Skip to content

Another Obamacare ouchie!

The experts said the site needed to be completely rebuilt to run more efficiently, making it easier to protect. They said HealthCare.gov runs on 500 million lines of code, or 25 times the size of Facebook, one of the world’s busiest sites.

“When your code base is that large it’s going to be indefensible,” Morgan Wright, CEO of a firm known as Crowd Sourced Investigations, said in an interview after testifying at the hearing.

“Do you want to defend the Great Wall of China or a very small line?”

David Kennedy, head of computer security consulting firm TrustedSec LLC and a former U.S. Marine Corps cyber-intelligence analyst, gave lawmakers a 17-page report that highlights the problems with the site and warned that some of them remain live.

The site lets people know invalid user names when logging in, allowing hackers to identify user IDs, according to the report, which also warns of other security bugs.

Avi Rubin, director of the Information Security Institute at Johns Hopkins University and an expert on health and medical security, said he needed more data before calling for a shutdown of the site.

“Bringing down the site is a very drastic response,” he told Reuters after the hearing.

But he would not use it because he is concerned about security bugs that have been made public, he said.

In written testimony, Kennedy said it would take a minimum of seven to 12 months to fix the problems with the site shut down, given the site’s complexity and size.

Eeek!

29 thoughts on “Another Obamacare ouchie!”

  1. Phase 1 – Produce a terrible healthcare website
    Phase 2 – Cause an epic collapse in healthcare provision
    Phase 3 – Suggest that only socialism can save the day
    Phase 4 – People beg for socialism
    Phase 5 – Implement socialism

    *dons tinfoil hat*

  2. Is there anything to stop Americans buying their health insurance from companies based outside the USA and thus not subject to the Obama rules that banned the policies millions of Americans were (presumably) happy with and which will thus not be renewed?

    Or will the USA claim that a healthcare company in, say, the BVI is subject to US law?

  3. I’ve not really been paying attention to what the Americans have been doing with this so feel free to correct me if I’m way off base here. But, isn’t this Healthcare exchange site the exact same thing as any number of price comparison websites?

    Users type in a few qualifying bits of data and browse the results and pick out options which look promising?

    And that needs 25 millions lines of code because why exactly?

  4. JamesV –

    Insurance is regulated at the state level. And in the USA, insurance companies are prohibited from offering insurance in any state other than the one in which they are physically located. I live in Ohio, and state law prohibits insurers outside of Ohio offering me policies. Similarly, I am prohibited from trying to purchase insurance from any company located outside of the state.

  5. Dan –

    They are not the same thing. Healthcare.gov was designed to access personal information from 17 different federal agencies to verify the information provided by applicants. Only Healthcare.gov can provide a valid calculation of policy price and any available subsidy.

  6. To Tim’s Point –

    CMS’ Cho, the IT point man on Healthcare.gov testified yesterday, and while the exchange was confusing, seemed to suggest that 60-70% of Healthcare.gov’s architecture is not yet in place. It’s unclear whether he was actually saying that, or that 30-40% of it was not in place. Either way, it is becoming clearer that the website will not approach functionality any time soon. My own guess is that it’s at least six months away. The other thing that popped up yesterday was Sebelius seeming to suggest that the site will not be fixed by November 30. What is certain is the fact that we haven’t heard anyone in the White House reiterating that it will be working by that date.

  7. @ Dennis

    Ah ok, thanks for confirming.

    What’s the thinking behind keeping everything in the same state then? That seems a bit off. If Company X based in State A want to offer their services to states B,C and D, why shouldn’t they be able to?

  8. One of the many things Obamacare didn’t do was end the ability of states to refuse insurance policies to cross state lines. It is clearly anti-competitive, offers no particular benefits or protections to consumers, and is a relic of the days before the federal government decided it must regulate everything itself. The only people who wouldn’t benefit from it are the insurance companies themselves… may they all rot in hell.

