Police in Sweden say the introduction of tough anti-piracy legislation last year has had the unintended consequence of making it harder to catch real criminals who operate online.
In April 2009 Sweden introduced the Intellectual Property Rights Enforcement Directive, which allows IP rights holders to demand personal information about alleged pirates from internet service providers. But a loophole in the system that's being exploited by several Swedish ISPs has rendered the law virtually worthless and made the pursuit of other online criminals significantly more difficult in the process.
IPRED can be used to compel internet providers to turn customer information over to rights holders, but there's no law on the books that actually requires ISPs to maintain that data in the first place. One particularly vocal opponent of the law, Bahnhof, simply stopped storing data about which IPs were provided to which users, a maneuver which was soon followed by others. As a result, the law has become effectively worthless because the data it targets no longer exists.
But that's led to a more serious problem, according to National IT Crime Unit Chief Anders Ahlqvist. Since the data is no longer being kept, it's much more difficult for police to track people who commit serious crimes online. "It is a major concern, for example, when minors are exploited for sexual purposes via the internet but we cannot trace the perpetrators because logging information is missing," he said.
Predictably, rather than scrapping or modifying IPRED, the Swedish government appears likely to launch a new "data retention directive" which will force ISPs to store customer data.