Swedish government in turmoil over massive data breach

29

Stochkolm: Sweden’s government faces mounting political pressure over its handling of a huge leak by one of its agencies of sensitive data, including potentially the identities of covert defence and intelligence personnel on overseas missions.

What began as a scandal earlier this month over an IT outsourcing deal between the Swedish Transport Authority and IBM in 2015 has turned into a full-blown political crisis for the  government as the extent of the confidential data leak has become known.

On Wednesday, members of Sweden’s centre-right opposition, the Alliance party, called for the sacking of the ministers of infrastructure, defence and the interior. There are now questions whether the government may be forced to call an early election.

The leak was revealed earlier this month after the Transport Agency”s former director general Maria Agren was fined 70,000 Swedish krona ($10,700) for mishandling confidential information. Agren had been fired in January without explanation.

The deal proceeded despite this, giving unauthorised staff in Eastern Europe access to the identities of all drivers and vehicles in Sweden.

IBM has not been accused of wrongdoing, however its staff did have unfettered access to far more sensitive information, including the identities of people in witness protection programs, and details of Sweden’s road, ports, bridges and subway systems.

Of particular concern, the arrangement may have exposed the identities of covert operatives at Sapo and Sweden’s special forces on overseas missions to foreign nationals.

“This could be the biggest security leak since Stig Bergling,” Jan Bjorklund, an Alliance party leader, told national news agency TT, referring to the infamous former Swedish spy who turned Soviet Union mole 40 years ago.

Prime Minister Stefan Lofven on Monday said the contract was a “disaster” and that potential leaks put his country and its citizens at risk, and announced an investigation into the outsourcing process. Lofven said he learnt of the flawed contract in January, after the ministers for defence and interior became aware of it.

On Monday, the head of Sapo, Anders Thornberg, said “this leak hasn’t noticeably affected our intelligence sharing capacity”. He stressed that while inadequately protected information must be considered breached, it hadn’t necessarily been.

But the incident may be worse the Sweden’s double-agent Bergling affair due to remaining uncertainty of what and to whom data was exposed and the impression of a government cover-up.

“Compared to the Bergling case, where we know what data reached Russia, it is not known what sensitive information has reached whom,” Patrick Falstrom, a former Royal Swedish Navy programmer and head of research and development at Internet infrastructure firm Netnod.

“In the case of Bergling, the responsible authorities did act, and that was the reason why he was caught. Here we see that even if reporting did happen to two ministers, they did not report to the Prime Minister,” said Falstrom.

Others believe the Transport Agency head’s outsourcing blunder is the result of political pressure to cut technology costs and rapidly adapt systems to meet new legal requirements.