Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
IT Technology

IRS Has Loads of Legacy IT, Still Has No Firm Plans To Replace It (theregister.com) 63

The IRS should reopen its Technology Retirement Office to effectively manage the retirement and replacement of legacy systems, according to a Treasury Inspector General for Tax Administration (TIGTA) audit. The Register reports: The report (PDF), from the Treasury Inspector General for Tax Administration (TIGTA), credits the IRS with fully implementing two out of four previous tech modernization recommendations, though argues the other two recommendations were ineffectively implemented. Those failures include the agency's decision in 2023 to scrap its own Technology Retirement Office, which stood up in 2021 "to strategically reduce the [IRS' IT] footprint." Without that office, "there is no enterprise-wide program to identify, prioritize, and execute the updating, replacing, or retiring of legacy systems" at the IRS, the inspector general declared, adding the unit should be reestablished or brought back in some similar form.

The closure of the retirement office, in the eyes of the TIGTA, is part of the IRS's failure to properly identify and plan for shutting down legacy systems and possibly replacing them with something modern. According to the audit report, the IRS identified 107 of its 334 legacy systems as up for retirement, yet only two of those 107 have specific decommissioning plans. The TIGTA would like to see clear plans for all of those identified systems, and had hoped the retirement office (or similar) would provide them. Then there's the second incomplete recommendation, which the IG said is the IRS' failure to properly apply its own definition of a legacy system to all of its tech. [...] In its response to the IG report, the IRS said it had largely addressed the two incomplete recommendations, though not entirely as the Inspector General might want.

This discussion has been archived. No new comments can be posted.

IRS Has Loads of Legacy IT, Still Has No Firm Plans To Replace It

Comments Filter:
  • The plan seems to be outsourcing their IT to private third parties, rather than fixing anything internally.

    If you've had to deal with ID.ME, you probably know how well that's going. If you haven't, get ready because it's now a requirement to be a citizen.

    • by kriston ( 7886 )

      Nothing related to IT is done in-house at IRS. It's all outsourced.
      There's literally a building across the street from IRS Headquarters that was specifically built to house the contractors de jour.

      • Nothing related to IT is done in-house at IRS. It's all outsourced.
        There's literally a building across the street from IRS Headquarters that was specifically built to house the contractors de jour.

        Citation requested.

        • by kriston ( 7886 )

          Citation requested

          Try Google Maps.

          • Citation requested

            Try Google Maps.

            With all due respect, while I might believe there's, "a building across the street from the IRS HQ", I do not believe your assertion as fact, and I suspect you are in error.

            • by kriston ( 7886 )

              The name of the company is on the side of the building. It was once a well-known government contractor, CSC. Not sure who it is now.

  • The United States government was on the forefront of IT innovation, having funded the development of the first electromechanical computer, the first all-electronic computer, and the first transistorized computer, and the internet.

    The rest of the world is still using slide rules and log tables.

    • Re: (Score:3, Insightful)

      by Train0987 ( 1059246 )

      Some legacy things just work better than the current thing alternative. I'm sure the IRS still uses mainframes which are perfectly adequate for what they do and superior to whatever cloud-based SQL mashup they would try replacing it with at double the cost..

      • by SlashTex ( 10502574 ) on Thursday August 15, 2024 @08:16PM (#64710248)

        As someone who taught IRS agents COBOL 35 years ago, the mainframe stuff may work, but keeping folks trained on them is VERY expensive. And interfacing the old systems with anything modern can be almost impossible.

        The profs that ran these summer classes made 3-5 X their teaching salaries. And we (doc students) did most of the teaching.

        • In-house coders at the irs in the late 80s? Wow.

        • The IRS maintains billions of records on hundreds of millions of entities. There is no better place for specialized employee training and terminal emulators still work just fine.

