IRS Leaves Taxpayer Data Largely Unprotected 152
LogError writes "Two weeks ago, Department of Treasury received a D-minus grade in the Federal Computer Security Report Card for 2005, down from a D-plus grade in 2004. The majority of Treasury systems are those belonging to IRS. The government-wide computer-security grade for 2005 was D-plus, while Homeland Security and Defense both received an F. Grades are based on reports submitted to Congress by the agencies; the reports are required under the Federal Information Security Management Act of 2002.8 The scores are meant to reflect whether departments meet federally mandated security standards."
Re:What a surprise (Score:4, Interesting)
That's basically taking a million out of one pocket and putting it in another. What's the point?
Re:What a surprise (Score:4, Interesting)
If you want to see the IRS punished, make heads roll when bad things happen. Which means things like:
1. Management can be fired if a huge screwup happens
2. Massive screwups can result in fines against management
3. Charges can be brought against the parties responsible for the screwup
Once their necks are on the line, you can be certain that the top level of IRS management will put pressure on the entire organization to prevent security issues.
That being said, the IRS is likely suffering from the same problem as the rest of the goverment agencies: Too much work, not enough manpower/funding. Putting more pressure on the IRS may only result in making it harder to find IRS employees.
Just one more reason to enact the FairTax (Score:5, Interesting)
The FairTax would replace the complex and difficult to understand federal income tax with a fair and simple national sales tax.
Under the FairTax, Americans will take home 100% of their paychecks, allowing them to save more money for education and retirement, as well as make investments that will stimulate our economy. Not only will American workers take home their whole paychecks, each registered household will receive a monthly "prebate" check to refund taxes paid on necessities. This combination of sales tax and monthly prebate makes the FairTax the only tax proposal that completely "untaxes" the poor.
The FairTax is revenue neutral. While the American worker has everything to gain under this new system of taxation, the government will lose nothing in federal funding.
The current system of taxation is beyond repair. Compliance is difficult and expensive, often prohibitively so for aspiring small businesses.
Do it like Japanese, publish it. (Score:2, Interesting)
The privacy of tax return had allowed too many tax loopholes and evasions to go un-notices. If tax returns are public, the transparancy and public outrage would ensure loopholes are plug and tax system remains fair.
In the U.S. the finanacial accounting and tax accounting had been allowed to drifted away from each other. If public investors are allowed to see the tax returns of their holdings, they can get much better sense of a corpration's performance. A lot of recent corporate scandals would had been discovered sooner or prevented all together.
Legitimacy of the tests (Score:2, Interesting)
Re:Careful... (Score:3, Interesting)
I know you're joking and all, but I still feel like pointing out for those who modded you Insightful why this isn't so simple.
American taxpayers sign up each year and tell the government whether they're obeying the law or not by filing (or not filing) their tax returns. Terrorists don't register with the government to say that they're terrorists. The government has a much easier time knowing whether your a tax evader than a terrorist because it's all on record.
After that, it's a simple matter or when and where you next use your SSN or other government ID to nail you down. Alternately, it's a matter of when you get caught using fake ID to evade the government to nail you down. Once you've ID'ed a tax evader, tracking them down isn't hard because evading the government once it actually wants you is much, much harder than you might think unless you completely cut yourself off from society.
IRS E-File insecurity (Score:2, Interesting)
Everything was going fine until I filled out the address of my employer from my W2. On the W2, it was listed as "Comptroller's Office, SoAndSo Corp.". So I typed that in, verbatim, to the website. Surprise of surprises, I got back an ASP debugging page saying that an SQL syntax error had occurred and 's' was an invalid command.
For those of you that don't know, this just screams SQL Injection vulnerability. I went back to the login page and tried logging in with "abc'abc". Not only did I get an SQL syntax error on this page as well, but the debugging information showed the IP address, user name, and password of the MSSQL server used to store all of the tax information. *sigh*
This was at about 10:00 pm, so my immediate attempts to contact the company failed. I also contacted the IRS, and eventually got a case assignment after about three different calls to various help desks. I called the company again in the morning and carefully explained the dangers of A) not turning off ASP debugging information on production systems and B) creating SQL statements by concatinating user input. The IRS did eventually call back, and I was able to connect them up with the company spokesman. I'm sure they had an interesting talk.
Moral of this story... there really isn't one. The IRS had linked to these people directly, and in that way endorsed them, but no one, from the IRS or the company, ever thought of placing a single quote into any one of their text fields. Also, this site was verified by TRUST-e, but apparently they're only worried about SSL. Oh, and after all that, the site still isn't fixed. They've turned off ASP debugging. But that's it. I can still log in with "username'--" and an invalid password. Anyone know where I should go next? Who to talk to?
Re:Just one more reason to enact the FairTax (Score:2, Interesting)
Also, Walmart would rule the world with this one. Their lower prices would now be significantally lower than the mom and pop shops, since the tax overhead is much higher. Also, that would give them much more say in government affiars since they'll be one of the major suppliers of government funding. Oh, and squash free software, since free software now has a direct drain on the economy. Congratulations, you just made the Microsofts and Walmarts of the world that much more powerful.
Terrible, unrealistic idea
Re:Careful... (Score:5, Interesting)
The 5th amendment protects you from being compelled to testify against yourself in a court. If you volunteer the information, you're out of luck.
You are compelled to list your income and occupation on the tax forms. Therefore, the IRS cannot share that info with the FBI or local cops. If you're a hooker and you declare that you made $150,000 last year and give uncle sam his cut, they won't do a damn thing to you. They won't (can't) tip off vice, because it's illegal.
Re:IRS E-File insecurity (Score:3, Interesting)