DSB’s solution to Sweden’s mandatory ID checks of all travellers going between the two countries was roundly criticized by IT professionals who expressed concerns that sensitive personal information was not being properly guarded.
Since Monday, employees hired by the rail company have been checking the IDs of all travellers bound for Sweden. In the first 24-plus hours of the operation, the DSB agents were using smart phones to photograph passengers’ IDs and send them to a server where the information would be stored for up to a month.
After several IT security experts raised red flags about the online storage of personal information, DSB announced on Tuesday afternoon that it would take the photographs offline, making them only available via closed network.
Peter Kruse, a security expert at the Danish IT firm CSIS who had slammed DSB’s original method as “worrisome” and “hasty”, praised the company for listening to criticism.
“It’s a sound move from DSB’s end. I’m more comfortable with their setup now than I was before,” he said.
“I think that all of this has happened very quickly for DSB and now they’ve had some time to sit back and look at what is most appropriate. And that is definitely a closed network,” Kruse said.
DSB’s head of IT, Martin Börjesson, told TV2 that the company has ensured that photos of passenger identification will not be stored on the agents’ smartphones and that the transmission of the photos to the closed server only occurs via encrypted data transfer.