Noyb.eu is right here, the (extreme lack of) privacy laws in Sweden is out of tune with modern technology, and the fact that you can pretend to be a journalistic endeavor compounds it.
Moreover, this situation by extension could threaten the vital protection that (real) journalists must have, like protection against having to disclose their sources etc. That is, if the law is misused in this way, someone will surely get the bright idea that the law must be thrown out in its entirety.
> the fact that you can pretend to be a journalistic endeavor
Isn't that the core of the issue? Who decides what is journalism?
MrKoll is mentioned in the article but there are identical databases that originally were used to track the political opposition and are now partly accessible for selected "journalists", among others. Should those databases exist because they make their own rules on who is a journalist? What about a user posting a comment on Reddit or Flashback that used MrKoll for the information? Is that journalism, making MrKoll a journalistic database?
This legal battle might have a major impact on Swedish newspapers.
> Isn't that the core of the issue? Who decides what is journalism?
There are several issues at play here I think, but to take one: Who decides?
As long as journalists enjoy certain judicial privileges it is natural that the democratic state grants these certifications. This is not controversial in Nordic countries as it might be elsewhere.
Journalism has a well defined meaning in language. The concept has been interpreted extremely liberally up to now in Sweden. This can be carefully tightened without trespassing into undemocratic territory. The alternative - that anyone can register as a journalistic business without any certification will likely result in those privileges being removed. This is the real danger here.
I don't know how this would actually fix anything. You can get the same information on a person by simply calling the tax authorities since it's public information in Sweden. MrKoll is just publishing it on a website.
Having information be public on request (e.g. from courts) is important. But the step from making individual bits of information public via request from authorities, to making it indexed/published/searchable for anyone in the world through a private company is quite a big one.
This privacy/security by obscurity you get from having to fill out forms or call a court isn't something one can just argue doesn't mean anything because public-vs-nonpublic is the only measure.
When you call the Swedish tax authority to request information, you are not permitted to retrieve more than a handful of records within a time period.
And you are not allowed to search: you can only query records for people that can be directly identified, by e.g. name/address or social security number.
> making it easier on criminals to find your personal information
This can also work to the victim's benefit: any information publicly accessible from these records is automatically unsuitable for identity theft and the likes. If e.g. a tax ID number is in these records (no idea if that's the case), some company asking for that number to establish authenticity/authorization won't have any ground to stand on if it gets called into question.
That said it's probably possible to make inferences, i.e. knowing what company someone works for might make it possible to guess security questions (e.g. "what was your first boss' name?")
The government would have records of such requests, so one assumes a person could request to know who has requested their records. Once they utilize their rights under Article 17 GDPR that data brokers delete their data and notify all recipients of the deletion, one could at least know who is stalking them.
> Personal data used by gangs and criminals. One example of what the public sale of data by companies like MrKoll can lead to is illustrated by a “Guardian” report about rival gangs using data brokers to learn the geographical location of their opponents to carry out attacks.
As I complained then, it gave no evidence that gangs used data brokers to get this information, only writing "Experts say criminals are being greatly helped by a 248-year-old law, forming part of Sweden’s constitution."
Who are those experts? Where is the evidence that the bombers used a data broker to find their target, or that removing this information from the public would have changed anything?
They don't need the data brokers. You can just call up the tax office on the phone and ask for someones address or person number. You get it, no questions asked.
The article is very confused about this. There are two separate issues:
1. the principle of free information ("freedom of information" in the US is super weak compared do Swedens much older laws)
2. Doing stuff with this data on a large scale and in bulk. This is where data brokers come in. This is also not needed for the gangs.
Employers. Not too long ago you could Google my name, the first result was MrKoll and an exclamationmark on my name.
You could then pay 10$ and get access to my legal history involving minor possession of drugs and DUI.
Now all my relatives know...
Yep this is pretty fucked, we also have our taxation calendar available for anyone to look up my declared income.
These systems and laws of openness worked great before the Internet, you'd have to call every court in the country to request access to my full legal history, and call the taxation office about my declared income. Now it's just 10$ away from anyone curious
It certainly shouldn't. It's just public data, that anyone from any nation could both access and provide.
I don't mind these services and I think the recent development where they are blamed for enabling the violence is just a stupid distraction. The domestic terrorists we have would certainly still be a problem and would hardly stop their attacks if we got rid of our very useful public data laws.
The current politics are working hard on removing all the fundamental data laws of my country, beginning with making massive energy rebates confidential last spring.
