Where the identity of the suspect is not known, but his contacts are known, or a third party (such as a website which the suspects visits) is known, one can permit secret data reading of these contacts, or the third party, but only in order to identify the suspect.
…
Under section 12 of the Act, an authorization can provide for secret entry to premises to plant spyware physically on an information system (e.g. a stationary computer).
…
The figures, published since 2020, when the Act was introduced, show that the overwhelming purpose for which secret data reading is granted in Sweden is to break a device’s encryption.
My point is, if Mullvad was, can they be even transparent about it? From what I can tell, they can’t be. Ergo, you can’t trust their own blogs / write-ups on the topic.
Section 2 of the Act distinguishes between the following categories of data which can be collected:
communication interception data: data on the content of messages that are transmitted or have been transmitted to or from a telephone number or any other address in an electronic communication network
communication monitoring information: information about messages that are transmitted or have been transmitted in an electronic communication network to or from a telephone number or any other address,
location information: information about the geographical area in which certain electronic communication equipment is or has been
camera surveillance data: data obtained through optical personal surveillance
audio surveillance data: data relating to speech in a private room, conversations between others or negotiations at meetings or other gatherings to which the public does not have access
other stored and real-time data on the device not falling into the above categories.
…
For notification afterwards on the use of secret investigative measures … in particular where notification would damage ongoing investigations or damage other interests requiring secrecy. There is a list of serious offences (mainly security offences) where notification need not occur.
There is a standing remedy mechanism. Section 3 of the Supervision Act provides that, at the request of an individual, SIN is obliged to check whether he or she has been the subject of secret surveillance … SIN is to inform the complainant that a control has been carried out. However, the standard reply is ”no violation of the law has occurred”.
I expect they’d do it, but I am not gullible to bet my house on it. That said, I don’t see how doing so meets PG’s current minimum criteria on secret logging.