The Corner

Unsafe at Any Web Speed: Intel Chairs Say Take Down Healthcare.gov

When the Democratic and Republican chairmen of the congressional intelligence commitees both agree that HealthCare.gov, Obamacare’s version of Internet Hell, should be taken down for security reasons, it’s time to pay attention.

Democrat Dianne Feinstein, who has chaired the Senate Intelligence Committee for the last five years, startled Bob Schieffer on CBS’s Face the Nation today when she said, “I felt and I said this directly to the president’s chief of staff, that they ought to take down the website until it was right. They believe that they need to keep it running and that they can sort out the difficulties.” One way to interpret that is that the political survival of President Obama’s signature achievement takes precedence over the cybersecurity of all Americans. As I wrote last month, the White House has shown an astonishing lack of concern for Obamacare’s security vulnerabilities.

Her House counterpart, GOP representative Mike Rogers of Michigan, concurred: “They need to take the site down, stabilize it, meaning they can’t continue to add code every week, and then they need to stress test the system. Unfortunately, Bob, none of that has happened. And they admit it’s going to take six months. . . . . That is unacceptable for the protection of privacy of Americans’ information.”

Both members have had private briefings on the security weaknesses of Healthcare.gov. What’s public is bad enough: A September 27 memo by government officials to Medicare chief Marilyn Tavenner said security testing of all the component parts of the site hadn’t been finished as part of an integrated system. “From a security perspective, the aspects of he system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the [website].” The site was allowed to open with only a temporary security certificate, rather than the full one that is normally issued.

The administration insists Healthcare.gov is secure. Last week, Health and Human Services spokesman Joanne Peters insisted that applicants “can trust the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure.”

So which version is closer to reality? Ask Justin Hadley, a North Carolina man who saw Blue Cross cancel his individual policy in September and send him to Healthcare.gov. As the Heritage Foundation reports, when he finally made it past the registration page last Thursday, he was greeted with copies of letters confirming the eligibility for health insurance addressed to two real individuals from South Carolina. “If I have their information, then who else has my information now?” he asks.

The federal data hub that processes the information used to determine eligibility for Obamacare’s subsidies is the only part of the Obamacare site that seems to be working well. “The bad news,” as I wrote last month, ”is that because the data hub is the largest consolidation of personal data in our nation’s history, it will become a magnet for identity thieves.”

Many experts, along with Senator Feinstein and Representative Rogers, worry about the same thing. Michael Astrue, who was commissioner of Social Security until February of this year, issued this warning last month.

“[The Department of Health and Human Services] opened the door to large-scale fraud by providing funding for tens of thousands of ‘navigators’ — people who are supposed to persuade the uninsured to apply for coverage and then assist them in the application process. Instead of hiring well-screened, well-trained, and well-supervised workers, HHS decided to build political support for the Affordable Care Act by pouring money into supportive organizations so they could launch poorly trained workers into their communities without obtaining criminal background checks or creating systems for monitoring their activities,” he wrote in The Weekly Standard. “As a practical matter, these navigators are unaccountable, and yet they will be asking people for Social Security numbers and other sensitive information. It will not take long for navigators to become predators, and HHS has no plan to deal with the new breed of predators it is creating.”

So the threats to the privacy of Americans come both from badly written code that’s an potential invitation to computer hackers and from thousands of unscreened “navigators” who will have access to private information. Isn’t it time to sound a four-alarm siren over this danger, like the kind that often sits atop the Drudge Report? We can’t say we haven’t been warned. 

Most Popular

Economy & Business

Who Owns FedEx?

You may have seen (or heard on a podcast) that Fred Smith so vehemently objects to the New York Times report contending that FedEx paid nothing in federal taxes that he's challenged New York Times publisher A. G. Sulzberger to a public debate and pointed out that "the New York Times paid zero federal income tax ... Read More
Sports

The Kaepernick Saga Drags On . . . off the Field

Colin Kaepernick’s workout for NFL teams in Atlanta this weekend did not run smoothly. The league announced an invitation to scouts from every team to watch Kaepernick work out and demonstrate that he was still ready to play. (As noted last week, the workout is oddly timed; the NFL season is just a bit past its ... Read More
World

Israel’s New Way of War

Commuters on Route 4, driving toward the Israeli coastal city of Ashdod on November 12, were shocked by an explosion, a rocket impact next to a major intersection. Had it fallen on a car or one of the many trucks plying the route, there would have been deaths, and the road would have been closed. Instead, police ... Read More