Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IRS Data Security Still a Concern

Soulskill posted more than 6 years ago | from the your-tax-dollars-at-work dept.

Security 54

Lucas123 writes "Computerworld has a story about the possibility and the potential ramifications of an IRS data loss similar to the UK's recent mishap. According to one World Bank executive, it could have already happened, 'and we don't know about it.' While the IRS does offer data encryption to its workers, more than half of its 94,000 employees have permission to take taxpayer information to locations outside the IRS offices. In the 2007 filing season, roughly 128 million individual tax returns were filed. In addition to the basic personal information on those forms, an IRS breach could also jeopardize the banking information of the 46% of filers who requested direct deposit refunds. This is not the first time that IRS security has been called into question, and the Department of Treasury's progress in that arena is dubious. [PDF]"

cancel ×

54 comments

Sorry! There are no comments related to the filter you selected.

Ron Paul... (2, Interesting)

GradiusCVK (1017360) | more than 6 years ago | (#21791262)

Seems like the best way to solve this problem would be to remove any and all possible chance that the IRS might mishandle our data...

Re:Ron Paul... (4, Insightful)

Harmonious Botch (921977) | more than 6 years ago | (#21791374)

Parent presumably means removing the IRS.

Re:Ron Paul... (0, Troll)

Anonymous Coward | more than 6 years ago | (#21791548)

Removing the IRS is the only rational solution [dwarfurl.com]

Re:Ron Paul... (1)

gambolt (1146363) | more than 6 years ago | (#21791584)

Or we could just abolish money. That's just as practical and reduces the level of complexity in our society immensely.

A side effect is that all the leftover currency could be given away as free origami paper.

Re:Ron Paul... (1)

darjen (879890) | more than 6 years ago | (#21791882)

Or we could just abolish money. That's just as practical
Have you taken your pills yet today? This country could get along just fine without the IRS. Money, I'm not so sure.

Re:Ron Paul... (1)

timeOday (582209) | more than 6 years ago | (#21792318)

No, the country could not get along without the IRS - that's the point. Ron Paul's scheme would still require administration and enforcement - i.e. the IRS, even if by another name.

Re:Ron Paul... (4, Insightful)

darjen (879890) | more than 6 years ago | (#21792610)

If the income tax was also abolished, there wouldn't be a need for administration and inforcement.

Re:Ron Paul... (0)

Anonymous Coward | more than 6 years ago | (#21794860)

it's possible to live without money - it just requires that people get up off their fat lazy asses and actually do something worthwhile, instead of furthering technology and such. If we were to return to a small settlement lifestyle, and completely abolish all currency, then it could work. Everyone has something to trade - skilled or unskilled, everyone can trade a service for goods or other services. Taking what is necessary from the Earth to stay warm and to eat requires labor, preparing food requires labor, etc. Even those who have no use of their limbs can tell stories and do other verbal tasks - and those who cannot can easily be cared for by the fully capable. I've seen it work in groups upwards of 20,000 people in one location - and there are many places where people can live easily. I have a feeling that this may be required eventually, if the damn rich on top who run the IRS, the economy, and the military for their own benefit, cause a total collapse of society in general.

Re:Ron Paul... (3, Insightful)

vertinox (846076) | more than 6 years ago | (#21793588)

Or we could just abolish money. That's just as practical and reduces the level of complexity in our society immensely.

Really? I'm pretty sure you've never looked at a tax form before.

The problem is that the IRS was created to solve a problem (social security) which will be a moot pint in 50 odd years unless something else is done.

Re:Ron Paul... (1)

Dramacrat (1052126) | more than 6 years ago | (#21791586)

Good riddance.

