IRS Leaves Taxpayer Data Largely Unprotected

LogError writes "Two weeks ago, Department of Treasury received a D-minus grade in the Federal Computer Security Report Card for 2005, down from a D-plus grade in 2004. The majority of Treasury systems are those belonging to IRS. The government-wide computer-security grade for 2005 was D-plus, while Homeland Security and Defense both received an F. Grades are based on reports submitted to Congress by the agencies; the reports are required under the Federal Information Security Management Act of 2002.8 The scores are meant to reflect whether departments meet federally mandated security standards."

See!

This is why I refuse to pay income taxes!

Careful...

This is why I refuse to pay income taxes!

Careful, they got a D- in protecting data, but they have an A doubleplus in 'tracking your ass down and throwing you in jail'. ask Al Capone.

Re:Careful...

they have an A doubleplus in 'tracking your ass down and throwing you in jail'.

It's for this reason that I've never understood why governments don't set the tax services (I don't live in the USA; We call the equivilent of the IRS the Inland revenue, there's no service about it on this side of the Atlantic.) onto "Teh Terrorists!!!" They are the only branch of the state that can track anyone down quickely and eaisly; surley they should be put in chrge of what you call "homeland security". ;)

Re:Careful...

They are the only branch of the state that can track anyone down quickely and eaisly; surley they should be put in chrge of what you call "homeland security". ;)

I know you're joking and all, but I still feel like pointing out for those who modded you Insig

Re:Careful...

I know you're joking and all, but I still feel like pointing out for those who modded you Insightful why this isn't so simple.

The rod up your butt must have a rod up it's butt.

Re:Careful...

The 5th amendment protects you from being compelled to testify against yourself in a court. If you volunteer the information, you're out of luck.

You are compelled to list your income and occupation on the tax forms. Therefore, the IRS cannot share that info with the FBI or local cops. If you're a hooker and you declare that you made $150,000 last year and give uncle sam his cut, they won't do a damn thing to you. They won't (can't) tip off vice, because it's illegal.

Re:Careful...

The SC has ruled (on more than one occasion) that a person cannot lawfully evade filling out an accurate Tax statement, ergo it is compelled and not volunteered, ergo it is not admissable against you in criminal proceedings not involving tax evasion.

Surprised? Not really.

IRS Leaves Taxpayer Data Largely Unprotected

This story acts as we should be surprised. The government serves the people. The IRS, on the other hand, serves the government. I let you figure out where the disconnect is.

Re:Surprised? Not really.

> > IRS Leaves Taxpayer Data Largely Unprotected
>
>This story acts as we should be surprised. The government serves the people. The IRS, on the other hand, serves the government. I let you figure out where the disconnect is.

Remember, rememb

IRS Hacking

Who in their right mind would hack into the IRS sure it would be nice to add a zero to my return but you don't f*** with the IRS.

Re:IRS Hacking

you don't f*** with the IRS.

That's why potential hackers wouldn't. They'd want to leave things nice and tidy, just the way they found them.

Who in their right mind would hack into the IRS

Someone looking for information on Bill Gates' bank accounts, or perha

Re:IRS Hacking

This is the Internet. You can say "fuck" here.

Re:IRS Hacking

But can you say "shit"? Oh, I guess you can.

Ob South Park Quote...

Randy: That word's kind of getting old. It's not really funny anymore.
Man: Yeah, they're gonna have to come up with a new swear word now.
Mr. Garrison: Well, they can't use "fag." Because you can't say "fag" unless you're a homosexual.
Randy: Really? So we c

A literalist hacker helps you today!

...it would be nice to add a zero to my return...

I decided to help you out there. Here you go.
Instead of getting a return of $237.13, you will now receive $237.130.

Have a nice day!

Security, the Gold Standard

Cost of providing security against non-existent WMDs that couldn't reach the US even if they existed ... $100 Billion

Cost of providing security against al-Qaeda attacking US from Iraq, even though they weren't there ... $400 Billion

Cost of providing security against really obvious IRS forms that let people steal your money and assets easily ... $0.0005 Billion (of $500 million)

Realizing you've been taken to the cleaners due to your own gullibility ... Priceless!

Re:Security, the Gold Standard

There are some things money can't buy. For everything else, there's the American taxpayer.

What a surprise

Here's a question. What does it cost the IRS if taxpayer data is stolen?

Oh yeah. Squat. Why *should* they care? It's no skin off their back.

If our government wanted to make sure this didn't happen, they'd fine the IRS every time there was a security breach. In fact, they'd fine the IRS just for having bad security. And then things would improve.

