Legal Hacking Into Obamacare HealthCare.Gov Website Programming Software (Coding) Yields Unbelievable Results

This reporter is a former military (Air Force) and government (Navy) computer systems engineer.  A sample of his military computer engineering credentials can be reviewed by clicking on this link.

For the past couple of days this reporter has been legally hacking into the HealthCare.Gov website HTML (Hypertext Markup Language) software (coding) of the site’s web pages and has found unbelievable information that is not available to the casual user or customer of HealthCare.Gov.  These “hacking” ventures have disclosed numerous weaknesses and hidden messages in the HealthCare.Gov software that is not available to the casual user or customer of  HealthCare.Gov.

In the computer code on one page this notification was found hidden:

Let us know how we’re doing

You can help us to meet our plain language goals by letting us know when we fall short. If you have trouble understanding any documents or material on our websites, please send an email to the Department of Health and Human Services Deputy Executive Secretary and Plain Writing Coordinator Oliver Potts, who can be reached at hhsplainwriting@hhs.gov. You can also reach agency plain writing coordinators by e-mailing hhsplainwriting@hhs.gov. Coordinators across the Department include:

If the casual user of HealthCare.Gov knew this email, hhsplainwriting@hhs.gov, was available, it is reasonable to assume that this email address would be overwhelmed with complaints about the HealthCare.Gov website that evidence the repeated violation of the plain writing rules and regulations.

However,  don’t get excited about sending an email complaint to this address because when this reporter attempted to do so he received the following response:

Sorry, we were unable to deliver your message to the following address.

<hhsplainwriting@hhs.gov>:
No MX or A records for hhs.gov

Also hidden in the HealthCare.Gov computer code is a link to the Department of Health and Human Services Plain Writing Act Compliance Report April 2013.

Another violation of computer coding is referring to another website for images.  The following HTML coding was found during legal hacking:

<div>
			<h3><a href="#">Get started</a></h3>
			<p>You haven't started your application yet: 
or watch a video about why it's a good idea to apply.</p>
			<img src="http://placehold.it/375x250&amp;text=TBD"
alt="" title="">
		</div>

The code refers to the website http://placehold.it/375×250&amp;text=TBD to place an image on the webpage.  It is extremely bad coding to insert images into an HTML program by linking to other websites.  The image should instead be filed on the HealthCare.Gov website directory so that if the website www.placehold.it ever goes down or is removed the image is preserved for the HealthCare.Gov website forever.

For those of you who are frustrated, on the main page at HealthCare.Gov this reporter found code that takes you to the Facebook page at https://www.facebook.com/Healthcare.gov where you can share your gripes:

href=’https://www.facebook.com/Healthcare.gov‘

A link was also found to GooglePlus, another site to air your gripes:

<link href=”https://plus.google.com/112755994883163074657“

This reporter also found what is called “commented out code” on the main web page at HealthCare.Gov :

<!–[if IE]><link rel=’stylesheet’ href=’/css/ie.css’ type=’text/css’ /><![endif]–>
<!–[if lt IE 9]><link rel=”stylesheet” type=”text/css” href=”/css/ie-lt-9.css” /><![endif]–>
<!–[if IE 8]><link rel=”stylesheet” type=”text/css” href=”/css/ie-8.css” /><![endif]–>
<!–[if IE 7]><link rel=”stylesheet” type=”text/css” href=”/css/ie-7.css” /><![endif]–>

This means that when a line has a “!”, highlighted in red above, at the beginning it is a comment line.  This means that the code on the line is not executed, it is just a comment.  In this code the program should be checking for the version of Internet Explorer (IE) being used.  Because these lines are commented out the program does not check for the version of IE being used by the customer using the website.

In the login page at https://www.healthcare.gov/marketplace/global/en_US/registration two coding problems were found.  The first, again, is that coding is being commented out evidencing that the code presented to the public was not software validated.  There should be no commented-out code in a final product sent to the public for public use.