Re:Ron Paul... (1)

dbIII (701233) | more than 6 years ago | (#21791594)

Get them to take a hard line on taxing the Scientologists again - that should do it.

lslsls (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21791290)

FIRST MOAST

Swoosie Kurtz Died for Your Sins (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21791672)

Christ. OK, uhh well what we'll do, I'll run in first, uh gather up all the eggs, we can kinda just, ya know blast them all down with AOE. Um, I will use Intimidating Shout, to kinda scatter'em, so we don't have to fight a whole bunch of them at once. Uhh, when my Shouts are done, uhh, I'll need Anfrony to come in and drop his Shout too, uh so we can keep them scattered and not have to fight too many. Um, when his is done, Bass of course will need to run in and do the same thing. Uhh, we're gonna need Divine Intervention on our mages, uhh so they can, uhh, AE, uh so we can of course get them down fast, cause we're bringing all these guys, I mean, we'll be in trouble if we don't take them down quick. Uhh I think this is a pretty good plan, we should be able to pull it off this time. Uhh, what do you think Abduhl? Can you give me a number crunch real quick?

Why take data out of office? (4, Insightful)

rueger (210566) | more than 6 years ago | (#21791326)

...more than half of its 94,000 employees have permission to take taxpayer information to locations outside the IRS offices.

It seems to me that most of the data breaches from large corporations and government come from just this - employees taking data files out of the office and losing them. Why of why don't employers simply insist that data stays on the premises? Surely keeping data in a secure physical location is the first step to safeguarding it.

Re:Why take data out of office? (4, Insightful)

dbIII (701233) | more than 6 years ago | (#21791576)

In my case I had to take things as far as two members of the board to stop an accountant taking the laptop with the only functioning copy of the application that handles most of the financial information on holiday to Bahrain of all places (at the start of the recent Iraq war). People really think these things are their own personal possessions and are convinced that they will not be stolen even if they leave it unattended on a beach in another country.

Traveling laptop your #5 problem ... (5, Insightful)

AHumbleOpinion (546848) | more than 6 years ago | (#21791646)

In my case I had to take things as far as two members of the board to stop an accountant taking the laptop with the only functioning copy of the application that handles most of the financial information on holiday

I hope your board members recognized the four more important problems as well. Your top five problems:
(1) Management allowed (2), (3), (4), and (5).
(2) The accountant allowed (3) and (5).
(3) You have one and only one system capable of running a critical application.
(4) This critical application is not being run on enterprise grade hardware.
(5) The accountant wanted to take the system on holiday.

If your board only addressed the laptop/holiday add:
(0) Board allowed (1), (2), (3), (4), or (5) as appropriate.

Re:Why take data out of office? (1)

N1EY (817702) | more than 6 years ago | (#21793316)

I do not believe your story. Who has an AIS or any part of it running on a LAPTOP? Has any Slashdotter besides me seen a real system running on Oracle? Or Great Plains?

Re:Why take data out of office? (1)

dbIII (701233) | more than 6 years ago | (#21793938)

Small companies (only a couple of hundred people) do such things. It often comes down to the number of licences. The situation was ridiculous in many ways. If you only have one licenced copy of a critical application it should not be on a machine that can be carried out of the building. Many things could be put down to paranoia and other character issues which is why involvement of the board was eventually required and not just the CEO. If you do not trust IT to back up a system and do not do backups yourself you should not be able to take a critical financial system on holidays to another country. A more sensible system replaced this.

Re:Why take data out of office? (1)

wizardforce (1005805) | more than 6 years ago | (#21791648)

exactly, I don't think there is a good enough reason to justify anyone taking people's private data on their laptops *at all* and even if they needed to [which I severely doubt] the data should always remain encrypted! there should never ever be a time when the data is readable without the proper secure passphrase/key. not only that, it should be the highest encryption they can find not the ROT 13 equivalent.