I’m not sure anybody really wants them to exist (except themselves, obviously). Current law, more or less by accident, allows them to exist, and since this touches on the principle of openness in public administration, which is a bit of a holy cow here, any changes are unthinkable. My guess is that this situation will persist until slightly after it becomes completely unsustainable, at which point everyone will suddenly have been advocating for a change for the last decade.
I found this other article which mentions "Ransomware-as-a-Service Gangs" [1]. I think the meaning of the word is "group of people engaging in criminal behavior", not necessarily "a group of gansters", a.k.a "street criminals".
In addition to that, police uses data brokers information regularly, and there's plenty of evidence of it. Example from the first google search page: [2]. Whether or not you consider them to be "just another gang" is dependent on your personal opinions and how corrupt your local police force is.
The Guardian article was about a bombing of the relative of a gang leader, which also killed a woman living nearby. The implication was that public name->address lookup played an important role in that bombing, so should be curtailed in order to prevent similar future events.
My complaint is the article presented no evidence supporting that implication.
This linked-to page uses the Guardian article to support their position, but I don't think the Guardian article has any substance.
FWIW, Sweden is one of the countries which requires you to register your address with the government. The Swedish police already have the name->address information and don't need a data broker for it.
I don't know if this is going to help you answer your questions but here is some background information:
1. In Sweden you must be registered at an address for all purposes (taxes, health care, official communications, etc.).
2. On websites like MrKoll's, all you need is a phone number to find someone's home address (you can also find someone's phone number using their home address).
Based on these two facts, all the bomber planning the attack needs is a phone number to find out the address. If the victim is using a burner phone (which, by the way, have become illegal in Sweden since 2023, now all "kontantkort" or anonymous simcards can't be anonymous, they have to be registered to someone's name, and you can only do that with a valid ID), they can otherwise target one of their family members.
> Where is the evidence that the bombers used a data broker to find their target
The writing is on the wall. This is a free service. Why wouldn't they?
> removing this information from the public would have changed anything?
The problem is that these companies (like MrKoll there are others) are abusing the media license they have been granted, not only violating rights that have been well established in the EU (which Sweden is a part of) but also they are making an already vulnerable population even more vulnerable.
Grandmas and Granpas are being targeted by scammers with all sorts of schemes, and where do they get phone numbers and also a quick profile of the target? via these websites.
So yeah, removing this information from the public would change something, perhaps not necessarily to the gang wars, but for sure for the safety of the public in general (gang family members would be harder to find).
> > Where is the evidence that the bombers used a data broker to find their target
> The writing is on the wall. This is a free service. Why wouldn't they?
Did they use information at the library to learn how to build the bombs? That's a free service. Why wouldn't they?
Let's shut the libraries down too. Only people with enough money to buy books, and to pay for street informants, should be able to bomb other people. It'll cost you, what, $100 to have someone trail someone else home? There's no way a bomber could afford that.
Now with my tongue out of my cheek - if the bombers knew who to target because some of the gang members grew up on the same neighborhood so knew where the relatives lived, then making this information private wouldn't change a thing.
A site dedicated to strong privacy laws should use strong arguments to support its claims, not a mischaracterized third-hand (a Guardian writer describing Swedish news reports about police and neighbor statements) news report that may actually have nothing to do with the topic.
Well, of course having everyone's address publicly available greatly helps everyone who wants to find out someone's address (for whatever purpose). I don't think you need experts (or evidence) to come to that conclusion...
I mean, this Swedish openness is nice (and I wish some parts, like salaries not being secret, were adopted elsewhere too), but your address being publicly available is an anachronism, like the phone books that used to contain everyone's phone number, and will eventually have to go.
Thing is, the linked-to noyb piece doesn't even characterize the Guardian article correctly. This piece says: "a “Guardian” report about rival gangs using data brokers to learn the geographical location of their opponents to carry out attacks".
The Guardian piece says "reports at the time said it could have been a neighbour related to a gang member."
That's the location of the relative of their opponents. And "could have" indicates uncertainty. Has the investigation since then determined why the bombing took place, and if a data broker or public data was at all relevant?
The Guardian piece only conjectures, yet noyb seems to think it's a solid foundation. This makes me distrust noyb's ability to support their position - making a mountain out of a molehill.
For that matter, how did the bombers know that gang leader had a relative, and that relative's name? Is one's family tree information also public in Sweden, or did the bombers know it from some other means? Like, did the gang members grow up together before joining different gangs, so knew each others' extended family?
In that case, public access to the data would be irrelevant.
