The IRS needs to fix its information technology issues
A series of reports from the Treasury Inspector General for Tax Administration (TIGTA) show that the Internal Revenue Service (IRS) has critical cybersecurity vulnerabilities in its information technology (IT) systems. The IRS stores treasure troves of confidential taxpayer data, including personally identifiable information, which it is legally required to protect.
TIGTA reports make it clear that outdated computer systems, some of which are decades old, create too many vulnerabilities and put too much taxpayer data at risk. Yet, in the Inflation Reduction Act (Pub. L. No. 117-169), Congress provided the IRS with $87 billion over 10 years, much of which will be used to increase the number of IRS auditors, rather than giving the agency sufficient resources. to modernize its technology and increase its cybersecurity protocols, while improving customer service.
A September 27, 2022 TIGTA report found that the IRS rushed its transition to a cloud computing system without conducting proper due diligence to ensure security measures were in place to protect taxpayer information. . Cloud services, when properly implemented, can provide a higher level of security and lower costs, and should be considered part of the IT modernization strategy across all federal agencies. The IRS’ transition to cloud services, which began in April 2019, offered the opportunity to move away from outdated hardware, increase cybersecurity, and realize potential cost savings. However, according to the TIGTA report, the IRS has not implemented the appropriate security measures required by FedRAMP for all federal computer programs. While the IRS and other agencies should seek more efficient and modern technology, moving data to the cloud should be done using FedRAMP guidelines, under an operating license, so that confidential information is not not endangered.
In a September 30, 2022 report on database scanning and controls, TIGTA reported that the IRS decided in 2018 to reduce scanning for database vulnerabilities “without following procedure or policy. appropriate”, leaving the agency unaware of all the risks of its central computer. computers despite increased scans by March 2022. Issues have also arisen with external vendors used by the IRS to perform database checks and report results. IRS managers did not receive the reports on a regular basis, and those they received included only a superficial analysis of potential problems. This lack of regular and detailed reporting prevents the IRS from determining the root causes of database issues that would help develop possible solutions or fixes. This leaves IRS management without sufficient foresight to provide the services needed to fully protect databases and other computer systems from attack.
The problems described in the TIGTA reports are just two cases in a long history of the IRS’ mishandling of taxpayer information. In 2016, the IRS said more than 700,000 Americans had their Social Security number and other information exposed in a data breach. On June 8, 2021, ProPublica exposed the tax information of billionaires and ultra-rich Americans that she had obtained from a “vast cache of information from the IRS showing how billionaires like Jeff Bezos, Elon Musk and Warren Buffet pay little income tax against their enormous wealth – sometimes even nothing.” Instead of sounding the alarm about the release of such confidential taxpayer information, this report was used by members of Congress like Senator Elizabeth Warren (D-Mass.) to renew their calls for a wealth tax and increased tax enforcement by the IRS.
Information in the possession of the IRS was also used for political purposes during President Obama’s administration, when the agency unfairly delayed or investigated tax exemption claims by conservative groups. And in early September 2022, the IRS revealed that the agency had inadvertently released the private information of more than 100,000 taxpayers. Taxpayer information should not be left vulnerable to hacking by criminals and should not be used to promote political motives.
It is abundantly clear that the IRS is plagued by mismanagement, and it should be obvious that the answer to the agency’s problems is not to add more auditors, but rather to fix IT problems and agency customer service department. But like most other agencies and programs, Congress’ response is to spend more money on the “problem,” which in this case equates to a massive increase in the agency’s budget. Congress needs to increase its oversight of the IRS and act on the TIGTA reports and other recommendations that will improve the performance of an agency that badly needs improvement.