Monday, October 14, 2013

Your Data Is Safe - Trust Us

So by now, you're familiar with the horror stories surrounding www.healthcare.gov, AKA the Affordable Care Act website, AKA the Obamacare website, AKA the biggest tech disaster since Chernobyl. People trying to register spend hours, or even days trying to get in, ambiguous error messages pop up, the website can't even locate its own error messages, and (I like this one best), call center reps were telling everyone who called they had to change their passwords.

And of course there are the "What the hell were they thinking?" design stupidities, requiring you to register even before you could browse the site to see what kind of insurance you might be able to buy. Imagine if Amazon did that to you. Or your friendly neighborhood automobile or homeowner's insurance sales person:

Sales Person: We won't talk to you or let you see what we have for sale until you tell us who you are and let us set up a customer file on you.

You: Fuck you very much.

But these are minor issues. Seriously. I mean, building a couple of pages to set up a user logon ID and password is relatively easy. Your bank does it on their website, your gym does it, Amazon and eBay and PayPal do it. It's not rocket science.

And letting people see what wares you have for sale before they buy isn't just good web design; it's simple good business sense. And it's a problem that could probably be resolved by moving the location of a few modules of code in the logic stream.

So again, these are minor issues. Here's the major one, the one that should scare you to death.

Obamacare wants to know everything about you. Your name. Your date of birth. Your Social Security number. And more. And Obamacare is going to share all kinds of information all around the U.S. government. It'll share your name and SSN with the Social Security Administration to confirm that you are who you say you are. It'll share your SSN with the IRS so the IRS can send back income information so Obamacare can decide how much of an insurance subsidy the taxpayers should fork over to help you pay for your health insurance. And it'll tell the IRS if you don't have government-approved health insurance so the IRS can fine you (or is it tax you? I'm still waiting for a rational explanation of how what you have to pay for not having insurance can be both a tax and a fine, or one or the other, or neither...). And it'll share your SSN with Immigration and Customs Enforcement so you can be thrown out of the country if you're not here legally.

So all this information about you is going to get kicked around the government like a hockey puck and reviewed by all kinds of government employees.

The federal government has roughly 2 million employees, plus an untold number of contractors. Some of them can not be trusted, even those with all kinds of security clearances. There's Sandy Berger, who tried to steal classified documents from the National Archives. Edward Snowden, a contractor, who stole top-secret U.S. government surveillance documents and handed them over to Russia and China.

And there's Lois Lerner, who was at the center of the conspiracy at the IRS to target conservative groups for their political leanings.

Now that those three bad apples are out of government, do you really believe that there's nobody left who would misuse your private information?

And here's the real ticking time bomb in www.healthcare.gov: We now know that the contract wasn't given to the low bidder; it was given to the only bidder, and they fouled up things so badly that people can't even do something as simple as log on to the system.

That problem will surely be fixed. But if it took them this long to discover the problem (where was your volume testing and beta testing, CGI?), what other problems are lurking that they haven't fixed yet?

When Jay Carney gets up at a press conference, someone should ask him the following questions:
  • Who was/is the project manager for healthcare.gov? Has that person and his entire staff been fired? If not, why not?
  • Healthcare.gov was supposed to roll out October 1. It is clearly not working as designed. Please tell us the date by which it will be working properly. Who will be fired if that target date is not met?
  • In project management, there's a rule of thumb: On time, under budget, bug-free: pick any two. Healthcare.gov rolled out on time, but five times over budget, and completely broken. How soon will the American people get their money back?
  • It took over three years to design a website that won't let people log on. Shouldn't Americans be concerned that the much more complex parts of the site are even more broken?
  • Once people can log on and easily access their records, what will keep their records secure from snoopers like Snowden? "Trust us" is not an acceptable reply, nor is offended self-righteousness.
  • Once people can log on and easily access their records, what will keep political operatives like Lerner from using confidential medical information for political purposes? "Trust us" is not an acceptable reply, nor is offended self-righteousness.
  • Once people can log on and easily access their records, what will keep their records secure from outside hackers? "Trust us" is not an acceptable reply, nor is offended self-righteousness.
Frankly, I don't know how those last three questions can be answered. Which is why, if I didn't already belong to an HMO, I wouldn't sign up for Obamacare unless a real gun (not a Pop Tart or someone's fingers) were literally being pointed right at my head. Because the question isn't if my personal data will be compromised; it's only a question of when. The Obamacare fine would cost a lot less than getting my stolen identity straightened out.

Go ahead. Sign up, log on, and hand over all your personal information. What could possibly go wrong?

1 comment:

  1. Time to update this post - with all the personal data on SF-86s that the Chinese stole, how the government can claim to keep our data safe if even more ridiculous.

    ReplyDelete