Re:Why take data out of office? (2, Interesting)

Artifakt (700173) | more than 6 years ago | (#21792252)

I don't doubt that it can be needed. IRS agents have to appear in court sometimes, either tax office courts that are not in their work locations or regular courts. The also have to contact some clients in the field, i.e. going to a business to look at its records. Often, tax law actually says a business must forward certain records automatically, but must retain other records on site for inspection. Plus the IRS is responsible for checking to see if retained copies match transmitted copies if there's doubt there.
      How else can the IRS deal with a fairly common scenario such as this? (They get a dozen or so cases of this each year). The IRS receives a W-2 that has a mistake in social security withholding or some similar thing. The taxpayer claims that's what the company he works for sent him, but it doesn't match the copy the company sent the IRS. Both copies in the IRS's hands are photocopies. Close examination reveals faint indications of whiteout on the originals used to prepare both copies, in different places! Now imagine this has come up with half a dozen employees of the same company.
      Dragging a whole business records department down to the IRS is doable, but the owners usually complain to their congressman, and have some clout. If they are really up to something, catching them by surprise is a lot better than giving them time to further fix the records. So, the IRS investigator travels with PDF copies of the documents in a laptop. The original paper is locked up, the better to maintain evidence accountability. The alternative is the agent travels with paper copies of the original copies. There's no way to encrypt those, of course. While most of these cases involve small business with only a handful of employees, it could also get pretty bulky. Sometimes, the agent might need multiple years tax records for a whole business branch of a medium sized corporation and all its employees, plus some records for the corporation's headquarters if that's separate.
      (Megacorps do a better job of covering their tracks than this scenario assumes, so an office visit to Disney or IBM or Walmart is unlikely at best, and if it ever happened, the IRS would have to split the work between dozens of agents, each presumably carrying only a small part of the records.
      You're right, doing this should always involve very good encryption. It shouldn't ever involve a million+ people's records either, which is what the Social Security Administration and the Veterans Administration losses have entailed each time. It could make sense for 50 or so people's records though.

Re:Why take data out of office? (1)

jonbryce (703250) | more than 6 years ago | (#21793672)

If the IRS want to audit a mega-corp, they have to visit them on site. There is just too much stuff to look at for it to be practical to do it any other way.

Re:Why take data out of office? (1)

Kevinv (21462) | more than 6 years ago | (#21791994)

Many IRS audits, especially business ones, are conducted on-site at the place of business (or at the accountants office). The data has to leave the IRS in these situations.

The alternative of course is to force the business to bring all their data to the IRS. Not sure anyone really wants that.

The IRS has begun implementing whole disk encryption which is a good step.

An additional step would be to ensure the data leaving on the laptop is only appropriate data for the case(s) the auditor is leaving for and not old cases lying around that they forgot to delete.

Personally I'm more worried about the people back in the office that can access records on-site. Is this level of access audited and checked?

Re:Why take data out of office? (1)

rueger (210566) | more than 6 years ago | (#21792458)

An additional step would be to ensure the data leaving on the laptop is only appropriate data for the case(s) the auditor is leaving for and not old cases lying around that they forgot to delete.

Exactly. What I was thinking of are those stories of X million customer records being lost when some idiot loses a laptop or DVD. What possible reason could there be for carrying that much data off-site? (Backups excepted obviously)

Re:Why take data out of office? (1)

N1EY (817702) | more than 6 years ago | (#21793324)

I had thought we made the Green Move some time ago. We are allowing employees to work from home in order to reduce transportation costs and the damage to the environment. The productivity gains and improvement in employee morale would also be important to the IRS. So we can't allow them to telecommute? You didn't think the other thing. The guy comes out with his laptop in order to review YOUR RECORDS on site. Sheesh, I guess no one else here has been audited by them!

Fair Tax (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21791338)

One more reason I, personally, want it.

No IRS = no lost data.

Re:Fair Tax (0)

Anonymous Coward | more than 6 years ago | (#21793100)

I love to see this as troll.

I mean there is no reason to not want the IRS.

Fair Tax = simplicity for many. And is hardly trollish behavior.

Ron Paul isnt the only runner who supports it either.