        • by dbialac ( 320955 ) on Thursday August 15, 2024 @09:05PM (#64710296)

          As someone who taught IRS agents COBOL 35 years ago, the mainframe stuff may work, but keeping folks trained on them is VERY expensive. And interfacing the old systems with anything modern can be almost impossible.

          Put differently, though they're expensive to maintain, they're difficult to break into. I don't think the IRS computers have even ever been hacked nor everyone's information leaked. Given we're dealing with the kind of private data they deal with, I say keep using them.

          • They're actually really easy to break into. They don't have a lot of things that modern OSes have, like ASLR, so it's a lot easier to break into them. The inly difficulty is the price of entry, both in terms of buying hardware, and in terms of figuring out how to use the hardware.
            • by cyber-vandal ( 148830 ) on Friday August 16, 2024 @04:29AM (#64710822) Homepage

              zOS has ASLR but it's off by default. https://www.ibm.com/docs/en/zo... [ibm.com]

            • The things that are actually exposed the Internet would be through modern systems that interface with it (assuming, of course). The security of the system itself mostly only matters for physical or direct terminal access.

            • by DarkOx ( 621550 )

              well...
              yes but no - the architectural complexity of mainframes makes it more than little more difficult to abuse the way pc platform servers are. The way resource allocation by OS in most cases does as well.

              On the other hand if you have terminal access to 'the gibson' blasting your way by some 20 year old releases of RACF and TSO might not be difficult at all and depending on the organization you might be dealing with some really old software..

              All and all I'd say if everything is up to date and under mainte

        • by DesScorp ( 410532 ) on Friday August 16, 2024 @09:17AM (#64711238) Journal

          As someone who taught IRS agents COBOL 35 years ago, the mainframe stuff may work, but keeping folks trained on them is VERY expensive.

          I bet it's less expensive in the long run than subbing everything out to Microsoft or Oracle.

          And interfacing the old systems with anything modern can be almost impossible.

          Companies do this every day now. This really hasn't been a problem for years. IBM in particular went to great lengths to make sure their mainframes worked well with heterogeneous distributed systems. That costs money too, but it gives you the best of both worlds.

      • by Big Hairy Gorilla ( 9839972 ) on Thursday August 15, 2024 @09:29PM (#64710328)
        Thank you very much. The risk of touching those systems outweighs the technical debt, basically. Cost and complexity should scare them away from touching it. It's probably a house of cards. I probably learned "if it ain't broke, don't fix it" on my first COBOL job around 100 years ago, I think it was.

        Based on what's going on in the world of "corporate computing" these days, you'd either be crazy or crooked to touch that.
        • Based on what's going on in the world of "corporate computing" these days, you'd either be crazy or crooked to touch that.

          Ever since the advent of PC networks, there's been a constant drumbeat to "get modern, get rid of those old mainframes". This has of course been heavily encouraged by Microsoft, who benefits from it, and from Linux interests, who likewise want to fulfill Linus Torvalds' prophecy of "Linux Everywhere". But mainframes are the most reliable systems that any corp or government has, and so they stick around. We've all been at those places, though, with the new leadership that comes in and goes "That mainframe ha

      • Some legacy things just work better than the current thing alternative.

        Are we still talking about the IRS, or about the Sonos app?

        • That's a good example on a smaller scale, really. A ground-up rewrite has to function the same and handle all the same edge cases. Very hard to do without recreating all the bloat or introducing bugs.

      • by Registered Coward v2 ( 447531 ) on Friday August 16, 2024 @06:19AM (#64710940)

        Some legacy things just work better than the current thing alternative. I'm sure the IRS still uses mainframes which are perfectly adequate for what they do and superior to whatever cloud-based SQL mashup they would try replacing it with at double the cost..

        One of the biggest issues isn't cost but getting the system requirements right and then making the system actually properly replicate the functionality; and that is before ensuring all that legacy data is properly transferred. One legacy system I worked on converting finally gave up on full data conversion and simply wiped some because here was no good way to get it all in; since the legacy system didn't do error checking but simply collected data in text fields. As a result, we had duplicate SSNs, clearly fake SSNs, companies whose names were in the system a lot of different ways, etc. Compound that with companies not wanting to take the time and money to do some really good as - is analysis and specification development; preferring to "figure it out as we go along" and you have a prescription for a disaster.

