Why Healthcare.gov Sucks? Because They Hired Political Cronies, Not Internet Native Companies To Build It

(Mis)Uses of Technology

from the you're-doing-it-wrong dept

There’s been plenty of talk lately about just how screwed up the launch of Healthcare.gov has been. While any massively large-scale internet launch is likely to suffer some problems, the level of disaster on this particular project has been quite impressive. This has led some to wonder why this happened, especially given the reputation of President Obama’s “web-savvy” campaign team. The answers aren’t too hard to figure out, of course. First off, the campaign team is quite different from the team implementing this — which was handled by the Department of Health and Human Services. But, more importantly: it appears that the federal government basically handed this project over to the same crew of giant government contractors, who have a long history of screwed up giant IT projects, and almost no sense of the “internet native” world.

The Sunlight Foundation (link above) figured out the list of contractors who worked on the site, and noted that the big ones not only are well-known DC power-player insiders, but they’re also big on the lobbying and political contributions side of things. You’ve got companies like… Booz Allen Hamilton, famous for promoting cyberwar hype and employing Ed Snowden. There’s defense contracting giant Northrup Grumman. Then there’s SAIC — which I can’t believe can still get government business. This is the same firm that famously was given a $380 million contract to revamp the FBI system, on which it went $220 million over budget, and then saw the entire system scrapped after it (literally) brought some users to tears, and the FBI realized it was useless in fighting terrorism. SAIC is also the company that NYC Mayor Bloomberg demanded return $600 million after a city computer project (budgeted at $68 million) actually cost $740 million. SAIC has a long list of similar spectacular failures on government IT projects.

As you look down the list put together by the Sunlight Foundation, it’s all companies like this: giant monstrosities which are simply tied in closely with the government. All the large consulting firms are listed: Accenture, Deloitte, PricewaterhouseCoopers, McKinsey. What’s missing? Basically any company with even the slightest smidgen of experience building and maintaining large-scale, public-facing web-based apps. The list has no “internet native” companies.

Many, many years ago, I worked for an e-commerce startup here in Silicon Valley, and I ended up (sort of by default) in charge of trying to open up the government market for what we were doing. It involved meeting with a slew of all-too-slick, ex-politician, ex-military “consultants” with no technical knowledge whatsoever, who, for $15k to $25k/month retainers plus a (large) cut of any deal, would drink hard liquor and promise to “connect” us with big companies with government connections, and then help us sneak past the government bidding process to get no-bid contracts. It was an eye-opening experience that highlighted for me that getting government contracts in the tech world was very much about who you knew, rather than any actual knowledge, skills or experience. While this was quite a long time ago, it would appear that little has changed.

Filed Under: cronies, government contractors, government it, healthcare.gov
Companies: booz allen hamilton, mckinsey, northrup grumman, saic

Oakland's City Wide Surveillance Network Being Built By Contractor With A History Of Fraud And Little Regard For Civil Liberties

Failures

from the city-must-want-this-system-built-in-the-worst-way dept

I don’t know what version of its CV Science Applications International Corporation (SAIC) handed in to the city of Oakland, but it must have been one that glossed over a whole lot of its recent history. “A fool and his money are soon parted,” it’s often said, but if SAIC’s “work” with New York City is any indication, a fool and his money are painfully separated exponentially over the next decade.

In the late 1990s, New York began a program to transition tens of thousands of municipal employees from paper punch cards to digital palm scanners, ostensibly to counter fraud. Dubbed CityTime, the project’s initial budget was $68 million. But after SAIC acquired the company that had won the competitive bidding process for the work, CityTime’s cost mushroomed to more than $740 million in ten years.

What NYC received in exchange for three-quarters of a billion dollars was a network of well-financed kickback recipients… and not much else. As Mike wrote back in 2011, one of things you don’t do to Mayor Mike Bloomberg is screw him over in a business deal.

Apparently, NYC Mayor Michael Bloomberg has had a similar experience with SAIC and the new computer system for NYC it’s been building. But, Bloomberg is a businessman by trade, rather than a politician, so when a company charges you $600 million (way over budget from the original $63 million), he knows that you ask for your money back. So that’s what he’s doing. He’s demanding a $600 million refund from SAIC.

