The national taxpayer advocate says the IRS will soon quietly roll out upgrades that could dramatically boost online security but lock out legitimate users as a result.
UPDATE: This story was edited May 18 to add comment from the IRS
The IRS will soon debut revamped security features and bring back its Get Transcript tool as part of its push toward online taxpayer accounts, but the Taxpayer Advocate Service has raised concerns about the impact of the new features.
Central to the new setup will be knowledge-based authentication that uses harder-to-answer questions than the tests that led to the compromise of Get Transcript and the IP PIN retrieval tool. The revamped system will also require a second authentication factor that involves users’ mobile phones.
"The IRS is in the final stages of testing its strengthened Secure Access (e-authentication) platform, which will allow us to re-launch the Get Transcript Online application this spring," an IRS spokesperson told FCW. The spokesperson said that the IRS plans to re-launch Get Transcript "soon" and will be briefing lawmakers "within the next few days."
National Taxpayer Advocate Nina Olson said the new security features have the potential to confuse or even block users. She added that she has heard from IRS officials that only around 30 percent of taxpayers might actually be able to use the new setup.
"I think it points to the tension between the need to really protect the IRS database...versus getting people to be able to do things online," Olson said at a May 17 event.
She noted that problems with access could stem from the requirements themselves. Some taxpayers might not have mobile phone accounts registered in their names or might flub answers about their own financial histories.
Furthermore, a sizable percentage of taxpayers lack reliable home Internet access, Olson said, and that percentage might not change as the IRS chugs toward a Future State plan that leans heavily on online accounts.
"What will be in the online account that they're creating is not just the Get Transcript but also the IP PIN replacement application that they had to take out and, even more interestingly, the online installment [payment] agreement," Olson said. "And that has implications then for international taxpayers who today could just go onto IRS.gov and enter into an installment agreement online, but now you will have to do it through the online account."
She acknowledged that the tight security might be warranted and said, "I'm not suggesting that the IRS relax its security requirements." But she added that the agency needs to embrace "truth in advertising" and be direct about the fact that stronger security will probably leave only a minority of the population capable of setting up online access.
Olson told FCW that the Department of Homeland Security has already approved the IRS’ new Get Transcript setup, and the agency is demonstrating the features to members of Congress.
Sources close to the project told FCW that IRS officials want to soft-launch the features for beta testing, though they acknowledged that with an agency as high-profile as the IRS, the new setup will likely garner widespread attention no matter how quiet the launch. Get Transcript has been down since May 2015.
NEXT STORY: Watchdog: 18F's Slack security exposed GSA data