        • Let me guess: at least one of the companies you were working with insisted that the new system be 100% bug compatible with the old one so that they didn't have to chase down and remove the workarounds they'd programed into their stuff over the years.
          • Let me guess: at least one of the companies you were working with insisted that the new system be 100% bug compatible with the old one so that they didn't have to chase down and remove the workarounds they'd programed into their stuff over the years.

            Nah, they just wanted not to lose any data because things such as years of service, pensions, etc. were all based on the data; the problem was the data often didn't have any rules beyond "this many digits" or "No longer than this..." My point was if a company has mission critical data, replacing the old system may not be a viable option; at least not unless you are willing to spend a lot of time and money documenting, cleansing data, and testing to be sure it is really giving the same results before you go

      • The report mentions assembler programming language!
    • The US government did not fund the development of the first electromechanical computer.

      They funded the development of the first electronic digital computer. Konrad Zuse already had the first binary digital electromechanical computer.

      Architecturally, eniac was much less advanced. The only thing that distinguished it was the use of valves for switching which Zuse couldn't afford. Programming was plug board based, not tape like the Z3. Oh also the Z3 had pipelining and full hardware FPU including infinities an

  • by upuv ( 1201447 ) on Thursday August 15, 2024 @08:12PM (#64710242) Journal

    In Fin sectors systems replacement of "working" is considered a risk. A risk no matter how small is still a risk.

    Fin sectors are risk adverse thus lack of movement.

    Most here are technologists to some degree, and we instantly counter with what about all these other risks they are ignoring. Well these fall into what I call risk paralysis. As seen from the outside both staying with and modernising carry risk. The usual response is there is less risk in doing nothing. If there is a response at all.

    Why does the fin sector have such a risk aversion? Well it's pretty simple. These uplift projects fail. They fail ALOT.

    There are 2 primary reasons for failure.
    1. "While we are uplifting system X, lets capitalise on that and add feature Y."
    2. A failure to prepare the legacy system for migration prior to migration.

    The first reason is probably the worst. Layering new capabilities onto a legacy system while it is migrating does a few things. It prevents rollback. It adds unknown issues to the migration that complicate it.

    The second one is the most aggravating. Preparing a system for migration is almost always compromised due to time or money. Preparing a system for migration takes a lot of forms. But in general it's all about updating processes and tooling on the legacy systems so that it will be better able to handle migration. The biggest outcome of this is the IP associated with the legacy system is rebuilt to a degree. Something that is essential on migration day. But it also accelerates the act of migration. Reducing down time and decreasing risks.

    Now Fin sector has been holding off maturity uplifts for years and decades. Allowing the debt of risk to pile up to enormous heights. IRS like many around the world is facing an almost certain failure to uplift as a result. Banks around the world in the last few years have at least started or are well on the way towards modernisation. But government bodies are lagging behind. With most uplift projects exceeding the term limits of elected officials. Meaning, elected officials can't take credit for a project they started if it succeeds. And almost certainly going to be blamed for overruns, failures etc. As part of the next election cycle.

    So now you have an agency that faces certain failure. Even if they sponsor the work internally. With little to no drive from politicians to force it to happen.

    Unfortunately the log jam of risk will only be cleared if one of those existential risks is realised. A security failure, A system failure with no chance of restoration, A capacity wall etc.

    • by labnet ( 457441 )

      I'd call it technical debt.
      These systems become insanely complex, because of 50 years worth of compliance & feature requests.
      The documentation gets fragmented, lost or not done. (Psst can you just put a field in that sums the fractional cents of interest aggregated over 5 years from the policy start date, but only if they are a senior citizen in Montanna.... you get what I mean)

      This sets up the exponential complexity problem where adding 1001'st requirement creates 10 times as much work as the 1st requi

    • Yes and no (Score:5, Informative)

      by JBMcB ( 73720 ) on Thursday August 15, 2024 @09:19PM (#64710308)

      Kinda sorta.

