Missing Security at Minnesota Driver's License Website

Series of missteps left personal and financial data vulnerable at Minnesota's license tab renewal Web site

"The problem with decentralization, it's like dancing with five people at the same time," he said, referring to the five divisions with computer technology staffs.

Security issues were an afterthought for the license tabs computer people, said Buse, the audit investigator, and there is no job category in the state for computer security.

"We don't have a lot of security professionals," he said. "We have database managers who are supposed to be doing some security."

Generally, security engineers can have a lot of titles, and in a pinch they might also be network engineers, computer expert Steller said. But database managers or computer application managers are never security engineers.

Compounding the problems, Bennett said, was frequent turnover in the divisions and in the Office of Technical Support Services where he worked, forcing him to do more with day-to-day operations than strategic security for the agency. He quit in August 2004 to do computer security work at a private company. Budget cuts had reduced the information security unit to just Bennett, and he was not replaced when he quit, the second audit pointed out.

Individuals in each division were responsible for installing security patches, a software program that counters hackers. With no centralized security group monitoring the work, the legislative auditor found, patches weren't installed on many computers, something Bennett pointed out in an October 2003 e-mail.

"Those were not up to date," Cain said. "Why that didn't happen, I don't know."

Digging into how the failures occurred or who was to blame has been a low priority as officials focused attention on fixing the system and getting it running again, deputy commissioner Ellison said.

"I think as a department, we are not trying to dodge responsibility and say everything we did was perfect," she said. "But we're also not trying to look for some villain. We're saying we regret this happened. It was no one's intention to deliberately harm anybody."

However, the division's computer coordinator, Judith Franklin, became the subject of intense scrutiny as the second legislative audit wrapped up last spring. She is the only employee who was disciplined as a result of the security flaws, said Gary Denault, executive director of the Middle Management Association, Franklin's union. She was placed on paid administrative leave in April and resigned Aug. 10.

In an interview with the Pioneer Press, Franklin said that she was made a scapegoat for the system's problems, that she was singled out because of personality conflicts and that she did good work.

Franklin has worked with computers since the days of the large mainframes in the 1970s at university jobs from Oregon to Minnesota. When she joined Driver and Vehicle Services in late 2000, her main role was to oversee the growth of the online renewal system and simplify it for customers. She worked through the night fixing division machines and cleaning up software when the computers were hit by outside viruses, the documents show.

At least three state computer technicians grumbled about Franklin since 2002, according to e-mails. Bennett, for instance, prodded people to fix a security gap and in an e-mail said, "I have informed Judith of it, and have never received a response."

Out of the hundreds of state documents reviewed, about five were complaints about her job performance. Supervisors did nothing until the second legislative audit in 2005 when another five e-mails indicated she had been stripped of responsibility.

She disagreed that the two audits revealed serious problems. She said "most of the things aren't right or wrong" but security had to be balanced against ease of use for customers.

She purchased security software last fall, but it had not arrived before the second audit, Franklin said. Her former boss at the division, Brian Lamb, praised her work, saying she "was brilliant," understood the systems and explained them clearly.

McCormack and Ellison refused to comment about Franklin, even though she has quit the agency, and they refused to say why no one else was disciplined.

"We can't comment on any specific staff," Ellison said. "We are fixing the problem."