During the State of the Union address, President Obama announced a new initiative to protect Americans’ personal information online. The first place he might want to look is the government’s own HealthCare.Gov.

Inspections by tech experts from Catchpoint Systems and the Associated Press found over 50 third-party sites connected to HealthCare.Gov. (That many connections running in the background could help explain slow loading on the site.) These data companies can’t see your name, birth date or Social Security number, but they may have access to a visitor’s age, income, ZIP code, even whether they smoke or are pregnant. And the right combination could correlate these with other internet browsing habits.

It’s not that data collection is unusual on the web, but for these to be on a government site that deals with sensitive medical information is more troubling than your average ad customization.

Why are such third-party trackers even there?

The Obama administration says advertising and Web analytics sites have access to HealthCare.Gov to measure performance and streamline visitors’ experience. The sites are not to use any information collected for their companies’ purposes.

Mehdi Daoudi, CEO of Catchpoint Systems which investigated the site, isn’t convinced these vendors are necessary for the stated purpose. “Anything that is health-related is something very private. Personally, I look at this… government website, and I don’t know what is going on between the government and Facebook, and Google, and Twitter. Why is that there?

Outside vendors on a website are a potential point of failure and often “the weakest link in your privacy and security chain,” says another cybersecurity consultant who worked for the Bush administration.

She also questioned the number and type of vendors attached to HealthCare.Gov, calling it “overkill.” “You don’t need all of that data to do customer service. We know hackers are just waiting at the door, salivating to get at this data.”

So far, there’s been no evidence of misuse. But we don’t need violations to occur before we can be concerned about the threat. All the pieces are there – they just need the right person to put the data together, and then we’ll have a really serious breach of privacy.

The goal for this period of Obamacare enrollment is 9 million by February 15. With that many visitors, why would we just wait for the inevitable breach to happen?

About The Author

Mark was a co-founder of the Tea Party Patriots, and served as the national coordinator. He left the organization to work more broadly on expanding the self-governance movement beyond the partisan divide. Mark appears regularly on television in outlets as diverse as MSNBC, ABC, NBC, Fox News, CNN, Bloomberg, Fox Business and the BBC. He’s highly sought after for the tea party perspective from print and electronic media outlets, from the Wall Street Journal, New York Times, L.A. Times, Washington Examiner, Politico and the The Hill. Mark blogs at MarkMeckler.com, and his opinion editorials regularly run in many of the leading political newspapers both on and offline. Mark has a BA in English from San Diego State University and graduated with honors from University of the Pacific, McGeorge School of Law in 1988. He practiced real estate and business law for almost a decade. For the last eleven years of his legal career he specialized in Internet advertising law. When not fighting for the future of our nation, Mark is an avid horseman, and lives in rural northern California with his wife Patty and two children.

Leave a Reply

Your email address will not be published.

7 + 7 =