Consider this scenario, gentle readers: Bored, you’re shopping the Internet for an item that is not a priority. In fact, you really don’t want to buy it at all. It’s very expensive, and not something you really need. Before you commit, you happen to read an article about the website from which you have to buy that item; it’s not available elsewhere. The news isn’t good. You discover that it is highly likely that the people processing your credit card and other personal information are convicted felons. You also discover that the website is faulty and often doesn’t work. Worst of all, you find that the website has no security features; it was designed and built with no security at all. Your sensitive information will almost certainly be stolen by identity thieves, probably many identity thieves. And best of all, you probably won’t get what you ordered. if you get anything, it will be mangled in various ways and there will be no real way to fix whatever problems you encounter.
With this information in mind, you would:
(A) Avoid the site and product like the plague.
(B) Immediately do whatever is necessary to access the site and buy the product at any price.
(C) Immerse yourself, naked, in a tank of ravenous piranha.
(D) Subject yourself to an endless loop of Barack Obama speeches.
If you’re an Obama worshiper, the correct answer is “B”, and without the slightest hint of irony, “D.” If you’re a rational human being, the correct answer is “A.”
An outlandish example? Read on, gentle readers. CNBC–hardly a critic of Obamacare–has the story:
It could take a year to secure the risk of high exposures’ of personal information on the federal Obamacare online exchange, a cybersecurity expert told CNBC on Monday.
‘When you develop a website, you develop it with security in mind. And it doesn’t appear to have happened this time,’ said David Kennedy [a former Marine Corps cyber warfare expert], a so-called ‘white hat’ hacker who tests online security by breaching websites. He testified on Capitol Hill about the flaws of HealthCare.gov last week.
‘It’s really hard to go back and fix the security around it because security wasn’t built into it [emphasis mine],’ said Kennedy, chief executive of TrustedSec. ‘We’re talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself.
But surely the federal government would never do anything that could be harmful to Americans? Get a life and quit calling me Shirley.
According to the Department of Health and Human Services, which oversaw the implementation of the website, the components used to build the site are compliant with standards set by Federal security authorities.
‘The privacy and security of consumers’ personal information are a top priority for us. Security testing happens on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information,’ said the spokesperson.
Anyone believing that, probably thinks Benghazi was about a movie no one saw. So what else does the government have to say?
Last month, a Sept. 27 government memorandum surfaced in which two HHS officials said the security of the site had not been properly tested before it opened, creating ‘a high risk.’
HHS had explained then that steps were taken to ease security concerns after the memo was written, and that consumer information was secure. Technicians fixed a security bug in the password reset function in late October, the agency said.
Right. It’s absolutely insecure, but it’s also secure. Look: squirrels!
“But on CNBC, Kennedy disputed those claims, saying vulnerabilities remain on ‘everything from hacking someone’s computer so when you visit the website it actually tries to hack your computer back, all the way to being able to extract email addresses, users names—first name, last name—[and] locations.”
And now that the end of November, new and improved re-rollout of the website has debuted, how are things going? According to Hot Air.com, one word well describes it: fail.
The White House touted the success of its ‘fix’ yesterday by focusing on the improved customer experience, which turned out to be not all that much improved after all. The biggest change was that the site now had a formal waiting line, which foreshadows what will happen when ObamaCare floods a limited number of providers with a lot more demand in a price-controlled economic environment. The administration got very vague when it came to whether the back-end functions had been fixed, and as the Washington Post reports this morning, that was where the fix was needed most. A third of all enrollments in October and November got lost, thanks to the system failures on a long-established standard:
The enrollment records for a significant portion of the Americans who have chosen health plans through the online federal insurance marketplace contain errors — generated by the computer system — that mean they might not get the coverage they’re expecting next month.
The errors cumulatively have affected roughly one-third of the people who have signed up for health plans since Oct. 1, according to two government and health-care industry officials. The White House disputed the figure but declined to provide its own.
The mistakes include failure to notify insurers about new customers, duplicate enrollments or cancellation notices for the same person, incorrect information about family members, and mistakes involving federal subsidies. The errors have been accumulating since HealthCare.gov opened two months ago, even as the Obama administration has been working to make it easier for consumers to sign up for coverage, the government and industry officials said.
These failures are known as 834s. The White House has said only that the government doesn’t know how many flawed 834 transmissions were sent to insurance companies. But hey, at least they fixed all of the security problems-right?
Speaking of which, remember all of those worries that the fix wouldn’t impact the atrocious data security of Healthcare.gov? Not to worry – they may have made it worse:
The eight-page report made no mention of the website’s numerous security flaws, which experts say put Americans’ personal information at risk.