<!–<link href=”http://fonts.googleapis.com/css?family=Open+Sans:400,600,700″ rel=”stylesheet” type=”text/css” />

The second problem, again, is that the HTML program makes reference to an outside website, http://fonts.googleapis.com/css?family=Open+Sans:400,600,700, that is subject to going down or being removed.  This is a serious programming error that violates configuration management protocol and defeats control of the software development process.  Yes, the government and its contractors lose control of the software configuration if these programming blunders occur.

More serious programming problems arise in the “chat” webpage at https://www.healthcare.gov/chat/ .  In this pate we again have bad coding references to other websites.

<!– Le HTML5 shim, for IE6-8 support of HTML5 elements –>
<!–[if lt IE 9]>
<script src=”http://html5shim.googlecode.com/svn/trunk/html5.js“></script>
<![endif]–>
<!– Le fav and touch icons –>

 Again, if the website http://html5shim.googlecode.com were to go down or be removed, the software system at HealthCare.Gov would be compromised.  This is not only bad programming, its lousy programming that should not have ever passed through software validation testing by the government or its contractors.

The above story does not address the totality of the failures in the Obamacare implementation at HealthCare.Gov .

At the time of the publication of the above story this reporter has debugged (software validated) this story to make sure that all HTML formatting and links worked.  The Government and its Contractors should have done the same for HealthCare.Gov .  The HTML code for the above story is at the end of this story for those of you who are computer-minded.

Lastly, this reporter contacted the CHAT folk at HealthCare.Gov and the following dialogue took place:

[06:09:50 am]: Thanks for contacting Health Insurance Marketplace Live Chat. Please wait while we connect you to someone who can help.
[06:09:54 am]: Please be patient while we’re helping other people.
[06:11:25 am]: Please be patient while we’re helping other people.
[06:11:52 am]: Welcome! You’re now connected to Health Insurance Marketplace Live Chat.

Thanks for contacting us. My name is Nicholas. To protect your privacy, please don’t provide any personal information, like Social Security Number, or any other sensitive medical or personal information.
[06:11:58 am]: Nicholas
Hello, how may I help you?
[06:12:15 am]: CALLER
Please review the following stories about the problems with the website: http://baycommunitynews.com/legal-hacking-into-obamacare-healthcare-gov-website-programming-software-coding-yields-unbelievable-results/
[06:12:41 am]: CALLER
And, http://baycommunitynews.com/healthcare-gov-computer-program-coding-a-disaster-filled-with-errors-and-incomplete-html-coding/
[06:13:23 am]: CALLER
Then check with your superiors to find out how you can escalate these problems to someone who can fix them…
[06:13:24 am]: Nicholas
I apologize, but I am unable to view .com based websites.
[06:13:51 am]: CALLER
Then please refer this to someone who can…OK?
[06:16:07 am]: CALLER
I wrote these stories to help you find the problems. I’ve spent days researching the computer programming problems with the website and I would hope my efforts would not be ignored, but instead referred to computer experts that understand these problems and can find a way to fix them…
[06:17:30 am]: CALLER
The text of this CHAT session will be included in my next story.
[06:18:00 am]: Nicholas
I will try to forward these on for you.
[06:18:22 am]: CALLER
Thank you…to whom will you forward them to?
[06:20:06 am]: Nicholas
I can submit them to the people who error reports and bug feedback are sent to.
[06:20:35 am]: CALLER
That should work, but who are those people?
[06:22:37 am]: Nicholas
the main information I know is that they are referred to as the XOC, but I do not have any other significant information on them at the moment.
[06:25:19 am]: Nicholas
Are you still there?
[06:26:58 am]: Nicholas
Thank you for contacting Health Insurance Marketplace Live Chat. We are here to help you 24 hours a day, 7 days a week.
[06:26:58 am]: CALLER
Thanks…I’m a former government computer software engineer. In my last two stories I’ve found numerous programming problems in the HealthCare.Gov website. When you get home you might want to personally bring up my stories so that you understand that we are not dealing with a customer traffic overload on the system but are instead dealing with a number of software problems that were not caught by government and contractor computer experts. These problems need to be fixed and they won’t be fixed unless input from folks like myself are forwarded to the software verification folk with the government (HHS) and their contractors…
[06:28:11 am]: Nicholas
Your support is appreciated, and I have forwarded the two links you have provided to them.
[06:28:49 am]: CALLER
Thanks again…that’s all I’ve got…have a great morming…but a last question…where are you located???
[06:29:21 am]: Nicholas
I am in Kansas, though the centers handling this are in multiple states.
[06:29:44 am]: CALLER
Thanks…again that’s all I’ve got…BYE…
[06:29:57 am]: Nicholas
Thank you for contacting Health Insurance Marketplace Live Chat. We are here to help you 24 hours a day, 7 days a week.
[06:31:24 am]: ‘Nicholas’ has left the chat session.
[06:31:25 am]: Your chat session is over. Thanks for contacting us, and we hope we’ve answered your questions. Have a great day.
[06:31:25 am]: 10/10/2013

