If they at some later stage got found out to have massaged the data they would just blame it on some office intern who would then be fired and claim it was a statistical fault, politicians only get the where they are by lying, blaming others for their failures, being able to gaslight the public and being able to perform a complete u-turn on a subject and flat out deny it to your face they had done so. Many people forget that politicians have no spine, morals or inclination to tell the truth, especially when the opposite with assist their position. I have no experience of the system, but is it possible to sign a family up with one session, because I can see them easily adjusting it so instead of one signup they've got 5 etc From: cypherpunks [mailto:cypherpunks-bounces@cpunks.org] On Behalf Of jim bell Sent: Wednesday, April 09, 2014 6:29 PM To: Steve Furlong Cc: cypherpunks@cpunks.org Subject: Re: healthcare.gov vulnerability? From: Steve Furlong On Wed, Apr 9, 2014 at 2:36 AM, jim bell wrote:

...

Might somebody (potentially a supporter of Obama and/or Obamacare) have

...

deliberately 'spammed' it with fake signups, simply to get the number of

...

such signups increased?

Possible, I suppose, but why bother? They could just make up numbers and they'd be repeated as gospel by the l>apdogs, lickspittles, and fellow travellers. ref practically every other number coming from the US federal and >state governments.

True, but I think they'd prefer to (later on) be able to blame some unknown-named and unidentifiable 'hacker-types' than to implicate themselves. ("I'm shocked, shocked to find that gambling is going on in here!") This tactic wouldn't be useful at all if follow-on data (like actually-paid accounts) were released. Probably this explains why those numbers remain elusive even today. Jim Bell

From: "dan@geer.org" To: jim bell

Jim, And I wonder how all the tax preparation sites plus irs.gov are waltzing with Heartbleed just now.  April 15 is Tuesday... --dan

Yes, it's amazing how much security on the Internet is constructed on foundations of sand, 23 years (for example) after the writing of PGP.  Organizations such as the NSA and CIA should be required to show that they are pulling their own weight, by discovering and fixing these kinds of bugs.  After all, ostensibly they exist for the benefit of the citizenry of America, right?  I would question the raison d'etre of the NSA if it found itself more interested in maintaining the existence of security bugs, than of closing them.  The NSA can't claim that nobody else could find them or exploit them. As for my idea about healthcare.gov vulnerability:  I thought of this many months ago, but I decided not to post it until the deadline had virtually expired.  (Although, it wasn't like I thought I was the only one who could imagine such a thing!).   I was amazed by the lack of discussion in the lamestream media about the potential vulnerabilities of people's personal data.  But, even more obvious to me was the fact that healthcare.gov virtually invited people to enter false data: It refused to provide people information about health care plans until they had entered their own personal information.  A person would be motivated to enter a mostly-fake set of data, solely for the purpose of getting access to the plans. And, there was a potential 'innocent reason':  Systems like this might get 'stuck', making it difficult to correct data, and people might be tempted to initiate a new account, solely for the purpose of abandoning old data.    I realized that depending on how well healthcare.gov had been written, a cracker with a script could upload thousands or even over a million accounts, presumably for the purpose of making the account-numbers look good.             Jim Bell