Oct 07 2013
Why Was Obamacare (Now ObamaCrash) Website Outsourced To Overseas Company?
One thing is clear, the #ObamaCare roll out has turned into the #ObamaCrash. From what I am reading on the tech side of things (and computer systems for NASA and DoD are my business area) the problems seem to be a case of hiring the wrong company for the job.
In this WSJ article, the company in charge of #ObamaCrash is identified:
ExperianEXPN.LN +0.09% PLC, an information-services firm, holds a federal subcontract to support that system. The company declined to comment.
Information technology experts who examined the healthcare.gov website at the request of The Wall Street Journal said the site appeared to be built on a sloppy software foundation. Such a hastily constructed website may not have been able to withstand the online demand last week, they said.
After looking at the company website USA (and learning it is a UK company to boot) one has to wonder why Experian selected? What was the competitive process used to select a company that does credit reporting on people when you want a website to handle millions of applications?
The business skillset between setting up large volume websites and running credit checks are night and day. So how did Experian get in the position to do such a shoddy job?
The cynic in me wants to think the best way to hide the new health care premium costs is to have the website go down. So maybe this was an evil plan to delay the sticker shock!
If this continues, HHS will have delayed the individual mandate where the GOP could not, since every day you cannot sign up is a day the government will be required to extend the registration!
What should clearly be an enterprise quality, highly scalable software application, felt like it wouldn’t pass a basic code review. It appears the people who built the site don’t know what they’re doing, never used it, and didn’t test it…
It makes me wonder if this is the first paid application created by these developers.
It looks to me like amateur hour. I mean this is really pathetic.
Update: Hmm, the plot thickens. Experian and data breaches – this looks like a bit of a fast one!
So what happened? Well it turns out that Experian did not re-bid for the contract and instead sent out renewal letters to 1+ million S.C. residents. Reports, like the one above, came in that the call center was informing residents that the State would not be offering free credit monitoring service and that they could renew for a discounted price of 99 cents a month. The reality is that the State is going to continue offering free credit monitor, just not through Experian!
BTW, do you know that by signing up to Obamacare your personal information is now in the hands of a credit reporting company? Is that smart?
Woa! Update: Did Experian just realize they don’t have the tech-savvy to pull of the Obamacare registration roll out?
Experian’s October 1 announcement that it acquired web fraud detection vendor The 41st Parameter for $324 million underscores the weakness of knowledge based authentication or KBA. Experian sells KBA to companies verifying identities of consumers conducting high-risk transactions. KBA systems are under siege and a systematic compromise of these applications was recently uncovered by security blogger Brian Krebs. See our previous blog on this as well as krebsonsecurity.com
Although Experian was not part of the uncovered botnet-based infiltration, the so called secret questions and answers used across most major KBA vendors such as Experian and LexisNexis are typically the same. As noted previously, KBA has — on average — a 10-15% failure rate which can go much higher and up to 30% in certain populations such as new immigrants or young students. Most KBA failures are legitimate individuals who can’t successfully answer the secret ‘out-of-wallet’ questions or for whom there is not enough data to ask any. At the same time, criminals who buy this information on the black market have no trouble answering them perfectly. (See our September 2012 research note G00237377 “When Knowledge-Based Authentication Fails, and What You Can Do About It”).
This key acquisition was JUST LAST WEEK! Are you kidding me?
So another reason that the general public didn’t oppose Obamacare as much as people like you and me is because the general public doesn’t understand information security and how high the risks are when you build a monolithic solution for 325,000,000 participants. Even google, Amazon etc have astonishingly decentralised and federated security and operational domains for their web based services. And yet, google has outages, Amazon AWS goes down for hours at a time and facebook has a persistent and constant chase to stop malicious third party app’s from hacking their clients. And those companies will live or die by how successful they are at improving and avoiding. Meanwhile, the Government knows nothing about such principles, contracts companies as political favors instead of with due diligence. Meanwhile, the Government builds a monopoly, where no one can avoid their products and services. There is simply no way that the Federal Government can be successful at Obamacare due to the sheer scale of the problem and their complete incompetence at handling such a large secured data storage problem. There is not one department where major data breaches have not occurred within the Federal Government. And the abuses of the information they gather are widespread. Medicare fraud alone is worth hundreds of millions of dollars. And those are just the frauds that we know about.
Why was it outsourced? How obvious does it have to be to say “Because that’s who paid the biggest kickbacks!”
[…] Click Here To Read The Rest of: Why Was Obamacare (Now ObamaCrash) Website Outsourced To Overseas Co… […]
[…] Returns: The Arrogance of Obama: DiploMadWhy Was Obamacare Site Outsourced To Overseas Company?: StrataCollege students blame Obama and Democrats for shutdown: […]
[…] Why was the Obamacare site outsourced to an overseas company? Why did Obama ship jobs […]