Does Healthcare.gov Violate the Obama Administration's Own Security Guidance?

Peter Suderman | 10.31.2013 3:40 PM

In sworn congressional testimoney yesterday, Health and Human Services Secretary Kathleen Sebelius said that HealthCare.gov was operating under provisional security authorization—a temporary certificate issued just a few days before the October 1 launch, according to an internal administration memo first published by the Associated Press.

That memo warned that lack of thorough testing meant the site was left with the potential for serious security risks. "From a security perspective," the memo said, "the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the (federal marketplace website)."

In addition, the temporary authorization appears to violate administration guidance on web security—guidance crafted by Jeff Zients, who has been tasked with heading up the repair effort, in his former position as acting director of the Office of Management and Budget. As The Washington Examiner's Philip Klein reports:

During her testimony Wednesday before the House Energy and Commerce Committee, Secretary of Health and Human Services Kathleen Sebelius said that healthcare.gov is operating under a "temporary" order certifying that it met stringent security standards even as testing continues.

But that would appear to contradict guidance issued by the White House Office of Management and Budget last year by none other than Jeff Zients—the former acting director of OMB, who more recently was brought in to oversee the "tech surge" to fix problems facing Obamacare's implementation.

In a Sept. 27, 2012, memo addressed to the heads of executive departments and agencies, Zients said that OMB did not recognize "interim" authorizations.

Klein asked HHS about the apparent conflict between the memo and the temporary authorization and got a non-response:

HHS has now responded, but the response does not address the issue of whether the issuance of a temporary authorization violated official OMB guidance issued by Zients.

In an emailed statement, HHS spokeswoman Joanne Peters repeated nearly verbatim the response from CMS spokeswoman Bataille from earlier in the day. Peters said, "When consumers fill out their online Marketplace applications, they can trust that the information they're providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure. Security testing happens on an ongoing basis using industry best practices."

Regardless of whether or not the site itself is secure (which sort of doesn't matter at the moment, given that it doesn't work), it certainly looks as if the security authorization it's currently relying on violates the administration's own procedures.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Calif. State Senator Investigated for Taking Bribes

Hide Comments (27)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Homple 10 years ago

While the certificate is temporary, we may all be assured that it is stringent.
1. Hillary's Clitdong 10 years ago
  
  Hello, I am a wealthy Kenyan prince. I recently acquired a large number of insurance plans, but I have no way to access them. If you could send me $5000, I will be able to unlock these insurance plans and would send you at least $100,000.
  1. neoteny 10 years ago
    
    And you could keep the $5000, too, if you like it.
    1. cavalier973 10 years ago
      
      You didn’t scam that.
Sevo 10 years ago

Sort of OT:
Just noticed on another BBS. Someone commented that a commercial web site is currently “Obamacared”.
The next “Kleenex”!
1. Fatty Bolger 10 years ago
  
  Meaning it’s functional but at a very slow speed and low reliability?
  1. Almanian! 10 years ago
    
    Meaning if it were a living thing, it would jump out of the monitor and shit in the middle of your dining room table.
  2. Sevo 10 years ago
    
    In this case, it simply meant F’d up; not functional.
Fist of Etiquette 10 years ago

You have to give the website your information to find out how much of it will be leaked out.
1. Rich 10 years ago
  
  LOL.
  I suppose the site could be “Pelosied”.
John 10 years ago

Look at it this way, when people have their identity stolen they will forget all about their crappy overpriced health insurance. This could be a very good development for Obama.
1. Rich 10 years ago
  
  LOL.
  It’ll give Holder something to do.
  Wait, I’ve got something in my eye ….
ChrisO 10 years ago

We need to get the anon-bot on the case and get this fixed right up.
Almanian! 10 years ago

Wow. THIS was “unexpected”.
1. Sevo 10 years ago
  
  Almanian!|10.31.13 @ 4:11PM|#
  “Wow. THIS was “unexpected”.”
  But Obo is “angry” and Sebelius “takes full responsibility”!
General Butt Naked 10 years ago

