Forgot your password?
typodupeerror
Privacy Security

ACA Health Exchange Contractors Have History of Security Failures 144

Posted by Unknown Lamer
from the inflated-insurance-rates-now-with-identity-theft dept.
Lucas123 writes "Two of the contractors involved in developing online health insurance exchanges under the Affordable Care Act, which have been plagued by technical problems since launching this month, have had serious data security issues in the past. Quality Software Services developed the software for the Affordable Care Act's data services hub and oversaw development of tools to connect the hub to the databases of other federal agencies. Last June, an audit report by the Health and Human Services Inspector General found QSS failed to adhere to federal security standards (PDF) in delivering IT testing services for the Centers for Medicare & Medicaid Services. Additionally, services firm Serco suffered a major security breach in 2012. Serco won a five-year $1.3 billion contract to process and verify paper applications for health insurance via the online exchanges. Serco's breach exposed sensitive data of more than 123,000 members of the Thrift Savings Plan, a $313 billion retirement plan run by the U.S. Federal Retirement Thrift Investment Board. The exposed data included full names, addresses, Social Security Numbers, financial account information, and bank routing information."
This discussion has been archived. No new comments can be posted.

ACA Health Exchange Contractors Have History of Security Failures

Comments Filter:
  • SURPRISE! (Score:3, Insightful)

    by Jhon (241832) on Wednesday October 23, 2013 @11:14AM (#45213283) Homepage Journal

    It's bad enough we have private industry in charge of much of our private information. At least THEY can be held accountable and sued or fined out of existence or at least suffer PR so bad that their business fails.

    When the Government is in charge, what are you going to do? Sue them? Great. You win money from every tax payer and the problem wont get fixed -- it will just be more expensive to run -- for every tax payer.

    • The federal government already has access to any and all of your medical records, and has for a while now. Whether they can use those against you is a matter of a warrant. Exactly how is this going to change anything?
  • by JDG1980 (2438906) on Wednesday October 23, 2013 @11:14AM (#45213299)

    Are there any contractors that don't have a history of security failures?

    The problem isn't with this company, it's with the federal procurement process, which favors large corporations that can handle ridiculous amounts of paperwork over companies that might actually be able to get the job done.

    Frankly, I'm amazed the PPACA website came out as well as it did. Most large IT contract jobs, whether public or private sector, are much, much worse. The typical outcome for a multi-million-dollar IT contract project is massive delays, substantial budget overruns, and poor/missing functionality.

    • At least they could have given a US company an opportunity to screw this up....

      • by LurkerXXX (667952) on Wednesday October 23, 2013 @12:04PM (#45213901)

        By US company, do you mean companies like IBM, Northrop Grumman, Verizon, Rand Corporation? They did.

        http://reporting.sunlightfoundation.com/2013/aca-contractors/ [sunlightfoundation.com]

        • While you see a lot of US companies there, they were either providing support services (like surveying people about possible use of the system) advertising and publicity services, or secondary systems.

          Most of the rest were "consulting" jobs, with only a few real hardware/software production contracts in the mix.

          Once you get past the obvious $93 million for CGI, the next one of any size is Maximus Federal Services, which has a certain track record for handling this sort of thing - they were obviously hired t

          • by bzipitidoo (647217) <bzipitidoo@yahoo.com> on Wednesday October 23, 2013 @01:12PM (#45214771) Journal

            I've done some work as a government contractor. It's messy. They demand that you account for every hour. If you are working on 3 different projects, you have to fill out a timesheet in which you detail which hours of every day you spent on each of those 3 projects. This sort of thing misses the point that it's results that count, not hours.

            They are keenly aware of the public perception of them as bungling bureaucrats. Consequently, they can be extremely pushy and demanding. Often they bear down so hard that it is counterproductive.

            They're also paranoid control freaks. They want contractors to work on computer systems that are under their control. Instead of working on your own equipment in your own offices, they'll insist you use their facilities. Then they provide antiquated, slow computers with ancient versions of Windows, and take weeks to getting around to details like installing a phone line. There are also a ton of rules. They'll want you to pay for a cell phone, but they don't want your cell phone to have any privacy. You basically need permission to sneeze, and more permission to wipe your nose. Want to encrypt a hard drive? Maybe just keep a few encrypted files on a hard drive? Can't do that without authorization.

            It takes a good contractor to stop them from hamstringing a project with red tape. You have to trample upon all sorts of rules to get anything done, and you need a smooth management team to keep the bureaucrats from worrying about violations. They will overlook all kinds of petty violations as long as there are good results. Let a project falter though, and the piranhas come out.

