THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING

IRS computer systems faulted

Security, privacy problems found

Associated Press / October 17, 2008
  • Email|
  • Print|
  • Single Page|
  • |
Text size +

WASHINGTON - Two new IRS computer systems that will eventually cost taxpayers almost $2 billion are being put into service despite known security and privacy vulnerabilities, a Treasury watchdog said in a report yesterday.

The office of the Treasury Inspector General for Tax Administration said Internal Revenue Service officials failed to ensure that identified weaknesses had been addressed before putting the new systems into use.

Inspector General J. Russell George said it was "very troublesome" that the IRS "was aware of, and even self-identified, these weaknesses."

The IRS said security of taxpayer data "is of paramount importance" to the agency and, as noted in the report, it had implemented many of its recommendations and taken steps to improve security. It stressed that no taxpayer data has been harmed and numerous security safeguards were in place.

The report focused on the Customer Account Data Engine, which will provide the foundation for managing all taxpayer accounts, and the Account Management Services system, which will provide faster and improved access by employees to taxpayer account data.

Both systems are gradually being put into use. CADE, expected to cost more than $1 billion through 2012 to develop and operate, this year processed about 20 percent of the 142 billion returns filed. The Account Management Services system, AMS, still in its initial stages, will cost more than $700 million to develop and maintain through 2024.

The IG report said the IRS organizations responsible for giving the go-ahead to partial deployment of the systems were aware of security and privacy problems but did not consider them significant.

But it said those vulnerabilities increased the risks that unscrupulous people could gain access to vast amounts of taxpayer information with little chance of detection and that systems could not be recovered effectively during an emergency.

It said administrators to the CADE system could access, modify, and delete information without being detected and contractors could make system changes without approval.

  • Email
  • Email
  • Print
  • Print
  • Single page
  • Single page
  • Reprints
  • Reprints
  • Share
  • Share
  • Comment
  • Comment
 
  • Share on DiggShare on Digg
  • Tag with Del.icio.us Save this article
  • powered by Del.icio.us
Your Name Your e-mail address (for return address purposes) E-mail address of recipients (separate multiple addresses with commas) Name and both e-mail fields are required.
Message (optional)
Disclaimer: Boston.com does not share this information or keep it permanently, as it is for the sole purpose of sending this one time e-mail.