White House Going With 'Security By Obscurity' As Excuse For Refusing To Release Healthcare.gov Security Details
from the hackers! dept
But when the Associated Press filed a Freedom of Information Act request to find out how Healthcare.gov was handing its security it got rejected because, according to the White House, it might teach hackers how to break into the system:
In denying access to the documents, including what's known as a site security plan, Medicare told the AP that disclosing them could violate health-privacy laws because it might give hackers enough information to break into the service.Of course, that suggests that merely revealing the security steps the site has taken will reveal massive vulnerabilities -- and, as most people with even the slightest bit of technological knowledge know, if that's the case, then it's likely the site has already been compromised. If revealing the security setup for the site will leave it open to being hacked, we should probably assume the site was hacked a long, long time ago. If they're deploying security right, merely telling the world what they're doing wouldn't increase the risk. The fact that they're afraid it will suggests that the security plan is dangerously weak.
"We concluded that releasing this information would potentially cause an unwarranted risk to consumers' private information," CMS spokesman Aaron Albright said in a statement.