Risk Factor iconRisk Factor

DARPA Seeks Self-Healing Networks

This Week in Cybercrime DARPA, the U.S. military’s R&D arm, announced this week that it will pay US $2 million to the winner of its Cyber Grand Challenge, a contest aimed at developing an automated network defense system that actively searches for and identifies vulnerabilities and patches them on the fly. “Today, our time to patch a newly discovered security flaw is measured in days,” Mike Walker, DARPA program manager, told Kaspersky Threatpost. “Through automatic recognition and remediation of software flaws, the term for a new cyberattack may change from zero-day to zero-second,” says Walker.

Read More

Corporate Recruiters Insist There Really Is a STEM Worker Shortage

The Wall Street Journal published a story yesterday titled,  “More Businesses Want Workers With Math or Science Degrees” that highlights a new STEM skills shortage study. The article states that:

Bayer Corp., the U.S. arm of the German chemical and pharmaceutical giant Bayer AG, is due to release a report this week showing that half of the recruiters from large U.S. companies surveyed couldn't find enough job candidates with four-year STEM degrees in a timely manner; some said that had led to more recruitment of foreigners.

The shortages were most acute in engineering and computer-related fields, the recruiters said. The survey, completed in August, included 150 recruiters from 117 companies, all on the Fortune 1000 list of large companies.

About two-thirds of the recruiters surveyed said their companies were creating more STEM positions than other types of jobs.

So, to be clear, half the recruiters in 117 companies (assuming no double counting of recruiters) say that they have trouble hiring STEM workers quickly enough. Oh my, that is terrible! Of course, left unsaid, half of the recruiters surveyed apparently aren't having any such difficulty in their hiring, which sort of undermines the notion that there is much of a shortage.

In addition, it's difficult to determine from the WSJ article exactly how much the recruiters were willing to offer in terms of salaries and benefits to those oh-so-hard-to-find STEM workers. Maybe those companies that are complaining about a STEM skill shortage should try emulating Netflix, which is willing pay a little bit extra to get the talent it needs. It doesn't seem to complain about a skills shortage.

Or maybe, as this new Ed. D. dissertation from the University of Pennsylvania reported, recruiters are having trouble because "employers have a requirement for experience for new [STEM] hires." The dissertation research found contrary to reports, there "was not a shortage of new STEM graduates in Ohio."

Furthermore, the recruiters' decision to recruit foreigners because they couldn't quickly find the right STEM skills in the United States has to be taken with a very large grain of salt as well. As Silicon Valley recruiting company Bright.com admitted over the summer, it could find only a handful of computer-related jobs in the Valley where a skills shortage that might justify hiring guest workers can legitimately be claimed to exist.

More details can be found in the Bayer press release and accompanying  report which was disclosed during the Bayer-sponsored “debate” being held today in Washington, D.C. to discuss these “shortages” the corporate recruiters are supposedly having. From the skewed questions (e.g., Are unfilled STEM jobs bad for business?) asked the embarrassing small number of recruiters who bothered to answer the survey in the report, it is easy to see that the exercise was all about whipping up support for the notion that the STEM Crisis is not a myth (as I strongly contend) and that more government money needs to be committed to the efforts (of those on the debate panel) to eliminate the terrible STEM skills shortage plaguing the United States.

The survey results, by the way, have a  +/- 8 percent margin of error at a 95 percent confidence level.

Of course, recruiters and their employers have long been whining about students not having the right science and math skills, as can be seen in this previous Bayer report from 1997. Bayer should have just republished it with a 2013 date to save itself some time and money.

Interestingly, the most recent Bayer study and its findings sound very similar to a doom and gloom piece printed in American Airlines American Way magazine from 2003 in which was cited a projection by the Bureau of Labor Statistics that the United States would be short 10 million workers by 2010. Funny, that shortage didn’t seem to have happened.

Furthermore, the American Way article quoted Norman Maas, at the time the North American senior vice president of human resources for German chemical company BASF,  saying that he:

... figures that by 2010 he’ll have to replace about 75 percent of BASF Corporation’s 13 000 workers in North America. What he can’t figure is where he’s going to get them. Especially when it comes to finding large numbers of highly skilled chemical engineers and managers capable of overseeing a diverse, multilingual workforce.

As senior vice president of human resources for the $8.2 billion chemical company, Maas is not expecting an easy decade.