Maybe a white hat will break into IRS ... (1)

AHumbleOpinion (546848) | more than 6 years ago | (#21791472)

Maybe a white hat will break into the IRS and encrypt all the files for them. Hope he doesn't lose the key before he anonymously mails it to them. :-)

Computer license (1)

Lewrker (749844) | more than 6 years ago | (#21791562)

Because we don't allow people, who don't follow certain rules and don't have a basic understanding of what a car can or can't do drive. Why don't we apply that rule to a piece of technology that surpasses the sophistication of a car by a hundred years of technological advancement ?

Re:Computer license (1)

AHumbleOpinion (546848) | more than 6 years ago | (#21791674)

Because we don't allow people, who don't follow certain rules and don't have a basic understanding of what a car can or can't do drive. Why don't we apply that rule to a piece of technology that surpasses the sophistication of a car by a hundred years of technological advancement ?

Because computers don't kill. Well consumer stuff, at least not yet.

Re:Computer license (1)

ScrewMaster (602015) | more than 6 years ago | (#21793826)

Because computers don't kill. Well consumer stuff, at least not yet.

Precisely. And even if poorly-operated personal computers resulted in the deaths of their operators and innocent bystanders as often as motor vehicles do, it wouldn't matter. The GP doesn't realize that certification means squat. Having a piece of paper that says you know or understand something often has surprisingly little relevance to what you actually know or understand, it just means that you could convince someone in authority, at some point in the past, that you knew something then. Most of the people I encounter on the road today completely lack a basic understanding of what a car can or can't do, from the perspective of what happens when they screw up. If they did ... they wouldn't drive them the way they do, or shove cell phones in their ears while behind the wheel. In fact, State-issued driver's license or not, they are oblivious to the consequences of their actions, and those consequences are far more obvious than the risk of ending up part of someone's botnet.

I'm really tired of hearing the old argument "we need to certify people to use a computer". That's ridiculous on the face of it: a computer is a tool and a tool shouldn't do things it's owner doesn't want it to. I don't expect my socket wrench to accidentally murder my neighbor. Furthermore, this is only an issue because a certain large software company failed to acquire even a basic understanding of what a network can or can't do.

Direct deposit (2, Insightful)

whois_drek (829212) | more than 6 years ago | (#21791654)

an IRS breach could also jeopardize the banking information of the 46% of filers who requested direct deposit refunds
How could this happen? If I remember my last tax form correctly, I just put my account number and bank routing number on it. Getting this information doesn't allow an attacker to withdraw any money. Perhaps it gets them one step closer, but it's a small step.

Re:Direct deposit (1)

moreati (119629) | more than 6 years ago | (#21791754)

As I understand the situation. Name, address and bank details alone cannot be used to withdraw money or take out bank loans. However they provide useful leverage when fraudulently making consumer purchases with in store credit or fabricating/stealing an identity.

A phishing attempt that included one's name, address, bank & tax details would be very convincing indeed.

Alex

Re:Direct deposit (1, Informative)

Anonymous Coward | more than 6 years ago | (#21792240)

Name, address and bank details alone cannot be used to withdraw money

Many merchants who accept paper checks turn them into "electronic checks" which debit your checking account directly at the next clearing session (usually 10pm to 5am). The account number and the amount are the only two required pieces of information, but who receives the money is well known. This is the mechanism used by automated payment for utility bills, subscriptions, etc.

Re:Direct deposit (1)

TykeClone (668449) | more than 6 years ago | (#21792608)

As I understand the situation. Name, address and bank details alone cannot be used to withdraw money

You understand incorrectly. A name, routing number, and account number would give a criminal enough information to send through fraudulent transactions to that account.

Re:Direct deposit (1)

moreati (119629) | more than 6 years ago | (#21792916)

Wow, financial identity is even more screwed than I thought. Thanks for the clue. Do you know if this applies just to the US, or to the UK also?

