Can you believe IRS to hold your tax data secure?

73
Source:   —  April 13, 2016, at 7:31 PM

Many of us are thinking about our taxes. Are they too high or too low? What'south our money being spent on? Do we've a government worth paying for? I'm not here to reply any of those questions -- I'm here to give you something else to think about.

Can you believe IRS to hold your tax data secure?

Monday is Tax Day. Many of us are thinking about our taxes. Are they too high or too low? What'south our money being spent on? Do we've a government worth paying for? I'm not here to reply any of those questions -- I'm here to give you something else to think about. In addition to sending the IRS your money, you're also sending them your data.

It'south a lot of highly personal financial data, so it'south sensitive and important information.

Is that data secure?

The brief reply is "no." Every year, the GAO -- Government Accountability Office -- reviews IRS security and issues a report. The title of this year'south report kind of says it all: "IRS Needs to Further Make better Controls over Financial and Taxpayer Data." The details are ugly: failures in identification and authentication of network users, failures to encrypt data, failures in audit and monitoring and failures to patch vulnerabilities and upgrade software.

SHOULD WATCH

To be fair, the GAO can sometimes be pedantic in its evaluations. And the forty-three recommendations for the IRS to make better security aren't being made public, so as not to advertise our vulnerabilities to the horrible guys. But this is all beautiful basic stuff, and it's embarrassing.

We know that foreign governments are targeting U. S. government networks for personal information on U. S. citizens: Recollect the OPM data theft that was made public latest year in which a federal personnel database with records on 21.5 million people was stolen?

There have been some stories of hacks against IRS databases in the past. I think that the IRS has been hacked even more than is publicly reported, either because the government is keeping the attacks secret or because it doesn't even realize it'south been attacked.

So what happens next?

If the past is any guide, not a lot. The GAO has been warning about problems with IRS security since it started writing these reports in two thousand-seventh. In each report, the GAO has issued recommendations for the IRS to make better security. After each report, the IRS did a few of those things, but ignored most of the recommendations. In this year'south report, for example, the GAO complained that the IRS ignored forty-seven of its seventy recommendations from two thousand fifteen. In its two thousand fifteen report, it complained that the IRS only mitigated fourteen of the sixty-nine weaknesses it identified in two thousand-thirteenth. The two thousand twelve report didn't paint IRS security in any better light.

If I'd to guess, I'd declare the IRS'south security is this horrible for the exact same reason that so much corporate network-security is so bad: lack of budget. It'south not uncommon for companies to skimp on their security budget. The budget at the IRS has been cut seventeen percent since two thousand ten ; I'm certain IT security wasn't exempt from those cuts.

So we're stuck. We've number choice but to give the IRS our data. The IRS isn't doing a excellent work securing our data. Congress isn't giving the IRS sufficient budget to do a excellent work securing our data. Latest Tuesday, the Senate Finance Committee urged the IRS to make better its security. We all necessity to urge Congress to give it the money to do so.

Nothing is absolutely hacker-proof, but there are a lot of security improvements the IRS can make. If we've to give the IRS all our information -- and we do -- we deserve to have it taken care of properly.

Connect us on Facebook. com/CNNOpinion.
Read CNNOpinion'south Flipboard magazine.

READ ALSO
Sweden Arrests Man Wanted in Germany for Terror Crimes

Sweden Arrests Man Wanted in Germany for Terror Crimes

The arrest of the man, who was wanted on an international arrest warrant, was made at Stockholm'south Arlanda Airport at 8:30 a. m. (six hundred thirty GMT), Stockholm Police said in a statement.

81
Top French Authority Demands Law to Defend Whistleblowers

Top French Authority Demands Law to Defend Whistleblowers

The Council of State made a series of proposals Wednesday, including a valid guarantee that whistleblowers be shielded from retaliatory measures from companies or others and that their names aren't made public.

57
Powerful Quake Hits Myanmar, Felt in India; Number Major Damage

Powerful Quake Hits Myanmar, Felt in India; Number Major Damage

There were number immediate reports of serious injuries or major damage. The magnitude-6.9 quake struck at a depth of one hundred thirty-five kilometers (eighty-four miles), three hundred ninety-six kilometers (two hundred forty-six miles) N of Myanmar'south...

73
Zimbabwe: Historic Burial of two Women Heroes

Zimbabwe: Historic Burial of two Women Heroes

The Wednesday burial of one of the women, Vivian Mwashita, was the first time a woman not married to a top ruling party politician was buried at the 57-acre cemetery.

81