What could possibly have motivated the Centers for Medicare and Medicaid Services to refuse to release even a single document about the healthcare.gov site’s security in response to a Freedom of Information Act request submitted by the Associated Press? The AP announced that its request had been refused last week and, by way of explanation, cited a statement from CMS spokesman Aaron Albright that “releasing this information would potentially cause an unwarranted risk to consumers’ private information.” It’s hard to imagine that any documents the agency could have released would have generated more doubts about the site’s security than those remarks. The best way to protect the site—and its users—would be to stop defending it against legitimate questions and release some of the requested information.
There’s an episode of The West Wing in which staffer Josh Lyman sarcastically tells the White House press corps that the president has a secret plan to fight inflation. Suddenly, that’s the only thing any of the reporters want to talk about. Just replace “secret plan to fight inflation” with “secret plan to fight online intruders,” and it’s the same thing. Is there any surer way to generate a lot of interest in the security of healthcare.gov than to shroud it in secrecy?