Re:Direct deposit (3, Informative)

TykeClone (668449) | more than 6 years ago | (#21793030)

The United States has a system called the Automated Clearing House (ACH) network that is used to move deposits and payments electronically between banks. If you have any ACH items hit your account, Regulation E kicks in giving you as a consumer certain rights about how soon you must report bad or fraudulent items before you are out of luck (60 days from the statement that the item appeared upon).

An ACH transaction != financial identity. If I have that information about you and have access to the payment system, I can fraudulently send out ACH items and hope to collect enough to make it worthwhile before I'm shut down. This information, however, does not allow me to open a loan or credit account in your name. It sucks, but it's not identity theft.

I'm sure that the UK does also have some sort of an electronic transaction system, but I've got no idea about what it is and how it works. You guys have a different style of banking than we do in the US. We have a few major, major players, but also a very large number of small "community banks" and credit unions. The ACH network in the United States was set up as a clearinghouse to basically send transactions to a large number of different banks. If I understand things correctly, the UK doesn't have the smaller financial institutions like we do, so the electronic transaction systems may work differently there (to say nothing of the regulations defining how they work!).

Re:Direct deposit (2, Interesting)

jonbryce (703250) | more than 6 years ago | (#21793688)

You can set up a fraudulent direct debit with just the account number and sort code. I had someone do that to me once - 86p to Carphone Warehouse. It did get refunded immediately when I complained.

Re:Direct deposit (4, Interesting)

Clomer (644284) | more than 6 years ago | (#21792000)

I used to work for a check printing company, and I can tell you that the most common type of check fraud is where someone orders checks with someone else's routing and account information. If you have a person's income tax statement complete with name, address, and bank account information, then you have all you need to order fraudulent checks. Heck, you could even have your name printed on them, but have the fraudulent account number info on the checks. You'd be surprised how easy it would be to cash such a check.

Not that I would recommend it: we, at the check company, were taught certain red flags, things to watch for that may indicate a fraudulent order (and a good CSR won't let it on that they suspect you), and I won't go into those details here. And the penalties are pretty stiff if you are caught.

The devil is in the e-file (4, Insightful)

Anonymous Coward | more than 6 years ago | (#21791658)

The biggest risk is not the IRS itself, but rather the e-file cabal of the IRS plus the companies that process and reformat your data for submission to the IRS. For instance, the TurboTax privacy statement [intuit.com] and full text [intuit.com] both promise certain steps, but there are gaping holes. Intuit keeps a copy of an e-filed return for at least three years, yet does not promise that the storage is encrypted. Data transmission from you to Intuit is encrypted (via 128-bit SSL), but some returns sent from Intuit to various agencies are NOT encrypted during transmission. Intuit claims that other companies providing services to Intuit may not use your data, but that does not prevent a breach if some employee does not follow the rules.

And of course any subpoena, court order, or National Security Letter presented to Intuit has full access to all your data, including aggregation (database "join" on SSN, phone, address, etc.) with various data brokers who market their services aggressively to Department of Homeland Security, etc. With the IRS itself you have some protection; with the e-file cabal you nave none.

Simple solution (1)

jrothwell97 (968062) | more than 6 years ago | (#21791684)

Put all the data on a server.

What happens? (2, Insightful)

madsheep (984404) | more than 6 years ago | (#21791752)

Forget the U.K.: What happens here if the IRS loses our data?
Hmm, I don't know, not a whole lot? Just using the number of publicly reported data breaches and privacy information losses, I would just work on the assumption someone has this data already. It's not like there aren't dozens of websites where someone can pay $15 and get all this same information anyway. What's the best you can really hope for? That they give you a free year of credit monitoring? Maybe they'll fire someone or penalize them? Who knows.. I just say work under the assumption someone has this data already. What are you doing right now to protect yourself?

Re:What happens? (0)

Anonymous Coward | more than 6 years ago | (#21793194)

I, for one, would think it would be a very interesting experiment to release every single US tax return on the net. Imagine the lies that would be uncovered... And it would solve the privacy problem once and for all, since it would become a moot point.

