We’ve written before about how problematic the technology is behind the federal healthcare.gov website, pointing out that the federal government hired political cronies rather than web development experts to build it. There was an effort to open source the code, but after the feds put the code on github, they removed it after people started pointing out just how bad it was.
Then, just about a month ago, we noted that the government turned down a FOIA request from the Associated Press concerning the site’s security practices, arguing that it might “give hackers enough information to break into the service.” As we noted at the time, if revealing the basic security you have in place will give hackers a road map to breaking into the site, the site is not secure at all.
A damning new report from the Goverment Accountability Office (GAO) more or less confirms this is the case. This is further backed up by an even more astounding “Behind the Curtain of the Healthcare.gov Rollout” released by the House Oversight Committee. To be fair, the GAO is non-partisan and known to be even-handed and fair. That’s not always the case with Congressional committee reports. Still, the two are worth reading together. The level of mess behind the project is rather astounding and it appears that the site still is not particularly secure, which obviously explains the refusal to do that FOIA release.