Bloomberg demanded $600 million and, backed by the DOJ, managed to recover $500 million of that. This means SAIC walked away with $240 million on a job quoted at $68 million. On the strength of that experience alone, Oakland should have had serious reservations about bringing SAIC on a new project, but it appears to be blissfully unaware of SAIC’s past.

It’s unclear if Oakland’s mayor, city council, or city administrator vetted the company before approving the DAC contract. Nothing in the Oakland Public Safety Committee meeting records, nor the meetings of the full council, indicate that the city looked into SAIC’s record before handing over millions in federal grant dollars. In an interview last month, neither of the two city officials in charge of the DAC — Domingo and Ahsan Baig, the city’s information technology manager — were aware of SAIC’s past record of fraud, cost overruns, and failed projects.

Councilman Dan Kalb said he also wasn’t aware of SAIC’s record with other cities or its various military and Department of Homeland Security contracts. “The administration made the decision as to which contractor to go with,” Kalb said, referring to City Administrator Deanna Santana’s office. “Apparently, last year the council gave the administration the authority to work with the port to decide on the contractor.” Other members of the council did not respond to a request for comment.

This is already bad — no one involved appears to have the faintest idea about SAIC’s past — but it gets much worse. SAIC has been contracted to build a surveillance network in Oakland called the Domain Awareness Center (DAC). This expansion of the Port of Oakland’s DAC to a citywide entity is being battled by civil liberty advocates and other citizens of Oakland. Putting SAIC on the project adds its rap sheet of white collar crime and human rights abuses to the mix.

In recent years, SAIC has been accused of defrauding municipal governments, bribing foreign officials, and delivering shoddy products. And when the company does deliver the goods at cost and on time, it’s often for militarized projects linked to human rights abuses. Among SAIC’s recent contracts: training the Egyptian military, operating drones used to kill foreign citizens, building and operating portions of the NSA’s internet spying system used on Americans, and more.

Because of its inability or unwillingness to vet its bidders, Oakland is basically setting itself up to be defrauded and placing its citizens in the hands of a contractor willing to perform nearly any job for the right price. (A price which seems to vastly exceed the quote a majority of the time.)

Here’s what SAIC has failed to get off the ground in recent years, despite taking home millions of tax dollars.

– From 2000-2004, SAIC collected $600 million to build a new computer system for the FBI and delivered an end product so disastrous, the FBI immediately scrapped it and began looking for another contractor and a new system. (Not that it mattered. Work began in 2006 and the system finally went 100% live in August of 2012.)

– A several-hundred-million dollar project for Greece (actual amount seemingly unknown due to multiples layers of shady accounting), which (again) suffered from major cost overruns, fraudulent activity and (of course) didn’t work as advertised with “only a fraction of the cameras installed actually providing footage.”

– Received $46 million to train Egypt’s army under the US Army’s supervision — several members of which have gone on to kill “hundreds of protesters” in recent months.

– This:

“SAIC was also responsible for a failed multibillion-dollar intelligence system project for the National Security Agency called Trailblazer that was junked in 2006 and characterized as one of the worst intelligence failures in US history.”

Despite this failure, the NSA brought SAIC as a contractor on XKEYSCORE.

In addition to this list of failures, SAIC has also tormented the private sector by birthing patent troll VirnetX, which managed to secure $368.2 million in damages from Apple despite being on track to gross $72,000 for the entirety of 2012.

This is the entity the city of Oakland has chosen to do business with on a surveillance project — a contractor whose primary contracts are with the military and who sports a horrendous track record on the both the contracting side and the civil liberties side. Maybe the city’s hoping it will just get the civil liberties-violating side (one high-ranking city official has suggested the program should be used to “control public demonstrations”) and walk away without being gouged too horribly on the contracting front. And if it doesn’t it’s all just play money tax dollars anyway.

