More than half the Republicans in the House have co-sponsored legislation designed to protect users of federal websites from hacking and identity theft. It’s in response to security concerns about everyone’s favorite federally run website, HealthCare.gov, and mandates more oversight to guard users’ information across the federal government’s systems.
“The White House acted recklessly and put the personal information of Americans at risk,” said Representative Kerry Bentivolio (R., Mich.), who introduced the legislation, in a statement. “HealthCare.gov may also have compromised dozens of other federal agencies and their systems because it taps into numerous other federal websites. People looking to buy health insurance want to be assured that the site is safe to use. This problem cannot be taken lightly.”
The legislation would require that federal websites that collect personal information are certified as secure by the Government Accountability Office before going live. It also gives Healthcare.gov 30 days to meet the standard or be taken offline.
Matt Chisholm, a spokesperson for Bentivolio, tells NRO that the congressman is optimistic about the legislation’s prospects in the House — it now has 122 co-sponsors.
“We are currently speaking with Chairman Issa about the bill and working on it with him,” Chisholm says, adding that the legislation has more co-sponsors than any other bill introduced by a freshman Republican in the 113th Congress.
Congressional Democrats have defended the adequacy of HealthCare.gov’s existing security measures, but others have worried that it doesn’t do enough to protect users’ data and could be a bonanza for hackers and identity thieves. David Kennedy, CEO of information-security consultancy TrustedSec, told members of the House Science, Space and Technology Committee that the site’s security actually got worse in the months following its launch.
”The website is not getting any better,” he said, according to PC World. “TrustedSec’s opinion still holds strong that the website fails to meet even basic security practices for protecting sensitive information of individuals and does not provide adequate levels of protection for the website itself.”