Tedeytan/Flickr

Congress conducted hearings yesterday on the much maligned Obamacare website. The most contentious moment involved Rep. Joe Barton, a Texas Republican. Let's start by hearing about his exchange as America's conservatives did—via Fox News, which syndicated work created by John Nolte of Breitbart.com:

During Thursday's congressional hearing with the contractors responsible for building the troubled ObamaCare federal exchanges, we learned that whether you end up enrolling in ObamaCare or not, no one who puts any information into the ObamaCare website can expect to have their privacy protected. Moreover, the fact that you are giving up your right to privacy is hidden in source code that reads, "You have no reasonable expectation of privacy regarding any communication of any data transmitted or stored on this information system."

Wow, that sounds pretty damning, doesn't it? Here's a bit more of Nolte's story:

During his questioning on this specific issue, Rep. Joe Barton (R-TX) only received chilling answers and deflections from the primary contractor responsible for the site. When he asked Cheryl Campbell of CGI about it, her icy response was that another contractor was responsible. After some pressuring, she finally admitted that she was aware of the hidden source code. Just a few minutes earlier, however, Ms. Campbell testified under oath that the ObamaCare website is HIPAA compliant -- meaning everyone's medical and personal information is protected by law.

Another item at Breitbart reports:

Contractors that worked on the glitched ObamaCare website were stunned into silenced when shown a clause on buried in the code of the ACA website that has Americans agree to a privacy clause concerning their personal heath information.

CSPAN video accompanying the story seems to back up that description:

Lots of conservative readers were freaking out.

Seriously, Obama Administration? I said to myself as I watched that video—not that the notion of Team Obama's disregard for privacy would come as a surprise. (After all, I'm a Verizon customer.)

I might've written a quick post about the privacy language yesterday but for two things: (1) I never trust something when I've only seen it reported on Breitbart, where the claim that President Lyndon Johnson drunkenly dropped nuclear weapons on the United States is—despite the author disavowing it—still uncorrected!) (2) Wait a minute, I thought, something doesn't add up here. It isn't like invisible terms of use buried in a web page's source code are binding on users who neither agree to nor even see them. Then I got distracted by another tab and forgot about the story.

The Liberal Media Responds

Kevin Drum reminded me when I checked in yesterday evening on his blog, which seldom misleads me on a matter of fact. His opinionated headline: "Republican Clown Show on Obamacare Has Already Started." Drum embedded an image of the code in question:

His explanation:

The warning that Barton is objecting to isn't even active code. The HTML tag in the pink oval means that everything which follows has been "commented out." The seven lines of code above don't show up anywhere on the actual website and are never executed in any way. It's just boilerplate that was taken from somewhere else, and then edited.

This is what I was talking about earlier this morning when I suggested that Republicans are unlikely to hold serious hearings. This kind of thing is just embarrassingly ignorant. A few more like this, demonstrating that Republicans are flailing around looking for partisan cudgels rather than genuinely trying to investigate a procurement process gone wrong, and the press will simply lose interest.

And they'll be right to.

And that seemed like a sound critique ...

Seeking Other Sources

Figuring I'd better Google around to see if anyone else could shed light on this matter, I found myself at International Business Times, where Howard Koplowitz mentions that "U.S. Rep. Joe Barton, R-Texas, made the claim based on a report in the conservative publication the Weekly Standard." Aha! So that's how this began! 

Clicking over to The Weekly Standard, I actually found its piece to be responsibly written. See for yourself (emphasis mine):

The launch of federal government's Obamacare insurance exchange, Healthcare.gov, has been plagued with delays, errors, and poor website design, even prompting USA Today to call it an "inexcusable mess" and a "nightmare". Now comes another example of why the website's reputation is in tatters. Buried in the source code of Healthcare.gov is this sentence that could prove embarrassing: "You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system." Though not visible to users and obviously not intended as part of the terms and conditions, the language is nevertheless a part of the underlying code for the "Terms & Conditions" page on the site.

After creating an account on Healthcare.gov, users are asked to click an "I accept" button under some routine Terms & Conditions prohibiting unauthorized attempts to upload information or change the website. Once users click the button, they may proceed to shop for insurance and enter detailed personal information. However, when the Terms & Conditions page is visible, the hidden sentence mentioned above along with several others can be seen by using a web browser's "View Source" feature. A screen grab below shows the visible Terms & Conditions page along with a simultaneous view of the code underlying it...