'Course, in reality, why would they do that? There's no reason our government would want to hurt the IRS in any way.

Really, what should be happening is the people of America suing the IRS for not guarding our information properly. I wonder how *that* lawsuit would go.

Here's the fundamental issue: If you want someone to behave in a certain way, you have to make it worth their while. Right now the IRS has no incentive for keeping our info safe. Want to change that? Change it at the source.

Re:What a surprise

The government fining the IRS? That's a laugh...

That's basically taking a million out of one pocket and putting it in another. What's the point?

Re:What a surprise

That's basically taking a million out of one pocket and putting it in another. What's the point?

Well I suppose the IRS has a budget to follow, so it could still hurt the IRS.

Re:What a surprise

So the IRS's budget would get reduced, leaving them fewer resources to do their job (of which the scope won't change), so the situation gets worse... I don't see that fining the IRS would do any good.

Instead, I'd put the heat on your local Congressman, as

Re:What a surprise

So the IRS's budget would get reduced, leaving them fewer resources to do their job (of which the scope won't change), so the situation gets worse... I don't see that fining the IRS would do any good.

I would expect both the Dems and our new Neo-con over

Re:What a surprise

To what end? Will we fine the IRS until they can't collect taxes?

If you want to see the IRS punished, make heads roll when bad things happen. Which means things like:

1. Management can be fired if a huge screwup happens
2. Massive screwups can result in fines against management
3. Charges can be brought against the parties responsible for the screwup

Once their necks are on the line, you can be certain that the top level of IRS management will put pressure on the entire organization to prevent security issues.

That being said, the IRS is likely suffering from the same problem as the rest of the goverment agencies: Too much work, not enough manpower/funding. Putting more pressure on the IRS may only result in making it harder to find IRS employees.

Re:What a surprise

If our government wanted to make sure this didn't happen, they'd fine the IRS every time there was a security breach. In fact, they'd fine the IRS just for having bad security. And then things would improve.

Why do you think fining the IRS would make a diff

Is A Pleasure To Have In Class

Hey, a D- is a passing grade--what's wrong with that?

I mean, wouldn't you much rather have a national government that was more like you, instead of some kind of intellectual-elite government scoring all "A"s? Better to have a government that understands people like you than a government that is out of touch with mainstream American values, I say!

(Break out the hookers and blow! Party at Treasury!)

Re:Is A Pleasure To Have In Class

Nuclear regulatory Commission has slipped from a B+ in 2004 to D- in 2005. Is it being managed by Homer? [washingtonpost.com]

I thought they worked around by using 1/2" tape

I thought they worked around all the security issues by just writing all their data on 800 bpi 1/2" tape. Seriously, the only people who have those things anymore are the IRS and the FAA.

Bigger Government!

Sounds like we need a Department of Homeland Insecurity...

The IRS is insecure?!?!?

No [nwsource.com] shit [zdnet.com] ? [techlawjournal.com]

IRS is in the middle of a change over anyway

I work for a company that creates electronic filing software for the IRS, and I work with them on a regular basis. While Electronic filing has really only been popular the last few years its history goes back a very long time (in computer years). For example, currently to file a form 1040 electronically, it gets formatted in custom text format, attached to a whole bunch of other forms, gets all sorts of headers and summary information tacked on. It gets gzipped, then pushed through a z-modem connection over a telnet session, inside of an SSL connection. Why? Because it evolved that way. There was a time when electronic filing meant putting magnetic media in the mail. So the file formats go way back and are all fucked up because they are constantly updating the forms in respons to legislation. when they stopped with the magnetic media and started using modems, the whole thing was run like a BBS, so ta-da z-modem. When the bbs system was moved to the internet, it became telnet. Then they said oh shit its on the internet, we need encryption, so they moved that into an SSL connection.

Case in point the whole system is fucked up because its doing things it was never designed to do. So now we introduce Modernized E-File. MEF is basically the IRS rebuilding its entire system from the ground up. File formats are getting moved to XML, the network connections are moving to SOAP, and all sorts of other cool stuff.

Given the amound of stuff thats going on right now I would expect them to be scored poorly because basically the existing system is held together with duct tape while the new system is being built, and the new system probably wasn't considered in the score since its not completly up and running yet.

Old News

We all knew this already. If a chick like Trinity could hack into the IRS... how good could their security be?

Let's be fair

Let's be fair here. Isn't a D-minus really an F? Let's not split hairs, people. If I got a C-minus my scholarship would have been dropped. Can't we drop them from the government for not even grading an average C?

zerg

In 2004, the Department of Commerce got an F.
In 2005, the Department of Commerce got a D+.

