blogger visitor

Friday, November 18, 2016

Of Course You Should Trust the IRS with Your Financial Information

The income tax provides justification for massive government intrusion into the financial privacy of its taxpayers. Its information gathering capacity and demands run wide and deep, and expand with almost every piece of enacted major tax legislation.

We would like to think that the government can be trusted with our financial data - but is that really justified? Data breaches are not limited to the private sector, the government is not too concerned about being sued like a private company if its servers are breached given sovereign immunity, and political motivations and abuse of access are also real risks.

Am I crying wolf here? You be the judge:

Recent Inspector General Report Excerpt: “TIGTA found the IRS did not ensure that encryption requirements are being enforced and ensure that nonsecure protocols are not being used in order to fully protect information during transmission. These protocols include File Transfer Protocol and Telnet, which are known insecure transfer protocols. The IRS also did not remediate high- risk vulnerabilities or install security patches on file transfer servers in a timely manner.  For example, TIGTA found 6 1 servers with high -risk vulnerabilities, 10 servers with outdated versions of Windows and UNIX operating systems still in operation, and 32 servers missing 18 unique security patches, of which four were deemed as critical. Lastly , the IRS did not ensure that corrective action plans for correcting security control weaknesses, including some of the weaknesses previously mentioned, met IRS standards.  This reduced the assurance that the weaknesses would be corrected timely”.

And another:

Recent Inspector General Report Excerpt: “taxpayers whose PII/tax return information was sent unencrypted in either internal or external e -mails during four weeks; this equates to 28,200,857 taxpayers for the full year”

No comments: