The Tennessean published a long comment from Mayor Karl Dean this morning on the Metro Action Commission break-in and on his Office's reaction to contract with a private identity security company (Debix) to provide coverage for Davidson County voters. While pointing out that the state bears responsibility for the Christmas Eve security failure (e.g., social security numbers and login passwords easily accessible on the stolen lap tops), Mayor Dean said he is directing ITS to implement their own security recommendations immediately, which is a course change from the distancing the ITS Director seemed to be doing in her comments to Metro Council on January 3.
But it is not clear in the Mayor's comments that Metro is making the turn toward accountability that it should. Conspicuously missing from the Mayor's comments are any reference to his administration's and the preceding Purcell Administration's (of which he was a member) failures to alarm the Metro Office Building that housed MEC. This is the dirty little secret, the elephant in the room that nobody seems to want to talk about. How could the Mayor's Office have failed to alarm offices prone to what looks like one of the largest one-shot identity theft cases in history? And how could a freshly elected Mayor Karl Dean have overlooked a total audit of all Metro offices during his first days in office? There are multiple levels of security failure, both virtual and actual, and Metro IT's disconnect from the security process is not the only one. Both Metro General Services, which oversees real-world security (including cardkey access records of AWOL security guards, a non-functioning security camera system, and unalarmed windows), and the Finance Department, which failed to authorize an alarm system for the MEC offices, are responsible. And the Mayor should answer for them and tell voters how he intends to reform them.
A couple of weeks ago, I put the Mayor's Office on the bubble between good and bad in Enclave's 2007 Best and Worst Rankings of Metro Services. If I had rated the Mayor's Office after the Council's Public Safety Hearing on January 3, its bubble would have burst. I would have had a hard time deciding whether or not the Mayor's Office would have been worse than the cellar-dwelling Metro Election Commission, because honestly I do not know whether virtual or actual security failures are the more reprehensible in this heist. The alarm, access, and camera failures were horrible, and the Mayor should be publicly accountable for them. Being accountable also means terminating Finance or General Services staff who failed in their oversight. The lone security guard should not be the fall-guy for what is a systems-wide failure.
I wish the Mayor had said more this morning and I hope that he has more reform plans for the future. Implementing ITS recommendations constitutes some progress, but alone it clearly does not go far enough to encourage my faith in the security of Metro buildings or in the officials charged with their management.