ComputerSweden reveals that all phone calls (2.7 million) to 1177(health advice service) since 2013 going through medicall (health care company), in their entirety, have been available without any authorization at http://188.92.248.19:443/medicall/ (Now they are gone).
The IT-systems of Swedish authorities are in extremely bad shape. In 2016 transportstyrelsen leaked information about people with hidden identities, twice.
There are multiple reasons for these problems.
Svt reports that in 2011 the government wanted to increase the outsourcing of it-systems since an investigation thought it would reduce costs. Nowadays I realize that investigation from the government actually means rationalization.
I en utredning av Riksrevisionen uppmanades svenska myndigheter att köpa mer av sin it externt. Regeringen Reinfeldt delade Riksrevisionens bedömning och menade att “det är önskvärt att en större del av myndigheternas it-behov tillfredsställs med hjälp av outsourcing”. Myndigheten beräknade att statens it-kostnader uppgick till mellan 20 och 25 miljarder kronor per år, och att kostnaderna skulle kunna minskas med outsourcing.
Problems:
-
Who is responsible for problems that arise? The authorities, but they haven’t coded their own systems, and don’t even know how they work. So even if someone has to go for a scandal, the problems will not go away.
-
Swedish Public Procurement Act. Basically: buy the cheapest bid that fits the organization’s criteria. However this is a doomed system. First of all, the people formulating the criteria are not the ones using the systems. Secondly they get favorites and formulate the criteria so it only fits that bidder.
-
It becomes more expensive. Period. A website? 100 million sek - never went live. Having a nice system that someone from Oracle criticises? Let’s hire accenture and pay 10 billion sek for a much worse system. The problem here is mostly incompetence from the chiefs ordering the systems and the companies trying to milk public money.
Possible solutions?
Less outsourcing
Every authority should hire programmers and develop their own systems. Perhaps with guidance from a new “digitaliserings” authority? The problems with this is that good programmers are expensive, and few. Not really sure how to accomplish this, but we might steer it in the right direction by requiring open source systems, abandoning the Swedish Public Producement Act (at least regarding it-systems that are extremely hard to write requirement specifications for.)
The point.
The main task for public authorities is to handle data about the population in a safe way, which to a very high extent nowadays is digital. Then it’s completely absurd to buy all the software from private companies which can get away with these kinds of security issues and leaks with an apology.
Maybe we can have open source cooperation within the EU of creating open source systems for public authorities. There already exists cooperation within the EU about open source like the bug bounty program that MEP Julia Reda is engaged in.