It is unclear why these sentences appear in the code at all since they are not displayed, although the code may simply have been copied from another website that does use the full warning. In this case, the unwanted portion of the warning was rendered inert with HTML coding tags ("<!--" and "-->") usually used by programmers for inserting comments to explain the purpose of a section of code. However, the code can be rendered "live" again by simply removing those tags, in which case the full text would appear on the screen to users. However, it is unclear why the paragraph containing "no reasonable expectation of privacy" would ever have even been considered appropriate in this context. The phrase "no reasonable expectation of privacy" is actually a stock phrase used in the terms and conditions of many government websites and information systems, but those who are entering personal, medical and financial information at Healthcare.gov may not find that fact reassuring. An email sent on Thursday, October 10, requesting comment from Department of Health and Human Services, the agency responsible for the website, has not yet been returned.

So the original Weekly Standard story gave readers the full context. Whether due to ignorance or a desire to grandstand, Barton failed to include crucial context. The contractor folks testifying before him mystifyingly failed to provide it either. Breitbart presented an account just as misleading. And with an assist from the Washington Post's reporting, Drum reinserted the context for his readers at Mother Jones, even as Fox News syndicated the misleading version of the story.

Information advantage: liberal news consumers.

There is, of course, no way to know for sure why that language is there in the source code, but conservatives freaking out about it ought to at least be informed that (1) duh, invisible terms of service aren't binding! (2) Occam's razor says the language is there because someone cut and pasted boilerplate terms of service and then specifically deleted the parts about ceding privacy rights, which is what you'd want.

Complicating that Conclusion

It's easy to see how Igor Volsky at ThinkProgress would sum up this whole episode as follows:

Rather than focusing on the real problems plaguing HealthCare.gov, House Republicans sought to portray the website as an insecure portal that will endanger the privacy of American’s medical information during a House Energy and Commerce Committee hearing focusing on the implementation of the Affordable Care Act. The accusations led one Democratic lawmaker to label the hearing “a monkey court.” 

After all, a Republican marshaled facts misleadingly stripped of their contest to portray Healthcare.gov as an insecure portal and scare conservatives about Obamacare.

What's particularly frustrating about that, for an Obamacare skeptic such as myself, is the fact that the legislation's implications for privacy are a totally valid concern. As ever, the highly reliable Peter Suderman of Reason offers a more sophisticated critique of the law than anything House Republicans ever manage:

Obamacare navigators and other enrollment aides could violate the privacy of exchange users: The health law budgets some $67 million for “navigators” to help people sign up for coverage. By necessity, these individuals will handle sensitive personal information required to apply for coverage through the law’s exchanges. That creates an enormous opportunity for fraud and deception. And yet the navigators, and the enrollment assisters working in state-run exchanges will receive only minimal oversight and training. They’ll be approved after just 20 or 30 hours of training. And the federal governmentwon’t provide navigators with IDs, or maintain a list of individuals who are approved by the program. That could make it easy for unscrupulous individuals to present themselves as navigators when they are not in order to steal personal data — a fraud that consumer advocates are already expecting.

Progressive blogs did not seize on his post en masse.

The Bush and Obama Administrations both showed with perfect clarity that they don't give a damn about the privacy rights of Americans; federal bureaucrats serving in both eras have broken the law to hoover up our private information; and every trend points to a federal government intent on expanding its ability to collect information on Americans and share it among agencies. The U.S. has also shown an inability to protect data it stores from being hacked or stolen. Given all that, it isn't paranoid to imagine that any health information handed over to the federal government won't remain private for long. A betting man would be wise to conclude that somehow or other, it will at least be seen more widely than Obama Administration officials are promising—especially if additional steps aren't taken to make the information better protected.

Now do you understand the unenviable place Americans occupy? 

Republicans are so incompetent, and rely so heavily on transparent propaganda rather than substantive critiques, that they raised the privacy issue in ways that reasonable observers could easily dismiss—this despite the fact that a strong reality-based privacy critique is as easy to make as reading Suderman aloud.

The performance of Republicans and their media hacks inspired understandable mockery from progressive journalists. But their eye-rolling blinded at least some of them to totally reasonable privacy concerns that much of the country might harbor about Obamacare. The lesson for Republicans: Your serial hackery undermines everything a less incompetent opposition might accomplish. The lesson for progressives: outsmarting the most hackish Republicans isn't enough to fix the flaws in legislation that you championed and passed, substantial warts and all. Playing the Washington Generals does not make you the Harlem Globetrotters.

We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.