Feds Won't Reveal Records on Obamacare Website Security

Health Overhaul Security
Jon Elswick/AP
By JACK GILLUM

WASHINGTON -- After promising not to withhold government information over "speculative or abstract fears," the Obama administration has concluded it won't publicly disclose federal records that could shed light on the security of the government's health care website because doing so could "potentially" allow hackers to break in.

The Centers for Medicare and Medicaid Services denied a request by The Associated Press under the Freedom of Information Act for documents about the kinds of security software and computer systems behind the federally funded HealthCare.gov. The AP requested the records late last year amid concerns that Republicans raised about the security of the website, which had technical glitches that prevented millions of people from signing up for insurance under President Barack Obama's health care law.

In denying access to the documents, including what's known as a site security plan, Medicare told the AP that disclosing them could violate health-privacy laws because it might give hackers enough information to break into the service.

"We concluded that releasing this information would potentially cause an unwarranted risk to consumers' private information," CMS spokesman Aaron Albright said in a statement.

The AP is asking the government to reconsider. Obama instructed federal agencies in 2009 to not keep information confidential "merely because public officials might be embarrassed by disclosure, because errors and failures might be revealed, or because of speculative or abstract fears." Yet the government, in its denial of the AP request, speculates that disclosing the records could possibly, but not assuredly or even probably, give hackers the keys they need to intrude.

Even when the government concludes that records can't be fully released, Attorney General Eric Holder has directed agencies to consider whether parts of the files can be revealed with sensitive passages censored. CMS told the AP it won't release any parts of any of records.

The government's decision highlights problems as it grapples with a 2011 Supreme Court decision that significantly narrowed a provision under open records law that protected an agency's internal practices. Federal agencies have tried to use other, more creative routes to keep information censored.

In addition to citing potential health-privacy violations, the government cited exemptions intended to protect personal privacy and law-enforcement records, although the agency didn't explain what files about the health care website had been compiled for law-enforcement purposes. Some open-government advocates were skeptical.

'Far-Fetched Privacy Claims'

"Here you have an example of an agency resorting to a far-fetched privacy claim in an unprecedented attempt to bridge this legal gap and, in the process, making it even worse by going overboard in withholding such records in their entireties," said Dan Metcalfe, a former director of the Justice Department's office of information and privacy who's now at American University's law school.

Keeping details about lockdown practices confidential is generally derided by information technology experts as "security through obscurity." Disclosing some types of information could help hackers formulate break-in strategies, but other facts, such as numbers of break-ins or descriptions of how systems store personal data, are commonly shared in the private sector. "Security practices aren't private information," said David Kennedy, an industry consultant who testified before Congress last year about HealthCare.gov's security.

Last year, the AP found that CMS Administrator Marilyn Tavenner took the unusual step of signing the operational security certificate for HealthCare.gov herself, even as her agency's security professionals balked. That memo said incomplete testing created uncertainties that posed a potentially high security risk for the website. It called for a six-month "mitigation" program, including ongoing monitoring and testing. The site has since passed a full security test.

Government cybersecurity experts were also worried that state computers linking to a federal system that verifies the personal information of insurance applicants were vulnerable to attack. About a week before the launch of HealthCare.gov, a federal review found significant differences in states' readiness. The administration says the concerns about state systems have been addressed.

-Associated Press writer Ricardo Alonso-Zaldivar contributed to this report.


Increase your money and finance knowledge from home

How to Buy a Car

How to get the best deal and buy a car with confidence.

View Course »

Timing Your Spending

How to pay less by changing when you purchase.

View Course »

Add a Comment

*0 / 3000 Character Maximum

13 Comments

Filter by:
tmuscls

hey bubba, let me let u in for a quick history lesson. and actually one of fact checking. the states receiving the most in aid are the redneck southern states, which by the way, receive aid for their poor ignorant white folks, as much as they do for the black folks. These same states which wish to intrude upon others bedroom manner, life choices and decisions on health, well beyond anything of knowledge, science, or reasoning, other their the religious beliefs. Which by the way, in our system should automatically be thrown out. Because we are not a nation of religion but a nation of religious freedom. This party of less government is in fact, a party of more government intrusion. The Dems control of the Congress was unfortunately often at times during Republican Presidential rule, or during wars, so to act as if all issues we have now are Democrat related is pure insane. And not very thought out in reasoning. Reagan, Bush and Bush left us with more debt. Clinton and now Obama have reduced this debt. Carter had a stacked 70's oil fiasco ruin his otherwise reasonable leadership and Presidency. Learn to think outside the Feaux Snews station and I am quite sure, since you did write quite eloquently, that you can figure some of this out for fact, and not cookie cutter right wing retorts.

