign – domestic dichotomy.
  • Domestic national-security surveillance relies upon criminal investigative powers.
    • The Security Service (Säkerhetspolisen) monitors threats to national security in Sweden, such as counterintelligence and counterterrorism.
    • The Security Service and the Swedish Police share responsibility for investigating terrorism. Organized crime is the exclusive remit of the Police.
  • Process for conducting domestic national-security surveillance. To conduct electronic surveillance, the Security Service seeks permission from a specialist prosecutor, who then requests a warrant from a district court.
    • Warrants last for one month, but can be renewed.
    • Typically, Swedish law permits the use of “coercive powers” such as wiretaps only to investigate completed offenses or offenses in progress. For national-security offenses, however, interception for preventive purposes can begin earlier.
    • Warrants can be used to intercept communications, deploy bugs, and obtain communications metadata.
      • Since 2020, authorities can also seek judicial approval to deploy malware on a suspect’s computer or smartphone. The law does not authorize authorities to seek general backdoor access to a platform, however.
  • Nationality. The legal safeguards in the Code of Criminal Procedure apply to all people present in the territory of Sweden, regardless of citizenship.
    • However, non-citizens suspected of involvement in terrorism can be surveilled based on a less-demanding showing.
  • The line between domestic and foreign surveillance is important in Swedish law.
    • Defense intelligence activities may not target purely domestic threats or collect purely domestic communications.
    • “One-end-foreign” communications may be legally treated as either domestic of foreign intelligence. However, once there is sufficient evidence to justify an investigation under criminal law, SIGINT collection typically must cease.
  • The primary agency for gathering foreign intelligence from electronic signals is the Defense Radio Establishment (Försvarets radio anstalt, or FRA). The FRA has a long history of code-breaking is reputed to possess a high level of technical competence.
    • A separate agency (Militära underrättelse och säkerhetstjänsten, known by the acronym MUST) collects intelligence for the military.
  • Process and standards for foreign-intelligence surveillance. The FRA’s surveillance activities are governed by a separate statutory regime, the Signals Intelligence Act.
    • Under the Signals Intelligence Act, collection must relate to one of nine purposes.
      • These include “external military threats,” “strategic circumstances concerning international terrorism or other serious cross-border crime that may threaten essential national interests,” “foreign intelligence operations against Swedish interests,” and “the actions or intentions of a foreign power that are of substantial importance for Swedish foreign, security or defense policy.”
    • Telecommunications companies are required by law to route all international cable-borne communications through certain connecting points. FRA can then filter out the traffic it wishes to collect.
    • FRA’s collection must be based on selectors that are as tailored as possible.
    • The FRA receives tasking directives from key government offices and ministries, the Armed Forces, the Security Service, and the National Operative Department of the Police, which deals with serious organized crime.
      • The contents of tasking directives are specified by statute. Each directive must explain the need for the collection and specify the Government-approved intelligence priority to which it responds.
  • Judicial authorization. Before beginning collection, FRA must seek a permit from the independent Foreign Intelligence Court (known by the Swedish acronym FUD).
    • The Court is led by a tenured judge. Its members are a mix of legal experts and former members of Parliament from different political parties.
    • The application must describe the underlying tasking directive and the need for the intelligence sought.
    • It may also specify the selectors, or categories of selectors, that will be used.
    • The Court applies the principles of necessity and proportionality in deciding whether to grant the warrant. It can also impose conditions on the warrant.  Warrants are valid for up to six months.
    • No case law from the Court has been made public.
  • Oversight is similarly bifurcated. One institution, SIN, oversees surveillance under criminal law.  Another, confusingly known as SIUN, oversees surveillance under the Signals Intelligence Act.
    • The independent Commission on Security and Integrity Protection (Säkerhets- och integritetsskyddsnämnden, or SIN) oversees the use of surveillance in investigations conducted under criminal law.
      • SIN monitors surveillance by the Security Service and Police to ensure that they comply with the law and handle personal data appropriately.
      • The SIN’s ten members are a mix of judicial and political appointees. Each party in the Parliament typically proposes a member.
      • The SIN cannot order data deleted but is obliged to report any legal noncompliance that it finds to the prosecutor and other authorities.
    • The Defense Intelligence Inspection (Statens inspektion för försvarsunderrättelseverksamheten, or SIUN), oversees collection by FRA and its military-intelligence counterpart, MUST.
      • SIUN is made up of 3-4 members, who are usually former MPs.
      • SIUN oversees both general legal compliance and rules for handling of personal data. It can order an operation stopped and data deleted for noncompliance.
      • SIUN also receives complaints from individuals, including non-citizens. It investigates complaints but discloses to the complainant only that SIUN has investigated the allegation and found no violation of the law.
  • Transparency
    • SIUN publishes an annual report, which provides some statistical information.
    • The Security Service and police report the number of surveillance operations each year to the Prosecutorial Authority, which produces a public report containing aggregated statistics.

Download Full Paper

Iain Cameron

Professor in Public International Law, Uppsala University