Friday, July 28, 2017

All data within the state, no data outside the state, no data against the state

One of the abiding concerns from libertarians and anyone with an interest in individual security has been the centralization of power in government and, in the digital age, the centralization of digital data in massive databases, government or commercial.

The concern seems almost borderline paranoid. These are massive organizations with access to the best and the brightest. The promises are for ironclad digital security. "No unauthorized personnel will have access . . . " Then you read local news stories of some low level clerk checking on his girlfriend's activities, security personnel doing background checks on behalf of their relatives, and high level government officials tapping into NSA collected data for partisan political purposes. But these are one off bad apples. Nothing systemic. Or so we hope.

However, between hacks, leaks, and errors, that concern about the leakiness of centralized data seems more and more rational and well justified. In the past few years we have had the exposure of personal data from the Federal Office of Personnel Management, from Target, from Sony, Yahoo, eBay, JPMorgan Chase, Anthem, the DNC, etc. Tens and millions of peoples' personal data exposed.

Now, out of Sweden, we have the accidental exposure of an entire countries' personal data. From Swedish Government in Crisis After Almost All Citizens' Personal Data Is Leaked by Andrew Griffin.
The Swedish government has replaced two of its ministers as it attempts to avoid falling entirely amid a crisis involving a leak of the data of almost all of the country’s citizens.

The information from the country’s driving licence database was made available to IT contractors in other countries, who had not undergone security clearance checks, as part of an outsourcing deal.


The scandal involves the handling of data under a 2015 outsourcing deal between the Swedish Transport Agency and IBM Sweden. Mr Lofven admitted on Monday that his country and its citizens had been exposed to risks by potential leaks of sensitive information.

Among some of the details that could have been accessible outside Sweden were the registration numbers of most vehicles on land, air and sea in Sweden.

Whistleblowers have raised concerns that information about vehicles used by the armed forces and the police may have ended up in the wrong hands. The identities of some security and military personnel could also have been at risk, according to reports.
Sweden might be particularly exposed as they are a country which collects and centralizes a massive amount of personal data.

We are in a new era where we are actively trying to reconcile notions of privacy in an environment where government can compel the most personal of data but cannot then be trusted to protect that data. We have a long road to hoe before we reach some sort of reasonable equilibrium.

No comments:

Post a Comment