      With the IRS in particular, it's not just that it's a stable system. It's a system with all of the quirks and vagaries of old business logic baked into it. IE, if you are going to audit a company's taxes from ten years ago, you need to know what the rules were back then and apply them. That's all still there, and the system knows the progression of those tax implications year over year.

      In the IRS this is called "The File." It's been, more or less, the same structure since they implemented it on S/360s in the 1960s. Now it runs on Z system mainframes.

      It's a miracle they automated the system at all. The government pension system is equally complex, and they've never managed to automate it. It's all done by hand in an abandoned salt mine in Pennsylvania somewhere. I think the last effort was twenty years ago and cost half a billion before they gave up.

      I'm firmly in the camp of for any sufficiently complex system, if it works, you leave it alone. If it has worked for the last 50 years or so, you leave it *the hell* alone. If IBM decides to stop making mainframes, you buy the mainframe division from them and build them yourself. It will be cheaper than rewriting 50 years of business logic from scratch.

      • I'm firmly in the camp of for any sufficiently complex system, if it works, you leave it alone. If it has worked for the last 50 years or so, you leave it *the hell* alone

        So am I - for some values of "works".

        I'll never forget dealing with the IRS about an issue (one they caused, randomly changing the rules about a tax credit temporarily) a few years back. The department that I was dealing with literally had me physically re-send a bunch of stuff that had been with my return ... claiming that they literally could not pull it up or retrieve it in any way. Due to unlinked or incompatible systems. They could see images of my return itself, but not the accompanying forms and cop

      • Re:Yes and no (Score:4, Insightful)

        by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Friday August 16, 2024 @06:30AM (#64710950) Homepage Journal

        Logically they should make a new system for new, modern rules and maintain the old system as long as necessary/possible for doing old calculations. Then they "only" have to deal with the pains of making the two systems connect in order to exchange necessary data, which is also painful but less so than trying to do a full rewrite. In my experience government is kind of middling at this, but still much more successful at it than actually replacing systems and making the replacement do the old stuff.

    • by khchung ( 462899 ) on Friday August 16, 2024 @02:38AM (#64710610) Journal

      In Fin sectors systems replacement of "working" is considered a risk. A risk no matter how small is still a risk.

      Fin sectors are risk adverse thus lack of movement.

      And that is exactly why most banks and financial companies *keep working* everyday, and why any banking issues would make news -- because it is so rare and would impact so many people.

      Anyone who thought banking systems should be updated just like your email or any other website are either still living in parent's basement, or are so rich that they never lived through a period where you only pay bills on the last day due because your cash flow is so tight.

      ANY issues with banks/financial institutes may mean someone's payment not getting through, and any who had lived on tight cashflow or had gone through significant life decisions such as buying a house would know, you could be hit with a huge loss if some critical payment failed to go through on time, and you cannot always afford to pay earlier to avoid it either.

      "Move fast and break things" do NOT belong to critical infrastructures such as banks, and hospitals.

  • At least they replaced their tax return mainframe years ago.
    Story has it that one guy developed a Java application that replaced the tax return mainframe after the rehosting project failed three (yes, three) times.

    IRS likes to "re-baseline" their IT projects. That means when the first project fails, they reset the timeline to "day one" and start over to try and manage expectations on how long the project actually is taking. For the tax return mainframe, they did this at least three times before the legendary "Java guy" came in and replaced it all.

    • -1, gullible

      The suggestion that a single person could even write the specification for a large application doesn't pass the laugh test. Did you look for any references?

