Skimping on Web security

License tab Web site problems defeat the purpose of convenient government.

Since taking office in 2002, Gov. Tim Pawlenty has made “holding the line on spending” his virtual mantra. Critics have responded that shortchanging the state’s budget is likely to leave government services in a sorry condition.

Last week, Minnesotans saw the logical result of the Pawlenty approach to budgeting when the state legislative auditor concluded in a report that Minnesota’s Web-based license tab renewal system was vulnerable to hackers. Calling the system vulnerable is an understatement. State auditors were able to access the Department of Public Safety’s private internal network – and credit card information for thousands of Minnesotans – through two wireless connections outside the department’s offices in downtown St. Paul. Neither connection was protected by even the most rudimentary security.

To be fair, problems with the license tab site stretch back to former Gov. Jesse Ventura, who led the state into the online service business without taking adequate security precautions. An initial legislative auditor’s report in 2001 made 17 separate recommendations to fix the already flawed system. Implementing those recommendations should have been a high priority for the Pawlenty administration. Instead, budget cuts imposed by the governor left the department’s information security unit with only one employee – hardly enough serve Minnesota.

Pawlenty has defended his record by calling the license tab snafu a “technology issue,” implying additional funding would not have prevented the site’s security problems. But that logic sounds like the political hair-splitting Pawlenty has made an art form. Most Minnesotans understand technology requires money and that stretching agency budgets paper-thin has real consequences. In this case, the consequences remain limited. There is no evidence private information was stolen, and the Web site has been shut down until security can be guaranteed. But from now on, Minnesotans will likely think twice before using another state-run Web site.

The other kink in Pawlenty’s tortured logic is most private companies have kept well ahead of Internet hackers, mainly because they’ve made Web security a budgetary priority. Companies know shoddy security costs them profits. Pawlenty might yet learn shoddy policy-making will cost him popularity.