“The size of the pool gets smaller and smaller, and the demand for those skills gets bigger and bigger," Maas laments. "So you have more companies competing for a smaller and smaller group of talented people.”

Hmm … checking BASF’s annual report for North American in 2010 (pdf), the company listed 16 487 employees with a turnover of 11.2 billion euros (or about US $15.3 billion).

The 2010 BASF annual report doesn’t mention a skills shortage, but does note: “Like many companies, we are experiencing significant demographic shifts. Many of our employees are potentially approaching retirement; 'next generation' employees are entering the workforce with new expectations and ways of working; and ‘minorities’ are becoming majorities in the pools of talent coming out of colleges and universities and across our customer base. Faced with many changes coming together at the same time, we are taking advantage of once-in-a-generation opportunities to transform our workforce and gain competitive advantages.”

So, the dire problem that Maas was concerned with instead actually turned out to be a once-in-a-generation opportunity for BASF; imagine that.

I expect that the vast majority of recruiters surveyed in the most recent Bayer report who claim a STEM skill shortage are buying into overly pessimistic spin on finding STEM skills just as Maas did. And of course, what better way to have a built in excuse if you are unsuccessful at hiring new STEM employees or to look like a hero if you are able to overcome the perils of such a dire shortage?

Photo: iStockphoto

Spiders Trap Toyotas

IT Hiccups of the WeekThe “Apple-like glitches” affecting the Affordable Care Act website and its supporting systems continue to dominate the news, especially with the Obama Administration’s admission over the weekend that the “best and brightest” IT cavalry needs to be called in to rescue it, if that is even possible. The on-going issue will be explored in more depth in the Risk Factor at a later time.  

While it is extremely difficult to turn our eyes away from the slow motion ACA IT train wreck, there were other IT derailments of interest last week as well, including spiders that cause Toyota airbags to unexpectedly deploy (spiders also caused problems with Mazda vehicles a few years ago), another airline reservation system meltdown, this time affecting easyJet in the UK, and Florida’s shaky start to its new unemployment insurance system.

Spiders Like Toyota, But the Feeling Isn’t Mutual

Spiders Force Toyota to Recall 800 000 Cars

Spiders Blocking AC Unit, Force Recall of 870 000 Toyotas

Toyota Recalls 885 000 Vehicles, Spiders Get Part of the Blame

easyJet Suffers European-wide System Failure

easyJet Reservation System Crashes

Technical Issue Hits easyJet Reservation System

easyJet Faces Big Compensation Claim for Reservation System Problems

Florida’s New Unemployment System Bumpy Start

Problems Persist in New Unemployment Claims System

More Phone Lines Opened to Handle Unemployment Claims

Deloitte-Designed Florida Unemployment System Draws Fire

State Downplaying Problems with New Unemployment Claims System

Of Other Interest…

Level 3 Outage Affects East Coast Internet Traffic for 24 Hours

California EDD Refuses to Release Documents on Broken Unemployment Computer System

Long Distance Bus Service in India Hit by Week Long Ticketing Glitch

Software Issue Delays New Park-and-Display Parking Meters in Little Rock, Arkansas

Australian Telecom Optus Refunds A$8.8 Million to 235 000 Customers for 2 Year Billing Error

United Airlines Says It Wasn’t a Glitch and Cancels “Free Tickets” This Time

Photo: iStockphoto

Obamacare Data Hub Security Faces Scrutiny

We already know that the HealthCare.gov website and many of the state-run healthcare insurance exchanges created as part of the Obamacare rollout hit the ground crawling on 1 October. There is much left to be said about the players in that still-unfolding debacle. But there’s an element of the drama—namely data security—that will likely get increasing attention as fixes aimed at letting the uninsured sign up for coverage allows millions of people to finally input their personal information. But Congress is wasting no time: Members of Congress want answers about Obamacare Data Hub security measures

 

In Other Cybercrime News…

  • Hackers broke into a database at PR Newswire that contained login credentials and contact information for the press release distribution service’s customers—tens of thousands of companies and public relations agencies

Image: iStock

California’s EDD Unemployment System Disaster: Predictable Fiasco?

The unemployment insurance payment system fiasco presided over by California’s Employment Development Department (EDD) just keeps getting more bizarre by the week. California has the largest unemployment system in the U.S., distributing about $33 million a day in unemployment checks to some 800 000 claimants when everything is working properly. This week it was revealed that EDD management knew its new unemployment system contained potentially major operational flaws, but decided to roll it out anyway.

