Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

IRS Leaves Taxpayer Data Largely Unprotected

Posted by CmdrTaco on Fri Apr 07, 2006 03:58 PM
from the paying-for-the-privilege dept.
Security Privacy The Almighty Buck
LogError writes "Two weeks ago, Department of Treasury received a D-minus grade in the Federal Computer Security Report Card for 2005, down from a D-plus grade in 2004. The majority of Treasury systems are those belonging to IRS. The government-wide computer-security grade for 2005 was D-plus, while Homeland Security and Defense both received an F. Grades are based on reports submitted to Congress by the agencies; the reports are required under the Federal Information Security Management Act of 2002.8 The scores are meant to reflect whether departments meet federally mandated security standards."
+ -
story

Related Stories

[+] Your Rights Online: Government-Aided Phishing 222 comments
Anonymous writes "A Florida county is posting the Social Security numbers, bank account info and other sensitive data of hundreds of thousands of current and former residents on its public Web site, Computerworld is reporting. A county official says there's no problem, since the postings are in compliance with state law requiring public availability of records." From the article: "The breach stems from the county's failure to redact or remove sensitive data from images of public documents such as property records and family court documents, Hogman said. Included in the documents that are publicly available are dates of birth and Social Security numbers of minors, images of signatures. passport numbers, green card details and bank account information."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

IRS Leaves Taxpayer Data Largely Unprotected 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • See! (Score:5, Funny)

    by Average_Joe_Sixpack (534373) on Friday April 07 2006, @04:01PM (#15087783)
    This is why I refuse to pay income taxes!

    • Careful... (Score:5, Funny)

      by JeanBaptiste (537955) on Friday April 07 2006, @04:05PM (#15087820)
      This is why I refuse to pay income taxes!

      Careful, they got a D- in protecting data, but they have an A doubleplus in 'tracking your ass down and throwing you in jail'. ask Al Capone.

      • Re:Careful... (Score:5, Insightful)

        by VJ42 (860241) on Friday April 07 2006, @04:13PM (#15087895)
        they have an A doubleplus in 'tracking your ass down and throwing you in jail'.

        It's for this reason that I've never understood why governments don't set the tax services (I don't live in the USA; We call the equivilent of the IRS the Inland revenue, there's no service about it on this side of the Atlantic.) onto "Teh Terrorists!!!" They are the only branch of the state that can track anyone down quickely and eaisly; surley they should be put in chrge of what you call "homeland security". ;)
        • They are the only branch of the state that can track anyone down quickely and eaisly; surley they should be put in chrge of what you call "homeland security". ;)

          I know you're joking and all, but I still feel like pointing out for those who modded you Insightful why this isn't so simple.

          American taxpayers sign up each year and tell the government whether they're obeying the law or not by filing (or not filing) their tax returns. Terrorists don't register with the government to say that they're terrorists.

          • Re:Careful... (Score:5, Funny)

            by Swanktastic (109747) on Friday April 07 2006, @06:53PM (#15088757)
            I know you're joking and all, but I still feel like pointing out for those who modded you Insightful why this isn't so simple.

            The rod up your butt must have a rod up it's butt.

            • Re:Careful... (Score:5, Interesting)

              by Fulcrum of Evil (560260) on Friday April 07 2006, @05:47PM (#15088452)

              The 5th amendment protects you from being compelled to testify against yourself in a court. If you volunteer the information, you're out of luck.

              You are compelled to list your income and occupation on the tax forms. Therefore, the IRS cannot share that info with the FBI or local cops. If you're a hooker and you declare that you made $150,000 last year and give uncle sam his cut, they won't do a damn thing to you. They won't (can't) tip off vice, because it's illegal.

            • Re:Careful... (Score:5, Informative)

              by Elemenope (905108) on Friday April 07 2006, @05:49PM (#15088465)
              The SC has ruled (on more than one occasion) that a person cannot lawfully evade filling out an accurate Tax statement, ergo it is compelled and not volunteered, ergo it is not admissable against you in criminal proceedings not involving tax evasion.
  • IRS Leaves Taxpayer Data Largely Unprotected

    This story acts as we should be surprised. The government serves the people. The IRS, on the other hand, serves the government. I let you figure out where the disconnect is.
    • > > IRS Leaves Taxpayer Data Largely Unprotected
      >
      >This story acts as we should be surprised. The government serves the people. The IRS, on the other hand, serves the government. I let you figure out where the disconnect is.

