[Moderator: "The audit by the congressional General Accounting Office of
six IRS facilities also found that 397 computer tapes containing taxpayer
data had been lost." - Why does this scare me so?]
Forwarded From: Will Spencer <will.spencer@gte.net>
http://abcnews.go.com/sections/tech/DailyNews/irscomputers990112.html
IRS Computers Vulnerable
GAO Says Taxpayer Data At Risk
By Curt Anderson
The Associated Press
W A S H I N G T O N, Jan. 13 Chronic weaknesses in the IRS computer system
are putting sensitive personal information about taxpayers at risk of
improper uses, including theft and fraud, according to an audit released
on Tuesday.
The audit by the congressional General Accounting Office of six IRS
facilities also found that 397 computer tapes containing taxpayer data had
been lost.
"Personal information on IRS computers is at risk to unauthorized
disclosure, destruction or modification, and most alarmingly, to identity
theft," said Senate Governmental Affairs Committee Chairman Fred Thompson,
R-Tenn., who requested the audit.
The GAO credited the Internal Revenue Service with making some major
leaps forward in improving computer security since another critical audit
in April 1997. The IRS says it has corrected 75 percent of the problems
identified in that report.
A List of Problems
But the GAO said "serious weaknesses" remain. Among them:
* Computer hackers could access IRS data with relative ease
because information isn’t encrypted before it is transmitted
over telephone lines. IRS says it has no evidence such a crime has
occurred.
* Too many IRS employees have access to sensitive computing areas,
and some tapes containing taxpayer information have been lost.
* Employees without a need to know have the ability to change or
delete taxpayer information. Some tapes and disks are not
overwritten before being used again, allowing unauthorized access
to some of this information, including Social Security numbers.
* The new IRS system aimed at catching employees who illegally
"browse" through taxpayer files is working on only one of several
computer systems, and it cannot detect which activities are
legitimate and which are not.
* Few contingency plans are in place in case of disaster, such
as an alternative computer processing site or effective backup
electric generators.
IRS Working On Problems
In a written response, IRS Commissioner Charles Rossotti said he agreed
with many of the conclusions and GAO recommendations, but he insisted that
the agency is well on the way to a more complete turnaround.
Rossotti, whose background in the private sector focused on
information systems, said the initial focus has been on larger data
processing systems and it is now moving into other areas. But he noted
that making these changes at the agency's over 1,000 facilities cannot be
completed in a few years.
A new centralized IRS systems office completed a review of what
needed to be done at all district offices in December and has now begun
examining all other offices.
"We believe that managing risk and prioritizing corrective actions
and resources is the key to making needed and measurable improvements,"
Rossotti said in his response. "Protecting taxpayer information and the
systems used to deliver services to taxpayers are key to the success of a
customer-focused IRS."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 16:59:50 1999