European Politics

tongue0002.gif
 
Nice job Sweden

Sweden is grappling with the fallout from a sensitive data breach that occurred two years ago and the scope of which has only recently trickled out. It resulted in the prosecution of the former head of the Transport Agency and deep questions over an outsourcing arrangement with IBM.



Prime Minister Stefan Löfven is expected to address the issue for the first time on Monday after a shake -up of senior-level management in Transport Styrelsen, or Transport Agency, and its board.

There are differing accounts of what was exposed. But it indisputably included the country's driver's license database, including photos, and information on whether an individual was in a witness relocation program.

The Transport Agency sought in a news release Sunday to tamp down concerns. But it has acknowledged that the agency's director general took security shortcuts when overseeing a revamp of its IT infrastructure that allowed foreign contractors who did not have proper security clearances to view data.

The drip-fed details - including the light fine for the former Director General of the Transport Agency, Maria Ågren, for violating privacy laws and information handling regulations - have been met with harsh criticism. And there are lingering questions on how the exposure could affect Swedes.

"All of this was not just outside the proper agencies, but outside the European Union, in the hands of people who had absolutely no security clearance," writes Rick Falkvinge, a well-known privacy activist and founder of the Pirate Party. "All of this data can be expected to have been permanently exposed."

Where it Began
The Transport Agency signed an agreement with IBM in April 2015 to run its information systems. Sometime after that agreement, Ågren "decided to abstain" from three privacy and data protection laws as well as internal information security guidance, the agency says in a FAQ published Sunday.

According to a report in The Local, IBM used subcontractors in the Czech Republic, Romania and Serbia, which then had access to the data, but did not hold proper security clearances.

IBM officials were not immmediately available for comment. The Transport Agency says it doesn't have any indication that the personal data was exposed beyond the contractors. But that's probably little consolation for someone in a witness protection program.

To that end, the agency addressed those people directly. It says that the contract it has with IBM mandates that Big Blue comply with the provisions of the country's Personal Data Act and that the information is not supposed to be shared with unauthorized parties.

"We have no indications indicating that data was disseminated improperly, so we do not see any direct cause for concern," the agency says.

The staff used by IBM and its subcontractors are "security-controlled by their own organization and have also signed a confidentiality agreement," but that regimen is not equivalent to the checks required in Sweden for access to such data, it says.

The exposure was apparently caught not long after the outsourcing arrangement began, and the Swedish Security Services began an 18-month review of the Transport Agency, which ended in June.

According to news reports, the exposure went far beyond just driver's license records and included personal details for Swedish Air Force pilots, people listed in police registers, personal details for military members in secret units, and details of government military vehicles and data on Swedish infrastructure, such as bridges.

In its FAQ, the Transport Agency maintained that most of its data is public, but that it could not outline the more sensitive data it holds. It says it does not hold data on military vehicles or have information on pilots, airports or aircraft or shipping-related data.

Director General Prosecuted
The violation of protocol was enough that in January 2016, prosecutors began investigating based on a report from the Swedish Security Service.

On Jan. 19, Ågren resigned. At the time, it was unclear why. On June 26, she was fined 70,000 kronor - about $8,500 U.S. - for negligence without intent. Given the depth of the exposure, Falkvinge says that's not enough. "Let's be clear: if a common mortal had leaked this data through this kind of negligence, the penalty would be life in prison," he writes. "But not when done by the government themselves. Half a month's pay was the harshest conceivable sentence."

Sweden is still dealing with the cleanup. Although the first indications of something awry appeared two years ago, the cleanup work is not done. The Transport Agency says that between May and July 2016, authorized personnel within Sweden took over network, server and storage administration.

But it is still working to ensure that the administration of "application operations" will run in the same way. That work, which the agency describes as "technically complicated and comprehensive," is expected to be completed later this year.

"We have ongoing work with our operating supplier for the purpose of controlling operations where only Swedish security-approved personnel will be responsible for the entire operation," the agency says. "At the moment, work is under way to speed up the process with our operating supplier."

IBM's contract with the Transport Agency runs through October 2020.
 
I say lock the director up in Swedish resort prisons for a year or two, for sure. And there's always a danger of outsourcing this sort of work to the private sector - the government needs to be accountable for making sure the outsourced labour is appropriately cleared and such. One of the reasons I know my buddies in the federal government here are very skeptical of outsourcing.

Especially to IBM.
 
I say lock the director up in Swedish resort prisons for a year or two, for sure. And there's always a danger of outsourcing this sort of work to the private sector - the government needs to be accountable for making sure the outsourced labour is appropriately cleared and such. One of the reasons I know my buddies in the federal government here are very skeptical of outsourcing.

Especially to IBM.


I deal with IBM quite a bit .. was just on a call with them this morning .. and they are not that great (certain people yes, as an organization, they leave a lot to be desired) .. but I am not sure this is on them. Generally in these cases, IBM manages the environment, the client (Sweden in this case) manages the data and what goes on the environment and who has access to what. Sounds like they put all this stuff up here and sent it out to people who generally have access to just car registration data ... and they ended up being able to see everything.

