Buried in the source code of Healthcare.gov is this sentence that could prove embarrassing: "You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system." Though not visible to users and obviously not intended as part of the terms and conditions, the language is nevertheless a part of the underlying code for the "Terms & Conditions" page on the site.Representative Joe Barton (R-TX) confronted Cheryl Campbell, senior vice president of CGI Federal Inc., one of the main contractors responsible for coding the site, about the language last week and she declined to take responsibility for including it, but said that it was a matter for the Centers for Medicare and Medicaid Services (CMS) to address. Wednesday, Rep. Barton took up the question with Sebelius, the head of Health and Human Services (HHS) of which CMS is a part. The Washington Free Beacon reported on Sebelius's response:
“It is my understanding that that is boilerplate language that should not have been in this particular contract because there are — the highest security standards in place and people have every right to expect privacy,” Sebelius said to Rep. Joe Barton (R., Texas).
Sebelius assured Barton that the language would be removed saying, “we have had those discussions with CGI [Federal] and it is underway. I do absolutely commit to protecting the privacy of the American public and we have asked them to remove that statement.”Sebelius's response is a tacit admission from the federal government that the inclusion of the statement posed a legitimate privacy concern, a position not shared by Rep. Frank Pallone (D-NJ) who uttered his widely reported "monkey court" remark in response to Rep. Barton's inquiry at last week's hearing.
The removal of the inappropriate privacy-related code is not the only revision made recently at the Obamacare website. Earlier this week, copyright language was restored to an open-source script that was used by programmers at Healthcare.gov without proper attribution. The change followed a mid-October report by THE WEEKLY STANDARD on the license violation.
Note: A version of this article first appeared at The Weekly Standard.