Another Layer to the Onion of Fail

Hacking expert David Kennedy says he cracked in 4 minutes

The man who appeared before Congress last week to explain the security pitfalls of took to Fox News on Sunday to explain just how easy it was to penetrate the website.

Hacking expert David Kennedy told Fox’s Chris Wallace that gaining access to 70,000 personal records of Obamacare enrollees via took about 4 minutes and required nothing more than a standard browser, the Daily Caller reported.

Now match that up with

ObamaCare contractor faces mid-March deadline or disaster

If the ObamaCare contractor brought on last week to fix the back-end of the portal doesn’t finish the build-out by mid-March the healthcare law will be jeopardized, according to a procurement document posted on a federal website.

Let me bring forth some of the unstated bits behind that dire statement:

- We (meaning our glorious leadership) went from one no-compete contract with an incompetent vendor to another no-compete contract with a probably incompetent vendor.
- The job to be done was impossible in practical terms. It’s not that the obamacare site couldn’t technically be implemented in the less-than-a-year from “go” to “must be done”, but the bureaucracy and power plays and sloth and incompetence of the government agencies made it a practical impossibility.
- That said, the problem is even worse now, and the deadline is shorter.
- Even setting aside issues of functionality, there is no security on the obamacare website. (Several of the state sites are also vulnerable, but that’s a different story.) Users must assume that any information they enter in the web application will be leaked or stolen.
- The hurry-up-gotta-do-it rush to make the obamacare site will not make security better. It will probably make things worse. It’s so bad now that I don’t know how it could be worse, but it’s a truism that things can always get worse.
- Security will never be properly applied to the federal obamacare site unless it is completely rewritten from the ground up. (As a general thing, security has to be designed in from the beginning. Security that’s added after the fact may be better than nothing, but it’s not much better, and it’s more expensive than doing it over.) This will not be done because it will cost too much (which it will, under the current queef of no-compete contracts with connected cronies.) A do-over would also make the ruling class look bad — not just Obumbles and his buddies but all of the corruptocrats.

Moving from what I’d be willing to place very large bets on to speculation:

- Insurance companies are going to be going broke or getting out of the health insurance biz. This will be exacerbated by the failure of the current no-compete vendor to “get it working” in time.
- Nevertheless, success will be declared and congratulations and bonuses will be passed around.
- The narrowing of the pool of health insurance providers will go largely unremarked.
- Eventually all of us, except those government employees getting insurance through the government, will have to go to the federal or state healthcare exchanges.
- Thus, everyone who does not work for the government will have to enter our personal information into known-broken websites, only to have it leaked or stolen almost immediately.

Sleep well, Americans. Your future is in the best of hands.


Another Layer to the Onion of Fail — 4 Comments

  1. You write “We (meaning our glorious leadership) went from one no-compete contract with an incompetent vendor to another no-compete contract with a probably incompetent vendor.”

    It’s Accenture; of COURSE they’re incompetent. Well, let me rephrase that; they’re good at getting the contract and getting paid, not so hot on delivering code. A quick Google search would probably give you dozens of failed IT projects right here in California on which Accenture was the prime contractor.

    There’s a coffee mug available from with an image of two hands shaking, which should be issued to all Accenture employees. The caption says “If you’re not part of the solution, there’s good money to be made in extending the problem.”

    One bright spot; at least it isn’t Deloitte Consulting. I worked on a project for them in which they would routinely schedule “all-hands” meetings for 6PM, which would last 2 hours; that allowed them to bill the city about 250 hours of overtime for every meeting. IN which NOTHING WHATSOEVER was accomplished.