A rose by any other name

Norwegian parliament passes mass surveillance bill

I have long been arguing against the proposed bill for the Norwegian external intelligence service, as it included legislation for bulk collection and storage of data-traffic.

The bill includes the euphemism "facilitated retrieval" (formerly known as "digital border defence"), describing continuous mirroring of all data traffic "crossing the border" (i.e. almost all Norwegian traffic, including norwegian-to-norwegian traffic). Metadata will be searchable via (secret) court order, and content data after another, separate court order after that. It's basically your run-of the-mill metadata bulk collection.

The ministry of defence (and particularly the Minister of Defence, Frank Bakke-Jensen) has repeatedly ignored expert criticism during hearings, avoided responding to counter-arguments and questions in debate and the media.

After facing pure slaughter at last year's hearing – the Norwegian Data Protection Authority called the bill "mass-surveillance of Norwegian citizens" – the Norwegian government decided to fast-track the bill this summer, during the current pandemic crisis, and with their usually short warnings.

Along with Simen Bakke, Britt Lysaa and Johannes Brodwall, I recently wrote a statement and petition (Norwegian) – stating that the bulk-collection part of the bill constitutes mass surveillance, and is unacceptable in a liberal democracy.

Even though no major media even covered the fact that the bill was in Parliament, we got over 1000 signatures in under 2,5 days.

Nevertheless, parliament passed the bill – which means that Norway, tragically, has become yet another western country implementing more authoritarian means.

This is particularly interesting as the European Court of Human Rights is currently dealing with two cases that deal with whether comparable measures of mass surveillance (bulk collection of metadata etc.) is compatible with human rights. Back in 2011, the Norwegian parliament voted to implement the Data Retention Directive (as one of the first in Europe, even though we're not part of the European Union, only the European Economic Area) – which they later had to abandon, as the Court of Justice of the European Union declared the Directive invalid – stating that blanket data collection violated the EU Charter of Fundamental Rights, in particular the right of privacy.

I don't know what's worse in this case: The bad and invalid arguments the government have used, or the apparent cluelessness of the politicians that voted for the bill. It’s all in Norwegian, and somewhat lengthy, but there's video (all Norwegian) available from both the Standing Committee on Foreign Affairs and Defence (part 1, part 2) and Parliament (part 1, part 2).

Some seem to understand neither context, technical premises, legal boundaries nor practical consequences of the bill.

There was some after-the-face coverage of both the bill and the petition in Dagbladet and Natt & Dag, but it was too little, too late.

Now we'll have to think about next steps...

Newer post
My reflections on Smittestopp
Older post
Defining Privacy