The founder if The Pirate Bay Gottfrid Svartholm Warg has been charged, along with three other suspects, with a couple of fairly major cases of hacking that occurred during the last two to three years. Among those allegedly targeted are Nordea, a Nordic based major bank, and the information management company Logica. The latter has been responsible for several major agencies’ central databases – among them the Swedish Tax Agency, whose database people have apparently been tampering with.
It is of course easy to, as I did when I was interviewed by the newspaper Metro yesterday, to make fun of how Gottfrid managed to hack central and important computer systems here in Sweden from the jungles of Cambodia. It wasn’t fully intended as a joke though, as there is an important point to be made here. About a year ago it was reported that Nordea signed a new deal, outsourcing its information management, a deal worth about 10 billion Swedish crowns (around 1,6 billion USD). That such a system could be infiltrated and then taken advantage of by hackers is a pretty serious problem. It is indicative of a power balance seriously askew, leaning heavily in favor of the hackers.
Outsourcing is something that I am principally opposed to. When big actors give away their (and by extension my, yours and our) data to yet another external party you create a hazy chain of actors where holding someone accountable if (when) something goes wrong becomes a very difficult thing. For instance, it seems that part of Nordea’s work is handled in India.
This is also my main criticism in the Logica-case. You could be upset that someone, perhaps Gottfrid and his friends, have been meddling in a bunch of governmental databases. According to the lawsuit the case involves at least the Swedish Tax Agency, the Swedish Enforcement Agency and Infotorg (a major Swedish database of personal information). And as the relations between a number of the databases are mentioned in the lawsuit I find myself thinking, with a certain concern, that the National Police Board also could be among those affected. But most upsetting to me is that data from so many vital authorities has been stored in the same place, and that it’s handed to other actors on a procurement basis. Or as I explained to Metro:
This case signals that sensitive data isn’t safe when the government and banks outsource part of their operations to other actors, according to Marcin de Kaminski.
-We as citizens can apparently not trust that the information we give up about ourselves are kept secure. We should be able to expect more from central systems in an e-society where more and more is stored digitally.
As a sidetrack I see direct parallels to how more and more e-mail traffic is transferred to Google’s services, at times even things that potentially could contain source protected material. I touched on this subject last year when I tried to sort things out after a major password-breach related to a Swedish blog portal being hacked. What I think one should learn from this is that data today has to be handled with more care. And that all systems are hackable. Gottfrid is in custody now, but in the back of your mind you have to take note that he’s hardly the only one with the knowledge claimed to have been used to perform these hacks. Most likely these intrusions occur far more than we know about. That all of this is under wraps and being spoken about quietly is not all that surprising, especially seeing as one of the charges roughly translates to as “having affected the general publics trust in payment systems”. Rumors about the vulnerability of the digital society are of course as harming as the vulnerabilities themselves.
And it’s precisely this that makes me a bit confounded when the news about the charges against Gottfrid Svartholm Warg comes at the same time as the news about the proposition to try out electronic voting systems in the 2018 elections. It is so very, very strange to push the question of e-voting when the criticism from a more technical standpoint is based on the fact that electronic voting is not a legally secure way to hold democratic elections.
I tweeted somewhat sceptically when I first read about it, then Max Andersson, a member of the Green Party wrote a debate article on the subject which in turn was confirmed by the Liberal People’s Party’s Fredrik Malm whose personal experiences includes electoral monitoring in among others Venezuela. The word also came from Denmark that they’re already had been discussing e-elections.
To summarize the discussion of the last couple of days I think we can point out a few main issues: On one hand a small handful of hackers with Gottfrid Svartholm Warg in the lead have been charged with something that should not, or rather can not, be allowed to happen but that despite this probably happens on more occasions than we know about. On the other hand there are plans to in a similar manner hand over one of our few directly democratic decision-making processes – or maybe rather rituals – into the hands of external technology actors and their just as secretive as hackable e-voting systems. Somewhere out there I hope that there are more people than myself seeing the faulty logic of this.
Note: This English translation of “Hacken identifierar felen, men lär vi oss?” was made by Jack Senften from the LUii Embassy as a part of the new efforts of the Cybernorms RG to make more texts and blog posts available to international readers.