Police chief disregarded IT security regulations
Sweden's national police chief flouted IT security protocols just months after being directed not to do so by the Swedish Armed Forces, according to fresh information uncovered by Swedish Radio.
Speaking to Swedish Radio, IT security expert Patrik Fältström described national police chief Dan Eliasson's apparent disregard for Swedish Armed Forces' security regulations as "clearly highly unusual."
"For the Swedish Armed Forces to so clearly explain [this] to the police, and for Eliasson to take such a decision just a few months later is clearly highly unusual," Fältström said.
Experts say that Eliasson did not have the right to select an encryption system not passed by the armed forces.
Eliasson has defended his actions, saying that existing rules permit the use of encryption systems other than those approved by the Swedish Armed Forces.
Eliasson first came under pressure over what he knew and when in September after Swedish Radio revealed that he had decided, in the spring of 2015, to forgo using approved encryption programmes, required by law, to keep personnel data safe.
Eliasson faced questioning from the parliamentary justice committee over the allegations last month.
The police requested permission from the Swedish Defence Forces to use an unapproved encryption programme in August 2014. The programme was to be used for back-up copies the police wanted to make of an IT system.
Sources within the police have confirmed to Swedish Radio that this request was firmly rejected.
Several months later, when the police needed support from a private IT provider for maintenance of its payrole system, the directive was ignored and Eliasson selected an alternative encryption programme that was not approved by the Swedish Armed Forces.