Review the Following HTML Programming (Coding) for the Above Story:

This reporter is a former military (Air Force) and government (Navy) computer systems engineer.  A sample of his military computer engineering credentials can be reviewed by clicking on <a href=”http://www.kevinearlwood.com/19850103OfficerReportRECaptKevinWood.pdf”>this link</a>.

For the past couple of days this reporter has been legally <a href=”http://en.wikipedia.org/wiki/Hack_(computer_security)”>hacking</a> into the <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> website HTML (Hypertext Markup Language) software (coding) of the site’s web pages and has found unbelievable information that is not available to the casual user or customer of <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a>.  These “<a href=”http://en.wikipedia.org/wiki/Hack_(computer_security)”>hacking</a>” ventures have disclosed numerous weaknesses and hidden messages in the <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> software that is not available to the casual user or customer of  <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a>.

In the computer code on one page this notification was found hidden:
<h2 style=”padding-left: 60px;”><strong>Let us know how we’re doing</strong></h2>
<p style=”padding-left: 60px;”>You can help us to meet our plain language goals by letting us know when we fall short. If you have trouble understanding any documents or material on our websites, please send an email to the Department of Health and Human Services Deputy Executive Secretary and Plain Writing Coordinator Oliver Potts, who can be reached at <a href=”mailto:hhsplainwriting@hhs.gov”>hhsplainwriting@hhs.gov</a>. You can also reach agency plain writing coordinators by e-mailing <a href=”mailto:hhsplainwriting@hhs.gov”>hhsplainwriting@hhs.gov</a>. Coordinators across the Department include:</p>