      • I don't know. If he wrote a COBOL interpreter in Java, that would do almost all of the work except for I/O to the card punch/reader.
        • There is no problem converting the mainline COBOL to Java, C#, C++ or even Fortran 86 to run the program as documented and perhaps not even drop the data structures that had considerable effecncies at scale built in, the problem is being identialy incorrect so the testing is not invalidated the ten thousand fixes applied over 50 years. Perhaps the databases have been updated, but the structures remain the same. This is why every multinational process something twice, once on front end systems and then
  • I want to see a transition to Linux for government in the USA too. They can keep their mainframes (if they still use them), for now, but the desktops and software that interfaces with them should be open source and publicly available.

    In fact, everything the US Gov makes or does should be using open source software and standardized protocols. Other countries should be able to model their infrastructure based on ours with us setting the example. Just because Microsoft is an American company doesn't mean th
    • Re:Linux (Score:5, Interesting)

      by Registered Coward v2 ( 447531 ) on Friday August 16, 2024 @06:36AM (#64710952)

      I want to see a transition to Linux for government in the USA too. They can keep their mainframes (if they still use them), for now, but the desktops and software that interfaces with them should be open source and publicly available. In fact, everything the US Gov makes or does should be using open source software and standardized protocols. Other countries should be able to model their infrastructure based on ours with us setting the example. Just because Microsoft is an American company doesn't mean they should be the standard.

      Never happen, for a number of reasons:

      • Inertia. Getting the government to change anything is hard; simply because "we've always done it this way."
      • Functionality. There are a lot of Office documents, whose structure, use VBA, etc. that will stop working or look different; costing a lot of time and money to replicate, if it is even possible and bringing work to a grinding halt.
      • Training Costs. Sure, OO is similar to Office but it's not the same, and people will have issues when stuff doesn't look or work exactly like they're used to; and any mistakes blamed on not being properly trained.
      • Open Source. Since the US government is one big company there is no need to make modified source code available unless they distribute it outside of the government; which means having someone responsible for complying with the GPL. Agencies do today, but if OSS becomes the norm the challenge gets much bigger. Which brings up two issues, namely, there will be no one standard as agencies make modes, and if someone makes a mod for their area they're not likely to worry about the niceties of the GPL because the just want to get the job done.
      • What about the cost of training for a new version of Windows? Changes in Office 365? Heck, even a minor update in Edge?
        • What about the cost of training for a new version of Windows? Changes in Office 365? Heck, even a minor update in Edge?

          While I get your point, MS changes from version to version are generally small and do not change the whole appearance; going to Linux, while it looks similar, is a much bigger change and even when icons etc. look very similar it's still a whole different look; which is what cause the pushback. It's a question of comfort zones and resistance to change.

  • by nehumanuscrede ( 624750 ) on Thursday August 15, 2024 @09:32PM (#64710330)

    just how much ancient tech was still in use today, it would make you pause.

    For example, my own employer actively runs data across:

    1200 / 4800 / 9600 / + baud modems
    ethernet hubs ( not switches, HUBS )
    ATM
    Frame Relay
    Datakit
    X.25 circuits ( PVC's / SVC's anyone ? )

    We routinely come across old routers that have been running ( and actively routing ) non-stop ( read that: without a reboot ) for twenty plus years. :|

    There is an immense amount of old technology that still helps run the World, most folks simply aren't aware of how much of it is still out there.

    The reason it's still there is because there is so MUCH of it. To replace it all would come at immense cost so, they just let it keep doing it's thing.

    • by khchung ( 462899 )

      just how much ancient tech was still in use today, it would make you pause.

      At least you aren't still using floppy disks, that counts for something. :)

      • by Matt ( 78254 )

        just how much ancient tech was still in use today, it would make you pause.

        At least you aren't still using floppy disks, that counts for something. :)

        I was just troubleshooting a test stand at work which runs motor controller configuration software dating to about 1992. DOS 6.22 command line. The computer has a Zip drive and CD-ROM drive, but no DOS device drivers for those are active, and I don't remember how to set those up, so the 3.5" floppy drive is it. Not that I've tested that yet.

