The ObamaCare Website – The Biggest Tech Gaggle Ever?

Despite the quiet here on this subject thus far at SiliconANGLE we have been keeping our eyes on what is possibly the biggest tech topic happening in the news right now.  The issue at hand is the launch of ObamaCare online.  It’s a hot topic that is philosophically dividing the country right now along political lines, along socio-economic lines, along just about every line there is to be divided over, many Thanksgivings could get cancelled over this (there’s also this big government shutdown) – it’s that contentious.  Regardless of the variety of places to hear whatever facts and justification align with how you feel about the program, it is undeniable that this launch has been an incredible technical failure.  Straight up – an absolute failure.

404, Not Available- Could it Get Worse?

Everywhere you look there are reports of issues across the board in just its first 8 days.  Reports of the site just not being available.  Reports of people unable to even create accounts.  Those are just the first steps.  Many people have reported being unable to sign up at all, or getting caught up in loops of reset passwords and lost accounts.  If you’re lucky, once those things are clear, you can shop and select a health plan.  It’s not just reports, I saw this myself when I personally tried on the third day to see what my costs would be, my browser was in la-la land stuck waiting with an hourglass for 5 hours just to get in to generate my profile.  And then I got kicked off.  I haven’t been back.

To think, this thing hasn’t even hit the next stage yet.  The messaging being put out has been to be patient, the system is overwhelmed, but hey it’s popular, so that’s a good thing?  They’re even setting up online “waiting rooms” – you know so that way your screen at least shows something when you’re trying to sign up for healthcare.  Consider that not everyone that is going to sign up has even tried yet, because by several reports only 1/8 of the citizens that will be signing up for the program even knew the systems were coming online last week.  We keep hearing that things will get better but as the Dec 15th deadline approaches, it could actually get worse.

$634 Million Disaster

This is really playing out as a clinic in how not to launch a major website project, failing in every respect across the board, from planning, to the communications, to testing and everything in between.  Can you think of anything in history of the web that was worse?  This is the government of course and history indicates that the exchange was probably built by a number of the cheapest available contractors through a bidding program, that is actually pretty close, but just wait until you hear about the money.  The contractors behind the exchange were CGI Federal, who built the site, Quality Software Systems Inc. (CSSI) – a Canadian company that built the information hub, and Booz Allen who is responsible for enrollment and eligibility technical support.  Somewhere in that soup of contractors, they built a site that – /wait for it/ – was built for 50,000 to 60,000 concurrent users at a total cost (so far) of $634 million.  Feel free to replay that ratio.  $634,000,000/50,000.  Here’s another ratio to ponder – 50,000 users in 50 states.  I guess if you can get the work….you do it.  In this case unfortunately for many the product is downright poor.

We Think the Site Might Suck – But Launch it Anyway

Now you’re probably thinking at some point someone must have said something, spoken up, right?  Well they did, the administration was reportedly warned about this.  Repeatedly.  Major insurers, state health-care officials and even Democratic allies reported in the weeks and months leading up to the rollout that there were significant problems with the exchange, that it wasn’t ready.  Yet they were reassured that all would be fine.

Robert Laszewski, a health-care consultant with clients in the insurance industry, said insurers were complaining loudly that the site, www.healthcare.gov, was not working smoothly during frequent teleconferences with officials at the Department of Health and Human Services before the exchange’s launch and afterward. “People were pulling out their hair,” he said.

So exactly what’s happening and where has this thing failed?  Well, the possibility of a cyber attack – sorry, that has been eliminated.  That capacity statement of 50-60k users, if true, would mean a tremendous design error as projections should have been significantly higher than that.  It assumes that just as a matter of crude math, no more than 1,000 people per state would be on the site at any given time, across the country.

The Site that DDoS’s Itself

That alone is a massive bungle, but it does get worse, it appears however this thing was designed, the site is essentially pulling a Denial of Service attack on itself.  Yeah.

One possible cause of the problems is that hitting “apply” on HealthCare.gov causes 92 separate files, plug-ins and other mammoth swarms of data to stream between the user’s computer and the servers powering the government website, said Matthew Hancock, an independent expert in website design. He was able to track the files being requested through a feature in the Firefox browser.

Of the 92 he found, 56 were JavaScript files, including plug-ins that make it easier for code to work on multiple browsers (such as Microsoft Corp’s Internet Explorer and Google Inc’s Chrome) and let users upload files to HealthCare.gov.

It is not clear why the upload function was included.

“They set up the website in such a way that too many requests to the server arrived at the same time,” Hancock said.

So perhaps the traffic was the first mistake, but the application itself is poorly, poorly written.  From a technical standard the operation has failed on every single level possible.

Sorry, You Have to Start Over

Communications and support on these issues – another flaming issue and colossal fail.  Check this out – one of the most recent “fixes” was to reset the passwords of every single account in the system.  So for that “fortunate” minority that actually got to register at one point but didn’t get as far as the database – all of those people will now have to completely re-register because their account names will not be available.

It’s Not Looking Good

Ladies and Gentlemen, this is about as ugly any kind of site deployment gets.  They had three and a half years to get this right, do better and more testing.  They have failed miserably and they are handling it miserably.  There clearly should have been more testing, and with all due respect to Matthew Hancock, discovering these issues was as easy as using some freely available plugins to a free web browser used by millions of people around the world.  That’s pretty sad.  Now, there are ways to fix it using technology – Application monitoring, machine data, DevOps, Big Data – those are all things that could help.  Get some people in there, maybe Google, or Facebook or someone – they handle way more traffic than that.  You have to wonder if it’s too late.  We were told this was for the 47 million uninsured.  Is there any way this site can serve even half of that?  A quarter?  Until the word is out that things are better or just the plain truth of “we screwed up” – I’m giving the Affordable Care Act technical effort a big thumbs down, one-star review, whatever – this is not ready for primetime.  Hopefully this is not a harbinger of things to come, but many have predicted that to be the case.

404 Picture credit: Hot Air

About John Casaretto

SiliconANGLE's CyberSecurity Editor - Have a story tip or feedback? Please reach out to me! Security is as critical as ever and our mission is to uncover those stories that will help our industry be more secure.