Eating crow is a fine art. Susan Combs hasn’t mastered it.
The state comptroller of public accounts has been ducking responsibility ever since revealing that her agency had put the names and Social Security numbers of 3.5 million people in a publicly available spot on the comptroller’s state website.
For a year.
Think anyone noticed what was lying around? Nobody knows, to tell you the truth. The comptroller flailed in the week after the announcement, firing some subordinates, sending her PR people to answer the sharp questions and attempting to blame the agencies that sent her the information in the first place. They put it right back on her desk, saying the info from their shops — the Teacher Retirement System, the Employees Retirement System and the Texas Workforce Commission — had been sent over in properly encrypted form. It was the comptroller’s office that left it, unencrypted, on a public server.
For a year.
Combs responded to this self-inflicted challenge with a letter to each of the people whose names and Social Security numbers were left out for the thieves. The letter is a masterpiece of equivocation and prevarication, leaving a false impression without telling an outright lie.
“Please be aware that we have no indication that your personal information has been misused in any way.”
They also don’t have any indication that it hasn’t. All they know is that this particular pie was on the shelf for a year and that they don’t know whether anyone took a slice of it.
“The data files were immediately taken offline and secured.”
The letter doesn’t say anything about the year that lapsed before they were “immediately” secured.
It says they created a website and some FAQs and an email address where the current and former state employees and others who were affected can get more information on the mess.
But let’s say you’re not one of those folks affected or don’t care about them. Let’s say you’re in a forgiving mood or you’re a Combs chum, or a legislative budget-writer so dependent on the comptroller for good news that you’re willing to let this one go.
This is the agency that collects taxes for the state of Texas. It doesn’t have a lot of tax information about individuals, since Texas doesn’t have a personal income tax. But it’s got a lot of sensitive and proprietary information about the businesses in the state. The agency’s officials have made an explicit deal with those taxpayers: Send us the information we need to make sure you’re paying the taxes you owe, and we’ll never share it with anyone unless they’re either a tax collector or in law enforcement or in the Legislature (that’s right, kids — Texas legislators have the legal authority to peek at your books).
That’s a setup to put this line from the letter in proper context: “As an added precaution, we are actively working with law enforcement and have contacted all major credit reporting agencies to notify them of this issue.”
Sure they have. What are they going to do? Throw the FBI and the Texas attorney general out of the building? Those two agencies have launched a criminal investigation.
The letter ends with the only thing approaching an apology. “We sincerely regret that this incident occurred. Thank you for your shared vigilance at a time when the potential for cyber crime remains a great threat.”
A threat aided and abetted by a state agency that’s supposed to be expert at locking up sensitive information.
The comptroller’s name isn’t on the letterhead, mentioned in the text or at the bottom of the letter. Before all of this came to light, she was busy planning a run for lieutenant governor, if that job comes open in 2014, and has been telling political people and potential supporters that she’ll announce soon after the end of the current legislative session.
Her signature isn’t on the 3.5 million form letters that went out. Holy identity theft, Batman, that’s a lot of voters — equivalent to about one of every five adults in Texas. It’s signed instead by Victor Gonzalez, chief technology officer for the agency.
He resigned last Friday, before all of the letters had even been delivered.