      Remember, remember, the Fifteenth of April,
      Congress, Corruption, and Rot,
      I see no reason, why taxpaying season,
      Should ever be forgot.

      "The IRS should not be afraid of the people. The people should be afraid of the IRS."
      -A for AMT.

  • Who in their right mind would hack into the IRS sure it would be nice to add a zero to my return but you don't f*** with the IRS.
    • you don't f*** with the IRS.

      That's why potential hackers wouldn't. They'd want to leave things nice and tidy, just the way they found them.

      Who in their right mind would hack into the IRS

      Someone looking for information on Bill Gates' bank accounts, or perhaps information useful in blackmailing someone. Financial information is very sensitive stuff. The IRS gets more than their share during normal filings. Just imagine how much info they collect during an audit!
    • This is the Internet. You can say "fuck" here.
      • But can you say "shit"? Oh, I guess you can.
        • Randy: That word's kind of getting old. It's not really funny anymore.
          Man: Yeah, they're gonna have to come up with a new swear word now.
          Mr. Garrison: Well, they can't use "fag." Because you can't say "fag" unless you're a homosexual.
          Randy: Really? So we can't say (bleep)?
          Mr. Garrison: No. See, you got beeped.
          Man: You mean you have to be a (bleep) to say (bleep)?
          Mr. Garrison: That's right.
          Jimbo: Hell, that's not fair! I should be able to say "fag."
          Randy: Hey, you didn't get beeped.
          Jimbo: Uh, oh.
          Mr. Garrison
    • ...it would be nice to add a zero to my return...

      I decided to help you out there. Here you go.
      Instead of getting a return of $237.13, you will now receive $237.130.

      Have a nice day!

  • Security, the Gold Standard (Score:4, Insightful)

    by WillAffleckUW (858324) on Friday April 07 2006, @04:03PM (#15087800) Homepage Journal
    Cost of providing security against non-existent WMDs that couldn't reach the US even if they existed ... $100 Billion

    Cost of providing security against al-Qaeda attacking US from Iraq, even though they weren't there ... $400 Billion

    Cost of providing security against really obvious IRS forms that let people steal your money and assets easily ... $0.0005 Billion (of $500 million)

    Realizing you've been taken to the cleaners due to your own gullibility ... Priceless!

  • What a surprise (Score:5, Insightful)

    by ZorbaTHut (126196) on Friday April 07 2006, @04:03PM (#15087803) Homepage
    Here's a question. What does it cost the IRS if taxpayer data is stolen?

    Oh yeah. Squat. Why *should* they care? It's no skin off their back.

    If our government wanted to make sure this didn't happen, they'd fine the IRS every time there was a security breach. In fact, they'd fine the IRS just for having bad security. And then things would improve.

    'Course, in reality, why would they do that? There's no reason our government would want to hurt the IRS in any way.

    Really, what should be happening is the people of America suing the IRS for not guarding our information properly. I wonder how *that* lawsuit would go.

    Here's the fundamental issue: If you want someone to behave in a certain way, you have to make it worth their while. Right now the IRS has no incentive for keeping our info safe. Want to change that? Change it at the source.

    • Re:What a surprise (Score:4, Interesting)

      by TopShelf (92521) on Friday April 07 2006, @04:23PM (#15087970) Homepage Journal
      The government fining the IRS? That's a laugh...

      That's basically taking a million out of one pocket and putting it in another. What's the point?

      • That's basically taking a million out of one pocket and putting it in another. What's the point?

        Well I suppose the IRS has a budget to follow, so it could still hurt the IRS.
        • So the IRS's budget would get reduced, leaving them fewer resources to do their job (of which the scope won't change), so the situation gets worse... I don't see that fining the IRS would do any good.

          Instead, I'd put the heat on your local Congressman, as well as write to this gang [house.gov], who provides Congressional oversight to the IRS.

          Dig up egregious examples of conduct (in the article, it mentions an IRS contractor digging up political info on taxpayers), and write to your local newspaper.

          • So the IRS's budget would get reduced, leaving them fewer resources to do their job (of which the scope won't change), so the situation gets worse... I don't see that fining the IRS would do any good.

            I would expect both the Dems and our new Neo-con overlords to do exactly the opposite: problem with IRS security? Throw them more money.

        • To what end? Will we fine the IRS until they can't collect taxes?