    • by h3st (945000)
      So which level of the Capability Immaturity Model [wikipedia.org] would you expect them to be at? The description seems to predict a CIMM rating of -1.
    • by mcgrew (92797) *

      I think if your firm is big enough to build an online data system big enough to accommodate this kind of traffic, you're big enough to handle the paperwork.

    • "Frankly, I'm amazed the PPACA website came out as well as it did."

      Have you looked at the code behind it? I have. You probably have no idea just how bad "as well as it did" is.

      It's completely ridiculous. No joke. Full of mistakes a first-day javascript programmer would not make... more than once.

    • Frankly, I'm amazed the PPACA website came out as well as it did. Most large IT contract jobs, whether public or private sector, are much, much worse. The typical outcome for a multi-million-dollar IT contract project is massive delays, substantial budget overruns, and poor/missing functionality

      The Obamacare website is a typical, or worse. The portion of the site for Spanish speaking people has never worked at all, and Spanish speaking Americans are one of the key groups of the uninsured. The rest of the site is plagued by errors in the data provided to insurers causing all sorts of problems including multiple enrollments and cancellations, incorrect family relationships, and plenty of other problems.... when it works at all. It will be at least months late in working, and that work won't be do

      • by smooth wombat (796938) on Wednesday October 23, 2013 @12:53PM (#45214511) Homepage Journal
        and Spanish speaking Americans are one of the key groups of the uninsured.

        Then maybe they should learn to speak English instead of expecting the entire country to bend over backwards for them. The same goes the various Asian folks as well.

        It's all well and good to speak two languages, but you shouldn't expect people to accommodate you because you're too lazy. If I emigrated to Vietnam, should I expect them to bend over backwards for me because I didn't learn their language? They'd laugh at me day and night if I told them they need to go out of their way to post everything in English.

        But I guess it's easier to find a technical solution to a human problem than it is to fix the human problem.
        • by kc8apf (89233)

          The US has no official national language. By your logic, everyone in the US should learn and the government should only conduct business in the various Native American languages.

          • by Talderas (1212466)

            All nations have a de facto national language. Whatever language is used for writing the documents that establish the government/nation is essentially de facto.

        • by blueg3 (192743)

          But I guess it's easier to find a technical solution to a human problem than it is to fix the human problem.

          You mean it's easier to produce translations of Web sites than to force a very large group of people to learn a new language?

          Yes, yes it is.

    • Then there are massive gov't software projects that are supposed to "reform" or "modernize" ancient softwere systems that never get finished and are just dropped after tens of millions of dollars. Just Google "failed government software".

  • The government department that contracted this company for the site, are they allowed to use any criteria other than the contract bid amount to decide who to go with? Are they required to go with the lowest bidder, or are they allowed to look at the company history when deciding who to hire?

    • In my experience with government contracts, it's actually rare that lowest bid is the only criteria
    • by bobbied (2522392)

      The government department that contracted this company for the site, are they allowed to use any criteria other than the contract bid amount to decide who to go with? Are they required to go with the lowest bidder, or are they allowed to look at the company history when deciding who to hire?

      As I understand this specific contract... It was a sole sorce (not issued by lowest bid) contract.

      • Oh hell, that's even worse.

        • by bobbied (2522392)

          Here's hoping it was not a "Cost Plus" contract but "Firm Fixed Price" but I have a *really* bad feeling that was not the case.

          • by sjames (1099)

            Firm Fixed Price just means that absolutely any decision at all requires a complex change order procedure that raises the price. Eventually, the sheer volume of change orders starts to add substantially to the cost and nobody really knows what the goal is anymore. The end result is held together with miles of duck tape.

            It also means no contractor that has less than 100 lawyers on staff should even bid.

            • by bobbied (2522392)

              True. I don't think that way unless I make myself...

              I'm sure the specs where horribly written either way... (Actually, I KNOW the spec was horribly written. Who wants to *read* the law anyway?)

  • by phantomfive (622387) on Wednesday October 23, 2013 @11:15AM (#45213309) Journal
    Is there anyone here who had any doubt that the health exchange system would have serious security problems, given how many problems it's had, and security bugs being harder to avoid than many other types of bugs?

    The worst part is, since this system integrates with the department of homeland security and the IRS, you don't even necessarily need to use the system for a security vulnerability to affect you.......
  • by Isca (550291) on Wednesday October 23, 2013 @11:17AM (#45213347)
    This is what happens when you don't hire people in the agencies with technical abilities to even be able to oversee the implementation of complex systems.

