If past is precedent, Republicans on the House Oversight Committee will soon release a draft memo they requested and received from the Health and Human Services Department just before most Washingtonians decamped for the Christmas holiday.
At first glance, the memo, obtained by National Journal, looks very bad for the Obama administration. In the Sept. 24 document, a top information security officer for the agency overseeing the Obamacare insurance exchanges warns that the marketplace “does not reasonably meet … security requirements” and that “there is also no confidence that Personal Identifiable Information (PII) will be protected.” Teresa Fryer, the chief information security officer at the Centers for Medicare and Medicaid Service, continues: The federal marketplace will likely “not be ready to securely support the Affordable Care Act … by October 1, 2013.”
It plays right into the Republican narrative about HealthCare.gov: The administration knew the website would not be ready by the launch date but went ahead with it anyway. And the site may still not be adequately protecting consumers’ information.
But, in context, the draft memo becomes much less exciting.
On the Friday before Christmas, Rep. Darrell Issa, the chairman of the House Oversight Committee, released a partial transcript from an interview conducted by the panel’s staff with Fryer. That partial transcript, shared with ABC and CBS, suggested that Fryer warned the administration that there were two findings of serious vulnerabilities in the system.
However, when Democrats on the Oversight Committee released parts of the transcript omitted from Issa’s version, Fryer’s comments looked far less explosive, and ABC updated its story to reflect the change. It turns out that by Sept. 27, a few days after Fryer raised her concerns about the security at launch, extensive new security measures were added.
As she told the committee’s investigators, “The added protections that we have put into place in accordance with the risk decision memo “¦ are best practices above and beyond what is usually recommended.” She went on to describe her confidence in the three-level security system and to note that there have been “no successful breaches [or] security incidents.”
Which brings us back to the draft memo we obtained. We should note that it was just a draft, and was never sent or reviewed by more senior officers in the chain of command, and was written three days before the mitigation strategies went into effect. She later told Oversight Committee investigators that her earlier recommendation against giving the go-ahead to launch the site — the “authority to operate,” as it’s called — did not take into account the mitigation strategies laid out in the Sept. 27 Authority to Operate memo.
The investigators asked Tony Trenkle, then-CMS’ top information executive, this: “So as long as the mitigation strategy described in the [ATO] memo was carried out, you considered that it was, it would be sufficient to mitigate the risks described in the memo?” He responded, “Yes.”
She added that she was “satisfied” with the current security testing, and that she did not object when another CMS information security officer decided to move ahead with the launch. Again, she stated: “All systems are susceptible to attacks. There have been no successful attempts.”
As the Los Angeles Times‘ Pulitzer Prize-winning business columnist Michael Hiltzik noted, “Issa has absolutely no evidence” to support his broader claims that the system’s deep vulnerabilities put all kinds of consumers’ government data at risk, and that CMS moved ahead anyway to avoid embarrassing the White House.
Of course, sleight of hand with opaque bureaucratic documents is nothing new for Issa, but the potential to dissuade Americans from obtaining health insurance through the federal exchanges because of trumped up security fears has pushed relations between the committee chair and the administration to a new low. It’s one thing to say without evidence that the administration is corrupt, but it’s another to tell Americans that their Social Security number is at risk when there’s nothing to suggest that’s true.
But perhaps we can head off another round of this farce by putting out Fryer’s memo before Issa does — in its full context.
Correction: An earlier version of this story misattributed Trenkle’s quote to Fryer. It has been updated.
What We're Following See More »
"The Senate was expected to be back in session at noon, while House lawmakers were told to return to work for a 9 a.m. session. Mr. Trump on Friday had canceled plans to travel to his private resort on Palm Beach, Fla., where a celebration had been planned for Saturday to celebrate the anniversary of his first year in office."
"A stopgap spending bill stalled in the Senate Friday night, leading to a government shutdown for the first time since 2013. The continuing resolution funding agencies expired at midnight, and lawmakers were unable to spell out any path forward to keep government open. The Senate on Friday night failed to reach cloture on a four-week spending bill the House had already approved."
"The FBI is investigating whether a top Russian banker with ties to the Kremlin illegally funneled money to the National Rifle Association to help Donald Trump win the presidency." Investigators have focused on Alexander Torshin, the deputy governor of Russia’s central bank "who is known for his close relationships with both Russian President Vladimir Putin and the NRA." The solicitation or use of foreign funds is illegal in U.S. elections under the Federal Election Campaign Act (FECA) by either lobbying groups or political campaigns. The NRA reported spending a record $55 million on the 2016 elections.
"Hundreds of new and supplemental FARA filings by U.S. lobbyists and public relations firms" have been submitted "since Special Counsel Mueller charged two Trump aides with failing to disclose their lobbying work on behalf of foreign countries. The number of first-time filings ... rose 50 percent to 102 between 2016 and 2017, an NBC News analysis found. The number of supplemental filings, which include details about campaign donations, meetings and phone calls more than doubled from 618 to 1,244 last year as lobbyists scrambled to avoid the same fate as some of Trump's associates and their business partners."