          If you want to see the IRS punished, make heads roll when bad things happen. Which means things like:

          1. Management can be fired if a huge screwup happens
          2. Massive screwups can result in fines against management
          3. Charges can be brought against the parties responsible for the screwup

          Once their necks are on the line, you can be certain that the top level of IRS management will put pressure on the entire organization to prevent security issues.

          That being said, the IRS is likely suffering from the same problem as the rest of the goverment agencies: Too much work, not enough manpower/funding. Putting more pressure on the IRS may only result in making it harder to find IRS employees.
    • If our government wanted to make sure this didn't happen, they'd fine the IRS every time there was a security breach. In fact, they'd fine the IRS just for having bad security. And then things would improve.

      Why do you think fining the IRS would make a difference? They are not a company, they do not care about profit and loss. Furthermore, the IRS is the government. Fining them would be like punishing your wallet by taking money out and keeping it in your pocket instead.

      If you really want to do something
  • Hey, a D- is a passing grade--what's wrong with that?

    I mean, wouldn't you much rather have a national government that was more like you, instead of some kind of intellectual-elite government scoring all "A"s? Better to have a government that understands people like you than a government that is out of touch with mainstream American values, I say!

    (Break out the hookers and blow! Party at Treasury!)

  • Sounds like we need a Department of Homeland Insecurity...

  • The IRS is insecure?!?!? (Score:2, Informative)

    by Anonymous Coward
    No [nwsource.com] shit [zdnet.com] ? [techlawjournal.com]

  • IRS is in the middle of a change over anyway (Score:5, Informative)

    by vtechpilot (468543) on Friday April 07 2006, @04:15PM (#15087916)
    I work for a company that creates electronic filing software for the IRS, and I work with them on a regular basis. While Electronic filing has really only been popular the last few years its history goes back a very long time (in computer years). For example, currently to file a form 1040 electronically, it gets formatted in custom text format, attached to a whole bunch of other forms, gets all sorts of headers and summary information tacked on. It gets gzipped, then pushed through a z-modem connection over a telnet session, inside of an SSL connection. Why? Because it evolved that way. There was a time when electronic filing meant putting magnetic media in the mail. So the file formats go way back and are all fucked up because they are constantly updating the forms in respons to legislation. when they stopped with the magnetic media and started using modems, the whole thing was run like a BBS, so ta-da z-modem. When the bbs system was moved to the internet, it became telnet. Then they said oh shit its on the internet, we need encryption, so they moved that into an SSL connection.

    Case in point the whole system is fucked up because its doing things it was never designed to do. So now we introduce Modernized E-File. MEF is basically the IRS rebuilding its entire system from the ground up. File formats are getting moved to XML, the network connections are moving to SOAP, and all sorts of other cool stuff.

    Given the amound of stuff thats going on right now I would expect them to be scored poorly because basically the existing system is held together with duct tape while the new system is being built, and the new system probably wasn't considered in the score since its not completly up and running yet.
  • We all knew this already. If a chick like Trinity could hack into the IRS... how good could their security be?

  • Let's be fair (Score:3)

    by truthsearch (249536) on Friday April 07 2006, @04:21PM (#15087953) Homepage Journal
    Let's be fair here. Isn't a D-minus really an F? Let's not split hairs, people. If I got a C-minus my scholarship would have been dropped. Can't we drop them from the government for not even grading an average C?

  • zerg (Score:3, Funny)

    by Lord Omlette (124579) on Friday April 07 2006, @04:23PM (#15087968) Homepage
    In 2004, the Department of Commerce got an F.
    In 2005, the Department of Commerce got a D+.

    Clearly, they must have improved slightly. Why didn't anyone highlight these improvements to show the DOJ, NRC and Treasury that, even if you're completely retarded, you can still make some improvement?
  • Did any department pass?

    In other news, the department of agriculture passed with flying colors. Though they haven't figured it how to plug in their 486 yet, so it's not entirely a fair fight.
  • It's pretty funny the department that gets the most funding gets a F grade. What a joke!

    Meanwhile NASA only gets a drop in the bucket.
  • The problem is obviously the report cards. They got a D+ on a report card, which resulted in getting a D- on the next one. If they didn't give report cards, we wouldn't have to read news stories like this, which make us feel so bad. Instead we'd just read news about getting robbed after their ID was stolen from the IRS, making them unable to pay their taxes, and going to jail in place of the IDnappers.

