recommended reading

House Democrats Charge Issa Is Playing Fast and Loose with Docs

Rep. Elijah Cummings, D-Md., the ranking member of the House Oversight and Government Reform Committee, left, accompanied by the committee's Chairman Rep. Darrell Issa, R-Calif.

Rep. Elijah Cummings, D-Md., the ranking member of the House Oversight and Government Reform Committee, left, accompanied by the committee's Chairman Rep. Darrell Issa, R-Calif. // J. Scott Applewhite/AP

The ranking Democrat on the House’s chief investigative committee claimed on Wednesday that his Republican counterpart wasn’t doing enough to safeguard subpoenaed contractor documents that detail early security gaps within, the Obama administration’s online health insurance marketplace.

Those documents, which Chairman Darrell Issa, R-Calif., says demonstrate the White House hasn’t been honest about the website’s security risks, will form the basis of a House Oversight and Government Reform Committee hearing on Thursday.

There were two occasions during the past week in which some of the subpoenaed documents were left unattended in an unlocked room accessible to the public, according to a letter oversight’s ranking member Elijah Cummings, D-Md., sent to Issa and released to reporters.

In an emailed response to Nextgov, Issa Spokesman Frederick Hill called Cummings’ charges a “false controversy” meant to distract from security concerns the documents raise.

In one of the two instances, he said, the documents remained in one room of the committee’s suite after staff members moved to an adjoining room. In the other instance, he said, Democratic staff members brought the documents into the room and collected them when they left.

“At no point were sensitive documents handled inappropriately,” he said.

Cummings’ letter called on Issa to adopt standard protocols for how the committee will manage the subpoenaed documents, which both sides agree could give hackers a roadmap into Cummings also requested a list of non-government security experts Issa has consulted about the documents.

“If they do not work for the government or any of its contractors, it is unclear what contractual or other restrictions they are under not to disclose this sensitive information further,” he wrote.

Thursday’s hearing will include testimony from Health and Human Services Department security officials but not from outside security experts.

Portions of the documents that Issa has released show contractors and government officials were concerned before launch that hadn’t undergone enough security testing and considered advising delaying the its Oct. 1 launch date.

Democrats on the oversight committee say Issa’s claims are overblown and presented out of context. meets federal information security standards and there have been no successful hacks into the site or unauthorized release of citizens’ personal information, according to HHS. was beset with more than 400 software glitches and insufficient storage space when it first launched. The site has been operating smoothly since Dec. 1, but Issa claims security gaps may remain. 

Get the Nextgov iPhone app to keep up with government technology news.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.