Thursday Highlights

Good morning.

  1. Fiction and the White House.
  2. Obamacare bungling continues apace.

And .. I deleted too many recent links so .. from earlier this week ..

  1. About time, literally.
  2. Drink, drank, drunk.
  3. Brings to mind the first paragraph of Anna Karenina, eh?
  4. Given not taken.
  5. #1 daughter and my, ahem #1 (and only) wife, are seeing this tonight. I wish I could be there.
  6. Spam as policy?

7 Responses to Thursday Highlights

  1. Obamacare bungling continues apace.

    At a certain point an argument can get so pathetic that it becomes itself an argument for it’s opposite. In other words, anti-Obamites can achieve such stupidity that they actually become a case for Obamacare.

  2. Boonton,

    At a certain point an argument can get so pathetic that it becomes itself an argument for it’s opposite. In other words, anti-Obamites can achieve such stupidity that they actually become a case for Obamacare.

    On that we agree, sort of … in that you’ve convinced me pretty well that there are no good arguments for Obamacare (and by the way for abortion).

    Increasing bureaucratic involvement is bound to decrease costs and increase efficiency, just look at … well look at what? When has government done that?

    Instead mocking … the salient point is “Look at that last sentence: schedule is more important than security. Remember, all your personal information including Social Security Number, address, full legal name, telephone number, and income all go into the Exchange web site.” Explain why that isn’t problematic? I agree it’s pathetic, but not in the way you imagine, i.e., the administration is pathetic, not the argument.

  3. So your argument is you don’t want to trust having to tell the gov’t your social security number. Thanks for playing.

  4. Boonton,

    So your argument is you don’t want to trust having to tell the gov’t your social security number. Thanks for playing.

    Oh, please. That would be stupid. Neither I, nor the author linked are that stupid.

    You didn’t read carefully enough. The point is your personal data (name, address, birth, medical information, and and SSN) are going to be on poorly secured public sites. The problem isn’t posting the information. It’s that it isn’t being secured once given.

    It will be poorly secured because getting the information up and the web sites operational (with all that data) is more important than security. Yah ever hear warnings when Sony, or some other sites gets hacked and 10k or 50k passwords are lost. This will be worse. Imagine that multiplied by a factor of 10 or 100 and what is lost is that noted above. No problem, eh?

  5. So we have had online banking for a good 15 years or so now. We file our taxes online, issue payments online. If secure online transactions were impossible, there would be no Ebay, Paypal, eTrade or Amazon.com.

    Of course online transactions are much more vulnerable than simple online information. Give me your personal info and I still have a lot of work ahead of me before I can actually do anything nefarious to you. Give me access to your online checking account and I can make trouble for you in less than a minute. The point is it’s not all that difficult to set up a secure web site for people to buy insurance. Is hacking a risk? Yes, but then you helpfully point out:

    Yah ever hear warnings when Sony, or some other sites gets hacked and 10k or 50k passwords are lost.

    This is a risk of living in a digital age (in earlier ages you had to worry about people stealing a check for you out of you rmailbox). A few solutions:

    1. There will be multiple exchanges so hacking one isn’t going to give you access to the entire country.
    1.1 We do have national databases that seem quite secure from hacking. For example, the ultimate database would be social security itself as well as the IRS. While fraud does sometimes happen with these sites, I have never heard of a serious identify theft problem coming from these sites themselves and most people are happy to use them either directly (say to set up direct deposit for SSI checks) or indirectly (letting Turbotax upload their returns to them).

    2. A lot of personal information is put on servers but can’t be accessed. For example, if you go into my Amazon account you can get my home address. But you cannot get my credit card numbers. You can delete them, add new credit card numbers, but cannot use the site itself to grab the # if you didn’ thave the card itself.

    So I’m not really sure what this argument is supposed to be about, since it’s not about Obamacare. Are you saying there should be no online transactions were sensitive information like SSI numbers, address or account numbers are exchanged? That’s a tall order but you could do exchanges and Obamacare without online websites just like you can have banks without online banking. Are you saying the gov’t may set up a site and leave some security hole that a hacker might exploit? Quite possible but then as you pointed out with Sony the private sector is just as capable of leaving the backdoor unlocked. If you told me Social Security had a bug on its website that let people sneak into other people’s accounts and redirect their direct deposits, I’d say the solution would be for SSI to fix that bug. I wouldn’t say SSI should take down its website and revert to 1988 technology for account management.

  6. Boonton,
    A short recap. The linked post pointed out that when security concerns were raised the reply was that that was secondary, the deadline (October) for the online exchanges was more important than security. Your first reply was “gosh telling the state your SSN is not a problem, ‘thanks for playing'”. Which, wasn’t exactly to the point. I reminded you that putting security secondary when companies which almost certainly didn’t make it secondary got burned, you point out that gosh lots of people do banking online. Banks as you might not, unlike the program noted, don’t consider online security a secondary concern.

    So … attempt to get to the point. Why do you think security is unimportant regarding the exchanges?

  7. Security is a primary concern for banks because you can actually do things from inside a bank account. From an exchange, though, you can’t actually directly do anything except compare policies and go with one. So the security concerns are:

    1. The site stores personal info about you in your ‘profile’.

    2. The site sends info about you to private insurance companies so they can generate quotes.

    3. In the process of signing up with one insurance company, you provide information.

    As I pointed out the solution to #1 is to make it so that highly sensitive info cannot be retrieved by someone who has taken your login information. You can also ensure mass data cannot be queried from the servers (i.e. you can’t just login as an administrator and get an Excel dump of everyone who has set up an account).

    #2 can be addressed by stripping unneeded info from getting qotes. Since insurance companies are not allowed to vary premiums but by age and a few issues like smoking, it wouldn’t be necessary to send them customer SSI numbers and addresses to get quotes. Simply sending DOBs (maybe even just month/year DOB) and city would be sufficient.

    #3 means you either have to enter your sensitive info again when you select an insurance company (which I think is more likely), or when you select one the site sends your info to the insurance company’s site. Which means we are again back to doing business with a private company online, again that’s nothing new now.

    As for whether security is a ‘primary’ or ‘secondary’ concern versus being up and running by the deadline. I’m not very sympathetic. Online security is not difficult and while following best practices doesn’t guarantee perfection it provides reasonable security. Even more damming is that for nearly a decade now the gov’t has been running online health exchanges. It’s called Medicare D.

    You go online, enter your info, even enter your common drugs and the Medicare site will churn and produce a list of private drug plans for you to choose from. The only difference between this and Obamacare is the individual states have the option of setting up the exchange themselves while Medicare D is nationwide. I haven’t researched it but I wouldn’t be surprised if Medicare proper also had some type of exchange system for selecting private plans via Medicare Advantage (and it’s quite possible some states have been doing this with Medicaid as well, though I’m not sure if they let Medicaid people choose private HMOs or just assign them to patients) There’s no reason why the IT back-end should not be able to be imported and bolted right into the exchanges.

    I suppose if none of this was known security should be moved up to a primary concern. But this isn’t 1998. None of this is all that new or all that challenging from the perspective of data security.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>