Issa has seen the documents 'in camera,' but he wants hard copies. HHS to Issa: We don't trust you

The Health and Human Services Department told House Oversight and Government Reform Committee Chairman Darrell Issa that it won’t turn over documents related to the security of the Healthcare.gov website because it can’t trust him to keep secret information that could give hackers a roadmap to wreak havoc on the system.

Issa has issued a subpoena to MITRE, a government contractor, to turn over unredacted copies of security-testing documents by noon Friday. At issue are website development plans MITRE drafted for the Centers for Medicare and Medicaid Services, which is under HHS. Already, Issa has been given access to the documents he seeks “in camera” — meaning committee staff were able to review them in a room but not keep them — but he is seeking physical copies.


In a letter Thursday, Assistant Secretary for Legislation Jim Esquea told Issa that “the committee’s unwillingness to commit to undertake measures to address the security risks associated with further disclosure is troubling, particularly in light of reports that sensitive materials were disclosed through various investigations.” Administration officials worry that Issa intends to put them in the public domain, which Esquea argues could compromise the security of the site.

( QUIZ: How well do you know Darrell Issa?)

“As you are aware, MITRE shares our assessment regarding the risks from public disclosure of these documents and has warned, most recently in its letter of December 4, 2013, that the information they contain ‘could be used to hack the system … and may pose a risk to the confidentiality of consumer information accessible through healthcare.gov if disclosed,” Esquea wrote, further offering to let a third party determine whether their publication could imperil the website.

“However, if you do not accept MITRE’s or our assessment of the risks from disclosure of these documents, we will make them available, with appropriate parameters governing the use of the material, for other independent security experts to judge the potential impact,” he added.

Issa’s office pushed back Thursday. “It’s an unacceptable violation of law and a dangerous precedent for any Administration to tell a private company not to respond to a lawful subpoena,” Issa spokesman Frederick Hill said in an email.

( PHOTOS: 10 Sebelius quotes about Obamacare website)

Government officials say Issa has been too loose with sensitive information in the past, including with the names of Libyans who were assisting the United States during operations in that nation, the details of secret wiretaps in the “Fast and Furious” investigation, and TSA documents that included security information.

Issa’s aides pushed back on the question of whether the California Republican had endangered Libyans who had worked with the United States after the 2011 revolution in that country, noting that a woman in question had been featured in a video posted to the Internet before the fatal attack on the U.S. compound in Benghazi in September 2012. In the video, publicized by the World Affairs Council, the woman is wearing a name tag with her name and the words “United States Department of State” clearly visible.

While agency letters to Capitol Hill tend to be very deferential, Esquea’s did little to veil the administration’s feelings about Issa’s trustworthiness.

“As we have explained through staff discussions and in our prior correspondence, these documents are highly sensitive in light of the substantial harm that could result if the information contained in them were accessed by determined actors seeking to compromise the security and functioning of the website,” Esquea wrote.

MITRE wrote in its December 4 letter that its documents belong to CMS, suggesting that it may not comply with the subpoena.