As I noted last month, the EDD has spent US $157.8 million upgrading the state’s 30-year-old unemployment payment processing system. The upgraded system was originally supposed to cost $35 million and go live in 2009 (pdf), but a series of ridiculously incomplete (if not incompetent) definitions of the system’s requirements by EDD officials significantly pushed up the project’s cost and delayed its delivery schedule.

The EDD finally transitioned to its upgraded unemployment payment system over this year's Labor Day Holiday weekend (31 August to 2 September). There were a few reported hiccups with the transition at that time, but nothing seemed too far amiss during the first week after the switch. In fact, EDD officials reportedly were congratulating themselves on a job well done.

However, by the second week after the transition, it became increasingly clear that there were the proverbial "technical issues" cropping up within the unemployment system. The EDD announced that while the new “system is working as designed,” there were “some processing delays in [the] transition” from the old to new benefits system.  Nonetheless, the EDD said that it was “working around the clock to catch up on unemployment claims.” A San Francisco Chronicle story quoted an EDD spokesperson who claimed only about 5 percent of the unemployment benefit claims—or about 20 000—were negatively affected by the upgrade's technical issues. She added that, “We apologize for the inconvenience to those affected.”

A few days later, though, the EDD started to hint to the press that the problem might be a bit bigger than it first let on. The EDD said that the new system was misreading legacy beneficiary data, and that it didn’t realize the issue would be so widespread. Rule number one in any transition from a legacy system to its replacement is to ensure that existing data is clean, consistent and complete so that it can be imported into the new system with little difficulty as possible. So that admission of wide-spread data quality issues was not an especially good sign. Word was also filtering out from EDD employees that the scope of the problem was in fact huge, but the EDD wouldn’t dignify those claims by making a comment.

Eventually, the EDD admitted that the number of affected claimants was closer to 50 000 instead of its previously estimated 20 000. The agency reiterated that its employees were “working around the clock and through the weekends to try and get these payments issued for the customers eligible and waiting for benefits.”

A few days later, the EDD revised its numbers upwards again, suddenly acknowledging that 185 000 unemployed Californians had been impacted by the system’s operational problems and that 80 000 claimants still hadn’t received their checks three weeks after the upgraded system went live.

As the debacle entered its fourth week, Marty Morgenstern, California's Secretary of Labor and Workforce Development, finally weighed in, saying that the continuing delays were “unacceptable.” With Gov. Jerry Brown’s support, an order was given “to immediately begin the process of paying backlogged claims for continued UI [unemployment insurance] benefits prior to a final determination of eligibility.”

Morgenstern’s order helped whittle down the backlog, and by the middle of the next week, the EDD officially declared victory (pdf). The agency proudly proclaimed during the first week of October that its “aggressive efforts succeed[ed] in eliminating our backlog of certifications.” That is an interesting choice of words, since the backlog was mostly eliminated by Morgensten allowing a bypass around a core system requirement.  Even so, EDD’s claims to have eliminated the backlog were immediately challenged by many unemployed Californians complaining that they still hadn’t received payments due them, a story at the LA Times stated.

Then another problem surfaced: apparently the claim forms needed to keep unemployment benefits flowing to beneficiaries went missing, the LA Times reported in a separate story. The Times reported that when queried about the missing forms, an EDD spokesperson initially “side-stepped” the question, then gave what amounted to a non-answer, and then wouldn’t respond to further questions from the newspaper about the missing forms.

The ongoing problems had, by early October, spurred a number of state legislators to call for an investigation into the system’s contractor, Deloitte Consulting. As I have previously described in more detail, EDD gave the contract to Deloitte despite the company having a long history of troubled IT projects across California state and local governments.

The most recent bombshell hit this Monday, when the Sacramento Bee followed up on a story first reported by television station KXTV in Sacramento last Friday. The station along with the Bee reported that the new unemployment system was "broken from the start," that EDD officials knew it was broken, and that they moved forward with the system’s roll out anyway. Furthermore, said the reports, when EDD realized that there was indeed a major problem with the system after it went live, officials tried to blame the press for magnifying the severity of the issue. And when that didn’t work, they turned to blaming budget cuts for the lack of testing performed on the system. Just as damning were the reports' revelations about insider e-mails indicating that as many as 300 000 Californians had been affected by issues with the system, not the 185 000 the EDD was publicly claiming.

