- The audit by the congressional General Accounting Office
of six IRS facilities also found that 397 computer tapes containing taxpayer
data had been lost.
-
- "Personal information on IRS computers is at risk
to unauthorized disclosure, destruction or modification, and most alarmingly,
to identity theft", said Senate Governmental Affairs Committee Chairman
Fred Thompson, R-Tenn., who requested the audit.
-
- The GAO credited the Internal Revenue Service with making
some major leaps forward in improving computer security since another critical
audit in April 1997. The IRS says it has corrected 75 percent of the problems
identified in that report.
-
- But the GAO said 'serious weaknesses' remain. Among them:
-
- * Computer hackers could access IRS data with relative
ease because information isn't encrypted before it is transmitted over
telephone lines. IRS says it has no evidence such a crime has occurred.
-
- * Too many IRS employees have access to sensitive computing
areas, and some tapes containing taxpayer information have been lost.
-
- * Employees without a need to know have the ability to
change or delete taxpayer information. Some tapes and disks are not overwritten
before being used again, allowing unauthorized access to some of this information,
including Social Security numbers.
-
- * The new IRS system aimed at catching employees who
illegally 'browse' through taxpayer files is working on only one of several
computer systems, and it cannot detect which activities are legitimate
and which are not.
-
- * Few contingency plans are in place in case of disaster,
such as an alternative computer processing site or effective backup electric
generators.
-
- In a written response, IRS Commissioner Charles Rossotti
said he agreed with many of the conclusions and GAO recommendations, but
he insisted that the agency is well on the way to a more complete turnaround.
-
- Rossotti, whose background in the private sector focused
on information systems, said the initial focus has been on larger data
processing systems and it is now moving into other areas. But he noted
that making these changes at the agency's over 1,000 facilities cannot
be completed in a few years.
-
- A new centralized IRS systems office completed a review
of what needed to be done at all district offices in December and has now
begun examining all other offices.
-
- "We believe that managing risk and prioritizing
corrective actions and resources is the key to making needed and measurable
improvements," Rossotti said in his response. "Protecting taxpayer
information and the systems used to deliver services to taxpayers are key
to the success of a customer-focused IRS.
|
