backtop

Print E-mail del.icio.us 63 comment(s) - last by MisterChristop.. on Aug 8 at 5:32 AM
Government employees fail security test, reveal passwords to "technicians"

60 percent of tested IRS employees failed to protect their passwords from government tiger teams, says a July 20 government report.

The audit was launched by the Treasury Inspector General for Tax Administration (TIGTA) between March and April of 2007. The report (PDF), sampled 102 various IRS employees, including managers and a contractor, on a single day sometime in the audit timeframe. Social engineers from the TIGTA contacted the IRS employees via telephone, posing as helpdesk personnel.

61 of the 102 sampled IRS employees complied with the TIGTA callers’ requests — which violates IRS internal security policy — by providing their username and changing their password to one suggested by the caller.

Previous audits, conducted in 2001 and 2004, revealed vastly different results. In 2001, TIGTA callers were able to coax passwords out of 71 percent of sampled employees, while the audit in 2004 saw that number drop to 35 percent.

In an effort to understand the numbers, TIGTA auditors contacted all the sampled employees for a follow-up on why they did or did not comply with the TIGTA callers’ requests. Among those who broke policy, the most popular reasons cited were: the employee believed the request sounded legitimate (33 percent); the employee did not believe that changing their password was the same as revealing it, which they knew was against the rules (16 percent); or most alarmingly, the employee was aware of the rules but broke them anyway (13 percent).

The IRS employs close to 100,000 people, says the report, and the sample size was purposefully small as auditors needed to conduct their tests before the news broke out around IRS offices.

“Due to the sample size, we were unable to project our results throughout the IRS. However, we believe our sample was sufficient to demonstrate that IRS employees continue to be susceptible to social engineering attempts and that employees do not provide sufficient emphasis to the security of taxpayer data in their day-to-day activities,” states the report.

Despite frequent intrusion attempts, the report emphasizes that the IRS’ computer systems remain uncompromised by outside threats. However, given that IRS employees so easily revealed their passwords, that record could easily be broken, putting millions of taxpayer records stored in more than 1500 databases at risk.

In a reply attached to the end of the report, IRS Mission Assurance and Security Services Chief Danel Galik writes, “the [IRS] takes its security posture very seriously and we recognize the risks associated with exposing sensitive data unnecessarily ... we continue to reemphasize computer security practices, including social engineering, to IRS personnel.”

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
IRS is not needed
By paydirt on 8/4/2007 4:01:36 AM , Rating: 1
The IRS employs 100,000 people. Some are idiots and they're somewhat friendly idiots, but the whole IRS is unnecessary if we adopted a flat national sales tax otherwise called the "Fair Tax". If we threw out the income tax and all its loopholes, the U.S. government would save more than 1 Billion dollars a year.




RE: IRS is not needed
By KristopherKubicki (blog) on 8/4/2007 4:05:40 AM , Rating: 4
The cost alone of switching such a system would easily cost in excess of a billion dollars. However, I believe the savings would probably exceed that several times over.


RE: IRS is not needed
By Ringold on 8/5/2007 3:54:23 AM , Rating: 2
Tax compliance costs last year were probably close to $300 billion. FairTax drops that to effectively zero, as it makes use of the already existing sales tax systems, though I suppose POS equipment may need a little software upgrade.


RE: IRS is not needed
By Gumby16 on 8/4/2007 4:24:59 AM , Rating: 4
Only fair if it's done on a percentage basis. A "flat tax" where everyone chips in $100 is much more difficult for the low-income end of the spectrum than for people making $200k a year. $100 to a person making $10k hurts their bottom line 1%. $100 to a $200k earner is 0.05%, effectively not a tax at all. A "flat percentage tax" where everyone pays, say, 5% of total income hits everyone more equitably. Also, a "national sales tax" is different. Then you're taxing all consumer behavior. If things become more expensive, you cut back on spending. So a national sales tax has big ramifications for everyday shopping. Not that it's necessarily a bad thing, just something to keep in mind.

By the way, I agree on the need for a "flat tax" but only on a percentage basis. The IRS would save at least a billion in operating costs with such a simplified system and it would make doing taxes easier for tax payers. Having hundreds of forms with thousands of pages of instructions is an incredible waste of time, money, and resources. Mostly it's just keeping tax prep. companies in business.

These results are not surprising. You find similar results anywhere. I work at a major research institution and people still give out passwords, usernames, and personal information like it was going out of style.


RE: IRS is not needed
By Goty on 8/4/07, Rating: 0
RE: IRS is not needed
By FITCamaro on 8/4/2007 11:17:45 AM , Rating: 2
Thats not a flat tax. Thats a consumption tax. The issue with that is on things like homes. Imagine paying a 20-25% consumption tax on a home you buy. That would put buying a home out of reach of many people. And if you exempt purchases like that, the rich could just buy them, wait for the value to rise, then sell it at a profit, and not pay taxes on that income.