        Forget about USB drives. I don't think those worked on anything prior to Windows 98.

        Now if I can find any floppy disks that work, I could actually do a backup of t

        • I was just troubleshooting a test stand at work which runs motor controller configuration software dating to about 1992. DOS 6.22 command line. The computer has a Zip drive and CD-ROM drive, but no DOS device drivers for those are active, and I don't remember how to set those up, so the 3.5" floppy drive is it. Not that I've tested that yet.

          Forget about USB drives. I don't think those worked on anything prior to Windows 98.

          Now if I can find any floppy disks that work, I could actually do a backup of this computer - it would easily fit on one (probably) or two (maybe) of them. I'm not sure what I'd do with it though. None of our main computers have floppy drives anymore, so I'd have to find a working USB floppy drive, and IIRC those all suck.

          There's no native USB support in DOS. There are DOS drivers for USB, written by third parties. They were particularly popular in Japan.

          Here's a place to start: USB Support in DOS [dosdays.co.uk].

        • They do make floppy to USB emulators, though I'm not certain how well they work.

          https://floppyemulator.com/pro... [floppyemulator.com]

    • If it's still working then why does any of it need to be replaced?

      Sales droids have convinced people that anything old is terrible and should be replaced on principle. Chances are whatever new garbage they throw at it won't last nearly as long. At the very worst replace a few capacitors that have dried out and you'll be good for a few more decades.

    • by gweihir ( 88907 )

      So what? If it works, do not fix it.

    • What AALs are you running on the ATM circuits?
    • The reason it's still there is because there is so MUCH of it. To replace it all would come at immense cost so, they just let it keep doing it's thing.

      But also we keep it because of what you said earlier: It's been running reliably for years. This stuff just works. All things wear out eventually, but that early gear was built really well, and has a long lifespan as a result.

      • Heh.

        One of the problems they're going to run into when they finally DO get around to replacing this stuff is the fact that anyone who knows how this old stuff works will either be long retired or in the grave.

        I will agree with you on old gear being built like a damn tank. Even coated in thirty years of dust and grime, it keeps on running.

  • Imagine needing a entirely new department to do the Job of a IT manager.
  • If they are COBOL or RPG programs running on mainframes it's probably not worth reworking. Whatever they pick to replace it with may also be obsolete in 20 years, and COBOL may outlive it still.

    They should mostly only replace obscure languages and platforms. At least convert them first.

  • ... there is no enterprise-wide program ...

    I fully expect the US IRS to implement technology assessments, updates and training, before issuing demands for payment: What's the alternative, congress-critters get paid for not helping?

    If IIRC, the last US IRS audit, several months ago, revealed outdated systems prevented the IRS from calculating the full tax debt that people owed. Of course, there's no need to be accurate when the US IRS is having these conversations:

    Trump: I don't owe you this year.
    IRS: You owe us 3.5 million.
    Trump: Here's

    • It isn't illegal, so everyone should do it, push the tax code to the limits under a preparer who gets paid to push limits and fight out audits. If the IRS has a more strait forward calculation of what I owe them why do they not hand that over on March 1, I would bet 85% of the population would just overpay by a couple of K just to move on. That marginal last 3k to 5k either returned or paid, honestly means very little to me averaged over 52 weeks, but the government comes at me bro saying I got to pay,
  • It seems they had to close the retirement office because everyone who was competent there had retired.

  • When I filed my 2013 taxes I was told I was Deceased and could not file. I was getting a refund so it mattered. It took about a year for me to get it corrected and get my refund WITH NO INTEREST.

    Exactly 7 years latter (including 2013) in 2020 when I filed my 2019 taxes I was again declared Deceased. This year was an even larger refund but the IRS was "Closed or COVID" that year. I contacted my local Congressman's office and they worked most of the year to get me the refund, but did not want to pay any

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...