  9. States regulate health insurance. Buying across state lines is an attempt to dodge the cost of regulation.

    Additionally, states operate an insurance reserve pool so that if a company folds, its customers will still be taken care of. Out-of-state insurance companies can sell in other states, but they have to become registered and pay into the pool.

    As part of state regulations, each state has its own mandated coverage requirements, just like Obamacare has an even broader list of mandates. The key behind saving money by buying health insurance across state lines is that another state might have fewer mandates. If a company becomes registered to do business in a state, they must comply with the state’s mandates. [Obamacare’s broad mandates may make this moot, anyway.]
    States like California have massive requirements, which drive up cost.

    The libtards love to talk about all the things that have to be covered because of Obamacare, but none of it is free. The people are having to pay for what the government thinks they should have, not what they want to have or want to pay for.

  10. It doesn’t comprise half a billion lines of code. That’s utter horseshit. It’s a shopping cart bolted on to a content management system. Even with a fairly complex back-end to talk to multiple, heterogeneous databases, there’s no way the codebase is that big. KLOC (or MLOC, in this case) is a stupid metric anyway, intended only for non-technical management chumps and the general public.

  11. Like David Gillies I’m very sceptical that healthcare.gov is 500M lines of code. Producing that much code takes a long time even with large teams, several decades, not a few years. It appears quite simple too. I expect this number is inaccurate, it has been widely doubted on programming forums.

    One possibility is that the insurance vendors have to plug into the main website and they have done this with different software. Those measuring lines-of-code have measured not only the main site, but all of the insurers sites too and possibly per-state bolt-ons too. If that’s what happens then it could cause a lot of trouble, including security trouble.

    Incidentally, it’s also doubtful that facebook is 25M lines-of-code. More likely facebook have measured the number of lines-of-code in their source code repositories, which includes things like scripts that were used once and old bits of software they don’t use anymore.

  12. >It doesn’t comprise half a billion lines of code. That’s utter horseshit.

    You assume it’s been written by halfway intelligent people, with some idea how to write software.
    With tactical use of copy and paste, and a couple of hundred idiots working on it, I think you would be unpleasantly supprised just how fast half a billion lines of impenetrable, un-debugable and otherwise broken code can be produced. Usually when you get to this stage, it’s quicker to throw it all away and start again than it is to try and work out what any of it does and fix it…

  13. “in the USA, insurance companies are prohibited from offering insurance in any state other than the one in which they are physically located”: how can that possibly be constitutional?

  14. Assuming an object oriented language like Java, 500m lines of code would be half a million horribly unwieldy 1,000 line classes. Just impossible. It isn’t 500m lines. I doubt it is even 50m lines. Possibly 5m.

  15. This is a country which 44 years ago sent three men to the Moon with computing power less than my phone.

    Now even a website for purchasing health insurance is a clusterfuck for them.

    Makes you wonder how they got to the Moon at all, let alone back. I suppose it worked because the objective was actually quite simple and the failure obvious. You can’t bullshit away a capsule burning up on reentry, not even the Democrats and their eunuch media can manage that.

  16. “Out-of-state insurance companies can sell in other states, but they have to become registered and pay into the pool.”

    It is my understanding that in Ohio, insurance companies must be incorporated in Ohio to operate in Ohio. Out-of-state companies must form and incorporate a wholly owned subsidiary in the state.

  17. “This is a country which 44 years ago sent three men to the Moon with computing power less than my phone.”

    That is actually quite a simple project compared to Obamacare. The scope is simple and clear, with no ambiguity, nor was it sold on a lie either. All it was was a technical challenge with no shortage of funding and minimal actual government involvement.

    From a project management point of view, Obamacare would be a nightmare.

