COVID-19 Response: New Jersey’s Unemployment Web Site Is Designed For A Vulnerable, Circa-1996 Web Browser
While numerous media reports have discussed how the State of New Jersey’s reliance on a mainframe running 40-year old COBOL code has adversely impacted its processing of unemployment insurance claims, an outdated web-based interface to the same system may be creating security vulnerabilities as well.
After registering to submit claims online, and then beginning to file a claim, New Jersey residents who have lost their source of income are greeted by the State with a message telling them that the website with which they are interacting is designed to work with Internet Explorer, and specifically with version 3, a long-unsupported version of Microsoft’s first-generation web browser. Internet Explorer launched in 1995, and version 3 of the browser was released in 1996 – nearly a quarter century ago – long before Internet-mainstays such as Google and Facebook even existed. Internet Explorer’s last major upgrade was in 2013, and, in 2015, Microsoft announced that Internet Explorer was being retired and replaced with the company’s next generation browser, Microsoft Edge. Version 3 of Internet Explorer has not been supported in many years, and shipped with encryption capabilities that are considered severely deficient by today’s standards. The browser is generally considered both insecure and inadequate for use today; portions of its core engine were even replaced in 1997 in Internet Explorer 4.
Time, however, seems to stand still when it comes to New Jersey state computer systems.
While, in theory, there is nothing wrong with creating an extremely basic website that will function if viewed using IE 3, anyone using such an old, unsupported browser may be exposing his or her computer to vulnerabilities. Likewise, the presence of such text on the State website raises other questions – is the code that is running now really the same code that was running decades ago? Has the State really maintained, patched, and upgraded its systems as necessary? Should the State really be encouraging people to use any version of Internet Explorer, when Microsoft, the firm that made Internet Explorer, itself has told people to switch to a more modern alternative?
Unlike a business that must compete for its customers, New Jersey is the sole decider of how its residents should file unemployment claims; folks seeking relief from the COVID-19-inflicted economic disaster have no choice but to use the State-provided system. Such a scenario, however, should mandate that the State protect all unemployment-claims filers from the dangers of outdated code, and not encourage people to act recklessly. When, in 2020, a system still displays a message to the public that it was designed to work with Internet Explorer 3, one must seriously wonder how well the State is shouldering its responsibility.