    Privatization is good as long as you actually have competent people with technological expertise to oversee the development. Outsourcing all of this to the lowest bidder, then that company outsourcing components to the lowest bidder (and so on, and so forth) always causes these type of issues. We need technologist inside the government that can actually manage these projects.
    • I think the whole "lowest bidder" thing is very exaggerated. The government is still looking to see who they believe can bring the project to completion by the deadline. Hell, I would've taken the contract for $10 million, but no one called me.

      Think of example of the competition between the YF-22 and YF-23 back in the early 90s. Even though the -23 was slightly better, Boeing (?) got the contract for the -22 because they took a risk and started building facilities ahead of time, then used their head star

  • ...im just gonna send images of all my hard drives and net logs to the NSA and be done with this nonsense already.

    fuck...how many ways are we being spied on and our information leaked until sensible people just throw up their hands and say "enough already!"???

    • Leaked information is like backups......everyone knows it's important, but no one cares until it affects them personally (their computer crashes or their ID is stolen).
  • by mark_reh (2015546) on Wednesday October 23, 2013 @11:26AM (#45213447) Journal

    It's been obvious for months to even the most internet-ignorant that there is no such thing as security on-line. The main concern with regard to health records security is that health insurance companies would deny coverage to people with preexisting conditions based on evidence in medical records. That's been fixed, at least in theory, by obamacare, if they ever manage to get it up and running.

    Of course, the real fix would have been to get the insurance companies out of the health insurance business altogether with a single payer system, but we are too stupid to vote for something like that. Even if we did, the insurance lobby's votes mean much more than votes of citizens going to the polls, so even if the majority came to their senses and demanded a single-payer system, it would not happen.

    OK, so we'll get more targeted spam about incontinence products, birth control, flatulence control, boner pills, etc. That will just make spam filters work a little harder.

    • The main concern with regard to health records security is that health insurance companies would deny coverage to people with preexisting conditions based on evidence in medical records.

      The main concern is someone applying for a credit card with your name, or otherwise borrowing your identity.

      • by mark_reh (2015546)

        That sounds like a SS number problem to me.

        • Yes, yes it is. If people are able to hack Healthcare.gov (which is still hypothetical at this point), they could steal your SS number. This is true even if you haven't signed up, because the system is hooked up to the IRS, among other systems.
          • You don't have to hack anything. Just buy the data off Experian.

            All you need is a credit card and an simple bit of bullshitting.

    • Re: (Score:3, Insightful)

      by mcgrew (92797) *

      The main concern with regard to health records security is that health insurance companies would deny coverage to people with preexisting conditions based on evidence in medical records. That's been fixed, at least in theory, by obamacare, if they ever manage to get it up and running.

      The ACA was passed and signed and gone through the courts; it's the law. Obamacare is in fact up and running, what's not is the federal web site.

      Your state's isn't in place? That isn't the Feds' fault, it's your state governmen

      • by mark_reh (2015546)

        "They're simply parasitic middlemen who do nothing but add cost."

        Duh! Thank god we don't have single payer healthcare! I'd much rather have someone who profits by not delivering healthcare, like an insurance person, standing between me and my doctor than some bureaucrat tasked with ensuring that money spent actually goes to healthcare. THAT would be BIG GOVERNMENT. Ugh!

      • The ACA was passed and signed and gone through the courts; it's the law.

        This was brought up a long time and debunked. No law is ever judged 100% constitutional only the aspects brought before the court are adjudicated. The mandate as a mandate was actually judged unconstitutional. The mandate as a tax is constitutional. However there are still many court cases about it which can be overturned. I know of at least two cases making their way up the courts, one being that the tax was not properly passed as a tax has to originate in the house. The second is the tax subsidies to people in states that do not have exchanges.

        Obamacare is in fact up and running, what's not is the federal web site.

        Your state's isn't in place? That isn't the Feds' fault, it's your state government's. Illinois' is in place, and we have the most dysfunctional government in the US. Why isn't yours?

        States are not required to provide exchanges, the federal government is. Many states opted out. Seems they should have been following Illinois example. Because of course you should always follow the lead of the most corrupt state in the country, where in the last 50 years 50% of it's governors went to jail, and is vying for California most insolvent.

        Of course the big question is if a state as pathetic as Illinois could do it, why couldn't the Obama administration?