August 20 2014 at 2:02 AM Report abuse -2 rate up rate down Reply
2 replies to tmuscls's comment
gee.effwye

Nice bumper stickers. As usual, nothing to support them. And when was the last time ANY POTUS cut the national debt, moron?

August 20 2014 at 7:44 AM Report abuse +2 rate up rate down Reply
truu.liberal

It takes a special kind of stupid to bleat that Obama, who has increased national debt more in 5 years than any preceding POTUS in history has reduced debt.

Meet just such a dunce, the hillbilly welfare sh1thead, EB Spongebob.

August 20 2014 at 10:07 AM Report abuse +2 rate up rate down Reply
Fallenrock

In this particular situation, I don't want AP to have access to this information; these people have everything needed to re-create my ID. As a citizen joining into the national health care co-operative, I don't think it is appropriate for AP to even ask for info on what security measures are being taken to protect this information. I have to support the suppression of this type information.

August 19 2014 at 11:01 PM Report abuse rate up rate down Reply
TINKDAY

We fight all the time in this country, who is right, the democrates or the republicans, I do not see how people in this country can defend either party. Look at the real state of this country, the only real solution is to throw out both parties and start over, to much self serving pocket corruption in the people that run our government, wall street, banks and to many of our corporations. This country grows weaker every day these people are allowed to remain in office. Great civilizations fall from within.

August 19 2014 at 5:15 PM Report abuse +1 rate up rate down Reply
1 reply to TINKDAY's comment
ctjhowie

Couldn't agree more. We have the best government money can buy, unfortunatly we the people don't have enough to buy it.

August 20 2014 at 5:41 AM Report abuse rate up rate down Reply
TexasKitty

Feds won't reveal records so...Obama won't reveal his academic records, do we see a trend here.

August 19 2014 at 5:03 PM Report abuse -1 rate up rate down Reply
1 reply to TexasKitty's comment
Scal8585

Quit watching Faux News
http://www.factcheck.org/2012/07/obamas-sealed-records/

August 19 2014 at 5:45 PM Report abuse -2 rate up rate down Reply
1 reply to Scal8585's comment
gee.effwye

Who is a big funder of factcheck?

August 19 2014 at 8:39 PM Report abuse rate up rate down
theycallmeroy3

Right now the AP, would settle for anything resembling concrete or cement. Articles such as this, show how exasperated the AP is with ' The Administration.'
Obama or not.
Congress is in recess, so the AP isn't getting any traction there.
And the original request was made last year.
The AP is have trouble with the word, transparent. Because different agencies within ' The Administration' have different definitions of what transparent means.

August 19 2014 at 4:47 PM Report abuse -2 rate up rate down Reply
richardpdick

Impeach now

August 19 2014 at 2:07 PM Report abuse rate up rate down Reply
1 reply to richardpdick's comment
tmuscls

I doubt you know what the word means, not to mention why you think this would be possible? But it sure sounds good around your buddies at the club or bar, doesn't it?

August 20 2014 at 2:10 AM Report abuse -1 rate up rate down Reply
truu.liberal

Since pretty much everything that comes from greedymac's keyboard is extraordinarily ignorant, it can be difficult to sort through the litany of strong contenders in order to discern the all-time dumbest greedymacism. But for now, I'm going with

George Washington was the first President to request a National Health Care System

Now that requires a VERY SPECIAL kind of stupid.

August 19 2014 at 2:07 PM Report abuse -1 rate up rate down Reply
Don Paulson

Let's keep it real simple...anyone that entrusts Healthcare.gov to keep your sensitive information
confidential and secure is delusional. Just ask yourself - what are they hiding?
Be assured if some hacker steals your identity and/or drains your bank account...the Regime is not going to help you.

August 19 2014 at 12:36 PM Report abuse -1 rate up rate down Reply
bcl1722

How exactly does the g d government refuse to disclose ? It used to be ("the good old days") that they at least had to go through the motions of a cover up. Now they just "refuse".

August 19 2014 at 12:13 PM Report abuse -2 rate up rate down Reply
skidrowtom

With this moron (Obama) at the helm, maybe it's best that we don't know what's going on.

August 19 2014 at 10:49 AM Report abuse rate up rate down Reply