    Or maybe the problem is the media, for reporting these stories which tell IDnappers where to look to steal
  • You are all fired. It is obvious that bringing in random people that don't even know what they are going can get at least a D-. Heck, sometimes I don't even show up for class and don't bother studying for the test and I can pull a D+.

  • Just one more reason to enact the FairTax (Score:5, Interesting)

    by thepuma (721283) on Friday April 07 2006, @04:41PM (#15088077) Homepage
    We need to get rid of the IRS altogether and replace it with the FairTax. [fairtax.org]

    The FairTax would replace the complex and difficult to understand federal income tax with a fair and simple national sales tax.

    Under the FairTax, Americans will take home 100% of their paychecks, allowing them to save more money for education and retirement, as well as make investments that will stimulate our economy. Not only will American workers take home their whole paychecks, each registered household will receive a monthly "prebate" check to refund taxes paid on necessities. This combination of sales tax and monthly prebate makes the FairTax the only tax proposal that completely "untaxes" the poor.

    The FairTax is revenue neutral. While the American worker has everything to gain under this new system of taxation, the government will lose nothing in federal funding.

    The current system of taxation is beyond repair. Compliance is difficult and expensive, often prohibitively so for aspiring small businesses.
    • And in regards to this specific story, under the Fair Tax there wouldn't be an IRS, nor would any other government agency need comprehensive files about every single American that contain sufficient information to steal their identity.

      Hackers can't steal what isn't there.

      • Also, Walmart would rule the world with this one. Their lower prices would now be significantally lower than the mom and pop shops, since the tax overhead is much higher.

        I haven't worked it out yet, but it sounds false to me at first glance. Let's see if this is true.

        Let's say I make $100 under the current system. Immediately 30% is lopped off by the Federal government (give or take a little here and there) so I have $70 to buy stuff with.

        Let's say state sales tax is 6%

        If Wal-Mart has an item for $5 we'll

        • I'm confused, is this simple real world example that hard to comprehend?

          at 6% now, 23% fair tax, 5$ at Walmart, 6$ at Mom&Pop

          now
          Mom&Pop = $6.36
          Walmart = $5.30
          difference = $1.06

          fair tax
          Mom&Pop = $7.38
          Walmart = $6.15
          difference = $1.23

          As the sales tax percentage goes up, the price difference goes up. People look at the prices of the products, not arcane crap like the percentage of take home pay and the increase over what the price used to be. The higher the tax goes, the bigger advant
  • Personally, I think Japan has the better system of publish list of top 100 tax payer, how much they earn and how much they pay in tax, etc.

    The privacy of tax return had allowed too many tax loopholes and evasions to go un-notices. If tax returns are public, the transparancy and public outrage would ensure loopholes are plug and tax system remains fair.

    In the U.S. the finanacial accounting and tax accounting had been allowed to drifted away from each other. If public investors are allowed to see the tax r
  • Has it occured to anyone that perhaps DHS and the DoD get failing grades because they take different, more effective approaches to security than what's handed down by a beauracracy?

    • Has it occured to anyone that perhaps DHS and the DoD get failing grades because they take different, more effective approaches to security than what's handed down by a beauracracy?

      You sound like those parents who say "my child is failing because you don't know how to grade their work."

      At which point everyone looks at the parents and goes "Huh?"

      In an attempt to justify their statement, the parents explain how their child has a learning disability and while the kid can't spell, their grammar is excellent.

      If

  • Why should I pay for this data

    http://usgovinfo.about.com/b/a/217091.htm [about.com]

    when I get get it for free, then?

  • If it's mandatory, then if a department's staff fail, they should be let go. Mandatory means "this is what you need to do". Mandatory isn't a choice. If it's the fault of IT staffers, sack the staffers. If it's the fault of management, sack the management. Do what it takes to meet mandatory requirements and cut out the dead wood.

    That's if it's mandatory. If it's optional, then they don't need to meet the standards and all is well with the world. But if it IS optional, then the Government should state so and

  • The report card (Score:3, Informative)

    by OldManAndTheC++ (723450) on Friday April 07 2006, @06:42PM (#15088705)
    The full report card [house.gov] is certainly interesting, especially since those agencies that have high profiles in national security matters (Defense, State, Homeland Security) all received an "F". Department of Justice (think FBI, DEA), and the Nuclear Regulatory Commission fared about as poorly with a "D-".

    The Social Security Administration scored an "A". As I recall they were also one of the first federal agencies to complete their work on the Y2K project. Score another one for monolithic bureacracies over fragmented bureaucracies :)

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.