If you like your identity, you can keep it.
1. Spoonman. 10 years ago
  
  Some identities that don’t meet minimum ACA standards will be compromised. You must upgrade to at least a Bronze-level identity, which requires a minimum of $10,000 in credit card debt you didn’t authorize.
  1. BuSab Agent 10 years ago
    
    Does that mean if I have a Cadillac identity, I’ll have to downgrade or be taxed?
cavalier973 10 years ago

What we clearly need is single-payer identity theft.
Suthenboy 10 years ago

This really is stunning to behold. Even I did not realize how incompetent these boobs are.
So let me see if I can put it in a nutshell.
They lied their asses off, bribed and extorted to get obamacare passed with zero bipartisan support. Now that the president’s lies are plain for all to see and undeniable, they are just saying he had to do it because people dont know what is good for them.
On top of that, the whole thing is crashing like the hindenburg. The 680M dollar website is non-functional, the plans are costing far more than the pre-obamacare projected increases, and now your identity will be stolen ( you can be certain it is going to happen ).
The best is yet to come. I am betting once this thing gets fully implemented it will be as bad or worse than a single payer plan. Actually getting medical care will be next to impossible.
1. Sevo 10 years ago
  
  The local rag buries the entire story on page 10, beneath the fold.
  The front page yesterday was given over to a feud between two GOP guys no one ever heard of.
  You can see how the media is really on top of this.
  1. Homple 10 years ago
    
    A joke from East Germany, back in the day.
    (Neues Deutschland was the main government/party newspaper).
    Nasser, John Kennedy, and Napoleon were sitting together in the afterlife, looking down at the DDR and discussing their misfortunes.
    Nasser said, “if I would have had the Volksarmee at my disposal, I wouldn’t have have lost the Six Day War”
    Kennedy said, “if the STASI had worked for me, I wouldn’t have been assassinated.
    Napoleon said, “if Neues Deutschland had been France’s newspaper, nobody would have found out that I lost the battle of Waterloo.”
    The USA now has an entire media constellation that runs like Neues Deutschland.
Hillary's Clitdong 10 years ago

The best is yet to come. I am betting once this thing gets fully implemented it will be as bad or worse than a single payer plan. Actually getting medical care will be next to impossible.
Considering American politics, I think we’re going to be able to achieve universal health care at sub-NHS quality and astronomical prices.
1. Suthenboy 10 years ago
  
  When I typed that I was thinking of the case of the woman who died of hunger while in an NHS hospital, and of the several cases of patients drinking water out of flower pots.
  I just saw a report a couple of days ago that canada is reducing the allowable number of cataract surgeries in a given area from ~5000 to ~3000, if I remember the numbers right. People were already on wait for a year or so to have that treatment, and now the wait times are dramatically increasing.
  1. Almanian! 10 years ago
    
    That truly is just sad. But it’s OK to the Progs. Which is even sadder. And why I keep my 2nd Amendment options available….
some guy 10 years ago

On the plus side your identity might get stolen so many times that it is virtually useless to each individual theif.
1. BuSab Agent 10 years ago
  
  Now, there’s a lovely thought.
R C Dean 10 years ago

So, which is it: the site needs a temporary permit because it doesn’t qualify for a full one, or
the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure.
They’re not even trying any more. I guess there’s no challenge left in it; its been pretty well proven that you can tell any lie, no matter how outrageous, and as long as it is promoting a Dem program, the DemOp media won’t call you on it.
R C Dean 10 years ago

Oh, and somebody needs to photoshop a solitaire game onto the computer screen.

Please log in to post comments

Does Healthcare.gov Violate the Obama Administration's Own Security Guidance?

Latest

NPR's Uri Berliner Has Shown That DEI Is About Punishing Heresy

Biden's Call for More Steel Tariffs Is Economically Ineffective Political Pandering

Biden Opposes Bill That Would Keep Cops and Feds From Buying Your Data

Adult Entertainment Group Asks Supreme Court To Block Texas Age-Verification Law

The Kansas Legislature Unanimously Passed a Civil Asset Forfeiture Reform Bill

Recommended

Login Form