A flat tax is setting the amount of income tax that everyone pays to the same percentage. So instead of there being different tax brackets and numerous loopholes so you can get out of paying them, which largely benefit the rich and giant corporations, theres just one bracket everyones in of say 25%.

Some people are saying "So what you expect people to just pay them?" No which is why the IRS would still be around. You still have to make sure that people pay their taxes and the right amount. It would just be far smaller. The tax process would be far simpler too. Just take how much you made, minus any deductions, and multiply by that percentage to get your taxes.

There are a few reasons it likely won't happen though. One is that the poor would complain that "You're only giving money back to the rich". Well of course the rich would benefit the most. They're in the highest tax bracket. They're still going to pay more than the poor though, just less than they were before. The same with corporations. So that means the liberals in Congress would never vote for it.

Another reason is because of the number of jobs that would be lost. What reason would there be for companies like H&R Block and other tax preparation companies and software companies like the makers of Turbo Tax. Not to mention all the tax attorneys out there (not that anyone but them would care about them not being able to suck the life out of you).

The job losses would be in the hundreds of thousands. Surely something no politician wants to be responsible for. And its certainly something the politicians think about.


RE: IRS is not needed
By Ringold on 8/5/2007 4:03:12 AM , Rating: 2
Most prices wouldn't rise anywhere near the amount of the actual national sales tax. As you've pointed out yourself in other posts elsewhere, companies pay huge amounts of taxes, and that gets passed right on down the food chain. With all of that gone, input costs are effectively slashed.

That covers newly constructed homes, and I'd have to look but I'm assuming existing home sales wouldn't be taxed, as I think it exempts things being resold..

The prices that probably would go up are those currently not taxed at all. While their costs would still go down, a haircut and similar things would still probably get more expensive. Woops.

On jobs.. H&R block probably won't care for it much, no, but last I'd heard most large accounting firms liked the idea as it'd free them up to do much more productive work for their clients than triple-checking Uncle Sam's cut of corporate profits -- and thats where most accountants are employed, anyway.

Also, last point, with the monthly prebate, the poor effectively get a negative tax rate just like the one they enjoy now. Difference is that savings would no longer be punished, giving them as large an incentive as can possibly be given anybody to save money (that being zero disincentive).


RE: IRS is not needed
By Fritzr on 8/5/07, Rating: 0
RE: IRS is not needed
By Ringold on 8/5/2007 2:59:48 PM , Rating: 2
If someone enjoys a good or service outside the country, I don't see the problem with paying local taxes and not American ones? If they come here and the tables turn, they don't pay the VAT unless they take it back with them, and likewise on the FairTax. That all seems fair to me.

On the poor not being able to benefit.. Well, for travel to foreign destinations, again, I don't see the problem there; work hard, save money, and they too can live like the rich, who earned their meal ticket already. But percentage of income being spent on taxes really varies; spend less, pay less! Given the huge disincentive to save that is removed, and that brokerage accounts can be set up for free online or at retail offices across the nation, they could easily join the investing class.

Of course, the poor have to want to be thrifty, work hard, and save money. The American Dream promises that if you do that, you'll be rewarded, not that if you're here you get rewarded anyway. It opens the door for success rather than punishing it -- that's all.


RE: IRS is not needed
By B on 8/6/2007 7:14:30 PM , Rating: 2
In regards to your comment on the job losses here is my perspective. Our tax system is a luxury item. The government writes a tax code that is endlessly complex. It is over 65,000 pages.

The code is subject to broad interpretation by accountants and lawyers. It’s not all that different than a math class with glorified story problems. The government writes the problem, the tax professionals solve it. It’s all a game to calculate a tax liability. It’s a waste of time, talent, and skilled workers.

All of the people I work with are intelligent; some of the people I work with are brilliant. Greater than half the people I work with have an advanced degree. They are motivated and entrepreneurial. I often wonder what they could do if they weren't consumed with tax planning, entity structures, and tax compliance. They could certainly be engaged in something more gainful to society. Everyone I work with is capable of being a scientist, engineer, software programmer, educator, or mathematician.

While a flat tax would bring job losses, the losses would be temporary. We can all be retrained and create new opportunities for ourselves and possibly society. In the mean time, we will continue this lucrative charade.


RE: IRS is not needed
By Netted on 8/4/2007 11:21:28 AM , Rating: 2
You are thinking of a national sales tax, not a flat tax. Flat taxes are still income taxes cepting they have only 1 bracket.


RE: IRS is not needed
By The Sword 88 on 8/4/2007 11:57:37 PM , Rating: 2
Yeah a flat tax is like, everyone pays 20% of their income, no matter what.


RE: IRS is not needed
By Ringold on 8/5/2007 3:43:55 AM , Rating: 2
I'm sorry, but you clearly don't know what the OP is talking about when he refers specifically to the FairTax.

I suggest checking the wikipedia entry, as the last time I checked it managed to avoid the shameful left-leaning slant given most economics-related entries. Fairtax.org also is pretty good, where you'll find academic studies. Neal Boortz and John Linder co-wrote a book on it, but it's got a good bit of fluff and would rather one wait until the next edition comes out which will include more "Answering the critics" entries.