<table width=”80%” border=”1″ cellspacing=”0″ cellpadding=”0″ align=”center”>
<tbody>
<tr>
<th scope=”col” valign=”top”>
<p align=”center”><strong>Office</strong></p>
</th>
<th scope=”col” valign=”top”>
<p align=”center”><strong>Name</strong></p>
</th>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>ACL-Administration for Community Living</p>
</td>
<td valign=”top”>
<p align=”center”>Carol Crecy</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>AHRQ-Agency for Healthcare Research &amp; Quality</p>
</td>
<td valign=”top”>
<p align=”center”>Randie Siegel</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>ASA-Assistant Secretary for Administration</p>
</td>
<td valign=”top”>
<p align=”center”>Trina Greer</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>ASFR-Assistant Secretary for Financial Resources</p>
</td>
<td valign=”top”>
<p align=”center”>Pam Sessoms</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>ASL-Assistant Secretary for Legislation</p>
</td>
<td valign=”top”>
<p align=”center”>Fatima Cuevas</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>ASPR-Assistant Secretary for Preparedness and Response</p>
</td>
<td valign=”top”>
<p align=”center”>Ben Goldhaber</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>CDC-Centers for Disease Control &amp; Prevention</p>
</td>
<td valign=”top”>
<p align=”center”>Cynthia Baur</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>CMS-Centers for Medicare &amp; Medicaid Services</p>
</td>
<td valign=”top”>
<p align=”center”>Mary Wallace</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>DAB-Departmental Appeals Board</p>
</td>
<td valign=”top”>
<p align=”center”>Christopher Randolph</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>FDA-Food &amp; Drug Administration</p>
</td>
<td valign=”top”>
<p align=”center”>Kathy Weil</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>HRSA-Health Resources and Services Administration</p>
</td>
<td valign=”top”>
<p align=”center”>Judy Andrew</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>IEA-Intergovernmental and External Affairs</p>
</td>
<td valign=”top”>
<p align=”center”>Nikki Bratcher-Bowman</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>NIH-National Institutes of Health</p>
</td>
<td valign=”top”>
<p align=”center”>Marin Pearson Allen</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>OASH-Office of the Assistant Secretary for Health</p>
</td>
<td valign=”top”>
<p align=”center”>Linda Harris</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>OCR-Office for Civil Rights</p>
</td>
<td valign=”top”>
<p align=”center”>Steven Novy</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>OGA-Office of Global Affairs</p>
</td>
<td valign=”top”>
<p align=”center”>Mary Pokryfki</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>OIG-Office of the Inspector General</p>
</td>
<td valign=”top”>
<p align=”center”>Rose Folsom</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>OMHA-Office of Medicare Hearings and Appeals</p>
</td>
<td valign=”top”>
<p align=”center”>Randy Vanderpool</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>ONC-National Coordinator for Health Information Technology</p>
</td>
<td valign=”top”>
<p align=”center”>Lisa Lewis</p>
</td>
</tr>
<tr>
<td scope=”row” valign=”top”>
<p align=”center”>SAMHSA-Substance Abuse and Mental Health Services Administration</p>
</td>
<td valign=”top”>
<p align=”center”>Marla Hendriksson</p>
</td>
</tr>
</tbody>
</table>
If the casual user of <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> knew this email, <a href=”mailto:hhsplainwriting@hhs.gov”>hhsplainwriting@hhs.gov</a>, was available, it is reasonable to assume that this email address would be overwhelmed with complaints about the <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> website that evidence the repeated violation of the plain writing rules and regulations.

However,  don’t get excited about sending an email complaint to this address because when this reporter attempted to do so he received the following response:
<p style=”padding-left: 30px;”>Sorry, we were unable to deliver your message to the following address.</p>
<p style=”padding-left: 30px;”>&lt;<a id=”yui_3_7_2_1_1381391244278_9970″ href=”mailto:hhsplainwriting@hhs.gov”>hhsplainwriting@hhs.gov</a>&gt;:
No MX or A records for <a id=”yui_3_7_2_1_1381391244278_9971″ href=”http://hhs.gov/” target=”_blank”>hhs.gov</a></p>
Also hidden in the <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> computer code is a link to the Department of Health and Human Services Plain Writing Act <a href=”http://www.hhs.gov/open/recordsandreports/plainwritingact/plain_writing_act_compliance_report_april_2013.pdf”>Compliance Report April 2013</a>.

Another violation of computer coding is referring to another website for images.  The following HTML coding was found during legal hacking:
<pre style=”padding-left: 30px;”>&lt;div&gt;
&lt;h3&gt;&lt;a href=”#”&gt;Get started&lt;/a&gt;&lt;/h3&gt;
&lt;p&gt;You haven’t started your application yet:
or watch a video about why it’s a good idea to apply.&lt;/p&gt;
&lt;img src=”<span style=”color: #ff0000;”>http://placehold.it/375×250&amp;amp;text=TBD</span>”
alt=”" title=”"&gt;
&lt;/div&gt;</pre>
The code refers to the website <a href=”http://placehold.it/375×250&amp;amp;text=TBD”>http://placehold.it/375×250&amp;amp;text=TBD</a> to place an image on the webpage.  It is extremely bad coding to insert images into an HTML program by linking to other websites.  The image should instead be filed on the <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> website directory so that if the website <a href=”http://www.placehold.it”>www.placehold.it</a> ever goes down or is removed the image is preserved for the <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> website forever.

