In February 2018, the then Minister of Industry Torbjørn Røe Isaksen and Minister of Transport Ketil Solvik-Olsen put forward a long-term plan to make Norway a “data center nation”.
The 47 pages long the strategic plan is rich in words such as “investment”, “opportunity” and “tax”, while “risk assessment” and “threats” are not mentioned once.
– The plans that you have for the data center industry in Norway now lack significant risk assessments, says police attorney Knut Jostein Sætnan in Kripos to TV 2.
Revising the law now
The government is currently working on a revised version of this strategy. In addition, work is being done on a new formulation of the law on electronic communications, the so-called “ekom law”.
So far, Kripos has not seen any reassuring signs from the political side.
– Today’s legislation and strategies, and also the proposals for changes to the Electronic Communications Act, do not respond to the challenges we are already facing. We are concerned that they must take that into account, says Sætnan.
– We live in the third world war now
Kripos submitted its statement in the consultation round for the e-communications act already in August last year, but is so concerned about the situation that the agency also sent a formal inquiry to the Ministry of Justice before Christmas.
In the inquiry, Kripos asks that a “real opportunity for official follow-up” be given to the data center industry.
“Kripo’s concern is persistent” and “we find it necessary to re-emphasize our concern by making a formal inquiry to the Ministry of Justice and Emergency Management”, the inquiry, which was delivered on 8 December, says.
Associate Professor Gaute Wangen at Department of Information Security and Communication Technology at NTNU tells TV 2 that the police, even with more tools in their arsenal, will have an incredibly difficult job of controlling data centres.
– Even if you get the opportunity to inspect, it is incredibly difficult as an IT security auditor to reveal how data is processed. It is incredibly challenging. Say a house is built, and then you come afterwards as a building inspector and have to find out what is behind the wall. You can’t find that out without tearing down the wall. And you are rarely allowed to do that, says Wangen to TV 2.
This is how you stay safe on TikTok
Regulates itself
– We know that data centers are used as a means of committing crime in many different forms. It can be ransomware, abuse material; everything that takes place on data will in many cases be at a data centre, explains Sætnan.
The police attorney points out that Kripos considers data centers as important infrastructure and as something Norway needs.
– But we need a controlled and responsible establishment. We believe that is not the case right now. Now it is the industry itself that regulates what kind of information they will give to the police. In contrast to, for example, the telecoms industry, which is subject to a duty to facilitate when it comes to the statutory use of coercive measures. It is an important point, says Sætnan to TV 2.
Today, Kripos is so powerless vis-à-vis data centers that it is difficult to be helpful when other countries contact us about cases.
– We receive inquiries from other countries asking for help in obtaining data from Norwegian data centres, but the Norwegian regulations today make it difficult, and in some cases impossible, to obtain this information, says the police attorney.
Did you know this?
TV 2 has asked the Ministry of Justice for a comment, but has not immediately received a reply.
Can attract criminals
Kripos’ concern about data centers is general, and TikTok is not mentioned in the inquiry that was sent to the Ministry of Justice before Christmas.
TikTok’s data center investment in Hamar was also not publicly known until March, exactly three months after Kripos sent the letter of concern.
TV 2 has previously written that the Ministry of Justice did not know about TikTok’s plans in Hamar and that “it is natural to take a closer look at the matter in order to assess, among other things, national security considerations”.
And Kripos therefore considers data centers useful.
– It is part of the present and part of the future. But it also applies to criminals. There is no doubt that data centers around the world are an important part of the criminal infrastructure they use to commit crime, says Sætnan.
– The smaller and the worse a data center industry is regulated in a country, the better and more attractive that country will be to use for criminal activities.