Banking Data? - Already on Checks (3, Insightful)

kwpulliam (691406) | more than 6 years ago | (#21791762)

How exactly will 46% of filers banking information be comprimised? -

From TFA "That translates to a lot of personal and banking details maintained by the IRS." - Those banking details are the same ones you hand out every time you write a check.

The information included on the return for direct deposit is 'exactly' the same information printed on the front of a check in human readable format.

If ANY of those households paid with a check to any retail establishment (where the clerk probably makes less than $10.00 an hour) then they have already released this information themselves.

I understand data security and the problems of taking confidential data out of the workplace, but the banking details portion of this story needs to be taken with several grains of salt.

Just because you have a banks routing number and a checking account number, this does not mean you can turn that into cash at an ATM.

Re:Banking Data? - Already on Checks (1)

value_added (719364) | more than 6 years ago | (#21792140)

Just because you have a banks routing number and a checking account number, this does not mean you can turn that into cash at an ATM

Agreed that such concerns can be over-dramatised or exaggerated, but the current state of affairs is such that the advancement or implementation of new technologies is often a few steps ahead of someone sitting down to analyse all the possible issues, and even more steps ahead of public awareness. That can be too slow a time line, especially when you factor in the time required to initiate changes to public policy, debate and enact legislation to ensure protections or adequate safeguards, debate and enact internal policies and requirements, and finally, get the memos out.

Put another way, if a certain level of public hysteria would get everyone involved to take security issues seriously, then it might not be a bad thing after all.

With respect to bank information and things like routing numbers, that information won't necessarily get you cash at the ATM but should, IIRC, in combination with other information just as easily obtained, allow you to make online purchases with sites like Amazon that offer 'e-check' types of payment methods. Maybe someone with recent experience can correct me or otherwise confirm this.

Ask any 5 IRS employees... (3, Insightful)

innerweb (721995) | more than 6 years ago | (#21791772)

A question and you are likely to get 10 different answers that may or may not be correct.

How the IRS is allowed to operate the way it does is beyond me. How the tax laws are allowed to remain so confusing and frustrating is beyond me. But, obviously it is not cost effective to those that matter to fix it.

If the tax laws were cleaned up, then maybe IRS employees might be able to handle many more individuals per specialist. If the tax laws were cleaned up, then maybe the IRS would be able to do all of its work at work. Just maybe.

InnerWeb

I'm more concerned about EROs than the IRS (0)

Anonymous Coward | more than 6 years ago | (#21791916)

I know it makes sensational journalism to report about how catastrophic it would be to have a security problem at the IRS, but as someone in the industry (hence anonymous post), I as a taxpayer would be more worried about the security of the Electronic Return Originator, or ERO in industry terms. EROs are the persons and businesses that create electronic tax returns. This could be the taxpayer themselves, but in many cases is a small accounting company that provides the service. Picture a mom and pop sized version of H&R Block (although H&R is considered an ERO too.)

Not that these businesses don't have good intentions, its just that many of them don't realize just how vulnerable they are making their clients data. Fortunately I don't have to do end user support very often at my company, but I do get to read the reports from and talk to those at the company that do. I often hear of EROs wanting to use versions of windows that no longer have security updates. Basically these small shops that have no IT make all the same mistakes we hear of endlessly. No Firewall, no anti-virus, No Updates, Unsupported OS versions.

Its one thing for the average slashdotter to walk in take one look around and walk right back out their personal data still in hand, but many of their customers just aren't that smart. I've made all reasonable efforts to secure the parts of the system I am responsible for, but honestly there is only so much you can do to protect EROs from themselves.

Technically the IRS can site inspect EROs and Transmitters but that seems to never happen. What I am trying to point out here is that it is all well and good to talk about the security on the IRS side of things, but unless that same level of security extends to the Transmitters and EROs, its all pretty much pointless.

