Medicoleak: Pirate President denounces allegedly security leak and gets sued

 This is a guest blog post, written by Jerry Weyer from the Luxembourg Pirate Party

A day in April 2012, 6:30pm. Policemen knock on the door of Sven Clement, President of the Pirate Party Luxembourg, to carry out a search warrant. They take his laptops, smartphones and tablets, he has to follow them to the police station where he is being questioned - the accusation: Sven allegedly "stole" a password written on a Post-It by making a picture of it in a publicly accessible place and allegedly used this password to "hack" into the medical database of the ministry of sports. A few weeks ago Sven received the confirmation that he will be charged with unauthorized access to a protected database and - brace yourself - copyright infringement!

Let's start from the beginning: on January 19th, 2012, Sven's birthday, news gets to the luxembourgish pres that there has been a very serious security problem at the medial database of the ministry of health, containing the medical records of nearly 10% of the total population of Luxembourg. The first reaction of the Minister of Health is frantic panic: in an interview he denounces the "hackers" and "thieves" that will face the prosecution of the government. The facts in no way justify this reaction: the information presented to the press clearly stated that there has been a security problem, that this problem resulted from the incredibly negligent behaviour of the technical and political staff responsible for the database, that the responsible administration dealing with data leaks had immediately been notified and that now, 2 weeks later, this information was given to the press to inform the public of the carelessness of government institution with personal data. No data sets from the database have ever been leaked, till today.

That didn't stop the Luxembourgish government though. The justice Minister at a press conference reiterated the health ministers claims: the thief and/or hackers will be prosecuted! His claim: the culprits stole the password and accessed the database without authorization. No word on government negligence in creating the database, no mention on generally improving database security. Instead the lawyer and justice minister François Biltgen repeats the mind-blowing conclusion of the health minister: the culprit "stole" a password by making a picture of the post-it it was written on. This conclusion contradicts not only common sense and logic, it is in direct violation of luxembourgish jurisprudence. Prosecution has to drop this charge later in the case against Sven Clement - François Biltgen still becomes the luxembourgish candidate for the vacant seat at the European Court of Justice.

The chaotic response by the government to the data leak culminated on that day in April with the house searches. Sven Clement, previously critizining the negligent behaviour of government officials in the matter, wasn't the only person targeted by prosecution. In fact, the home of a person working for the administration to which the data leak was notified received a visit from the police that same day. Not only should the person that allegedly notified the authorities about the data leak, but the staff of that authority itself(!) be prosecuted.

The final act in this farce comes with the accusation: the prosecution accuses Sven Clement, among others, to have infringed the copyright of the Ministry of Health by allegedly having accessed his own (!) medical record. As the ministry of health possesses the intellectual property rights to the database, Sven Clement has, by looking at his own record with his own personal data, violated the copyright of the Ministry. That's not even funny anymore.

At the moment Sven Clement is waiting for a date and time for his trial. He will be prosecuted because he allegedly discovered a security leak potentially exposing the medical records of nearly 55.000 people in Luxembourg and for allegedly notifying the responsible administration about this leak. Ignoring for a moment the personal repercussions for Sven (f.ex. home search, lawyer costs), this actions paint a clear picture for whistleblowers in Luxembourg: "don't tell, or you'll be sued!". The willfull refusal of fault as well as the complete ignorance of ethics by our government makes Luxembourg a "no-go" place for whistleblowers.

You can reach Sven on Twitter at @svnee


Lägg till ny kommentar