Monday, November 4, 2013

Mish's Global Economic Trend Analysis

Mish's Global Economic Trend Analysis


Still More on Obamacare Security (Or Lack Thereof); HHS Director Says "American's Deserve Better"

Posted: 04 Nov 2013 08:18 PM PST

In response to the curious statement in Obamacare website source code: "You Have No Reasonable Expectation of Privacy" one reader wondered if that was just "standard disclosure practice".

If so, then why didn't Cheryl Campbell, senior vice president of CGI Federal Inc., the company that built the Obamacare health care exchange website, simply say so?

The reason is now apparent. The website design is a clear breach of privacy.

Clear Breach of Privacy

The Foundry reports HealthCare.gov Users Warn of Security Risk, Breach of Privacy.
Justin Hadley logged on to HealthCare.gov to evaluate his insurance options after his health plan was canceled. What he discovered was an apparent security flaw that disclosed eligibility letters addressed to individuals from another state.

Hadley wrote to Heritage on Thursday night and also contacted the U.S. Department of Health and Human Services, which administers HealthCare.gov, as well as elected officials in his state. He has yet to hear back from HHS, even though HealthCare.gov still displays the personal information of the South Carolina residents on his account.

Dougall said he was able to register on HealthCare.gov, but decided not to sign up for insurance. "The plans they offered were grossly expensive and didn't provide the level of care I have now," he said.

After learning of the privacy breach, Dougall spent Friday evening trying to contact representatives from HealthCare.gov to no avail; he spent an hour waiting on the telephone and an online chat session was unhelpful.

"I want my personal information off of that website," Dougall said.

Security Risk

Last week, the Associated Press disclosed a government memo revealing the "high" security risk for HealthCare.gov. Those concerns surfaced at Wednesday's hearing with HHS Secretary Kathleen Sebelius, who claimed the system was secure.

Heritage cyber-security expert Steven Bucci, director of the Douglas and Sarah Allison Center for Foreign Policy Studies, said users of HealthCare.gov are leaving their personal information unsecured.

"Once it goes out over the system, it is vulnerable," Bucci said. "There appears to have been a singular lack of concern for security. The site needs to receive and transmit sensitive personal information, yet it has less than state of the art security."

Memo Raises Security Concerns

Let's dig a little deeper. Please consider Memo raises security concerns about government health website
The nation's top health official tells lawmakers 'I'm responsible' for the problems with the launch of Healthcare.gov.

Defending President Barack Obama's much-maligned health care overhaul in Congress, his top health official was confronted Wednesday with a government memo raising new security concerns about the trouble-prone website that consumers are using to enroll.

The document, obtained by The Associated Press, shows that administration officials at the Centers for Medicare and Medicaid Services were concerned that a lack of testing posed a potentially "high" security risk for the HealthCare.gov website serving 36 states. It was granted a temporary security certificate so it could operate.

Security issues are a new concern for the troubled HealthCare.gov website. If they cannot be resolved, they could prove to be more serious than the long list of technical problems the administration is trying to address.

"You accepted a risk on behalf of every user ... that put their personal financial information at risk," Rep. Mike Rogers, R-Mich., told Health and Human Services Secretary Kathleen Sebelius during questioning before the House Energy and Commerce Committee.

Sebelius Says "American's Deserve Better"



"So let me say directly to these Americans, you deserve better. I apologize.", said Sebelius.

That's a start. Not many politicians apoligise when they make a mistake. President Obama should try the same, first by firing Sebelius. Second, and more importantly, Obama should offer his own apology, then reach out to Republicans and health care officials in an attempt to fix Obamacare. Better yet, he should start all over.

Mike "Mish" Shedlock
http://globaleconomicanalysis.blogspot.com

Curious Statement in Obamacare Website Source Code: "You Have No Reasonable Expectation of Privacy"

Posted: 04 Nov 2013 11:17 AM PST

Right in the source code for the Obamacare website is the statement "You have no reasonable expectation of privacy regarding any communication of data transiting or stored on this information system".

It is curious why this message would be placed in the source code where no one would have any expectation of ever seeing it.

