[Write] [Home] [Up] [Next]

INTERNET SURVEILLANCE AND CENSORSHIP IN NORWAY

by Gisle Hannemyr

Table of Contents

This note was originally written in response to a request from Dan Larsen of the OpenNet Initiative. Larsen was conducting a survey on the situation regarding Internet censorship and surveillance in Scandinavia. This working note addresses the situation in Norway to the best of my ability.

The format of the note closely follows the outline of Larsen's request. It addresses five different aspects of Internet surveillance and censorship in Norway. First, it discusses the legal framework in Norway for ongoing surveillance and censorship, including relevant case law. It then describes the voluntary filtering scheme that is currently operated in Norway (i.e. the controversial Child Sexual Abuse Anti Distribution Filter). There are also brief sections about what data is considered illegal and/or harmful in Norway. Finally, it describes what individuals and groups that act as initiators of Internet filtering in Norway.

Surveillance (police)

The legal framework with regard to Internet surveillance by the police is the same as for all communication (i.e. the old legal framework for telephony wiretapping as been extended so that also applies to communication over the Internet).

The relevant law is “Lov om rettergangsmåten i straffesaker av 1981-05-22 nr. 25” (Straffe­prosessloven – Penal process law), in particular chapter 16a.[1] The legal terms for wiretapping/eavesdropping are “kommunikasjonskontroll” and “kommunikasjonsavlytting”.

To intercept email or to “bug” an Internet line requires a court order and person under surveillance need to be suspected of being involved in serious crime (i.e. a crime that may be punished with 10 years in prison, espionage, etc.). Here is the most relevant legal text in the original language:

§ 216a. Retten kan ved kjennelse gi politiet tillatelse til å foreta kommunikasjonsavlytting når noen med skjellig grunn mistenkes for en handling eller forsøk på en handling
a) som etter loven kan medføre straff av fengsel i 10 år eller mer, eller
b) som rammes av straffeloven §§ 90, 91, 91 a, 94 jf. 90, 104 a første ledd annet punktum, eller 104 a annet ledd jf. første ledd annet punktum, eller av § 162 eller § 317, jf. § 162 eller av lov om kontroll med eksport av strategiske varer, tjenester og teknologi m.v. § 5.

[…]

Kommunikasjonsavlytting kan bestå i å avlytte samtaler eller annen kommunikasjon til og fra bestemte telefoner, datamaskiner eller andre anlegg for elektronisk kommunikasjon som den mistenkte besitter eller kan antas å ville bruke. Som kommunikasjonsavlytting regnes også identifisering av kommunikasjonsanlegg ved hjelp av teknisk utstyr, jf. § 216 b annet ledd bokstav c, som skjer ved å avlytte samtaler eller annen kommunikasjon.

Unofficial translation into English by me of the above text:

§ 216a. The court may by injunction give to the police permission to perform communication monitoring when someone is reasonably suspected of an act or for attempting an action
a) which by law can lead to punishment of imprisonment for 10 years or more, or
b) affected by the Penal Code § § 90, 91, 91 a, 94 cf. 90, 104 a, first part, second sentence, or 104 a second part, cf. the first part, second sentence, or of § 162 or § 317, see § 162 or by the law on control of exports of strategic goods, services and technology, etc. § 5.

[…]

Communication monitoring may consist of monitoring calls or other communications to and from certain phones, computers or other facilities for electronic communications that the suspect possesses or it can be assumed that the suspect wants to use. Identification of communication systems using technical equipment which is accomplished by monitoring calls or other communications shall also be considered as communication monitoring, see § 216 b, second part, letter c.

Surveillance (military)

Military Internet surveillance in Norway is regulated by “Lov om Etterretningstjenesten av 1998-03-20 nr. 11”[2] (Law about the [military] intelligence service). The law gives Forsvarets Etterretningstjeneste (ETJ) a very broad mandate to collect information that “serves the interest of Norway in relation to foreign states, organisations and individuals” (§ 3). The service must however, refrain from collecting information about Norwegian persons or legal entities (§ 4), but there seems to be no restrictions as far as foreigners are concerned.

