To understand how predictable Oregon’s recent DMV data breach was, consider that in 2012 the State Library’s website was hacked for two weeks. Anyone who visited it would have found the site occupied by advertisements in a foreign language.
When the matter came up at a meeting of a Joint Ways & Means subcommittee, state Rep. Greg Smith (R-Heppner) joked that he hoped the hackers didn’t mess up the Dewey decimal system.
You probably didn’t see much news coverage about that hacking because there was virtually none.
However, six years later the state’s largest newspaper — The Oregonian — gave top-of-its-website coverage to the sad and tragic story of the firing of state Librarian MaryKay Dahlgreen.
Then-Oregonian reporter Molly Harbarger led her story with the real travesty:
“At a routine meeting of an Oregon legislative subcommittee, Sen. Betsy Johnson unleashed the ire she’s fostered for six years over the State Library’s performance.
“‘We have spent I don’t know how many untold hours trying to figure out how to cure 100 years of tradition unhampered by progress and it hasn’t gotten better,’ she told fellow lawmakers weighing the library’s proposed budget.”
In her story, The Oregonian’s Harbarger cast Dahlgreen’s firing by then-Gov. Kate Brown as “surprising and disappointing” to her “many supporters among librarians and library supporters.”
Harbarger noted that Brown’s office declined to explain the dismissal beyond, “Dahlgreen fell short of clear and timely expectations from legislators.” Instead, the reporter laid the blame on “the discontent of one person: Johnson.”
At the time, I was working for Sen. Johnson. A question came up as to whether Johnson had made Dahlgreen cry during a legislative hearing. Crying is a big deal in Oregon. It’s one thing to have a public website hacked. It’s a whole other matter when a highly paid state employee gets their feelings hurt.
During one legislative hearing, Johnson tried to determine how much Dahlgreen had spent on certain contracts, and what the state had received in return. A direct answer was not forthcoming.
Dahlgreen made reference to something about “strategic imperative focus on the customer.”
The State Library’s professional staff spent six years talking about the need to define “research transaction” by which to judge their performance.
“Six years quibbling about a definition?” said Johnson.
When it was announced last week that an Oregon Driver and Motor Vehicle Services breech affected 90 percent of Oregon driver’s licenses and ID card files — or about 3.5 million Oregonians — the media and Attorney General Ellen Rosenblum immediately offered advice: Get a free copy of your credit report to see if anyone is using your identity to obtain a bogus credit card.
The breach occurred as part of a global hack when the Oregon Department of Transportation was moving a massive amount of data to other state agencies, including the Secretary of State’s Office, which oversees voter rolls.
The DMV hacking underscored Johnson’s frequent observation about Oregon’s trouble managing technology: “100 years of tradition unhampered by progress.”
It has become a rerun in the state. Oregon loses X-amount of millions in an embarrassing IT scandal, leading to publicity for a while and then it’s back to business as usual.
In 2010 there was the Oregon Wireless Interoperability Network with the nifty acronym OWIN. It was a state emergency radio system that was supposedly needed to meet new federal requirements. It called for building or updating 300 radio towers so emergency responders in Oregon could talk to one another. This was an issue after the 9-11 terrorist attacks when emergency responders in the Twin Towers couldn’t talk to one another.
Oregon spent $586 million on the OWIN project, but taxpayers got only 30 towers instead of 300.
In 2014 there was Cover Oregon’s failed online health insurance exchange that cost the state $350 million. After spending $160 million to launch it, zero people had signed up. Nevertheless, the state fed more money to Oracle America Inc. for a web portal that failed. At one point, the state was accepting applications for health insurance by old-fashioned paper and ink. Eventually, Oregon switched to HealthCare.Gov, a federally run website — an option available all along.
In 2018 there was Project MUSIC (Mobilizing Unified Systems and Integrated Communications) — another nifty acronym and boondoggle. Developed by IBM, this was supposed to be a phone system for 30,000 state employees costing at least $46 million. It didn’t work. In some cases, employees couldn’t even get a dial tone.
In April 2020 during the pandemic tens of thousands of Oregonians couldn’t access unemployment benefits because of an antiquated computer system dating to the 1990’s — even though the state had received almost $86 million in federal funds 11 years earlier for an upgrade.
In late 2020 Steve Trout was fired from his job as state elections director. He made the mistake of speaking honestly to candidates running for Secretary of State and told them about significant tech shortcomings. Some of the state’s election systems were running on Windows Server 2008. The state’s public facing websites relied on one power supply on the Capitol Mall and one Internet connection. There was no redundancy.
Before the current DMV hack, there was a question about whether Oregon would be able to upgrade residents to the new driver’s licenses. It was a valid concern given that in 1993, the DMV unveiled a $48 million project to automate its operations. Three years and $123 million later, the state realized all it had to show for it was useless hardware and programs.
Johnson, who ran unsuccessfully for governor last year, liked to quip that whenever somebody says IT, the legislature gets out the garlic and crucifix. Oregon state government has developed a reputation as technologically incompetent. It’s an invitation to being taken advantage of.
In 2021, she was invited to speak to the Technology Association of Oregon. She urged members to consider running for office. The legislature needs more people who can look at a specific problem and develop a real solution — not a new tax, fee or policy, Johnson said.
“Oregon is headed for another tech disaster,” she predicted. “Your expertise is needed. … The homeless have advocates. The mentally ill have advocates. Persons involved in the criminal justice systems have advocates. Public employees have advocates. … Who advocates for you?”
It shouldn’t be surprising, then, that while the current legislative session was dominated by a controversial bill centered on abortion and gender-affirming care, another tech disaster was looming for Oregon.
"Crying is a big deal in Oregon. It’s one thing to have a public website hacked. It’s a whole other matter when a highly paid state employee gets their feelings hurt."
I love this part. SOOOOO true. That one woman who said Sam Adams made her cry, when he insisted that she repeat some instructions he had just given her, to be sure she understood? Oh please. I can't believe all the snow flakes of the world today. Sam should never have been shit canned the way he was.
I've noticed these trends too, when it comes to any kind of tech issue in Portland. What I'd like to know is who is stealing ALL THAT MONEY, because that's what's happening. How can millions go into a fund to upgrade a bad website and then nothing happens?
Speaking of disasters:
https://thebulletin.org/2023/06/queering-nuclear-weapons-how-lgbtq-inclusion-strengthens-security-and-reshapes-disarmament/