Governments are not in Control

Sweden's government is in crisis after a government agency accidentally leaked the entire country's personal details database by offshoring its storage without adequate safeguards.  Two ministers have been fired and the entire government may fall.

Swedish prime minister Stefan Löfven confirmed on Monday that private information concerning citizens of Sweden had been exposed to serious security risks after the government outsourced IT services for the Swedish Transport Agency (Transportstyrelsen) to IBM in 2015.

IBM, in turn, left an astounding amount of information exposed to a number of unauthorized users around the world — including the names, home addresses, and photos of every member of the police, secret military units, information from the witness-relocation program, information regarding the weight capacity of all roads and bridges, and details regarding the specifications of all government and military vehicles (and their drivers).

Apparently, the transport agency mistakenly emailed their entire database of sensitive information to marketers in plain text. And upon realizing their error, the agency decided to merely ask subscribers to delete the old message and later sent out an updated one.

Spectacular as it is, the Swedish disaster is just the latest in a seemingly unending series of similar catastrophes of which the OPM records loss , Snowden defection, State Dept secret cable loss, NSA toolkit theft are but a few well known examples.  The casualties flash past like milestones in a blur. Britain's NHS lost 100,000 patient records the other day.  Pakistan's Prime Minister Nawaz Sharif lost his job today due to "documents leaked from a Panama-based law firm" proving he was corrupt. In an age where the media use unnamed sources to launder leaks and section 702 of the Foreign Intelligence Surveillance Act is allegedly used for political surveillance no one's secrets are safe. We appear to have entered the age of digital nakedness and not even politicians are immune.  Hillary was supposedly robbed of her election by Russian hackers who stole her secrets and broadcast them though some of the losses may actually have been due the DNC's own careless selection of fraudsters to run their IT operation.

The information age seems to have caught most "world leaders" unprepared.  Their confident "digital transformation strategies" have finished in a face-plant. Though the Swedish scandal superficially concerns data loss it also underlines how vulnerable traditionally acceptable political corruption and incompetence is in the 21st century.

[what] upsets a lot of people is the fact that everybody was aware they were breaking the law by being negligent with classified information, but just didn’t care. ... By now, mainstream media has published documents that show that the Interior Minister and the Infrastructure Minister were completely aware of the ongoing leaks as early as 18 months ago, and they said and did nothing.

Part of what IBM contracted to was run, and which was run from Serbia, was the Swedish government’s secure intranet – the SGSI, the Secure Government Swedish Intranet. This network is in turn connected to the European Union’s STESTA, which is a European Union secure network. This is what the Swedish Transport Agency gave staff in Serbia administrative network access to, and it is no conspiracy theory that Serbia is a close military ally with Russia. While it can’t be proven in this specific case that high-value military information in Serbia’s hands also comes into Russia’s hands, it’s one of those things that should just be assumed in the general case.

The net effect here is that the EU secure Intranet has been leaked to Russia by means of deliberate lawbreaking from high ranking Swedish government officials. Even if there are additional levels of encryption on STESTA, which there may or may not be, this has “should never happen” written all over it.