Two years ago I mistyped my password and couldn’t get into the Social Security Administration’s Business Services Online (BSO) website to create my W-2. The site blocked further attempts after just one failure. I had to call their tech support for help. I don’t remember the details, but they got me in.
Last year the website scolded me for “too many attempts” the first time I entered my (valid) password, so I tried to do a password reset. The BSO sent me to a form to request a paper letter with the new code. When it arrived a week later, the temporary password didn’t work. I called tech support again. When the technician couldn’t reset my password or clear the error message, she suggested that I create a new employee using my wife’s name and SSN. That worked. A couple of weeks after I printed my W-2 I received an email from one “KGOOCH” saying that he needed more information and giving me a phone number. I filed that away against the next inevitable failure.
That reckoning finally came this week. The first two times I tried calling their 800 number, a recording told me that the service was unavailable. The third call got me into their queue; after five minutes I got a ringtone, a click, and silence. KGOOCH’s number was “not available from your area,” whatever the hell that means. Sleuthing their website finally uncovered an email address so I wrote up this whole story and sent it off. Rather than emailing me, they called (one of my biggest pet peeves) after business hours and left a message referring me back to the 800 number where I started.
Remember that I’m not asking them to do me any favors. All of this is to create a form that the government requires so that I can, you know, pay my taxes.
I gave up the next day after more “call back later” blocks. On the third day I got through on my first try. The weary-sounding technician took my hand and led me like a dull child through the forgotten-password routine. Of course, I immediately hit the old familiar problem: Instead of taking me to a reset page with security questions, the “Forgot password” link took me to the password-by-mail page. And of course the tech blamed me, my browser, and my computer. I’ve been in the tech-support seat before so I patiently let him rule those out one by one until he had to conclude that the BSO website was the problem.
He: “It’s not supposed to do that. I’ve never seen it do that.”
Me: “Yeahhh, that’s the same thing that happened last year.”
He: “OK, well I can generate the password by mail here to make sure you get it. Is your mailing address--?”
Me: (Interrupting) “Um, no, that didn’t work last time and it’s not going to work this time. Can’t you just read me the new password over the phone right now and let me try it?”
He: “No, that’s not how the system works. The computer generates the password and mails it to you.”
Me: “Can I try logging in as my wife?”
After fumbling down that path for a few minutes I finally managed to set a new password and log in. Incidentally, BSO passwords expire every 30 days, so I can look forward to this again next year. Why would a site that most people access only once annually require a password reset every month?
He: “Can I help you with anything else today?”
Me: “Yes, can you delete my original account so that I can start over?”
He (dubiously): “I can deactivate it. That should let you create a new user from scratch. Or maybe it will try to reactivate your old account.”
The BSO’s shortcomings don’t rise to the infamy of healthcare.gov, but this is a site that’s been up for years. After working fine for seven years, the Massachusetts Health Connector crashed and burned when the state paid a contractor $60 million to bring it into compliance with Obamacare; workers are still taking applications on paper over the phone and the state has given up on trying to fix the site. When the DUA introduced its new website last summer employers (including me) had trouble reporting wages and submitting payments. Tens of thousands of unemployed citizens lost their benefits when the site was later expanded to serve beneficiaries. My fully-employed wife received an unexpected check for a couple of hundred bucks; a DUA employee couldn’t explain it but assured us that we could keep it. We finally concluded that the computer had finally corrected an underpayment that we’d given up on and forgotten about years ago.
So what is it with government websites? I have some theories:
1. Governments use contractors rather than employing dedicated IT professionals. Outsourcing ensures that the people who do the work are not vested in the system and don’t fully understand it.
2. Government IT managers earn below-market salaries; you get what you pay for.
3. The contract goes to the lowest bidder; you get what you pay for.
4. Government specifications and oversight are inadequate thanks to points 1 and 2.
5. Penalties for cost overruns and performance deficiencies are inadequate. Contractors are eventually going to get paid the contracted amount; the lower their costs, the greater their profit. So they skimp on development until the end, when they can pour on the absolute minimum necessary to achieve their deliverables.
The problem lies in the nature, management, and oversight of contracts. First, the lowest bidder should not necessarily always win the job. Second, contracts need to be written in a manner that does not encourage the contractor to minimize up-front costs in favor of a fix-it-later mentality (by requiring payment milestones, for example). Finally, government needs to do a better job of spec’ing, testing, and overseeing their own projects before the contract even goes out to bid.
Of course, problems aren't limited to government websites. You know how my blog always starts out with a pithy image stolen from elsewhere on the web? Yeah, the insert image function isn't working on Blogger today. For some reason Google breaks the editor every now and then. I had to insert the HTML manually.