Filed Under: oakland, surveillance
Companies: saic

Feds Accused Of Distributing Malware That De-Anonymizes Tor Users

(Mis)Uses of Technology

from the left-hand,-meet-the-anonymous-right-hand dept

It’s somewhat well known that the popular Tor anonymous browsing system gets a significant amount of funding from the US government. In the past, the suggestion had always been that the State Department was a major supporter because of its belief that Tor would help dissidents in other countries communicate better via anonymous systems. However, now there’s a lot of buzz because it appears that a bit of malware that was discovered this weekend targeting Tor users, may have come directly from the FBI itself. The implication isn’t against the Tor project at all, but rather it appears that whoever pushed out this malware did so by using a vulnerability targreting people using the Tor Browser Bundle — a Firefox bundle that builds in Tor — browsing a variety of hidden sites (available only to Tor users) hosted by the somewhat infamous Freedom Hosting. Freedom Hosting’s boss, Eric Eoin Marques was arrested in Ireland last week as the US is trying to extradite him. But, what was more interesting was what some people discovered on all Freedom Hosting pages:

Shortly after Marques’ arrest last week, all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included websites that had nothing to do with child pornography, such as the secure email provider TorMail.

Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in eastern Virginia.

By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser.

Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network.

So why do people think the feds are involved? The bit of malware scoops up various identifying information — MAC address and Windows hostname — and then sends it to a server in Virginia to find the real IP address of the computer in question. The Virginia server is controlled by the infamous contractor SAIC, who works with numerous government agencies.

It’s no secret that law enforcement has wanted to identify folks who are trying to be anonymous. And, as discussed just last week, the FBI has been using malware at an increasing rate. So it wouldn’t be a huge surprise to find out that little tricky bit of malware was designed to provide more info on Tor users who might be up to nefarious activity (or, you know, they might just want to surf anonymously). I imagine that this is not the end of this particular story…

Filed Under: eric eoin marques, fbi, government, malware, state department, tor
Companies: freedom hosting, saic

Mayor Bloomberg Demands SAIC Pay Back $600 Million In Cost Overruns For NYC Computer System

Computers

from the good-for-him dept

Over the years, we’ve chronicled a number of absolutely ridiculous over-budget computer systems for government agencies. My favorite still remains the FBI computer system — which was over budget by hundreds of millions of dollars, was useless at finding terrorists, was so bad that a contractor had to use some free internet tools to hack into the system just to get his work done, and was so confusing that a computer science professor who reviewed the system said he and some others thought of going on a crime spree the day the FBI switched over. That system was built by SAIC, and the FBI ended up scrapping it and starting from scratch. But, as far as I know, the FBI never asked SAIC for the $600 or so million in taxpayer money it spent on the system back.

Apparently, NYC Mayor Michael Bloomberg has had a similar experience with SAIC and the new computer system for NYC it’s been building. But, Bloomberg is a businessman by trade, rather than a politician, so when a company charges you $600 million (way overbudget from the original $63 million), he knows that you ask for your money back. So that’s what he’s doing. He’s demanding a $600 million refund from SAIC. Part of the issue is that, as with many of these type of projects, there appears to have been significant fraud involved:

The recent indictment of SAIC’s leader project manager on the CityTime job, Gerard Denault, as well as the guilty plea to criminal charges made by SAIC systems engineer Carl Bell, who designed the software, are “extremely troubling and raise questions about SAIC’s corporate responsibility and internal controls to prevent and combat fraud,” he added. Denault and Bell were charged with were charged with taking kickbacks, wire fraud and money laundering.

Also recently indicted were Reddy and Padma Allen, a couple who head up New Jersey systems integrator TechnoDyne, which was SAIC’s primary subcontractor on the CityTime project. Federal authorities allege that the Allens and others conducted an elaborate overbilling and kickback scheme that siphoned millions of dollars from the project.

Federal authorities have also contended that SAIC had received a whistleblower complaint about the project as far back as 2005, Bloomberg said in the letter. “It is unclear what SAIC did at that time to investigate these serious allegations.”

I would imagine that SAIC has no interest in paying back $600 million, but it could make for an interesting lawsuit if Bloomberg decides to press the matter.

Filed Under: computers, cost overrun, michael bloomberg, nyc
Companies: saic