        • by mcgrew (92797) *

          Illinois has thirteen million people, the US has three hundred million. You'll need 23 times as many servers, and twenty five times as robust a database that in the fed's case has to pull data from different tables in different systems and feed that data to the states' IT depts. And Illinois' problem isn't ineptness, it's corruption (although Quinn seems pretty inept).

          States opting out are cutting off their noses to spite their faces, since the feds are paying for it.

      • by rsborg (111459)

        I'd mod you up if I had points. The reason the US has such expensive health care is the insurance companies. They're simply parasitic middlemen who do nothing but add cost.

        Please don't forget about two other major reasons "healthcare" is so expensive here in the states: 1) Medical device companies that charge an arm and a leg for basic supplies and 2) Big Pharma, that for some reason (well, billion$ of reasons, actually) lobby to prevent organizations like Medicare from negotiating perscription drug costs.

        Insurance companies are evil, but with ACA, their evil has been toned down considerably (no recission from pre-existing conditions + medical loss ratio + fallback of state

  • by satsuke (263225) on Wednesday October 23, 2013 @11:44AM (#45213661)

    The larger problem isn't the actual contractor, it's in the selection process.

    At least, the companies that get these huge jobs are the ones that can successfully navigate the bidding process, as well as those that have a track record of complying with that process.

    It's a matter of the metrics used not matching the result desired.

    ACA/Obamacare health exchanges have had a lot of screwups, but I don't know if it'd work any other way initially (based on the fact that there are hundreds of agencies and different systems to interact with,. any end to end testing would have to be on "friendly" / fake results.

    • Follow the money trail and I'm certain you will find some congressperson's pockets getting lined with money by the company that got the contract
  • Just my $.02, but if you actually *provide* quality work, you don't need to have that in your company's name. Only time will tell if this also applies to the word "affordable" ... :-)

    • I find that logic applies to just about everything. If you have to have a good adjective as part of a name, the product or company probably sucks.
  • by Dunbal (464142) *
    I'm sure the company has connections to or is owned by some bigshot politician's spouse or cousin, so that makes it ok.
    • by gtall (79522)

      If you are sure, then you surely must have some evidence for why you believe this, yes?

  • by Sedated2000 (1716470) on Wednesday October 23, 2013 @11:53AM (#45213761)
    The processes and hoops you have to jump through in order to respond to their requests for proposal are ridiculously complicated. Way too often companies who are not qualified get the contract merely because they knew how to play the system.

    The government has programs to support small businesses like 8a for disadvantaged, one for businesses owned by disabled Vets, one for women owned. This does help some, but more often than not those companies are just paid so that bigger companies can bid for work and use them as the vehicle to get it. In my experience as a government contractor for most of my career I've seen countless scenarios of companies bidding for 8 resources on a task but really only using 2. I've seen them work on contracts for over a decade, and despite horrible execution of the project they continue to win the re-compete because they'll purposely squirrel away anyone who can help a new contract winner. They'll eat the cost and give people useless jobs at their corporate offices just to attempt to make the new contracting company fail.

    There is also a terrible history of nepotism involved. The entire system is abused. Officers have even set up companies and awarded contracts to themselves right before retirement. When they leave they have a ready made contracting company complete with an ongoing contract and perhaps one or two for their past performance record already. By the time they're caught, they are fined a million or so which at that point is small price to pay for them. They just had the world's best interest free business startup loan. Yes, I have first-hand knowledge of one such instance of this and I know it is definitely not an isolated incident.

    Here is an example of waste: When I was on one of my last contracts I spent months doing nothing of real consequence. Through some weird situation I was left with no project manager and no tasks. I informed all of the management who would listen, and requested work. I began to worry I'd be cut, along with the worry that if I sat idle my hard-earned skills would dull. I found another job and quit. I received a call from the vice president of the company telling me she was hearing what a great job I was doing and that they wanted to offer me a substantial raise to stay. It was then I realized they didn't care what I did. They could bill for me. By showing up I was doing a "good job". I couldn't take it and left.
    • by Anonymous Coward

      "I received a call from the vice president of the company telling me she was hearing what a great job I was doing"

      Brownie? Is that you?

  • Well.. (Score:4, Insightful)

    by TechyImmigrant (175943) on Wednesday October 23, 2013 @11:53AM (#45213765) Journal

    While it may be unsurprising that a government contractor can't get security right, expecting anyone to adhere to government security specifications is unreasonable. Take a look at them, they are a vast mess of poorly written hand waving. There are some with specifics (E.G. some of the crypto algorithm stuff), but the balance of it is 'framework' crap.