Salaries aren't public I believe. You can see someone's taxable income. If you work one single full time job, the figure would probably be close to the total comp however. But for e.g. someone who works two half time jobs you can't see which employer paid what, only the taxable income (iirc).
A thing not mentioned in the article is that most of the example data is also available directly from the authorities. Not as easily accessed perhaps. However, these services also keep data not available like old convictions. There are other lawsuits regarding that.
> Just get rid of that nonsense. No more problems.
What the license in question does is that it makes the publisher potentially liable for publishing stuff that shouldn't be published rather than the journalist for writing it. That license is not the problem.
I don't think you'll get much for my personal number (the equivalent of the US social security number). Anyone, including you, can call the tax office at +46 8 564 851 60 and get it for free.
Profiting off a secret password is not intrinsically illegal.
Why should journalists have different legal protections than non-journalists anyway when all a journalist is in 2024 is someone with a twitter or substack account
I actually think this is a beautiful thing with GDPR. Because technically platforms like Facebook could just consider themself a Publisher and then they wouldn't have to bother with the GDPR. But that would also mean that they would need to have a chief editor personally responsible for all the racism, hate and abuse on the platform. So the reason they they have to deal with the GDPR is because they don't want to take responsibility for all the shit published. So how much they may hate GDPR – they hate taking responsibility for their content even more.
Not that you said it, and maybe I'm wrong but I don't think they have any philosophical preference, this is probably a calculation between the cost of implementing features to make existing systems GDPR compatible vs hiring a magnitude more content moderators plus whatever perceived impact they think they'd have on user retention if there was way more moderation which will also have loads of false positives.
Readit News
Moreover, this situation by extension could threaten the vital protection that (real) journalists must have, like protection against having to disclose their sources etc. That is, if the law is misused in this way, someone will surely get the bright idea that the law must be thrown out in its entirety.
Isn't that the core of the issue? Who decides what is journalism?
MrKoll is mentioned in the article but there are identical databases that originally were used to track the political opposition and are now partly accessible for selected "journalists", among others. Should those databases exist because they make their own rules on who is a journalist? What about a user posting a comment on Reddit or Flashback that used MrKoll for the information? Is that journalism, making MrKoll a journalistic database?
This legal battle might have a major impact on Swedish newspapers.
There are several issues at play here I think, but to take one: Who decides?
As long as journalists enjoy certain judicial privileges it is natural that the democratic state grants these certifications. This is not controversial in Nordic countries as it might be elsewhere.
Journalism has a well defined meaning in language. The concept has been interpreted extremely liberally up to now in Sweden. This can be carefully tightened without trespassing into undemocratic territory. The alternative - that anyone can register as a journalistic business without any certification will likely result in those privileges being removed. This is the real danger here.
These companies have a copy of the database.
Imagine being a criminal and now you want to find your victim's personal information and you directly call Skatteverket...
Less compelling than going to hitta.se from a public, open wifi network
This can also work to the victim's benefit: any information publicly accessible from these records is automatically unsuitable for identity theft and the likes. If e.g. a tax ID number is in these records (no idea if that's the case), some company asking for that number to establish authenticity/authorization won't have any ground to stand on if it gets called into question.
That said it's probably possible to make inferences, i.e. knowing what company someone works for might make it possible to guess security questions (e.g. "what was your first boss' name?")
I remember reading that Guardian report when it was linked here on HN, at https://news.ycombinator.com/item?id=39334413.
As I complained then, it gave no evidence that gangs used data brokers to get this information, only writing "Experts say criminals are being greatly helped by a 248-year-old law, forming part of Sweden’s constitution."
Who are those experts? Where is the evidence that the bombers used a data broker to find their target, or that removing this information from the public would have changed anything?
The article is very confused about this. There are two separate issues:
1. the principle of free information ("freedom of information" in the US is super weak compared do Swedens much older laws)
2. Doing stuff with this data on a large scale and in bulk. This is where data brokers come in. This is also not needed for the gangs.
And if those data brokers became owned by Chinese or Russian entities, would that change the answer?
You could then pay 10$ and get access to my legal history involving minor possession of drugs and DUI.
Now all my relatives know...
Yep this is pretty fucked, we also have our taxation calendar available for anyone to look up my declared income.
These systems and laws of openness worked great before the Internet, you'd have to call every court in the country to request access to my full legal history, and call the taxation office about my declared income. Now it's just 10$ away from anyone curious
I don't mind these services and I think the recent development where they are blamed for enabling the violence is just a stupid distraction. The domestic terrorists we have would certainly still be a problem and would hardly stop their attacks if we got rid of our very useful public data laws.
