Just how bad is security at healthcare.gov? We don't know because the administration refuses to tell us.

Rep. Darrell Issa, chairman of the House Oversight Commiittee, wants to take a look at report compiled by a security contractor that details the vulnerabilities in the system, but the White House is refusing to turn over physical copies of the report saying they don't trust the congressman.

Politico:

In a letter Thursday, Assistant Secretary for Legislation Jim Esquea told Issa that "the committee's unwillingness to commit to undertake measures to address the security risks associated with further disclosure is troubling, particularly in light of reports that sensitive materials were disclosed through various investigations." Administration officials worry that Issa intends to put them in the public domain, which Esquea argues could compromise the security of the site.

 

"As you are aware, MITRE shares our assessment regarding the risks from public disclosure of these documents and has warned, most recently in its letter of December 4, 2013, that the information they contain 'could be used to hack the system ... and may pose a risk to the confidentiality of consumer information accessible through healthcare.gov if disclosed," Esquea wrote, further offering to let a third party determine whether their publication could imperil the website.

"However, if you do not accept MITRE's or our assessment of the risks from disclosure of these documents, we will make them available, with appropriate parameters governing the use of the material, for other independent security experts to judge the potential impact," he added.

Issa's office pushed back Thursday. "It's an unacceptable violation of law and a dangerous precedent for any Administration to tell a private company not to respond to a lawful subpoena," Issa spokesman Frederick Hill said in an email.

 

Government officials say Issa has been too loose with sensitive information in the past, including with the names of Libyans who were assisting the United States during operations in that nation, the details of secret wiretaps in the "Fast and Furious" investigation, and TSA documents that included security information.

It's understandable that the contractor is reluctant to part with a report that details where hackers could have success if they tried to steal personal info. Issa isn't stupid and he's not going to reveal anything that would assist criminals in their work.

But millions of Americans have their personal information at risk because the administration refused to build in adequate security to the site. Certainly Congress has a right to make its own assessment of security and White House obstinancy on this issue means that security is probably a disaster.