    You can make an honest job of adhering to federal computer security specs, but it's always possible to dig up another spec somewhere that contradicts it.

  • by Virtucon (127420) on Wednesday October 23, 2013 @11:57AM (#45213821)

    They're just a body shop living the H1B dream. [findthecompany.com]

    I find it somewhat repugnant that a US Healthcare website is being done by a slipshod vendor who relies on H1B staff for delivery and can't follow FIPS 200 standards? That's a no-brainer for anybody dealing with any Federal agency.

    https://oig.hhs.gov/oas/reports/region4/41205045.pdf [hhs.gov]

    QSSI had not sufficiently implemented Federal requirements for information system security controls over USB ports and devices. Specifically, QSSI had not: (1) listed essential system services or ports in its system security plan or (2) disabled, prohibited, or restricted the use of unauthorized USB device access. QSSI had not implemented USB security controls because management had not updated its USB control policies and procedures. As a result of QSSI’s insufficient controls over USB ports and devices, the PII of over 6 million Medicare beneficiaries was at greater risk from malware, inappropriate access, or theft.

    So Personally Identifiable Information for over 6 Million Medicare beneficiaries wasn't protected and they still are working and billing to provide shitty software. I wonder how much of this is now in the hands if identity thieves selling Fullz..

    your government at work folks, what a wonderful sight to behold.

    • by ZombieBraintrust (1685608) on Wednesday October 23, 2013 @12:47PM (#45214421)
      Why is this racist crap modded up. I work with H1Bs and most of them went to better colleges than I did and have better degrees than I do. Were talking about people with 10, 15 years of experiance. Now some outsourcing outfits hire people directly out of college. Quality can be low with these teams because there is alot of turnover and poor communication with an offsite team. But those people tend to work in India for a few years. The compitition for visas is high and people with no experiance don't normally get them.
      • Re: (Score:2, Flamebait)

        by Virtucon (127420)

        H1B's exist to drive down labor rates in the US, screwing over folks who are already here [motherjones.com] and they're not necessarily getting the best talent either. [informationweek.com] If you're telling me that Quality Shit Software couldn't find qualified candidates in the beltway for this project, then you're full of crap. That's not racist by the way and I object to the use of the term, but since QShit was looking for Business Analysts and Engineers, I know that there are plenty of those in DC who could have done the job. There's lots

      • by hax4bux (209237)

        Nobody gives a hoot about their universities or degree. Show us the product. Thank you, that will be all.

  • by Dachannien (617929) on Wednesday October 23, 2013 @12:01PM (#45213871)

    Just the fact that there were 55 different contractors working on healthcare.gov is reason enough to suspect that major security flaws crept in.

    The fact that the website was opened before any appreciable amount of testing was done is reason enough to suspect that most of those flaws are still undiscovered and uncorrected.

    The government's project managers didn't even come up with a full specification for the largest contractor until this past Spring, with the expectation that everything would be done and ready for business on 1 October. It's a total clusterfuck, the true scope of which likely won't be discovered for several months.

    http://www.newyorker.com/online/blogs/elements/2013/10/why-the-healthcaregov-train-wreck-happened-in-slow-motion.html [newyorker.com]

    • by Skapare (16644)

      I also blame the fact that these 55 contractors were businesses. They should be experienced developers. And 55 is too many even so. The web site could be done with 20.

    • Just the fact that there were 55 different contractors working on healthcare.gov is reason enough to suspect that major security flaws crept in.

      "When everybody is responsible, nobody is responsible."

  • by wbr1 (2538558) on Wednesday October 23, 2013 @12:04PM (#45213911)
    Is something like angieslist for government contracts and a mandate to force its use. Now, who do we contract to build it?
  • Open Source It (Score:3, Interesting)

    by ZeroSerenity (923363) <gormac05@ya h o o.com> on Wednesday October 23, 2013 @12:12PM (#45213983) Homepage Journal
  • Get ready for the torrent of people who've never dealt with gov't contracting who are just so sure they could do it better. Dunning-Krueger in the house, like usual on /.
  • by SuperKendall (25149) on Wednesday October 23, 2013 @12:19PM (#45214045)

    The worse thing about a centralized system like healthcare.gov, is that it represents a tremendously juicy target for criminals of all kinds - from ID thieves to phishers that want some personal info to run a scam. Never mind this company, I'm not sure I trust ANYONE to develop a system that is secure against the number and complexity of attacks that will be made.

