Governments forget at their peril that they must nowadays guard their citizens’ data as carefully as they guard their physical safety
It’s hard to believe that a government could be threatened with collapse because of the way it dealt with driving licences. But that is what has been happening in Sweden in the last week, and the story shows just how vulnerable and delicate the integrity of personal identity is once everything about everyone is recorded in a database somewhere. The story started in the recesses of the bureaucratic state: the transport agency, a branch of the civil service which has to keep records of every car, boat and aeroplane in the country. Since some of these vehicles are military and some of the drivers are people whose identity the state protects with special zeal from criminals, either because they are witnesses or spies, there are rules that state this can only be seen and altered by Swedish citizens who have been cleared by the security services.
In 2015, the incoming director general, Maria Ågren, discovered that this work was to be outsourced to IBM. That was part of a wider pattern which has seen both the left and right of Swedish politics privatise large parts of the old welfare state this century. The law said this couldn’t happen unless IBM’s data handlers had all had security clearance. Her own department told her that couldn’t be done in time. So she decided to ignore the law. IBM, in turn, had the work done in Serbia and elsewhere in eastern Europe. Complaints about security from within the organisation – and, later, from the security police – were ignored. The defence minister and the interior minister knew in the spring of last year but could not find the time to tell the prime minister until January this year, when Ms Ågren was quietly sacked and, later, fined. The government hoped that any potential scandal would disappear along with her.