2014-09-19

Don't ask for your emails to be deleted

Darrell Issa, Republican congressman from California (yes, amazingly they exist) releases the oversight report on the initial rollout of Healthcare.gov and it wasn't pretty. The bulk of the report was based off emails that they managed to retrieve from Health + Human Services and their CMS subsidiary, and the report authors did a nice job of excerpting the damning snippets from the emails that confirmed everyone's suspicions about the rollout: the grunts implementing and testing the site knew darned well that it wasn't ready, but they were overridden.

I don't find any particular reason in the report to believe that the President knew the site wasn't ready; it looks very much like he and his advisors were assured that everything was in hand, and he had no particular reason to disbelieve it. The problems occurred lower down in the hierarchy:

Mr. Sivak showed Mr. Baitman emails that were made public by Congress in the wake of Healthcare.gov's disastrous launch. In these emails, dated September 27, 2013 [launch date was Oct 1st], a CMS official working on the FFM development, wrote "the facts are that we have not successfully handled more than 500 concurrent users filling out applications in an environment that is similarly in size to Day 1 production." In response, Mr. Baitman wrote "Frankly, it’s worse than I imagined!" Mr. Sivak replied, "Anyone who has any software experience at all would read that and immediately ask what the fuck you were thinking by launching."
Indeed, we were asking almost exactly that question. And there was no naivety about motivations:
How did one week Henry Chao tell us there was no way Account Transfer would be ready, then a meeting at the White House and a week later, oh, yeah, everything is back on track, we’ll meet the dates? That’s what I mean by WTF. You could definitely see the CYA moves coming a mile away
Doublethink is clearly very important for project managers. Henry Chao was one of the prime Healthcare.gov project managers and it appears he knew that the site was heading to disaster, but for some reason he couldn't or wouldn't articulate this to the administration.

Issa, of course, has plenty of partisan reasons to bash the administration and the Healthcare.gov backers, but it's hard to conclude anything other than that this launch was destined to crash and burn spectacularly, that this was known well in advance, and that it was egregiously mis-managed. That Mikey Dickerson and his crew managed to retrieve some semblance of success from this state was amazing, but not something that should be relied on by any future project manager.

Once again, the maxim "Do not write anything in an email that you do not want to see on the front page of a major newspaper" is confirmed. The usual wisdom around this is a combination of a) mail is transferred in the clear between servers on the public internet, although this is changing, and b) the risk of including the wrong person on your To: or Cc: lines. This report highlights a third option: the risk that your email will be retrieved during a legal discovery process. If you send your email from a company email system it'll be archived there and prone to later legal discovery even if you and the recipient delete it. This also applies if any of your recipients use a company or government email address.

The Verge provides a nice summary of the highlights in the report if you don't have the stomach to read the whole thing.

No comments:

Post a Comment

All comments are subject to retrospective moderation. I will only reject spam, gratuitous abuse, and wilful stupidity.