Note: Transmitters are entities that collect tax information from EROs and transfer that information to the IRS on behalf of the ERO. This happens because it is very difficult to get permission to connect to the IRS systems, so those that have access essentially re-sell that access. Example, You buy a software package to do your own taxes at home and then eFile your taxes. The information does not go directly from your computer to an IRS computer because you are not an authorized transmitter, instead your information goes from your computer to a computer owned by the software maker, who then sends it to the IRS on your behalf.

Scare Reporting (5, Informative)

Grech (106925) | more than 6 years ago | (#21791996)

Full Disclosure: I work for the IRS, and have a business need to take OUO or SBU data outside of the campus where I work from time to time.

Glossary:

  • OUO: [O]fficial [U]se [O]nly.- This is a class of information
  • SBU: [S]ensitive [B]ut [U]nclassified This is the category into which all identifiable taxpayer data falls, and falls under the protection of IRC 6103 (with consequences defined in IRC 1203)

The article here is pure scaremongering, though it does at least touch on some of the procedures the Service used to secure taxpayer data. The article makes the following points.

  1. The IRS has lots of sensitive data
  2. If individual people tasked with protecting sensitive information do stupid things, it will defeat any security measure.

When a laptop is issued, it gets whole disk encryption that can't be turned off by the user. Similarly, when the IRS issues other portable devices, they get the same. The rule, of course, is that you don''t hook up anything the IRS doesn't own to anything it does, so personal thumb drives and home networks should not be an issue, and we make the point every time we issue hardware. Similarly, the article talks about unencrypted drives on Campus machinery, but if someone has penetrated the physical security of the Campus and actually swipes one of these hard drives, things have already gone horribly wrong.

If the IRS lost a great whacking load of SBU data, of course it would be a disaster, this is nothing new, and is obvious. The article makes it seem like it's inevitable or in immediate danger of happening, and this just isn't true.

Re:Scare Reporting (1)

Grampaw Willie (631616) | more than 6 years ago | (#21793380)

The article here is pure scaremongering


you don't expect us to believe that do you?

hahahaha yeah (0)

Anonymous Coward | more than 6 years ago | (#21792074)

poor irs

look at the selling section of viperwarez.com some irs id info is for sale there

My insight (0)

Anonymous Coward | more than 6 years ago | (#21792816)

My mother was an IRS agent until 1999. She once brought her laptop home when I was young... she was quite pleased - this was a time when laptops were not thrown around willy nilly like today. Anyways, I mentioned that couldn't someone go on the laptop and make it say they had paid their taxes (ah the mind of a seven year old) She assured me that all her coworkers and herself used secret word to keep the laptop secure. I asked her how she could remember it. "Well it's something I could never forget son - It's your name!" What was a fond childhood bonding moment now causes me a bit of concern, especially since the article seems to throw around the concept of encrytion like it's some magic bullet.

IRS far more frightening than IRS data leaks (1)

MSTCrow5429 (642744) | more than 6 years ago | (#21793176)

I'm more terrified of the IRS, not that it will lose data on me. The IRS ruins peoples lives for fun, and the employees are sociopathic or amoral.

Re:IRS far more frightening than IRS data leaks (1)

jav1231 (539129) | more than 6 years ago | (#21793698)

I don't know that I agree that they do it for fun and are sociopathic but there no doubt their tactics are scary. I think Mike Huckaby said, "People are more afraid of the IRS than being mugged!"

Re:IRS far more frightening than IRS data leaks (1)

MSTCrow5429 (642744) | more than 6 years ago | (#21793732)

"People are more afraid of the IRS than being mugged!"

What's the difference? At least you can shoot the "bad" mugger.

Yeah, well ... (1)

ScrewMaster (602015) | more than 6 years ago | (#21794240)

IRS Data Security Still a Concern

The IRS' data store is always a concern, whether they lose track of it or not.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?