The IRS has introduced an online tool that lets consumers download transcripts of their tax filings. But a former IRS attorney warns that the new self-service tool may be a target for thieves, and that the agency's data security practices aren't as strong as they need to be.
Those security practices are expected to come up when the newly appointed IRS commissioner, John Koskinen, testifies at a House Ways and Means Oversight Subcommittee hearing on Wednesday.
The new self-service tool, Get Transcript, is one of a number of changes the IRS introduced for the 2014 tax filing season to meet consumer demands while easing the back-office burden on IRS employees.
The IRS receives a lot of requests for transcripts of previous tax returns, which are often needed for validating mortgage applications, applying for student loans, and filing new returns. But the IRS says it has limited resources to accommodate such person-to-person services. Automating the process puts control in the hands of individual taxpayers, who can use Get Transcript to view and print a copy of past tax returns on their own.
All transcript requests are being referred to the online tool, though individuals can still request a copy to be sent by mail. After creating an account and going through an authentication process (similar to attaining online bank access), users can get what they need with one click.
[The US government now offers more than 100 handy apps for mobile devices. See 6 Cool Apps From Uncle Sam.]
The service change is generally welcomed, since individuals no longer need to wait up to 10 days to get a copy of their records via mail. But several security concerns cannot be overlooked. Though the IRS has taken steps to authenticate users and secure the system, Get Transcript could become a target for identity thieves. Kenneth Ryesky, a former IRS attorney who teaches business law and taxation at Queens College in N.Y., told InformationWeek thieves would need little more than a person's Social Security number, which the IRS requires online users to provide.
"The IRS has long directed itself to data security practices." However, "it has done an abysmal job of data stewardship -- that is, how it processes, handles, verifies, and utilizes the data it strives to keep secure," Ryesky said. "Look at the recent indictments and convictions, and you will find that more than a few identity thieves are tax return preparers who are victimizing their own clients."
In announcing the hearing, Ways and Means Oversight Subcommittee chairman Charles Boustany said improper payments and identity theft remain major challenges for the agency. "The problems at the agency are many, and they are diverse, but what they all have in common is it will be up to Commissioner Koskinen to begin correcting them."
Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.