Limitless Corruption? Official Who Wrote "Limitless Risk" Memo Was Same Tony Trenkle Who Refused to Certify Site as Secure, Who Was Then Either Fired by Administration or Who Chose to Resign

Remember Tony Trenkle?

“[CMS Chief Information Officer]Tony [Trenkle] made a decision that he was going to move to the private sector and that is what our COO announced yesterday,” said a spokesman for the Centers for Medicare and Medicaid Services, who refused to comment whether Trenkle had been pushed out due to frustrations over the agency’s online woes.

Why was he pushed out? Initially he seemed to be a Scapegoat. But Administrations usually publicize Scapegoats -- after all, the whole point is to claim all the problems were due to the Scapegoat, and then ritually slaughter him to expiate one's sins.

But they handled Tony Trenkle's firing/resignation very quietly.

Why?

Sharyl Attkisson reported on a possible reason.

CBS News has learned that Trenkle, the Chief Information Officer for the Centers for Medicare and Medicaid Services (CMS), was originally supposed to sign off on security for the glitch-ridden website before its Oct. 1 launch, but didn't. Instead, the authorization on September 27 was given by Trenkle's boss, CMS administrator Marilyn Tavenner.

As CBS News reported Monday, security assessments fell behind and the website never had the required top-to-bottom tests.

Trenkle and two other CMS officials, including Chief Operating Officer Michelle Snyder, signed an unusual "risk acknowledgement" saying that the agency's mitigation plan for rigorous monitoring and ongoing tests did "not reduce the (security) risk to the ... system itself going into operation on October 1, 2013."

But his boss, Marilyn Tavenner, certified the site as "secure" anyway.

Well that's not quite right -- what she did was certify it as belonging to the nonsensical category of secure for the interim, meaning they're going to keep checking security and working on security issues... which means it wasn't secure. And federal protocols (and maybe laws, I don't know) demand that any government site be certified as secure, not certified as "We're working on that."

But Healthcare.gov was certified as "We're working on that" as far as security and the Administration launched anyway.

Now, why did Tavenner sign the certification, rather than the man actually required to sign it? Well the Administration dealt with this question by, get this, lying:

Wednesday, an HHS spokesman said that the reason Tavenner, not Trenkle, signed the security authorization is because HealthCare.gov is "a high-profile project and CMS felt it warranted having the administrator sign the authority to operate memo."

No that's not why, Ms. Tavenner. The reason is that that the man charged with certifying the site as secure flat-out refused to do so -- possibly fearing a perjury charge for signing a false document.

Tony Trenkle then left the Administration-- and no one will say if he was fired, or he chose to resign on his own, and why.

Allah became pretty interested in Mr. Trenkle.

Memo to Darrell Issa: Subpoena this man.

And now comes this memo, which stated that the security risks in Healthcare.gov were "limitless."

The author of that memo? Tony Trenkle, the man who was either fired or chose to resign due to the Administration's demand he certify a dangerously insecure site as secure.

Did Chao lie to the committee about not having seen the Sept. 3 memo before or was there a deliberate effort within CMS to withhold the extent of the site’s problems from supervisors like him so that they’d greenlight it for launch as scheduled? If the latter, who’s responsible? As it turns out, the memo was written by — ta da — Tony Trenkle, lead tech officer for Healthcare.gov who left last week under mysteriously vague circumstances. As CBS reported, Trenkle himself never signed off on security for the site in September; it was his boss, Marilyn Tavenner, who signed the authorization, supposedly because she thought that a project this big should carry the John Hancock of the head of CMS. Is that the truth, or did Trenkle refuse to sign because he knew the site’s security was a travesty and couldn’t in good conscience authorize launching it? The fact that he wrote such a dire memo about “limitless” risk suggests that he knew the extent of the problem — and yet, if you believe Chao, that information somehow never made its way to the project manager. Why? Why are there so many unorthodox procedures related to approval of the site’s security here? Did Tavenner, at least, see Trenkle’s memo before she authorized the launch or was it withheld from her too? If she did see it, why didn’t she tell Obama and Sebelius that security was too weak to justify rolling it out now?

Allah's done a great job as a blogger in seeing this Trenkle business as a major story early. Now it becomes an even bigger one. (Sharyl Attkisson, of course, is the reporter here; but for me, personally, Allah highlighted the find.)

As he said: Subpoena his man. Based on the flow of information to Issa and Attkisson, I'm going to speculate that this man is interested in talking.

posted by Ace at 12:56 PM

| Access Comments