For those of you who are frustrated, on the main page at <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> this reporter found code that takes you to the Facebook page at <a href=”https://www.facebook.com/Healthcare.gov”>https://www.facebook.com/Healthcare.gov</a> where you can share your gripes:
<p style=”padding-left: 30px;”>href=’<a href=”https://www.facebook.com/Healthcare.gov”>https://www.facebook.com/Healthcare.gov</a>’</p>
A link was also found to GooglePlus, another site to air your gripes:
<p style=”padding-left: 30px;”>&lt;link href=”<a href=”https://plus.google.com/112755994883163074657″ target=”_blank”>https://plus.google.com/112755994883163074657</a>”</p>
This reporter also found what is called “commented out code” on the main web page at <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> :
<p style=”padding-left: 30px;”><span style=”color: #ff0000;”>&lt;!–</span>[if IE]&gt;&lt;link rel=’stylesheet’ href=’/css/ie.css’ type=’text/css’ /&gt;&lt;![endif]–&gt;
<span style=”color: #ff0000;”>&lt;!–</span>[if lt IE 9]&gt;&lt;link rel=”stylesheet” type=”text/css” href=”/css/ie-lt-9.css” /&gt;&lt;![endif]–&gt;
<span style=”color: #ff0000;”>&lt;!–</span>[if IE 8]&gt;&lt;link rel=”stylesheet” type=”text/css” href=”/css/ie-8.css” /&gt;&lt;![endif]–&gt;
<span style=”color: #ff0000;”>&lt;!–</span>[if IE 7]&gt;&lt;link rel=”stylesheet” type=”text/css” href=”/css/ie-7.css” /&gt;&lt;![endif]–&gt;</p>
This means that when a line has a “!”, highlighted in red above, at the beginning it is a comment line.  This means that the code on the line is not executed, it is just a comment.  In this code the program should be checking for the version of Internet Explorer (IE) being used.  Because these lines are commented out the program does not check for the version of IE being used by the customer using the website.

In the login page at <a href=”https://www.healthcare.gov/marketplace/global/en_US/registration”>https://www.healthcare.gov/marketplace/global/en_US/registration</a> two coding problems were found.  The first, again, is that coding is being commented out evidencing that the code presented to the public was not <a href=”http://en.wikipedia.org/wiki/Verification_and_validation_(software)”>software validated</a>.  There should be no commented-out code in a final product sent to the public for public use.
<p style=”padding-left: 30px;”><span style=”color: #ff0000;”>&lt;!–</span>&lt;link href=”http://fonts.googleapis.com/css?family=Open+Sans:400,600,700″ rel=”stylesheet” type=”text/css” /&gt;</p>
The second problem, again, is that the HTML program makes reference to an outside website, <a href=”http://fonts.googleapis.com/css?family=Open+Sans:400,600,700″>http://fonts.googleapis.com/css?family=Open+Sans:400,600,700</a>, that is subject to going down or being removed.  This is a serious programming error that violates <a href=”http://en.wikipedia.org/wiki/Configuration_management”>configuration management protocol</a> and defeats control of the software development process.  Yes, the government and its contractors lose control of the software configuration if these programming blunders occur.

More serious programming problems arise in the “chat” webpage at <a href=”https://www.healthcare.gov/chat/”>https://www.healthcare.gov/chat/</a> .  In this pate we again have bad coding references to other websites.
<p style=”padding-left: 30px;”>&lt;!– Le HTML5 shim, for IE6-8 support of HTML5 elements –&gt;
&lt;!–[if lt IE 9]&gt;
&lt;script src=”<span style=”color: #ff0000;”>http://html5shim.googlecode.com/svn/trunk/html5.js</span>”&gt;&lt;/script&gt;
&lt;![endif]–&gt;
&lt;!– Le fav and touch icons –&gt;</p>
Again, if the website <a href=”http://html5shim.googlecode.com”>http://html5shim.googlecode.com</a> were to go down or be removed, the software system at <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> would be compromised.  This is not only bad programming, its lousy programming that should not have ever passed through software validation testing by the government or its contractors.

The above story does not address the totality of the failures in the Obamacare implementation at <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> .

At the time of the publication of the above story this reporter has debugged (software validated) this story to make sure that all HTML formatting and links worked.  The Government and its Contractors should have done the same for <a href=”https://www.healthcare.gov/”>HealthCare.Gov</a> .  The HTML code for the above story is at the end of this story.