Clearly, they must have improved slightly. Why didn't anyone highlight these improvements to show the DOJ, NRC and Treasury that, even if you're completely retarded, you can still make some improvement?

Did any one pass?

Did any department pass?

In other news, the department of agriculture passed with flying colors. Though they haven't figured it how to plug in their 486 yet, so it's not entirely a fair fight.

Defense gets an F?

It's pretty funny the department that gets the most funding gets a F grade. What a joke!

Meanwhile NASA only gets a drop in the bucket.

Re:Defense gets an F?

You may have cause and effect backwards. These scores appear to be self-reported. The department of Defense has realized that the best way to get more money is to give themselves a bad score.

Blame Game

The problem is obviously the report cards. They got a D+ on a report card, which resulted in getting a D- on the next one. If they didn't give report cards, we wouldn't have to read news stories like this, which make us feel so bad. Instead we'd just read

Attention Homeland Security

You are all fired. It is obvious that bringing in random people that don't even know what they are going can get at least a D-. Heck, sometimes I don't even show up for class and don't bother studying for the test and I can pull a D+.

Just one more reason to enact the FairTax

We need to get rid of the IRS altogether and replace it with the FairTax. [fairtax.org]

The FairTax would replace the complex and difficult to understand federal income tax with a fair and simple national sales tax.

Under the FairTax, Americans will take home 100% of their paychecks, allowing them to save more money for education and retirement, as well as make investments that will stimulate our economy. Not only will American workers take home their whole paychecks, each registered household will receive a monthly "prebate" check to refund taxes paid on necessities. This combination of sales tax and monthly prebate makes the FairTax the only tax proposal that completely "untaxes" the poor.

The FairTax is revenue neutral. While the American worker has everything to gain under this new system of taxation, the government will lose nothing in federal funding.

The current system of taxation is beyond repair. Compliance is difficult and expensive, often prohibitively so for aspiring small businesses.

Re:Just one more reason to enact the FairTax

And in regards to this specific story, under the Fair Tax there wouldn't be an IRS, nor would any other government agency need comprehensive files about every single American that contain sufficient information to steal their identity.

Hackers can't steal what isn't there.

Re:Just one more reason to enact the FairTax

Also, Walmart would rule the world with this one. Their lower prices would now be significantally lower than the mom and pop shops, since the tax overhead is much higher.

I haven't worked it out yet, but it sounds false to me at first glance. Let's see if t

Re:Just one more reason to enact the FairTax

I'm confused, is this simple real world example that hard to comprehend?

at 6% now, 23% fair tax, 5$ at Walmart, 6$ at Mom&Pop

now
Mom&Pop = $6.36
Walmart = $5.30
difference = $1.06

fair tax
Mom&Pop = $7.38
Walmart = $6.15
difference = $1.23

Do it like Japanese, publish it.

Personally, I think Japan has the better system of publish list of top 100 tax payer, how much they earn and how much they pay in tax, etc.

The privacy of tax return had allowed too many tax loopholes and evasions to go un-notices. If tax returns are publ

Legitimacy of the tests

Has it occured to anyone that perhaps DHS and the DoD get failing grades because they take different, more effective approaches to security than what's handed down by a beauracracy?

Re:Legitimacy of the tests

Has it occured to anyone that perhaps DHS and the DoD get failing grades because they take different, more effective approaches to security than what's handed down by a beauracracy?

You sound like those parents who say "my child is failing because you don'

And they want me to pay for this data?

Why should I pay for this data

http://usgovinfo.about.com/b/a/217091.htm [about.com]

when I get get it for free, then?

Either it's mandatory or it's optional.

If it's mandatory, then if a department's staff fail, they should be let go. Mandatory means "this is what you need to do". Mandatory isn't a choice. If it's the fault of IT staffers, sack the staffers. If it's the fault of management, sack the management.

The report card

The full report card [house.gov] is certainly interesting, especially since those agencies that have high profiles in national security matters (Defense, State, Homeland Security) all received an "F". Department of Justice (think FBI, DEA), and the Nuclear Regulatory Commission fared about as poorly with a "D-".

The Social Security Administration scored an "A". As I recall they were also one of the first federal agencies to complete their work on the Y2K project. Score another one for monolithic bureacracies over fragmented bureaucracies :)

Re:I Got a D- In English Yet I am Sucessful

You know the difference? You are an individuum and not an organisation.

Re:IRS E-File insecurity

Try the FBI. I can't believe that outfit isn't running afoul of some serious Federal laws somewhere.