Union decries IRS for security weaknesses
- By Matthew Weigelt
- Mar 27, 2006
The president of the National Treasury Employees Union issued a statement today criticizing the Internal Revenue Service for having “continuing and serious internal information technology security issues."
The union statement refers to a new Government Accountability Office report describing information security weaknesses at the IRS that leave taxpayers’ financial and personal information vulnerable to data theft.
NTEU President Colleen Kelley said those security problems "make it all the more pressing that the IRS abandon its ill-conceived and dangerous plan to privatize tax debt collection.”
Kelley called the report another warning signal of the dangers of the IRS’ effort to move ahead with plans to hire private-sector debt collectors to pursue tax debts.
“Rather than seek to move personal and sensitive taxpayer information into private hands, the IRS needs to devote time, attention and resources to ensuring it can protect these vital data when the information is in its own hands,” Kelley said. “I don’t think anyone can realistically be satisfied right now that the agency has accomplished that.”
The GAO report, released March 24, states that the IRS failed to establish effective electronic access controls related to network management, user accounts, file permissions, and logging and monitoring of security-related events. The agency has not installed other controls to secure computers physically, according to GAO's audit report.
“Collectively, these weaknesses increase the risk that sensitive financial and taxpayer data will be inadequately protected against disclosure, modification or loss, possibly without detection, and place IRS operations at risk of disruption,” the GAO report states.
In a Feb. 27 letter to Gregory Wilshusen, GAO’s director of information security issues, IRS Commissioner Mark Everson agreed with GAO’s assessment.
“Because the IRS’ solution extends beyond the specific findings and addresses the root cause of the weaknesses at an enterprisewide level, a majority of the weaknesses remain open,” Everson wrote. “However, as a result of this agencywide approach and other initiatives we have under way, the IRS now has stronger controls to protect taxpayer data.”