When the Democratic and Republican chairmen of the congressional intelligence commitees both agree that HealthCare.gov, Obamacare’s version of Internet Hell, should be taken down for security reasons, it’s time to pay attention.
Democrat Dianne Feinstein, who has chaired the Senate Intelligence Committee for the last five years, startled Bob Schieffer on CBS’s Face the Nation today when she said, “I felt and I said this directly to the president’s chief of staff, that they ought to take down the website until it was right. They believe that they need to keep it running and that they can sort out the difficulties.” One way to interpret that is that the political survival of President Obama’s signature achievement takes precedence over the cybersecurity of all Americans. As I wrote last month, the White House has shown an astonishing lack of concern for Obamacare’s security vulnerabilities.
Her House counterpart, GOP representative Mike Rogers of Michigan, concurred: “They need to take the site down, stabilize it, meaning they can’t continue to add code every week, and then they need to stress test the system. Unfortunately, Bob, none of that has happened. And they admit it’s going to take six months. . . . . That is unacceptable for the protection of privacy of Americans’ information.”
Both members have had private briefings on the security weaknesses of Healthcare.gov. What’s public is bad enough: A September 27 memo by government officials to Medicare chief Marilyn Tavenner said security testing of all the component parts of the site hadn’t been finished as part of an integrated system. “From a security perspective, the aspects of he system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the [website].” The site was allowed to open with only a temporary security certificate, rather than the full one that is normally issued.
The administration insists Healthcare.gov is secure. Last week, Health and Human Services spokesman Joanne Peters insisted that applicants “can trust the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure.”
So which version is closer to reality? Ask Justin Hadley, a North Carolina man who saw Blue Cross cancel his individual policy in September and send him to Healthcare.gov. As the Heritage Foundation reports, when he finally made it past the registration page last Thursday, he was greeted with copies of letters confirming the eligibility for health insurance addressed to two real individuals from South Carolina. “If I have their information, then who else has my information now?” he asks.
The federal data hub that processes the information used to determine eligibility for Obamacare’s subsidies is the only part of the Obamacare site that seems to be working well. “The bad news,” as I wrote last month, ”is that because the data hub is the largest consolidation of personal data in our nation’s history, it will become a magnet for identity thieves.”
Many experts, along with Senator Feinstein and Representative Rogers, worry about the same thing. Michael Astrue, who was commissioner of Social Security until February of this year, issued this warning last month.
“[The Department of Health and Human Services] opened the door to large-scale fraud by providing funding for tens of thousands of ‘navigators’ — people who are supposed to persuade the uninsured to apply for coverage and then assist them in the application process. Instead of hiring well-screened, well-trained, and well-supervised workers, HHS decided to build political support for the Affordable Care Act by pouring money into supportive organizations so they could launch poorly trained workers into their communities without obtaining criminal background checks or creating systems for monitoring their activities,” he wrote in The Weekly Standard. “As a practical matter, these navigators are unaccountable, and yet they will be asking people for Social Security numbers and other sensitive information. It will not take long for navigators to become predators, and HHS has no plan to deal with the new breed of predators it is creating.”
So the threats to the privacy of Americans come both from badly written code that’s an potential invitation to computer hackers and from thousands of unscreened “navigators” who will have access to private information. Isn’t it time to sound a four-alarm siren over this danger, like the kind that often sits atop the Drudge Report? We can’t say we haven’t been warned.