In the video below (which came out following last week's Congressional testimony) Rep. Joe Barton (R-Texas), a member of the House Energy and Commerce Committee, grilled Cheryl Campbell, senior vice president of CGI Federal Inc., the company that built the Obamacare health care exchange website, on the hidden language and on HIPAA compliance. 

Campbell testified that the system is HIPAA Compliant.

"The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information."

In repeated questioning, Barton got Campbell to admit she knew that the "no reasonable expectation of privacy" line was in the code.

Barton then asked "How the hell could it be HIPAA compliant?" Campbell refused to answer the question.



The original source of the video appears to be CNS News. CNS has a longer video clip, not directly embeddable, but playable at Hidden Code on Obamacare Website Says 'No Reasonable Expectation of Privacy'.

In the longer video, after Democrat Rep. Frank Pallone got the floor, Barton asked Pallone to yield. Pallone responded "I will not yield to this monkey court!"

Pallone went on to say "the statement is no legitimate concern of this committee."

Mike "Mish" Shedlock
http://globaleconomicanalysis.blogspot.com

Former CDU Secretary General Says Germany "Must Grant Asylum" to Snowden; SPD Parliamentary Vice Chairman Says "Snowden is a Hero"

Posted: 04 Nov 2013 01:03 AM PST

Fascinating articles in Der Spiegel this past weekend, in praise of Edward Snowden. Via translation, please consider Asylum for Snowden: "Welcome Edward!"
In the debate about a possible offer of asylum in Germany to Edward Snowden, SPIEGEL contacted numerous journalists, actors, politicians and athletes for comments regarding the whistleblower.

In addition to opposition politicians, such as the Left Party leader Gregor Gysi, Snowden gets support from an unlikely source: Former CDU General Secretary Heiner Geissler says Germany "must" grant Snowden asylum.

Geissler is sad about the deterioration of the transatlantic relationship, but "Snowden has done the Western world a great service, and now it is up to us to help him"

Even social democratic politicians demand asylum. "Snowden is a hero, not a traitor," said Axel Schaefer, vice chairman of the SPD parliamentary group. One must closely examine "whether there is a way to offer Snowden asylum in Germany."

Foreign and defense politician Lars Klingbeil said "Germany must consider whether it is possible to grant asylum Edward Snowden."

Writer Ferdinand von Schirach praises Snowden in the MIRROR for the breach of its confidentiality obligations, citing a "duty for civil disobedience against the state" when required for justice.

The President of the Bundesliga, Reinhard Rauball, criticized "significant impairment of human rights" by arbitrary monitoring and praises Snowden's selfless actions.

Moderator Oliver Welke would like to give the Americans the Order of Merit. Musicians Udo Lindenberg said: "I can certainly make clear a room for him - welcome Edward."

Snowden had in principle agreed to officially testify in Germany - but wants the guarantee not to be transferred to the United States. The US has already submitted an extradition request for all relevant cases to the federal government.
Spiegel Mirror Cover



Issue 45/2013
Asylum for Snowden!
"Those who pronounce the truth, commits no crime"

Asylum Not As Easy As It Sounds

Granting Snowden asylum might be tricky. Not only would it open up a deep rift with the US, it may be a violation of treaty for Germany to grant Snowden asylum.

Reader Bernd points out ...
Mr. Snowden could be asked to come to Germany and safe passage could be guaranteed for the hearing. The law provides for that. However, the law does not provide for a permanent or semi-permanent residency of Mr. Snowden in Germany.

My friend who is one of Germany's leading immigration and asylum lawyers told me and confirmed it over and over again: German law specifies that political asylum cannot/must not be granted to citizens of countries which are considered law abiding democracies. At this moment the United States is still considered such a country.

By law and by treaties Germany will have to turn him over to the United States Authorities immediately at their request. They only need to guarantee that the death penalty will not be applied in his case – which I believe has already happened.

If German lawmakers are actually considering to bring Snowden into the country, they have no idea of the law.
I stand with those who think Edward Snowden is a patriot and hero, not a traitor. The US should drop all charges against him, and let him return to the US should he desire to come back.

Mike "Mish" Shedlock
http://globaleconomicanalysis.blogspot.com

No comments:

Post a Comment