> “Any governmental assurances to keep your data safe have as much value as a truckload of dead rats in a tampon factory.”<p>Remember this. I expect every piece of data given out to the government or to private organizations to sit in the databases of every major intelligence agency, and will not be surprise if it's all exposed to the public domain through data aggregation companies in near future.
One guy working in IT at the department in question apparently lost his job for refusing to implement this. He was also the one whom informed SÄPO about this.
The thing that really gets to me is that I have no way of opting out of having my personal details in the governments databases. Compared to a private company which if I don't trust I simply avoid. It can't leak data it doesn't have. But I'm completetly defenseless against my goverment.<p>And I know of no serious politician (I'm Swedish) that talks about these issues. Which means I can't vote for better policies. Society is so far behind on understanding privacy issues and the impact of these shoddy practices.
TLDR: Databases shipped to foreign soil, used by consultants without security clearance.<p>This seems to get a bit bigger by the day. We usually do not have scandals and such high profile activities but this is pretty huge tbh. :(
No one has been reported of using the data, at least so far. The head of security went out and said this publicly, also that the military forces vehicles aren't registered there, just giving away even more information about national security for free. <i>sigh</i><p>Some more trivia: the one responsible for the leak didn't even tell the the prime minister for _over a year_. And the security issues weren't even discussed by the team who hired IBM, they got a report from some people (some sort of service desk or something, who have nothing to do with security) that this was a bad idea and that building a cloud in Sweden would be a lot safer, the report they gave "mysteriously disappeared"
I think the US losing all the data for everyone who ever got a security clearance is worse (thankfully mine was before they were stored in a modern system). But this is pretty much beyond stupid. When you outsourced control of your information, assume it will become public.
Blog posts from Rick Falkvinge (Head of Privacy at Private Internet Access, and a founder of Sweden's first Pirate Party):<p>- <a href="https://www.privateinternetaccess.com/blog/2017/07/swedish-administration-tried-glossing-leaking-eus-secure-stesta-intranet-russia/" rel="nofollow">https://www.privateinternetaccess.com/blog/2017/07/swedish-a...</a><p>- <a href="https://www.privateinternetaccess.com/blog/2017/07/swedish-transport-agency-worst-known-governmental-leak-ever-is-slowly-coming-to-light/" rel="nofollow">https://www.privateinternetaccess.com/blog/2017/07/swedish-t...</a><p>(edit: for some reason, the above blog post URLs weren't showing up for me...)<p>If I'm reading his blog post correctly, Sweden's transport agency sloppily handled the nation's vehicle registry, which does contain data subject to freedom of information laws, but contains confidential data that is not supposed to be out in the wild:<p>> <i>Last March, the entire register of vehicles was sent to marketers subscribing to it. This is normal in itself, as the vehicle register is public information, and therefore subject to Freedom-of-Information excerpts. What was not normal were two things: first, that people in the witness protection program and similar programs were included in the register distributed outside the Agency, and second, when this fatal mistake was discovered, a new version without the sensitive identities was not distributed with instructions to destroy the old copy. Instead, the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these records themselves. This took place in open cleartext e-mail.</i><p>Since Sweden is 10 million citizens, about the size of a U.S. state, this sounds like a state DMV (Department of Motor Vehicles) accidentally exposing the licensed drivers and registered vehicles database (part of which is public record). But the difference seems to be that Sweden's transport agency also handles aircraft and military vehicles using the same database, hence the exposure of secret military info?<p>Ignoring the current fuckup, it seems like a bad idea to have one national data system for personal and govt/military vehicles, even if it is efficient for a nation of Sweden's size. The Gizmodo article notes that this database was accessible to all of the Sweden transport agency IT workers to access and download willy-nilly, which is a problem independent of the issue of it being accidentally leaked. In the United States, it's a common scandal for state law enforcement to lookup driver information without proper authorization, but at least it's just civilian driver information for their state, not the Humvees registered to SEAL Team 6: <a href="http://www.nbc-2.com/story/25334275/deputy-fired-for-improperly-accessing-info-about-governor-nbc2-anchors-others" rel="nofollow">http://www.nbc-2.com/story/25334275/deputy-fired-for-imprope...</a>
we can assume that all data given over to the cloud has been copied and siphoned off to govt "intel" agencies.<p>Welcome to the modern world. on one hand is digital services that deliver to people, the other hand is all your base belong to everyone.