The collective pressure of our global community has been effective at bringing attention to the importance of encryption in protecting privacy, institutions, and governments, and the harms that would result from undermining encryption.
On April 8, 2025, 237 civil society organizations, companies, academics, privacy and cybersecurity experts, including the Privacy & Access Council of Canada, published a joint letter calling on members of the Swedish Riksdag to reject legislation that would force companies to undermine the encryption of the services they provide. If enacted, the proposed law would leave Swedes and their institutions less safe and secure, and undermine the privacy of individuals and organizations alike.
The Legislation, known as the Swedish Data Storage and Access to Electronic Information Legislation (Ju2024/02286 Data lagring och åtkomst till elektronisk information) would force platforms to store and provide police and Säpo, Sweden’s security service, with access to users’ communications, including those that are end-to-end encrypted. Ironically, Sweden recently urged its Armed Forces personnel to use Signal to reduce the risk of communications being intercepted by adversaries.
Cybersecurity, cryptology, and privacy experts who understand the technology as well as the implications and unintended consequences of the proposed measures, are unanimous that there it is not possible to provide third party access to end-to-end encrypted data without undermining the security and privacy of all users — including the very lawmakers who endorse such privacy-invasive measures.
By May 27th, the momentum of the legislative proposal had shifted, and progress stalled for the time being. The joint letter was one of the factors which seems to have stopped the proposal’s progress. A revised proposal is expected after the summer.
It is encouraging to hear from our partners that we are making a difference.