This broad mandate empowers ETJ to do electronic surveillance on communication originating from foreign individuals and organisations at the border, in a very similar manner to the much more explicit Swedish FRA-law (FRA in Sweden = ETJ in Norway). It is however unknown how ETJ uses its surveillance mandate.

Censorship

Norway is not a member of the EU, but it is part of the EEA, which means that it is obliged to implement first pillar EU directives. Norway has therefore enacted legislation corresponding to the EU Directive on electronic commerce 2000/31/EC, which (among other things) says that ISPs shall not monitor their subscriber's use of the net. However, the general interpretation of the directive in Norway is that the ISP may be responsible for illegal content on its servers (e.g. child pornography, copyrighted material) if the provider, upon obtaining such knowledge or awareness, do not act expeditiously to remove or to disable access to the content. A not-intended(?) result of the directive is that some ISPs have end users agreements that empowers them to expeditiously remove any controversial content, including content that is clearly not illegal, just to make sure that they do not become part of any controversy surrounding such content.

For instance, in February 2008, the ISP Imbera removed the “Mohammed caricatures” from pages belonging to one of their customers[3]. The removal was done on grounds that Imbera had a “user agreement” that banned users from posting controversial content on Imbera's servers.

Beyond the EU Directive on electronic commerce, there is no legal framework in Norway supporting Internet censorship. There is a voluntary child porn filter that is discussed below.

In 2007, the Data Crime Committee (Datakrimutvalget – committee appointed by the Government to review the penal code with respect to computer crime) discussed making filtering of illegal content (i.e. child pornography, gambling sites) mandated by law.[4] This idea was dismissed by the majority of the committee and supported by the minority. It has not yet been enacted into law, and I think it unlikely that it will be.

Case law

The police shall on demand be given subscriber information associated with a particular IP-address used by a subscriber of the ISP without a court order. This follows from a Supreme Court decision in 1999 (HR-1999-88-A - Rt-1999-1944). The case in 1999 involved a user suspected of distributing child pornography, but as a result of this ruling, the police now get this data on demand in all types of cases.

There is no legal requirement in Norway that ISPs store data that associates the subscriber information with an IP-address at all. However, all ISPs retain these at least for some time (most three weeks, some up to three months). The EU data retention directive will of course make it compulsory to store this data for at least six months. Norway has yet do decide whether it will implement this EU directive.

The legal company Simonsen Advokatfirma DA has since 2007 had permission[5] from the Norwegian Data Inspectorate (Datatilsynet) to register the IP-addresses of users suspected of taking part in illegal file sharing. They have requested that ISPs hand over the subscriber information associated with these addresses, which the ISPs have declined to do. They have also drafted a letter threatening legal action if the user continues file sharing and requested forward the letter to the relevant subscribers, which the ISPs also have declined to do.

Simonsen has then gone to the court, and asked for a court order that a large regional ISP (Lyse tele) hand over subscriber information in a particular case. The case was decided in Stavanger Tingrett (the lowest court) on 2009-05-05, but the decision is at the time of writing (2010-01-09) still secret[6]. No reason is given, by my understanding is that decision contains information that may identify the suspect, and therefore will remain secret as long as the case is under appeal.

IFPI (record industry organisation) has demanded that ISPs block file sharing sites (i.e. The Pirate Bay), which the ISPs have declined to do. In 2009, IFPI took their demand to the court. However, on February 9th, 2010, the court decided in favour of Telenor[7].

Voluntary filtering scheme

All Norwegian ISPs (AFAIK) operate a voluntary CSAADF (Child Sexual Abuse Anti Distribution Filter). The filter is simply a blacklist of DNS-addresses that is maintained and distributed by Kripos (the Norwegian police for organized crime, economical crime and other serious criminal issues). Each ISP implements this blacklist in its Domain Name System (DNS) servers by redirecting attempts to access blacklisted pages to a page with a warning message. For my ISP (Uninett) this is the warning page.

The filter is an unlegislated cooperation between the ISPs and Kripos. The list of filtered addresses is secret, but a list of supposed blocked addresses was posted to Wikileaks [8] in April 2009. The list on Wikileaks contains 3518 DNS-addresses.

