CBS News, already in trouble for not bothering to fact-check sensational claims about the Benghazi attacks, has stepped in it again with an exclusive story on the Affordable Care Act that has quickly fallen apart. On November 11, CBS News reported that the "project manager in charge of building the federal health care website was apparently kept in the dark about serious failures in the website's security." CBS investigative correspondent Sharyl Attkisson's report was based on an exclusive "first look at a partial transcript" of closed-door testimony by project manager Henry Chao that was likely leaked to the network by Republicans on the House Oversight Committee. Other media outlets picked up CBS's scoop and ran with it.
According to Attkisson, Chao was presented with "a memo that outlined important security risks discovered in the insurance system," and said he was unaware of that memo. CBS News reported that this indicated that Chao had been "kept in the dark about serious failures in the website's security" that "could lead to identity theft among people buying insurance."
But as Washington Post media blogger Erik Wemple demonstrated, Rep. Gerald Connolly (D-VA) questioned Chao at a November 13 Oversight Committee hearing and revealed how misleading CBS News' report was. The memo shown to Chao dealt with portions of the website that aren't yet in use -- not the website as it currently exists, as the partial transcript and CBS News' report wrongly suggested. And those portions won't include personally identifiable information, making it impossible for the security risks to lead to identity theft.
Here's the video and transcript of Connolly's questioning of Chao:
CONNOLLY: Mr. Chao, during your interview with committee staff on November 1, you were presented with a document you had not seen before. And it was entitled "Authority to Operate," signed by your boss on September 3, 2013, is that correct?
CONNOLLY: The Republican staffers told you during that interview that this document indicated there were two open high-risk findings in the federally facilitated marketplace launched October 1. Is that correct?
CONNOLLY: This surprised you at the time.
CHAO: Can I just qualify that a bit? It was dated September 3 and it was referring to two parts of the system that were already--
CONNOLLY: You are jumping ahead of me. We are going to get there. So when you were asked questions about that document, you told the staffers you needed to check with officials at CMS [Centers for Medicare and Medicaid Services] who oversee security testing to understand the context, is that correct?
CONNOLLY: The staffers continued to ask you questions, nonetheless, and then they -- or somebody -- leaked parts of your transcript to CBS Evening News, is that correct?
CHAO: Seems that way.
CONNOLLY: Since that interview, have you had a chance to follow up on your suggestion to check with CMS officials on the context?
CHAO: I have had some discussions about the nature of the high findings that were in the document.
CONNOLLY: Right. And this document it turns out discusses only the risks associated with two modules, one for dental plans and one for the qualified health plans, is that correct?
CONNOLLY: And neither of those modules is active right now, is that correct?
CHAO: That's correct.
CONNOLLY: So the September 3 document did in fact, not apply to the entire federally facilitated marketplace despite the assertions of the leak to CBS notwithstanding, is that correct?
CHAO: That's correct.
CONNOLLY: And these modules allow insurance companies to submit their dental and health care plan information to the marketplace is that correct?
CONNOLLY: That means that those modules do not contain or transmit any personally identifiable information on individual consumers, is that correct?
CONNOLLY: So to be clear, these modules don't transmit any specific user information, is that correct?
CONNOLLY: So when CBS Evening News ran its report based on a leak, presumably from the majority staff, but we don't know, of a partial transcript, excerpts from a partial transcript, they said the security issues raised in the document, and I quote, "could lead to identity theft among buying insurance," that cannot be true based on what we just established in our back and forth, is that correct?
CHAO: That's correct. I think there was some rearrangement of the words that I used during the testimony in how it was portrayed.
CONNOLLY: So to just summarize, correct me if I'm wrong, the document leaked to CBS Evening News didn't in fact not relate to parts of the website that were active on October 1. They did not relate to any part of the system that handles personal consumer information, and there, in fact, was no possibility of identity theft, despite the leak.
CONNOLLY: Thank you, Mr. Chao. I yield back.