‘It doesn’t appear that any security fixes were done at all,’ David Kennedy, CEO of the online security firm TrustedSec, told the Washington Free Beacon.
Kennedy said fundamental safeguards missing from Healthcare.gov that were identified by his company more than a month ago have yet to be put in place.
‘There are a number of security concerns already with the website, and that’s without even actually hacking the site, that’s just a purely passive analysis of [it],’ he said. ‘We found a number of critical exposures that were around sensitive information, the ability to hack into the site, things like that. We reported those issues and none of those appear to have been addressed at all.
Great. Just how bad is it?
After warning Americans when testifying before Congress on Nov. 19 to stay away from Healthcare.gov, Kennedy now says the situation is even worse.
‘They said they implemented over 400 bug fixes. When you recode the application to fix these 400 bugs—they were rushing this out of the door to get the site at least so it can work a little bit—you’re introducing more security flaws as you go along with it because you don’t even check that code.’’
‘I’m a little bit more skeptical now, and I would still definitely advise individuals to not use the website because it’s definitely something that I don’t believe is secure and neither did the four individuals that testified in front of Congress,’ Kennedy said. ‘I think there’s some major security concerns there around privacy and information, and they haven’t even come close to being addressed, and won’t be in the short term.
But surely the Congress is getting to the bottom of this and will have a fix organized in no time? Didn’t I tell you to get a life and to quit calling me Shirley? Hot Air has another update:
Rep. Mike Rogers provides a cheery thought on personal security as the White House gears up to sell ObamaCare all over again. Last night, he told Greta van Susteren that data security on Healthcare.gov didn’t even meet ‘minimal standards’ for the industry. In terms of the ‘private-sector velocity and efficiency’ claimed by the Obama administration over the last couple of days, Rogers says that experts warned him that they would be sued out of business if they rolled out a website with this many security gaps.
It’s so bad, Rogers warns, that the White House refused to brief Congress on the known risks and attacks that have already taken place — even in closed session. ‘That’s just unconscionable,’ Rogers says, especially when the same people who won’t brief them are cajoling people to put their identity information at risk…
Gentle readers, let’s review:
(1) Top Internet Security experts are in agreement: the Obamacare web system is absolutely insecure. If you input your personal information, it will almost certainly be lost, stolen, mangled and/or sent to all manner of people who shouldn’t have it.
(2) They agree that it will take a year–at the very least–to fix these problems because no security was built into the system in the first place.
(3) They recommend that you stay away from the system and that if you do, for some inexplicable reason, access it, you should have your computer exorcised, burned, and flush the ashes down someone else’s toilet. OK; maybe I exaggerated a little bit about the last part…
(4) At least 33% of the information input into the system will be mangled or lost, and when you need it most, you’ll discover you actually don’t have insurance at all.
(5) You won’t have any way to know that you didn’t get what you ordered until it blows up in your face, and then, you’ll have no recourse.
Well, Nancy Pelosi was right. We did have to pass the law to find out what’s in it. Remember the bad old days when you’d stop by your insurance agent’s office, and he would get all of your personal information right, and you could walk out minutes later, assured that the insurance coverage you just bought–the coverage you actually wanted, needed and could afford–was in full force? Thank goodness Mr. Obama has delivered America from those horrors!
Contrast that with the wonders of Obamacare. Now you’re forced to abandon the affordable insurance you’ve been happy to have for years for policies that are far, far more expensive, and that have far higher deductibles for far less coverage. And in buying that inferior coverage, you’re forced to expose yourself to certain identity theft and the likelihood that you won’t get that inferior coverage anyway, and you won’t know it until it’s too late.
No wonder Dr. Ezekiel Emanuel, one of Obamacare’s architects and most crudely deceptive and slimy cheerleaders (quite an accomplishment in a crowded field), thinks all that’s needed to fix Obamacare is a massive PR campaign, already underway. Yes, the “who you gonna believe: me or you own lyin’ eyes?” approach will fix everything.
I’m often amazed by poll results that show that, say, 26% believe Mr. Obama is doing a wonderful job with healthcare. Yes, the majority think he’s a miserable failure, but who, in the name of all that is holy, think Mr. Obama is doing a good job? Do they speak English well enough to understand pollster’s questions? Are they able to dress themselves? Can they correctly identify a roll of toilet paper? Should they be allowed to handle sharp objects?
Knowing what you now know about the Obamacare system, who among you gentle readers, would access it for any reason, PR campaign or not?
Twenty six percent would.