  18. Sorry Prole, no matter how incompetent the Obamacare coders were, a half-billion lines of code is idiotic. That figure is being compared to things like Facebook etc.. A better comparison would be that it’s twice as big as a modern Linux kernel plus all the other software in the distro. That’s everything on a computer that’s been absolutely stuffed to the gills: all the process and memory management, the filesystem code, the hardware drivers, the server daemons, the windowing system, the browsers, the office productivity software, right down to the solitaire game. Twice over. Tens of thousands of man-years of work. Even if 90% of it is redundant boilerplate that’s still an overestimate. The basic shopping cart signup portion is a few thousand lines, tops. If you’re using something like Joomla for your CMS middleware (which you should be) then a couple of web monkeys can code up front-of-house over the course of a weekend. Yes, the back-end is complex, but not spectacularly so.

  19. Please keep in mind that the 500 million line number came from an administration which cannot, collectively, count to ten without removing shoes and socks.

    And there’s always the chance that quite a few of those lines of code are sitting in a Healthcare.gov shopping cart… next to half the ‘enrollees’ the administration is including in its counts.

  20. I heard healthcare.gov is based on an old CGI system from 11 years ago.

    Lemme see . . . 500m lines of code for $650,000,000. Less than a buck each. Not bad, as government procurement goes.

  21. So Much for Subtlety

    Rob – “Makes you wonder how they got to the Moon at all, let alone back. I suppose it worked because the objective was actually quite simple and the failure obvious. You can’t bullshit away a capsule burning up on reentry, not even the Democrats and their eunuch media can manage that.”

    But the Democrats weren’t Democrats back then. They were what would now be called Right Wing Extremists. As many of them were – Bull Connor sat on the DNC after all.

    The Soviets tried a Moon mission too. They failed. So it is not just that the task was clearer.

    The Moon mission succeeded because the sort of people who did it – White, male, raised on Victorian values and tempered by memories of the Great Depression and the World Wars. You know, the sort of people you only see on re-runs of Deliverance these days. We have spent forty years calling these people the Enemy and walking away from their values.

    Is it any wonder everything fails? There is no accountability.

  22. “Makes you wonder how they got to the Moon at all, let alone back.”

    They hired a clever and experienced German.

  23. I don’t think Obamacare was meant to fail quite like this. I think the idea was that each plan is very similar because of regulations. Also, all the insurers are together in one place. That means that over time the government can figure out how the costs work, they can then replace the insurance companies with one single state insurance body.

    Now it looks like it might not get that far.

  24. dearieme, you ask “in the USA, insurance companies are prohibited from offering insurance in any state other than the one in which they are physically located”: how can that possibly be constitutional?

    Good question. I’m not sure there’s a good answer – but there’s an answer.

    A federal law called McCarran-Ferguson grants states the right to regulate insurance provided they do so, and provided the federales continue to permit it. McCarran-Ferguson was enacted following a 1944 Supreme Court ruling that the business of insurance is “interstate commerce” thus subject to federal regulation. See here for example:

    http://legal-dictionary.thefreedictionary.com/McCarran-Ferguson+Act+of+1945

    Immediately following that Court ruling, the states pressed Congress for clarification of their regulatory standing, and McCarran Ferguson was the result.

    A consequence of McCarran-Ferguson is that, if a policy is not “approved” by a state’s Department of Insurance, it cannot be issued to a resident of that state. I don’t believe physical location of the insurer is important; it’s the approval of the policy form by the state that’s important. (For technical reasons, the greatest impact is on individual insurance, not group insurance.)

    McCarran-Ferguson thus permits each state to specify what individual insurance benefits its residents can and cannot purchase. As a result citizens have no freedom to purchase an individual policy that is not approved in their state – even if it is approved in another state.

    To summarise: federal regulation of insurance (e.g., Obamacare) is Constitutional because of the Supreme Court decision that insurance is interstate commerce. Yet at the same time, Obamacare leaves McCarran-Ferguson intact. Therefore, even though insurance is legally “interstate commerce” you cannot legally buy it anywhere except in your own state.

    You can buy fertilizer sold in another state . . . but not an individual insurance policy.

Leave a Reply

Your email address will not be published. Required fields are marked *