In September 2008, Minister of Justice, Knut Storberget, sent a letter to all Norwegian ISPs stating that unless adoption of the voluntary filtering scheme became universal, he would seek a change in legislation that made the CSAADF filter mandatory.[9] In light of this interference by the minister, it may may be argued that Norway's CSAADF filter constitute a covert form of government censorship, under the guise of a “voluntary” filtering scheme.

What data types are considered illegal?

Currently, only supposed child pornography is filtered.

Both unregulated gambling and file sharing of copyrighted material is generally regarded as illegal in Norway, and from time to time there are vocal proposals from various pressure groups that Norway should also filter gambling and file sharing sites. As noted above in the “Case Law” section, IFPI has so far not been able to get a court's backing for this type of filtering.

There are some elements that argue that Norway should enforce its blasphemy law by filtering material that mocks religion, etc., but these are very marginal voices.

What content types are considered harmful?

I don't think specific content types are considered harmful in Norway (generally speaking), but certain expressions are. E.g. discussing race is not considered harmful, but race-based slurs are by many at least considered as undesirable. Norway has a law that make hate speech illegal[10] (Straffeloven § 135a), and we even have a law about blasphemy[11] (Straffeloven § 142).

Hate speech:

§ 135a. Den som forsettlig eller grovt uaktsomt offentlig setter frem en diskriminerende eller hatefull ytring, straffes med bøter eller fengsel inntil 3 år.

Unofficial translation into English by me of the above text:

§ 135a. Any person who willfully or through gross negligence publicly put forward a discriminatory or hateful expression, is punishable by fines or imprisonment for up to 3 years.

Blasphemy:

§ 142. Den som i ord eller handling offentlig forhåner eller på en krenkende eller sårende måte viser ringeakt for nogen trosbekjennelse hvis utøvelse her i riket er tillatt eller noget lovlig her bestående religionssamfunds troslærdommer eller gudsdyrkelse, eller som medvirker hertil, straffes med bøter eller med hefte eller fengsel inntil 6 måneder.
Påtale finner bare sted når allmenne hensyn krever det.

Unofficial translation into English by me of the above text:

§ 142. Someone who in words or actions publicly insult or in an offensive or hurtful manner shows contempt for any legal creed or religion that is exercised in the realm, or a legal religious community's religious doctrines or worship, or that contribute hereto, is punishable with fines or imprisonment for up to 6 months.
Prosecution only takes place when public interest mandates it.

It should be noted that the blasphemy law has not been enforced since 1912.

Who initiates filtering/censorship?

According to a press release[12] when the child porn filter debuted in 2004, it was the result of an initiative of the then Minister of Justice, Odd Einar Dørum.

As noted, the current Minister of Justice, Knut Storberget, in 2008 took an active role in getting all ISPs to adopt the “voluntary” filtering by sending the ISPs a letter telling them – in effect – that unless they adopted the CSAADF filtering scheme voluntary, he would seek legislation change to make filtering mandatory.

In the general public debate about filtering, both politicians, special interest groups such as “Redd Barna” (Save the Children), the film- and record industry, religious leaders, etc. from time to time suggests that specific filtering is implemented.

Sources

[1]
http://www.lovdata.no/all/hl-19810522-025.html#map026.
[2]
http://www.lovdata.no/all/tl-19980320-011-0.html.
[3]
http://www.teknofil.no/wip4/ytringsfriheten_overgaar_alt/d.epl?id=25769.
[4]
http://www.regjeringen.no/….
[5]
http://www.datatilsynet.no/templates/article____1640.aspx.
[6]
http://www.dagbladet.no/2009/05/05/kultur/film/max_manus/fildeling/6066821/.
[7]
http://torrentfreak.com/ifpi-gives-up-trying-to-force-isp-to-block-the-pirate-bay-100313/.
[8]
http://wikileaks.org/… [cached copy].
[9]
http://www.nrk.no/nyheter/1.6220557.
[10]
http://www.lovdata.no/all/tl-19020522-010-017.html#135a.
[11]
http://www.lovdata.no/all/tl-19020522-010-017.html#142.
[12]
http://presse.telenor.no/PR/200409/961319_5.html.

If you want to comment, see the blog version.

Creative Commons License First published 2009-05-20, updated 2010-03-13.
Copyright © 2010 Gisle Hannemyr. Some rights reserved. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License.

[English] [Norwegian]
[Write] [Home] [Up] [Next]