IRS Security Faults Leave Taxpayer Data At Risk 42
coondoggie writes "In this tax season, when billions of dollars and tons of personal information is relayed to and from the government, it's more than disconcerting to hear that the Internal Revenue Service is still struggling to keep private information secure. A report out Friday from watchdogs at the Government Accountability Office says about 69% of the tax agency's previously noted security flaws remain unfixed and continue to jeopardize the confidentiality, integrity, and availability of the IRS's systems (PDF). The problems put the IRS at increased risk of unauthorized disclosure, modification, or destruction of financial and taxpayer information, the GAO concluded."
IRS vs Private Industry (Score:2, Insightful)
The IRS is concerned about not disclosing private data.
Private industry (including those companies you have not choice in using) has been selling as much of your information as possible for years. While of course encountering security breeches of their own.
The bottom line is that private companies have already sold all of this data, so relax.
Good to know (Score:4, Insightful)
Re:See?! (Score:3, Insightful)
Are you an Indian software engineer by chance? Because then you don't have to fill out the census either.
"Representatives and direct Taxes shall be apportioned among the several States which may be included within this Union, according to their respective Numbers... and excluding Indians not taxed"
They fscked me. (Score:4, Insightful)
Re:Good to know (Score:5, Insightful)
It's good to know that those who deal with SOX compliance and don't come into compliance are slapped hard with penalties,
Anyone who's ever been audited knows that the audit is all about the auditor, not about the rules. In the case of SOX, it's the company being audited who hires the auditor. The company DOING the audit isn't even liable if the the company being audited is fraudulent, and the auditor doesn't catch it. This adds up a huge conflict of interest along the lines of the bond rating companies. Who's going to hire an auditing firm that's a known bunch of sticklers?
the same rules don't apply to the branch of the FEDERAL GOVERNMENT that deals with more sensitive data than any SOX umbrella'd company.
Access to data is a very small part of what SOX is supposed to be about, and about zero reason why it was created in the first place. SOX was a reaction the the Enron scandal where they essentially had extraordinarily deceptive accounting practices that claimed they were worth billions of dollars when in fact they weren't worth much of anything. They did other tricks like create dummy corporations that traded assets back and forth to inflate worth. Citigroup was recently reported as selling their crappy worthless mortgage bonds the day before the end of a quarter for cash in exchange for buying them back the next quarter (this was actually recently). THAT is the real scam, though obviously the SOX rules didn't do much of anything to stop anyone.
If you want to get all pedantic about "the rules", go ahead. I think you miss the larger picture though.
Re:These are basic best practices. (Score:3, Insightful)
It doesn't have an inventory of products either, so there's no way to tell how much they're supposed to collect. If they don't keep thing secure, you could have multiple people using a single person's set of credentials to do business, but only paying the "fair share" of a single one of those people. IRS has an economic incentive to avoid that outcome at least.