EDD officials claimed that tests conducted before the new system was rolled out indicated that all the problems would be manageable. And, furthermore, if the tests had suggested otherwise, EDD officials insisted, the agency would have delayed the system's debut. Yet the KXTV story indicates that the errors found during unit tests in early system builds were routinely being passed onto future system builds without ever being corrected. (In some quarters, this is considered poor software development practice, while in others, it is seen as a good business strategy for ensuring future software maintenance work.) Internal EDD IT programmers who sounded the alarm about this practice of kicking the can down the road were said to have been ignored.

Massachusetts, whose own unemployment system has been having problems as well, recently admitted that its original contract with Deloitte to modernize that state’s $46 million unemployment system was “flawed” and allowed Deloitte  “to miss deadlines and still charge the state some $6 million more than originally planned,” the Boston Globe reported in September. State legislators in Massachusetts announced earlier this month that hearings are going to be held to look into the problems with the Deloitte-built unemployment system's roll out.

Last week, Florida began its move to a new unemployment system also developed (late and over-budget) by Deloitte, and, you guessed it: there are reported problems there as well. It is too soon to tell if Deloitte will face another embarrassing government hearing in Florida, but I wouldn’t bet heavily against it.

These latest disclosures seemed to finally force reluctant senior California politicians this week to agree to hold hearings on the EDD development next month or in December. Hopefully when they do, they’ll remember to ask Deloitte why it keeps insisting that the unemployment system is working and why it believes that none of the problems experienced to date are because of a “breakdown or flaw in the software Deloitte developed.”

Photo: Damian Dovarganes/AP Photo

Talking about the STEM Crisis Myth

Last month’s article “The STEM Crisis Is a Myth,” by IEEE Spectrum contributing editor Robert N. Charette, triggered a hearty response from readers. Many commenters shared his view—that there is no shortage of scientists and engineers—and quite a few were against it. It seemed clear that a discussion of the issue should continue.

And so, on 7 October, IEEE and Arizona State University’s Consortium for Science, Policy and Outcomes, convened a conversation between Charette and CSPO co-director Dan Sarewitz at CSPO’s Washington, D.C., office, just north of Dupont Circle. For those of you held back from attending by the government shutdown, the torrential rain, or the fact that you live nowhere near D.C., we’re posting a video of the hour-long event.

Radio fans can listen to Charette’s recent interview on NPR’s “Here and Now”. And Spectrum’s expanded coverage of the STEM crisis can be found here.

IT Hiccups of the Week: Electronics Benefits System Outage Hits 17 States

Last week saw computer-related problems still plaguing California’s modernized unemployment insurance system, and warnings of potential problems with Florida’s new unemployment system that is now being rolled out. There were also widespread problems with the IT systems supporting the Affordable Care Act, but these will be discussed in detail in a Risk Factor post later this week.  We start our review of IT Hiccups from last week with an outage over the weekend affecting the food assistance card payment system used in 17 states.

Problems with Electronic Benefits Debit Cards in 17 States on Saturday

Customers Experiencing Problems with EBT Cards

EBT Goes Down For Hours in 17 States during Routine Test of Backup Systems

EBT Glitch Exploited in Louisiana after Showing No Limits

Xerox: EBT Problems Resolved

Software Problem Takes Down Canada’s Rogers Communications Wireless Service

Software Glitch Blamed for Massive Rogers Outage

Rogers Apologizes for Canada-Wide Outage

Rogers Outage Highlights Canadian 911 System Issue

California Unemployment System Still Not Properly Fixed

California EDD Can’t Keep Pace with Unemployment Claims

EDD’s “Fully Functional” System Suffers More Problems

EDD $100 Million System: “Broken from the Start”?

Legislators Call for Investigation into EDD System

Fonterra Dairy’s New Software Systems Hides the Cheese in New Zealand

Software Issues Hits Milk and Cheese Supplies

Glitch Cheeses off Customers

Of Other Interest…

New Florida Unemployment System Rollout May Be Bring Benefits Delay

North Carolina Healthcare Providers Still Waiting to Get Paid by State’s New Medicaid System

NASA Jupiter Probe Now Fully Operational After Anomaly

Asda Supermarket’s Software Error Allows Free UK Shopping

Computer Problem Strands Universal Studios Roller Coaster Riders

Sydney’s Central Business District hit by Optus and Virgin Mobile Outage

Major College Online Application System Malfunctioning

Photo: Rich Pedroncelli/AP Photo

New Report Says Cyberthreats Multiplying Like Tribbles

Hackers have proven time and time again that they’ll eventually find a way to defeat any single digital security method. Their motivation to do so is evident in the fact that, on average, more than 150 000 new, unique malware strains are unleashed each day. That’s one of the startling conclusions drawn by analysts from the Aite Group in the report “Cyberthreats: Multiplying Like Tribbles” that was released earlier this week.

