The Library of Congress-run U.S. Copyright Office over the past six years ran through $11.6 million on a computerized royalty payment tracking system before quietly abandoning the project last year, according to an outside audit leaked this week.
Because the Electronic Licensing system (“eLi”) coding project was pushed forward without proper inhouse expertise, it did not adhere to sound System Development Lifecycle practices, said a January Kearney & Co. report commissioned by the Library’s inspector general’s office.
After the project was discontinued (its original price tag had been estimated at $1.1 million), the Copyright Office continued to report to top Library management that progress was being made on this and a related effort on the Library’s Overseas Field Office Replacement System.
First reported on Monday by the website boingboing.net, the development comes as the Library of Congress adjusts to its new librarian Carla Hayden, sworn in last September, and just two years after it reorganized its information technology operations under a chief technology officer.
The Kearney & Co. team cited weak oversight, a “lack of project management skills,” as well as “continuous failure of vendor-developed software to meet Copyright licensing requirements.”
“Without timely remediation of identified vulnerabilities, the Congress.gov System Owner is unable to determine whether high severity vulnerabilities could lead to compromise of LOC systems and data,” the consultants wrote. “If critical or high-risk vulnerabilities remain unmitigated on Congress.gov servers, there is an increased risk that the system servers and data could experience a loss of confidentiality, integrity or availability.”
Asked for comment, a Library of Congress spokeswoman told Government Executive, “The Library values its Office of the Inspector General and its role in reviewing processes at the Library so management can benefit from an independent review and take action when warranted.”
While the spokeswoman declined comment on the specifics, Deputy Librarian David Mao, in a letter included in the report, concurred with a list of Kearney & Co. recommendations. Mao wrote that in the past 18 months, the library has made “significant improvements in the management of its information technology.”
Library of Congress Inspector General Kurt Hyde asked Hayden for a corrective action plan within 30 days.
Image via Valerii Iavtushenko/Shutterstock.com.