Healthcare.gov is neither functional nor secure, as everyone by now knows.

The IT chief whose “retirement” was announced Wednesday, Tony Trenkle, was the person in the Obamacare chain of command who should have signed off on the site’s security, if it was secure. But his signature is not the one on the certification according to CBS by way of Hot Air.

CBS News has learned that [Tony] Trenkle, the Chief Information Officer for the Centers for Medicare and Medicaid Services (CMS), was originally supposed to sign off on security for the glitch-ridden website before its Oct. 1 launch, but didn’t. Instead, the authorization on September 27 was given by Trenkle’s boss, CMS administrator Marilyn Tavenner…

Tavenner is the CMS chief who testified before the Senate Wednesday.

Trenkle and two other CMS officials, including Chief Operating Officer Michelle Snyder, signed an unusual “risk acknowledgement” saying that the agency’s mitigation plan for rigorous monitoring and ongoing tests did “not reduce the (security) risk to the … system itself going into operation on October 1, 2013.”…

Wednesday, an HHS spokesman said that the reason Tavenner, not Trenkle, signed the security authorization is because HealthCare.gov is “a high-profile project and CMS felt it warranted having the administrator sign the authority to operate memo.” HHS also says there is an aggressive risk mitigation plan in effect, “the privacy and security of consumers personal information is a top priority for us” and personal information is “protected by stringent security standards.”

This sequence suggests that Trenkle was told to sign the certification, but would not because he did not want to affix his name to this untested trainwreck and wind up getting grilled by Trey Gowdy et al. He probably can’t escape that fate anyway, in fact he shouldn’t since he was right there in the middle of the mess, but if he refused to sign off, that would now be easier to explain to Congress than him having signed off to launch an insecure government site that puts users’ personal data at real and imminent risk to identity theft.

Healthcare.gov would have become a massive magnet for thieves and charlatans even if had been built 100% secure and tested. It wasn’t built secure and wasn’t even tested properly. Now there’s a question of how it got certified to launch in the first place, and a possible resignation in protest that occurred in the deep, dark past of…yesterday.

Can you say “ongoing cover-up?”