The current politics are working hard on removing all the fundamental data laws of my country, beginning with making massive energy rebates confidential last spring.
Some employers and recruiting firms, to do background checks. I think they more or less funds the market.
In addition to that, police uses data brokers information regularly, and there's plenty of evidence of it. Example from the first google search page: [2]. Whether or not you consider them to be "just another gang" is dependent on your personal opinions and how corrupt your local police force is.
[1] https://www.securityweek.com/access-brokers-and-ransomware-s...
[2] https://issues.org/data-brokers-police-surveillance/
The Guardian article was about a bombing of the relative of a gang leader, which also killed a woman living nearby. The implication was that public name->address lookup played an important role in that bombing, so should be curtailed in order to prevent similar future events.
My complaint is the article presented no evidence supporting that implication.
This linked-to page uses the Guardian article to support their position, but I don't think the Guardian article has any substance.
FWIW, Sweden is one of the countries which requires you to register your address with the government. The Swedish police already have the name->address information and don't need a data broker for it.
Based on these two facts, all the bomber planning the attack needs is a phone number to find out the address. If the victim is using a burner phone (which, by the way, have become illegal in Sweden since 2023, now all "kontantkort" or anonymous simcards can't be anonymous, they have to be registered to someone's name, and you can only do that with a valid ID), they can otherwise target one of their family members.
> Where is the evidence that the bombers used a data broker to find their target
The writing is on the wall. This is a free service. Why wouldn't they?
> removing this information from the public would have changed anything?
The problem is that these companies (like MrKoll there are others) are abusing the media license they have been granted, not only violating rights that have been well established in the EU (which Sweden is a part of) but also they are making an already vulnerable population even more vulnerable.
Grandmas and Granpas are being targeted by scammers with all sorts of schemes, and where do they get phone numbers and also a quick profile of the target? via these websites.
So yeah, removing this information from the public would change something, perhaps not necessarily to the gang wars, but for sure for the safety of the public in general (gang family members would be harder to find).
> The writing is on the wall. This is a free service. Why wouldn't they?
Did they use information at the library to learn how to build the bombs? That's a free service. Why wouldn't they?
Let's shut the libraries down too. Only people with enough money to buy books, and to pay for street informants, should be able to bomb other people. It'll cost you, what, $100 to have someone trail someone else home? There's no way a bomber could afford that.
Now with my tongue out of my cheek - if the bombers knew who to target because some of the gang members grew up on the same neighborhood so knew where the relatives lived, then making this information private wouldn't change a thing.
A site dedicated to strong privacy laws should use strong arguments to support its claims, not a mischaracterized third-hand (a Guardian writer describing Swedish news reports about police and neighbor statements) news report that may actually have nothing to do with the topic.
I mean, this Swedish openness is nice (and I wish some parts, like salaries not being secret, were adopted elsewhere too), but your address being publicly available is an anachronism, like the phone books that used to contain everyone's phone number, and will eventually have to go.
The Guardian piece says "reports at the time said it could have been a neighbour related to a gang member."
That's the location of the relative of their opponents. And "could have" indicates uncertainty. Has the investigation since then determined why the bombing took place, and if a data broker or public data was at all relevant?
The Guardian piece only conjectures, yet noyb seems to think it's a solid foundation. This makes me distrust noyb's ability to support their position - making a mountain out of a molehill.
For that matter, how did the bombers know that gang leader had a relative, and that relative's name? Is one's family tree information also public in Sweden, or did the bombers know it from some other means? Like, did the gang members grow up together before joining different gangs, so knew each others' extended family?
In that case, public access to the data would be irrelevant.
Wouldn't letting the government decide who qualifies as media go against the idea of free press?
Just get rid of that nonsense. No more problems.
What you're asking for will not be easy to enact. In a monarchy, the concept of "natural rights" remains somewhat culturally foreign.
How do you figure? The monarch is just a symbolical position. It carries no political power.
This is probably the "license" they're mentioning.
What the license in question does is that it makes the publisher potentially liable for publishing stuff that shouldn't be published rather than the journalist for writing it. That license is not the problem.
Profiting off a secret password is not intrinsically illegal.
The journalists David Leigh and Luke Harding famously made the WikiLeaks password "SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds" public when they included it in a book. https://en.wikipedia.org/wiki/WikiLeaks:_Inside_Julian_Assan...
They didn't get special permission to sell that manuscript to the publisher.
Besides, all of my passwords contain secret information concerning Swedish defense installations, making them illegal for you to publish. /wink