The worst scandal in modern times which rocked Sweden
Sweden’s Transport Agency outsourced its IT operation to IBM, a hundred-million-range-contract, for two years ago, in 2015. In doing so, the Swedish Transport Agency outsourced the managing of its databases and networks from the country, and exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation, and more. Names, photos, and home addresses. The list isn’t complete yet. It was a very big contract in a public procurement, so anybody interested in these matters at the state actor level will have known about it and have had the ability to plant personnel with the respective subcontractors.
Part of what IBM contracted to was run, and which was run from Serbia, Romania and Slovakia, was the Swedish government’s secure intranet – the SGSI, the Secure Government Swedish Intranet. This network is in turn connected to the European Union’s STESTA, which is a European Union secure network. The net effect is, that the EU secure Intranet has been leaked.
In March 2016, the entire register of vehicles was sent to marketers subscribing to it. This is normal in itself, as the vehicle register is public information, and therefore subject to Freedom-of-Information excerpts. What was not normal were for the first, that people in the witness protection program and similar programs were included in the register distributed outside the Agency, and for the second, when this fatal mistake was discovered, a new version without the sensitive identities was not distributed with instructions to destroy the old copy. Instead, the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these records themselves.
In January of this year, Maria Ågren, the Director-General of the Transport Agency was quickly fired in maximum silence, citing “disagreements”. In reality, this event followed a 250-page mostly-redacted investigation from the Security Police. This event means that other people have been aware of the severity of the leaks for quite some time, and yet not done anything about them as they are still ongoing as of July 22, 2017. Things went to criminal trial for the charge of “criminal negligence in handling classified information”, and this is where the first really upsetting thing happens: Ågren is allowed to make a guilty plea but it was only on July 6 that it became known, that she was found guilty of exposing classified information in a criminal court of law and sentenced to the harshest sentence ever seen in Swedish government: she was docked half a month’s paycheck, 70 000 SEK.
Today the Transport Agency have a new chairman of the board Anita Johansson and a new Director-General Jonas Bjelfvenstam.
The leak was not just outside the proper agencies, but outside the European Union, in the hands of people who had absolutely no security clearance. All of this data can be expected to have been permanently exposed and security political threat even for EU.
Swedish prime minister Stefan Löfven broke his silence late on Sunday after coming under heavy pressure and hold a press-conference on Monday afternoon.
The leak is still ongoing and can be expected to be fixed in this autumn. But without ravelling IT operations outsourcing contract. Although the Prime Minister Stefan Löfven on his press conference yesterday tried to shoulder the blame and repeatedly assured that the problems were fixed.
The Swedish Security Police is still very critical and concerned.
It is high time for the EU institutions to act.
Read more: Financial Times