Security Concerns Surround Public Calendar of New Liberal Leader Simona Mohamsson

Simona Mohamsson has been proposed as the new leader of the Liberal Party in Sweden, a development that has drawn attention not only for its political implications but also for significant security concerns. Recently, it was revealed that her private Google Calendar, which contains sensitive information related to both her professional and personal life, was publicly accessible online. The data exposed spans over 15 years and includes details about meetings with party members, travel plans, and interactions with various individuals.

Anne-Marie Eklund Löwinder, an expert in information security and former chief security officer at the Internet Foundation, highlighted the potential risks associated with having a public calendar. She noted that anyone could monitor the whereabouts of individuals, which could pose safety threats, especially if someone sought to inflict harm or intimidation. Furthermore, the exposure of private information could lead to the dissemination of false information or reputational damage.

Another significant risk is the potential leakage of confidential or sensitive data. The Google Calendar includes a description field where users can provide more details about meeting agendas, which could inadvertently reveal internal projects or the identities of other attendees. This could compromise the privacy of individuals involved and lead to unwanted exposure.

The widespread use of Google Calendar, a tool favored by millions globally, makes it an attractive target for cybercriminals. These individuals often exploit public calendars by sending fraudulent invitations that appear to come from legitimate sources, aiming to extract personal information from unsuspecting users. Eklund Löwinder explained that if an attacker is aware of a scheduled meeting, such as one with a superior, it makes it easier for them to carry out scams.

While Eklund Löwinder expressed disappointment regarding the digital security awareness among politicians, she emphasized that many lack the necessary knowledge to protect their online environments. She pointed out that people are generally more vigilant about physical security compared to their digital presence, which has not received the same level of prioritization until recent heightened concerns about cyberattacks.

She stressed that individuals bear a personal responsibility to understand digital security and the measures they can take to safeguard their information. Failure to do so could not only jeopardize their own safety but also serve as a tool for malicious actors targeting others.

In addition to security risks, maintaining a public digital calendar containing information about other individuals might also violate data protection regulations. Olle Pettersson, a legal expert at the Swedish Data Protection Authority (IMY), noted that unintentionally disclosing meeting information about third parties to an unrestricted audience could contravene various data protection requirements. Such requirements include the obligation to inform affected individuals, who could find themselves in precarious situations if their details are exposed.

Even a first name can be enough to identify a person, especially if it is uncommon or associated with an email address. As of now, IMY has not received any complaints related to Mohamsson's public calendar, leaving it up to individuals affected to decide whether to take action.