Sweden’s Säpo did not inform me of seriousness of IT leaks: Ann Linde

Sweden's EU Affairs and Trade minister Ann Linde, who was caught up in the scandal around a cyber security slip-up, says that she was not initially informed about the level of seriousness of the IT failings.

Sweden’s Säpo did not inform me of seriousness of IT leaks: Ann Linde
EU Affairs and Trade minister Ann Linde. Photo: Maja Suslin/TT

Sweden’s state security agency Säpo informed Linde, then state secretary to former Interior Minister Anders Ygeman, about IT security leaks in the country’s Transport Agency (Transportstyrelsen) in 2015, but she did not respond.

In July this year, it emerged that Sweden's security police Säpo had investigated the Swedish Transport Agency when key information was made available to IT workers in other countries who had not gone through the usual security clearance checks.

The massive leak of confidential information stems from the agency's hiring of IBM in 2015 to take over its operations. IBM used subcontractors abroad, making sensitive information and an entire database of Swedish drivers' licences accessible to foreign technicians without the proper clearance.

Linde has previously stated that she received information about the leaks from Säpo in September 2015. A stronger warning signal was then sent two months later, at which point Säpo had decided to stop outsourcing to IBM, writes newspaper Svenska Dagbladet.

As state secretary to Ygeman, Linde was responsible for crisis management in the government office, including the convening of relevant bodies in the case of serious security concerns – but she never called for any such meetings.

The minister said the reason for this is that she was not informed that Säpo was attempting to stop the outsourcing in November 2015, and did not find out about this until a later date.

She told news agency TT the issue was not raised at the regular meetings she had with Säpo at the time.

READ ALSO: Swedish government battles political fall-out from transport data leak

“Säpo did not make any recommendations to the government [at this time]. It was managed directly with the authorities,” she said.

Linde also said that it was not true that Säpo had raised the alarm about the Transport Agency leaks at the initial meeting in September.

“During an ordinary meeting, Säpo raised the issue of outsourcing at the Transport Agency and that there was some concern regarding security risks. But there was no knowledge of leaks actually existing and certainly not of danger to national security,” she said.

As such, there was no cause to convene the government agency’s crisis committee, according to Linde, who also stressed that although she could not reveal all the information regarding the case, since much is classified, the government-appointed investigator leading an inquiry into the IT scandal would be given everything.

Linde said that she did not believe any of the classified information would be a cause for concern for the government.

“I don’t think [it will]. But we will see. There are always lessons that can be learned in all cases. It is very possible that there could be better information channels, for example, better double security and ensuring that everyone who should have access to information receives it,” she said.

Ygeman eventually lost his job as part of a government reshuffle by Prime Minister Stefan Löfven in response to a no-confidence motion by the opposition Alliance coalition.

The results of the inquiry will be presented in January 2018 and an investigation into the matter will also be conducted by Sweden's Committee on the Constitution.

READ ALSO: Swedish cyber security slip-up 'a complete failure': PM Stefan Löfven