Tribbles were fictional creatures featured on the TV series Star Trek. They multiplied so rapidly that their consumption of resources grew exponentially. The same appears to be true of cybercrime. Julie Conroy, research director at Aite’s banking division and coauthor of the report, told IEEE Spectrum that last year, hackers were pumping out 72 000 new malware strains per day, less than half of the current level of cybercrime activity.

So, what’s the upshot? According to the report, “The username/password combination as an authenticator is officially broken…the sole relevant use of this combination is now that of a database look-up mechanism.” More than half of computer users don’t follow security experts’ advice to choose different, strong passwords for each of their online sign-ups—which allows a blaze in a small thicket to engulf a person’s entire online forest, so to speak. But what if you do follow best practices? “Nobody is ever 100 percent secure,” is the report’s sobering conclusion.

It does, however, point out steps that businesses such as banks, which are the primary targets of cybercrime, are taking to make a hacker’s job harder.

Among them are new ways to prevent a hacker from pretending to be an actual customer. Technology is available that will allow your bank to generate a “device fingerprint” for the computer, tablet, or smartphone you regularly use to conduct transactions. Business conducted from an unknown device automatically triggers more authentication steps.

Firms are also looking to use behavioral analytics. The vendor would collect data about how the customer interacts with, say, his or her smartphone. If the person using the handset owned by John Q. Smith (confirmed by the device fingerprint) doesn’t press the keys or swipe the touch screen the way Mr. Smith usually does, red flags would be raised.

Asked whether these security measures might be considered too intrusive, Conroy says they’re built into the process so that the average customer doesn’t even know it’s happening. “The aim is to perform a balancing act,” she says. “Businesses are asking themselves: How do we enable a secure environment without appearing to be Big Brother?”

Striking that balance may be impossible—especially in light of the fact that the U.S. government has and continues to force companies to turn over customer data. Conroy,whose research focuses on fraud, data security, and preventing money laundering, acknowledges that these new strategies may be implemented at the cost of a little privacy. But, she says, the alternative may be the loss of online and mobile channels for conducting business as the benefits of e-commerce are devoured by the rising tide of Tribbles. How much is being consumed? The report predicts that businesses worldwide will suffer more than half a billion dollars in losses from corporate account takeovers. Cyberthieves will take nearly US $800 million in 2016, say the analysts.

Image: Paramount Pictures

IT Hiccups of the Week

IT Hiccups of the Week The format of IT Hiccups of the Week is changing. It will now be more an aggregation of stories of IT-related system troubles from around the Web. This week saw a wide-range of IT snafus and snarls affecting millions of people, starting with the sign-up troubles involving the public health exchanges being created under the U.S. Patient Protection and Affordable Care Act (pdf) and more issues with U.S state IT projects.

U.S. State IT System Problems Piling Up

California EDD Department Says Backlog Cleared, Many Unemployed Say Not True

Nevada  Blames Feds for Recent New Unemployment System  Woes

Michigan’s New Unemployment Insurance System Stumbles Out of the Gate

Kansas Hospitals Bitterly Complain about State’s New Medicaid System 10 Months after Going Live

Massachusetts Senate Panel to Hold Hearings on Troubled New Unemployment Insurance System

North Carolina Lawmakers to Investigate Poor Medicaid and Food Stamp Systems Rollouts

Scotland’s Largest Health Board Suffers Major System Crash

NHS Greater Glasgow and Clyde Health Board Says IT System Affecting 11 Hospitals Finally Fixed

 “Unique” Active Directory Glitch Blamed for IT Failure at Scottish Hospitals

Minister Orders Investigation into Scotland NHS Computer Chaos

Of Other Interest…

Bank Error Makes World’s First Multi-Trillionaire

Tesco Pricing Glitch Sells 12-Piece Dinnerware Set for 56p

Weis Markets Charges Customers Credit Cards Multiple Times across Its 165 Stores in 5 States

