Government // Cybersecurity
News
2/3/2014
12:40 PM
Connect Directly
RSS
E-Mail
50%
50%

New IRS Tax App: Invitation To Thieves?

A new IRS online tool let users view and print copies of past tax returns, but it could become a target for identity thieves.

Top 10 Government IT Innovators Of 2013
Top 10 Government IT Innovators Of 2013
(Click image for larger view.)

The IRS has introduced an online tool that lets consumers download transcripts of their tax filings. But a former IRS attorney warns that the new self-service tool may be a target for thieves, and that the agency's data security practices aren't as strong as they need to be.

Those security practices are expected to come up when the newly appointed IRS commissioner, John Koskinen, testifies at a House Ways and Means Oversight Subcommittee hearing on Wednesday.

The new self-service tool, Get Transcript, is one of a number of changes the IRS introduced for the 2014 tax filing season to meet consumer demands while easing the back-office burden on IRS employees.

The IRS receives a lot of requests for transcripts of previous tax returns, which are often needed for validating mortgage applications, applying for student loans, and filing new returns. But the IRS says it has limited resources to accommodate such person-to-person services. Automating the process puts control in the hands of individual taxpayers, who can use Get Transcript to view and print a copy of past tax returns on their own.

All transcript requests are being referred to the online tool, though individuals can still request a copy to be sent by mail. After creating an account and going through an authentication process (similar to attaining online bank access), users can get what they need with one click.

[The US government now offers more than 100 handy apps for mobile devices. See 6 Cool Apps From Uncle Sam.]

The service change is generally welcomed, since individuals no longer need to wait up to 10 days to get a copy of their records via mail. But several security concerns cannot be overlooked. Though the IRS has taken steps to authenticate users and secure the system, Get Transcript could become a target for identity thieves. Kenneth Ryesky, a former IRS attorney who teaches business law and taxation at Queens College in N.Y., told InformationWeek thieves would need little more than a person's Social Security number, which the IRS requires online users to provide.

(Source: Flickr/Jason Strong)
(Source: Flickr/Jason Strong)

"The IRS has long directed itself to data security practices." However, "it has done an abysmal job of data stewardship -- that is, how it processes, handles, verifies, and utilizes the data it strives to keep secure," Ryesky said. "Look at the recent indictments and convictions, and you will find that more than a few identity thieves are tax return preparers who are victimizing their own clients."

In announcing the hearing, Ways and Means Oversight Subcommittee chairman Charles Boustany said improper payments and identity theft remain major challenges for the agency. "The problems at the agency are many, and they are diverse, but what they all have in common is it will be up to Commissioner Koskinen to begin correcting them."

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

Elena Malykhina began her career at The Wall Street Journal, and her writing has appeared in various news media outlets, including Scientific American, Newsday, and the Associated Press. For several years, she was the online editor at Brandweek and later Adweek, where she ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
2/6/2014 | 11:17:02 AM
Re: Not all hacks are online hacks
Good point, Marilyn. That is a common problem with any legislative body debating issues with technology ramifications that they don't understand.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
2/4/2014 | 5:06:46 PM
Why is this even a need?
New rule: If you're too dumb to print a hard copy of your tax return and store it somewhere safe -- and then shred when the time comes -- you deserve to have to write to or call the IRS and pay a fee.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
2/4/2014 | 4:47:53 PM
Re: Not all hacks are online hacks
Honestly, I'd be surprised to learn that a single person on the House Ways and Means Oversight Subcommittee had the technology background to even recognize what a secure IRS tax app would look like. 
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Ninja
2/4/2014 | 8:12:54 AM
Re: Not all hacks are online hacks
Indeed, Thomas. Shouldn't the IRS have a strong security system as banks have? 

-Susan 
Thomas Claburn
IW Pick
100%
0%
Thomas Claburn,
User Rank: Author
2/3/2014 | 4:36:51 PM
Re: Not all hacks are online hacks
I'm shocked, shocked to find inadequate security in government systems.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
2/3/2014 | 4:17:45 PM
Not all hacks are online hacks
I suspect identity theives have plundered plenty of tax documents from someone's mailbox, or garbage, or even solicited tax transcripts in someone else's name. Putting a process online does open up opportunities for identity theft on a larger scale, but this program does also address the desire of many consumer advocates that individuals have better access to their own data.
WKash
50%
50%
WKash,
User Rank: Author
2/3/2014 | 2:37:00 PM
Fewer Tax Dollars At Work
IRS officials have rightly, and creatively tried to automate processes in response to some pretty steep budget cutbacks. But in light of those cutbacks, Congress and oversight officials need to take a hard look at the integritiy of IRS's data systems and these new tools, to ensure they have been adequately engineered and have the necessary protections against cyber criminals.

 
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.