===========================================

https://www.privateinternetaccess.c...rnmental-leak-ever-is-slowly-coming-to-light/


On digging, it turns out the Swedish Transport Agency moved all its data to “the cloud”, as managed by IBM, two years ago. Something was found amiss when the Director General of the Transport Agency, Maria Ågren, was quickly retired from her position this January — but it was only on July 6 that it became known that she was found guilty of exposing classified information in a criminal court of law. The scandal quickly escalated from there.

There’s an enormous amount of data in Swedish about the overall leak scandal, but among all that data, one piece bears mentioning just to highlight the generally sloppy, negligent, and indeed criminal, attitude toward sensitive information:

Last March, the entire register of vehicles was sent to marketers subscribing to it. This is normal in itself, as the vehicle register is public information, and therefore subject to Freedom-of-Information excerpts. What was not normal were two things: first, that people in the witness protection program and similar programs were included in the register distributed outside the Agency, and second, when this fatal mistake was discovered, a new version without the sensitive identities was not distributed with instructions to destroy the old copy. Instead, the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these records themselves. This took place in open cleartext e-mail.
 
Swedish Transport Agency moved all its data to “the cloud”

This should be illegal, unless all the storage/computing instances involved are physically located on Swedish soil.
 
This should be illegal, unless all the storage/computing instances involved are physically located on Swedish soil.

The data center probably is in Sweden ... if it was not, I am sure that would have been part of the story. But it really sounds like the people in the government were particularly inept and that this would have happened in a cloud or not.
 
Russia wasn't perceived as a threat, in the slightest, until the Obama administration. Everything else in that article is wrong, from the assumption that you can gauge power by economic output, to Russian dependence on the West and how average Russian sees the West. Well, they don't see it, for Russians it's not the same if they're talking Baltics, Scandinavia, Slavic countries, Germany, UK, Greece, USA or Canada. And you'd think after 30 years of being fucked by the song of financial instruments, one would adapt, and they're certainly trying to. The macroeconomic scale of these acts, sanctions together with oil price manipulation, if they weren't prepared for it effects would've been catastrophic.
 
So another attack in Spain, this time Barcelona. Some dude ran over dozens of people in a van and fled. *sigh*
 
Members of this party are not exactly known for their intelligence or their lack of hypocrisy.
 
You can have a PhD and still be stupid. But to address her motivation, I'm pretty sure that she's just interested in power, and that she picked the party that promised a quick and easy path there.
 
You can have a PhD and still be stupid. But to address her motivation, I'm pretty sure that she's just interested in power, and that she picked the party that promised a quick and easy path there.
Truth on both accounts. I talk to people with MDs every day who are as dumb as a post.

But more importantly: why on earth would you choose a political career in a party that seems to clmpletely contradict your lifestyle and your whole personality? That's not hypocrisy, that's just sick.
People do this all the time for power...not just politicians. I mean, think about people like faith healers, who are obvious fakes and abuse rules designed to protect honest displays of religion to bilk people out of money tax-free? Or guys like Alex Jones, there's no way he believes the shit he spews, but he makes millions. Or, hell, the biggest prosperity gospel salesmen of them all, the fucking President of the United States.
 
To me it's no different than nation hoping athletes. There's a glut of prospects for a particular discipline? Become a citizen of one that doesn't even have one! Like Canadian skiers, hockey players, bobsleders, et cetera going to Jaimaca, the U.S, Jamaica again, et cetera.

So why not in politics? As the others have pointed out, just like the athletes want a gold medal, these folks just want "gold," power, influence, etc.
 
Some have accused the leader of the Norwegian Labour Party of being that kind of politician - a conservative who chose that party because that was where he had the best chances of becoming Prime Minister.

Today is election day in Norway and the polling stations just closed. The first prognosis (based on exit polls and the early votes that have been counted) indicates that the current governing parties and their alliance partners keep the majority ... by the skin of their teeth. The partners - the Liberal party and the Christian Democratic party - balance on the 4,0% cut-off limit. The Green party (environmentalists) are slightly below it. It will be exciting to follow the development as the counting proceeds tonight.
 
Some have accused the leader of the Norwegian Labour Party of being that kind of politician - a conservative who chose that party because that was where he had the best chances of becoming Prime Minister.

Today is election day in Norway and the polling stations just closed. The first prognosis (based on exit polls and the early votes that have been counted) indicates that the current governing parties and their alliance partners keep the majority ... by the skin of their teeth. The partners - the Liberal party and the Christian Democratic party - balance on the 4,0% cut-off limit. The Green party (environmentalists) are slightly below it. It will be exciting to follow the development as the counting proceeds tonight.

For the record: I don't share the belief that the Labour leader is a Conservative in disguise. But he is wealthy and does come from a rather privileged background. Nice education from a French university and all. Maybe not what the party needed now, and I think he has struggled to get the unions behind him.
 
Back
Top