Chrysler to Fix Software Flaw in 140 000 Pickups and SUVs Worldwide

Telstra in Australia Email Outage Angers Users

France Blames Phone Company “Malfunction” for Wrong August Unemployment Numbers

Photo: iStockphoto

Obamacare Exchange Sign-ups Hobbled by IT Systems Not Ready for Prime Time

I don’t need to tell anyone about the controversy surrounding the Affordable Care Act (more commonly known as Obamacare). It was the central issue in the game of brinksmanship that led to the U.S. government shutdown last week. But mirroring that mind-blowing dysfunction was the less-than-stellar 1 October rollout of the federal website healthcare.gov. The Obamacare-mandated Web portal lets consumers who don’t have employer-sponsored medical insurance meet the legal requirement to sign up for health coverage through the states where they reside. (To be precise, healthcare.gov is for residents of 36 states whose governments opted not to set up independent healthcare exchanges.) Online exchanges for some of the other 14 states and the District of Columbia also debuted with disappointing results.

So, what happened? Well, it’s no secret that governments are terrible at IT project implementation. Examples abound—as regular readers of The Risk Factor are well aware. (Some of our reporting on recent foul-ups is here, here, and here.) There’s been little evidence so far that these projects are any different.

The Department of Health and Human Services (HHS) reported Wednesday that there were 6.1 million unique visitors to healthcare.gov on the first day and a half after the site opened on Tuesday. By Friday, that number had surpassed the 8 million mark. That’s a good indicator of the level of interest in getting signed up for health coverage. But it’s only part of the picture. What HHS purposely left out (and left to our imagination) is the actual number of enrollments. Officials said they would probably release enrollment numbers next month after tabulating totals from, online, call centers, and paper enrollments. But the picture that’s forming based on anecdotal evidence is not pretty.

Most attempts to reach the federal website resulted in this:

“We have a lot of visitors on our site right now, and we're working to make your experience here better. Please wait here until we send you to the log-in page. Thank you for your patience.”

Or this:

“Important: Your account couldnt (sic) be created at this time. The system is unavailable."

According to a Los Angeles Times story, community groups aiming to help people sign up have been frustrated in their attempts to do so. Even large insurance companies, which have a vested interest in getting people enrolled in the exchanges, were unsuccessful in the early going. For example, a spokesman for Blue Cross Blue Shield of Louisiana, that state's largest insurer, told the Los Angeles Times that, as of Wednesday, the company hadn't been able to enroll anyone through the federal website. Others who left in frustration included reporters including one for the Huffington Post, who said: “Though officials from the Centers for Medicare and Medicaid Services said they'd made strides correcting the federal exchanges' problems, The Huffington Post made dozens of attempts and still couldn't sign into the website late Tuesday afternoon.”

"We have had a few slowdowns, a few glitches, but it's sort of a great problem to have. It's based on the fact that the volume has been so high and the interest is so high," Health and Human Services Secretary Kathleen Sebelius said on MSNBC Tuesday. "We're working quickly to fix that."

U.S. Chief Technology Officer Todd Park explained further, pointing out that the government expected HealthCare.gov to draw only as many as 60 000 simultaneous users. That estimate was apparently based on a projection from the volume experienced nearly a decade ago on a site for Medicare Part D. But at peak, the Obamacare site was being deluged by up to 250 000 people at a time.

"These bugs were functions of volume,'' Park told USA Today. "Take away the volume and it works.''  Right. Take away widespread interest in signing up for health insurance, and the portal through which people are supposed to sign up for health insurance will work as intended.

The system’s performance invited a swipe from an IT official from the previous administration. “Whoever thought it would draw 60,000 people wasn't reading the administration's press releases,” David Brailer, former national coordinator of health care information technology under George W. Bush, told USA Today. “The Medicare Part D site [launched in 2006] was supposed to have 20,000 simultaneous users and was [built to accommodate] 150,000, and that was back when computing was done on an abacus. It isn't that hard.”

The news wasn’t any better with the state-run exchanges. California residents were stuck in traffic along both routes to enrollment there: computer glitches stymied attempts to sign up online, while hold times at telephone call centers topped 30 minutes. The computer system created to, among other things, log a consumer’s data and determine whether he or she is eligible for government subsidies to cover part of the premiums, responded so poorly that its operators were forced to shut down the online enrollment system twice. According to the L.A. Times story, “Officials were pleased with the strong consumer interest and vowed to fix the problems.”

