Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Healthcare.gov was hacked. Of course it was. The website’s lax security has been known since before the launch date (if you can call it that). HHS tells us the “website was not specifically targeted,” so I guess we’re supposed to be reassured that those responsible didn’t mean to break into the website, they just happened to stumble across it on a stroll through IP address space.
Forcing the entire population to buy health insurance is a massive task, a job which sounds like something a broadly functional website might be well-suited for. However, its failure was inevitable from the moment of its conception: it was created for compliance with the law and its subsequent enforcement, not to provide a helpful and secure service to customers, any more than self-driving cars were created to finish your crossword puzzle.
The website’s failed initial launch was a problem because — if it wasn’t available — the IRS couldn’t legitimately enforce penalties for non-compliance. Solution: get it back up and functional from the government’s perspective. Security is not part of that equation.
Furthermore, when a data breach happens, the website continues on or is down temporarily if the breach damages the site’s functions. But the law continues on. A security breach creates no cost to politicians or bureaucrats because the website’s existence has infinitely more to do with following the law than with serving the needs and security of users. If information security were necessary for a law to serve a power’s purposes, the Social Security Number system would have been discarded decades ago.
Laws which require banks and companies like Target to notify consumers of stolen personal data do not apply to the HHS (though some states are required to disclose breaches). This means there is no danger of popular accountability for being careless with the personal information of the citizens forced into this system.
In this case, the HHS released a public statement that says they don’t think this breach resulted in lost personal information. I’m inclined to believe them: if the HHS officials knew that citizens’ personal information had been lost, we’d have never heard a peep. On the other hand, if you think this administration has a good understanding of the reality of any given situation, I’ve got a shrine in Iraq I’d like to sell you.
The IRS is another lesson in how power uses technology. Want to know what a $1.8B IT budget buys you? At worst, immunity; at best, it gets you all the tools and tech-toadies necessary to secure yourself from the threat of public oversight.
Last year, President Obama was rightly mocked for his urge to his cabinet members to “use all the technology at their disposal” to make “smarter government.” I wonder if he considers this goal achieved. What goes unreported is the fact that “smarter government” has nothing to do with its subjects, only achieving the government’s own goals.