RE: IRS is not needed
By DOSGuy on 8/4/2007 6:32:07 AM , Rating: 5
Not needed? So people are just going to pay their taxes voluntarily? Do you understand what the IRS does? We collect taxes, and the largest part of what we do is negotiate payments and catch tax evasion. It doesn't take 100,000 people to design the tax forms. Actually, as someone who hears every day that we're impossible to reach by phone, I can tell you that not only are we needed, but we're understaffed.

As for a flat tax simplifying the tax forms, you might want to pull one out and take a look at it. Eliminating the tax brackets would make one section a bit simpler (for people whose income exceeds the minimum bracket), but most of the form is categorizing the income and declaring deductions. Not all income is taxed equally, for various reasons. Capital gains from stocks are less taxable than employment income because a) they're not guaranteed income because you could just as easily take a loss, and b) the government wants people to invest their money to earn money with their money. You'll never get rich working for someone else. Business income is taxed at a different rate to encourage entrepreneurship, and it's taxed at a different rate from rental income, which is (mostly) guaranteed income. Deductions are allowed for donations so that people will give to charity. Business expenses are deductible to help businesses survive the losses they inevitably incur while they're getting started. There are deductions for interest charged on money borrowed for investments in order to encourage investment. People have medical expenses, student loans... and everything is taxed or credited at a different rate to encourage economic growth and make things fair for everyone. Yes, fair! You didn't think we put all of those lines on the form just for fun, did you?

Even if a flat tax actually did make the tax form simpler, here's the bottom line. If you want to generate the same tax revenue from a flat tax, you'll have to raise the tax rate for the poorest people in order to reduce it for the rich. 20% of the income of a person who spends every cent they make on food and shelter will bankrupt them, while 20% of the income of a billionaire is just a drop in the bucket. The rates increase for people in higher income brackets because they have more money left over after expenses! It's only fair that people who have the most money should pay the most taxes. When you talk about having a flat tax, you're talking about raises my taxes. If you want to pay more taxes, go ahead, but don't ruin it for the rest of us.


RE: IRS is not needed
By Targon on 8/4/2007 8:11:10 AM , Rating: 2
The problem extends even further than that though. You say how much effort goes into things like encouraging this and that, but a big problem comes from the way everything goes to the federal and state levels, and then we all have to hope and pray that the money makes it back down to the local level where we live. That is where the problems come from, this idea that the Federal and State governments are the best people to judge where our money goes.

A sales tax system that replaces the current income tax could easily have sales tax stay local, with a percentage then going to the county, which would then send a percentage to the state, and then the state going to federal levels. The amount being sent up to the next level would need to be enough to fund that next level, but it would make sure the police, fire, ambulance, and hospitals, as well as other services get enough money so federal assistance isn't needed for MOST areas.

If you are worried about how those in lower income brackets, then make it so essentials have a different tax rate on them. This would keep those needing these programs from buying junk food for their children as an example, rather than healthy foods. Make it so some services don't have a sales tax attached to them(income by those providing these services would still be spending money, so the taxes not gained there would still end up being gained when the service vendors spend money).

Then you have the whole idea that home owners deserve special deductions while those who rent(because they can't afford to buy their own home) end up not being able to save up for their own home. A sales tax system would solve that problem as well because what is taxable and what is not.

If this whole concept seems to be too difficult, then switching to paying taxes each month instead of each year would end up as a benefit because it is a LOT easier to figure out your finances if you are only looking at your records for one month instead of for the whole year.


RE: IRS is not needed
By FITCamaro on 8/4/2007 11:25:59 AM , Rating: 2
As I said above. A sales tax system is a consumption tax. Not a flat tax.

And your taxes get taken out on your paycheck. Unless you choose not to or are a contractor. If you're someone who choses/has to pay your taxes monthly, you can still calculate roughly how much you have to pay. Take your yearly income, minus expected deductions, multiply by your tax bracket percentage, and divide by 12. You might come up short or over, but you'll figure that out when you do your taxes at tax time. So round up to be safe.


RE: IRS is not needed
By psyph3r on 8/5/2007 2:25:23 AM , Rating: 2
the us gets a 1/3 of its income from income tax...if you stop waging wars half around planet for oil....you have a balanced budget. Bureaucratic jobs are mostly a waste of American money. Especially homeland security...joke


RE: IRS is not needed
By emboss on 8/5/2007 12:54:05 AM , Rating: 2
The real problem with the US tax system (in terms of complicating everything and needing staff) is all the deductions. Keep a progressive tax structure, but remove 95% of the deductions (just keeping the biggies like charity donations).

See for example the current tax system in New Zealand. 70% of people don't even have to file a tax return as it can be done automatically (all you do is check the number that they send you, and then sort out any money that needs to be paid/collected). It's not perfect, but having dealt with a number of systems over the past few years it's by far the least painful I've been subjected to (and the US's is definitely the most painful).


RE: IRS is not needed