On the opposite coast, officials in the second most populous state fielding its own exchange reported what could generously be described as an anomaly. State of Health, the healthcare portal serving New York State, which has a population of roughly 18 million, had reportedly received 30 million hits by late Wednesday, prompting some observers to suspect that hackers may plotting a break-in or an out and out takeover. Whether that’s true or not, Donna Frescatore, director of the state’s exchange, confirmed that despite all that activity, only about 12 000 people had managed to enroll by Wednesday evening.

Responding to questions about the extraordinarily high volume, Frescatore told the Wall Street Journal that, “We have no evidence that this is anything but people learning more about [the site].” Furthermore, said Frescatore, state officials are not looking into the possibility that cybercrime was a contributing factor.

Ahhh…the power of positive thinking.

We can all keep our fingers crossed, but the issue of security will likely pop up again. As we recently reported on this blog, privacy safeguards have likely taken a backseat to getting the exchanges open on time. Another IEEE Spectrum post focusing on the exchanges’ security issues is here.

There’s no question that the overwhelming interest caught New York flat footed. Officials took the Web portal offline Tuesday night. Once the smoke cleared, they doubled its capacity and implemented some fixes aimed at keeping it from getting hung up as it did throughout its first day of real-world operation. What happened on day two? The same thing, more or less.

California and New York weren’t alone in their misery. According to a Huffington Post article, at “Maryland Health Connection, Kynect [Kentucky’s exchange], Connect for Health Colorado, Rhode Island's Health Source RI and others, consumers faced obstacles to setting up accounts or comparing plans—or even viewing the websites at various points in the day.” The Chicago Tribune reported that a glitch affecting Illinois’ exchange—missing fields in an online form—left people attempting to enroll in on the first day unable to figure out whether they were eligible for the federal subsidy for premiums. Though that problem was remedied by the middle of the day, sailing still wasn’t smooth, said the Chicago Tribune article. Illinois Gov. Pat Quinn’s advice for those who had trouble accessing the site? "Just keep trying."

Criticism of the portals’ bumpy first week has come from all quarters. But the rollout still has its apologists. In an e-mail sent to the Huffington Post, Jonathan Gruber, a Massachusetts Institute of Technology economist who was an architect of the 2006 Massachusetts health care regime after which Obamacare was modeled, says,

"Hours or even days is not the relevant timeframe for evaluating exchanges. The question is simply whether there are ways that folks can sign up to get insurance by Jan. 1. That is a question for late November, not early October. If things are really buggy in six weeks, that could be more of an issue."

The best “Keep hope alive” message had to be the widely reported one delivered by HHS Secretary Sebelius.

“I clearly have an iPad and I also have an iPhone and about 10 days ago I got the prompt that the operating system had changed,” Sebelius said. Noting that the experience wasn’t great, she added that, “everyone just assumes ‘well there’s a problem, [Apple will] fix it.’” Here’s the good part: “We’re building a complicated piece of technology, and hopefully you’ll give us the same slack you give Apple.”

Matthew Yglesias, writing for Slate, deftly picks the Sebelius comment apart:

“Apple, like any private business, is customer-driven. Apple knows that if it doesn’t provide good products and services, the public will exercise its options, and go to Samsung and Android, or Windows, or even Blackberry…Apple, the world’s most-valuable brand, has a reputation for producing quality products that work. The government has exactly the opposite track record. There is no public confidence in government programs, whether they be in veterans’ affairs, the postal service, the stability of Social Security, containing spending, managing contracts, rooting out fraud, the IRS, the NSA, the EPA, immigration, self-investigating, protecting our Embassies and personnel — you name it.”

As the federal and state governments have repeatedly reminded us, the more than 40 million U.S. residents without employer-sponsored health insurance have until 15 December to enroll in order to get coverage on 1 January, and until 31 March to avoid being assessed a penalty. Will the sites’ managers get their respective acts together in time? I won’t call Sebelius’ and Gruber’s optimistic takes on the situation into question. I’ll simply direct readers’ attention once again to the Risk Factor links in the second paragraph of this post. They’re concrete illustrations of the points Yglesias makes.

Here are links to several other related articles:

Photo: Mike Segar/Reuters

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Advertisement
Load More