Swedish ISP Bahnhof has a history of resisting compulsory data retention (the Swedish government itself managed to resist implementing the EU-wide Data Retention Directive (DRD) into local law until its hand was forced in 2012.)
When in June this year the European Court of Justice struck down the DRD, declaring that it ‘interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,’ Bahnhof almost immediately deleted all of its users’ logs, in a move that was quickly followed by ISPs Telia, Tele2, and Three. Bahnhof’s CEO Jon Karlung explained his decision,
‘We have followed this verdict and from our point of view it is more important to protect the privacy and integrity of our customers. I strongly suggest that other ISPs and service providers would follow our example.’
The Swedish authorities (the Swedish Prosecution Authority (PST) and the Swedish Post and Telecom Authority (PTS)) initially seems unconcerned by this move, but in August performed an about turn, and demanded that Bahnhof and the other ISPs resume keeping logs of customer’s data,
‘They appointed a commissioner to investigate if the Swedish national legislation could still be applied. The commissioner came to the conclusion that the national legislation stands, and from that point on, the PTS has been enforcing the law again.’
Most ISP complied with the order, but Bahnhof resisted, fighting Sweden’s data retention laws in the Swedish courts, and calling on the European Commission to end ‘illegal data retention’. As Karlung explained,
‘It is a crazy situation. Since we are a member state we have to comply with the European justice system. We cannot have laws that contradict what happens in the European Union.’
Bahnhof now faces heavy fines for it continuing non-compliance with the law,
‘One week remains before PTS requires a fine of five million krona ($676,500) from Bahnhof, as the company has not yet begun to store customer traffic data. Therefore, Bahnhof has chosen to activate ‘Plan B’.
‘Plan B’ consists of offering Bahnhof users no logs VPN for free, which will effectively circumvent the ISP’s legal requirement to keep logs. It can do this because although the local implementation of the DRD legally requires ISPs and communication providers to keep logs, the law in Sweden does not apply to VPN providers.
‘The EU Court of Justice has held that it is a human right for people not to have their traffic data stored. We therefore believe that the time is ripe for VPN services become popular. The EU Court of Justice has issued a ruling that the previous government chose to ignore, and the current government has been silent for so long that we are starting to lose patience. So now Bahnhof will resolve the situation in a responsible manner, namely by solving the whole problem. We will start to store data, but at exactly the same time we will make data storage meaningless.’
Admittedly, we know little about LEX Integrity, but it is logless, and will provide Bahnhof customers a free PPTP connection,
‘When a Bahnhof customer wants to surf via our servers they connect via PPTP. We at the foundation have no idea about who these customers are. We do not have any information about them, no name or address. We just check whether this (for us) unknown surfer should be permitted to connect via our servers.
When they surf via LEX Integrity they share IP addresses out towards the Internet. Many users can have the same address at the same time. As a provider of this service we do not have to retain data. Even if we would have to, there would be no useful information to be had from us.
The Foundation uses its own hardware and own technicians. Bahnhof has no access to our machines, they have no way of knowing what their customers are doing after handing them over to our servers.’
PPTP does not provide very strong encryption, but users can upgrade to an OpenVPN service for SEK 40 (€4.32) per month (we will publish more details and likely review of the service once it goes live).
Faced with a massive fine for refusing to keep users’ logs, Swedish ISP Bahnhof activates ‘Plan B’ – offer free VPN