    • The worse thing about a centralized system like healthcare.gov, is that it represents a tremendously juicy target for criminals of all kinds - from ID thieves to phishers that want some personal info to run a scam. Never mind this company, I'm not sure I trust ANYONE to develop a system that is secure against the number and complexity of attacks that will be made.

      Well, if the Red states weren't so stubborn as to opt-out, at least we'd have 50 different systems.

      • Well, if the Red states weren't so stubborn as to opt-out, at least we'd have 50 different systems.

        Wow, 50 different targets to crack sure is an even better choice! Especially when they all go against the same central server to record and search for sensitive data! Nothing better than giving a guy 50 chances to break into a warehouse with hundreds of millions of items of juicy data!

        • Well, if the Red states weren't so stubborn as to opt-out, at least we'd have 50 different systems.

          Wow, 50 different targets to crack sure is an even better choice! Especially when they all go against the same central server to record and search for sensitive data! Nothing better than giving a guy 50 chances to break into a warehouse with hundreds of millions of items of juicy data!

          First you claim that it's one centralized system so it's great to penetrate. Now you claim that 50 is better. Nice logic.

  • by Skapare (16644) on Wednesday October 23, 2013 @12:21PM (#45214073) Homepage

    Use in-house employees instead. Hire well-qualified experienced employees, paid well (considering the costs of living in DC if they are not working from remote).

    • by ZombieBraintrust (1685608) on Wednesday October 23, 2013 @12:52PM (#45214487)

      the biggest contractor, CGI Federal, was awarded its $94 million contract in December 2011. But the government was so slow in issuing specifications that the firm did not start writing software code until this spring. As late as the last week of September, officials were still changing features of the Web site.

      If there is no specification then your going to get a crap product. If they started in Spring then there is no way they finished in time to do several months of testing, bug fixing, and regeressing testing.

  • You're surprised? (Score:4, Insightful)

    by Overzeetop (214511) on Wednesday October 23, 2013 @12:26PM (#45214127) Journal

    List all the companies who can, in under a year, put together a $50-400M (take you pick at the number) software system to service, conservatively, 30 million people in a day and interface with legacy systems from multiple governmental agencies.

    Cross off everyone on the list who isn't set up to do government contracting
    Cross off everyone on the list who can't meet HIPAA standards
    Cross off everyone who hasn't rolled out at least three systems of similar size and complexity in the past 5 years
    Cross off everyone who is headed by a foreign national

    You're list is going to be very, very short. I'd have had you cross out those with past roll-out failures or problems, but that would have given you a blank piece of paper to start with.

  • burns the code.
  • by rock_climbing_guy (630276) on Wednesday October 23, 2013 @01:20PM (#45214907) Journal
    For what it's worth, I recently moved to Colorado and I've found that their state health insurance exchange web site works just fine. I was able to browse plans available within a few minutes.

    I think it goes to show that there's nothing extraordinary difficult about this web site. I suspect cronyism on the part of the federal government. How else can you explain that they paid ~ $600M for a web site that doesn't work. I think they could have handed that money to most anyone who posted to this discussion and gotten a better result.

    • The bottleneck seems to be in how they calculate the discount you get. If they just showed you the plans without telling you what discount you might get, then they might have avoided that particular bottleneck.
  • by Lendrick (314723) on Wednesday October 23, 2013 @02:21PM (#45215889) Homepage Journal

    I'm all in favor of the ACA. In fact, on the state level, they've done just fine (it's notable that the only reason the federal system is even necessary is because a number of states refused to do it).

    On the other hand, how the fuck did we end up with this crap? You cannot roll out a project to millions of users this quickly and without adequate load testing. Also, why the hell aren't the contractors American? All this lip service the Democrats pay every election year to eliminating tax breaks for outsourcing and they can't bother to use American companies that will guarantee the work won't be subcontracted to some other company outside the US?

    We actually have competent IT contracting firms in the US. They tend to be expensive, but they have enough experience that they can predict how long and how much it will cost to deliver working software. Ultimately, it ends up costing less in the long run to pay more up front, because the software actually does what you want it to do.

    (Of course, this might not be a matter of corruption rather than cost, but my points still apply.)

  • Right, they are terrible at it. But are other IT companies better?

    The bare concept of a contracted IT project has issue. Some engineers will work during the project time, and will move to something else once completed. That means they never face the consequences of their bad practice.

The major difference between bonds and bond traders is that the bonds will eventually mature.

Working...