HealthCare.gov gives trackers info on pregnancy, income and more

The U.S. government’s healthcare insurance sign-up site HealthCare.gov is quietly handing over deeply personal information to advertising and social networks, according to a Tuesday Associated Press report.

The Electronic Frontier Foundation (EFF) followed up by checking out what’s being passed on, and discovered it includes things like pregnancy status, income level, zipcode, smoking status, parental status and age. The information is being sent in the referrer header, which lets requested resources linked to from within HeathCare.gov know which page the request is coming from. It’s also sometimes “embedded in the request string itself,” the EFF said.

The EFF found that the information is being sent in both the referrer header and request string to analytics sites [company]Chartbeat[/company] and [company]Optimizely[/company], [company]Google[/company]’s DoubleClick ad service, and Google itself. Personal-data-rich referrer headers are also finding their way to services such as [company]Twitter[/company], [company]Yahoo[/company], [company]YouTube[/company], [company]Akamai[/company] and – according to AP – [company]Facebook[/company]. HealthCare.gov does this even if the user has turned on Do Not Track.

HealthCare.gov spokesman Aaron Albright told AP that outside vendors “are prohibited from using information from these tools on HealthCare.gov for their companies’ purposes,” and they’re only there for site performance measurement purposes. There is indeed no evidence of the data being misused.

However, experts questioned why the likes of Facebook and Google had to get this information (Google itself denied allowing its systems to target ads based on medical history information.) As the EFF’s Cooper Quintin pointed out, there are enormous opportunities for a service like DoubleClick to match up the data with other tracking information about the target. He also noted that the use of third-party resources creates more of an “attack surface” that hackers could use to gain access to the site.

Microsoft vet DelBene called up to fix Healthcare.gov

http://www.politico.com/story/2013/12/kurt-delbene-jeff-zients-obamacare-101237.html

The Obama administration will name Microsoft executive Kurt DelBene as its point person to fix what ails Healthcare.gov, according to Politico. DelBene, who is president of Microsoft’s  Office division. would replace Jeff Zientz, who will move on to be the director of the National Economic Council next year. DelBene has government connections: His wife is freshman Rep. Suzan DelBene (D-Wash.).

Terremark cloud outage makes things worse for HealthCare.gov

According to Reuters, the Verizon Terremark data center experienced a failure on Sunday that led it to lose network connectivity.  Not unusual, but, in this case, it managed to take down the embattled HealthCare.gov web site that has been the source of much stress for the current administration

Terremark operates the data center behind a federal system.  The data center determines eligibility for government subsidies to buy insurance nationwide and hosts HealthCare.gov.  While the initial issues have been mostly around bugs and scaling issues, this recent outage only compounds the problems.

“Online insurance exchanges opened on October 1 under the law to offer health insurance plans to millions of uninsured Americans. But it has been marred by technical glitches and delays as would-be customers encounter error messages and long waits, often failing to make it through the system despite repeated tries.”

The lessons to be learned from the HealthCare.gov debacle include the fact that deployments of such high traffic on-demand applications have to go through the right amount of testing.  However, I suspect the issues are more around bad architecture than bad clouds; the site was just not designed to scale.