Click for next page ( R2


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page R1
Review of Tax Processing System Planning for the Internal Revenue Service A Report to the Internal Revenue Service Department of the Treasury by the Committee on Internal Revenue Service Tax Processing System Planning Board on Telecommunications-Computer Applications Assembly of Engineering National Research Council NATIONAL ACADEMY PRESS Washington, D.C. 1980

OCR for page R1
NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the Councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the Committee responsible for the report were chosen for their special competences and with regard to appropriate balance. This report has been reviewed by a group other than the authors according to procedures approved by a Report Review Committee consisting of mem- bers of the National Academy of Sciences, the National Academy of En- gineering, and the Institute of Medicine. The National Research Council was established by the National Academy of Sciences in 1916 to associate the broad community of science and technol- ogy with the Academy's purposes of furthering knowledge and of advising the federal government. The Council operates in accordance with general policies determined by the National Academy under the authority of its congressional charter of 1863, which establishes the Academy as a private, nonprofit, self-governing membership corporation. The Council has be- come the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in the conduct of their services to the government, the public, and the scientific and engi- neering communities. It is administered jointly by both Academies and the Institute of Medicine. The National Academy of Engineering and the Institute of Medicine were established in 1964 and 1970, respectively, un- der the Charter of the National Academy of Sciences. This report represents work under Contract TIR-79-35 between the Na- tional Academy of Sciences and the Internal Revenue Service. Copies of this publication are available from: National Technical Information Service Department of Commerce 5825 Port Royal Road Springfield, Virginia 22161 Printed in the United States of America

OCR for page R1
FOREWORD Service on a National Research Council committee is a part-time endeavor for its members, who meet only perhaps six or eight times during a one-year study. Nonetheless, such a committee can develop deep insights into a situation and learn an enormous amount about an organization. In this study, the Committee read a considerable volume of material; it talked individually and collectively with many people; and it visited appropriate field sites. Moreover, each member is skilled and has Tong experience in his subject area. Some members, for example, have direct personal experience with a major computer system replacement, have watched one take place, or have audited an unsuccessful one. Each member has served previous- Ty on a review activity of this kind and thus has developed a keen sensitivity to not only what has been said but also what has not been said. Each has developed an ability to recognize danger signals that lie unnoticed behind plans, in oral presenta- tions, or in documents. Thus, many of our findings reflect personal experience, management insights, and judgments rather than hard data. The issues involved in our examination have not been simply technological or scientific; rather, they have had substantial subjective components. Furthermore, our view of the Internal Revenue Service can not be comprehensive. However, when the presentations, field visits, discussions, and written material are played against our collective experience and professional skills, the judgments reached are sound, and reflect the composite wisdom of a group which traveled and met to- gether, and interacted extensively both internally and with Internal Revenue Ser- vice officials. Authorship of a report is always a joint effort. Initial drafts of chapters IT and Ill were provided by the respective panels with assistance from the Technology Panel. The introductory material and Appendix B were drafted by National Re- search Council staff officer E. R. Lannon, who not only hancIled all administrative details but also, because of his prior experience with many government agencies, contributed to the substantive work of the Committee. Appendix A was written by Francine Schulberg of Sutherland, Asbill & Brennan. The final document reflects the views and detailed comments of the entire Committee. The chairman of an effort like this inevitably imposes an extra burden on his own personal secretary. It is a pleasure to acknowledge the support of Delores Stimbert, who skillfully handled what must have seemed an endless stream of writing, rewriting, editing, and travel arrangements. ~ wish also to thank Kay McKenzie, word processing specialist, and~Janet DeLand, editor and photo-com- positor. Willis H. Ware Chairman . . .

OCR for page R1

OCR for page R1
COMMITTEE ON IRS TAX PROCESSING SYSTEM PLANNING Willis H. Ware (Chairman), Corporate Research Stay, The Rand Corporation Wilbur B. Davenport, Jr. (Deputy Chairman), Professor of Communications Science & Engineering, Massachusetts Institute of Technology Frank L. Allen, Vice President, Information Systems, Arthur D. Little, Inc. Lee L. Davenport,* Vice President-Chief Scientist, General Telephone & Electronics Corp. Jean H. Felker, Vice President, Software and Processor Technologies, Bell Laboratories John A. Gosden, Vice President, Telecommunications, Equitable Life Assurance Society Francis M. Gregory, Jr., Partner, Sutherland, Asbill & Brennan Susan Hubbell Nycum, Gaston Snow & Ely Bartlett Louis T. Rader,** Professor of Business Administration, University of Virginia Jack B. Robbins, Major General, U.S. Air Force (Retired) William W. Shine, Senior Vice President, Chase Manhattan Bank, N.A. Sheila M. Smythe, Executive Vice President, Blue Cross and Blue Shield of Greater New York Staff: Edwin R. Lannon, Study Director Linda Jones, Administrative Secretary *Ex-officio as Deputy Chairman, Board on Telecommunications-Computer Applications, July 1979- June 1980. **Ex-o~cio as Chairman, Board on Telecommunications-Computer Applications, July 1979-June 1981.

OCR for page R1
V1 PRIVACY-SECURITY-CONFIDENTIALITY PANEL Willis H. Ware Susan H. Nycum Sheila M. Smythe Francis M. Gregory, dr. TRANSITION PANEL John A. Gosden Jack B. Robbins Frank :~. Allen TECHNOLOGY PANEL Wilbur B. Davenport, dr William W. Shine Jean H. Felker 1

OCR for page R1
Vil ~ . BOARD ON TELECOMMUNICATIONS-COMPUTER APPLICATIONS Louis T. Rader (Chairman), Professor of Business Administration, University of Virginia J.C.R. Licklider (Deputy Chairman), Professor of Electrical Engineering and Computer Sciences, Massachusetts Institute of Technology Frank L. Allen, Vice President, Information Systems, Arthur D. Little, Inc. Ted E. CTimis, Vice President, General Products Division, IBM Corporation Martin Cooper, Vice President-General Manager, Motorola, Inc. Irwin Dorros, Assistant Vice President, American Telephone & Telegraph Co. Robert R. Everett, President, The MITRE Corporation John C. Hancock, Dean of Engineering, Purdue University Brockway McMilIan, Vice President-Military Systems (Retired), Bell Laboratories Robert D. Maurer, Manager, Special Projects, Corning Glass Works, Research & Development Laboratories Glen O. Robinson, Professor of Law, University of Virginia Joseph E. Rowe, Vice President Technology, Harris Corporation Willis H. Ware, Corporate Research Staff, The Rand Corporation Stab: R. V. Mrozinski, Executive Director E. R. Lannon, Principal Staff Officer P. R. Nuhn, Principal Staff Officer E. Gaspard-Michel, Administrative Assistant Linda Jones, Administrative Secretary

OCR for page R1

OCR for page R1
PREFACE This is a report basically about a technical matter, namely that of replacing the existing hardware-software configuration of the fRS computer-based recor~keep- ing system with an improved and more capable one. The usual tasks typical of such a computer system upgrade, including hardware selection, database conversion, rewriting software, planning the conversion, and managing the whole effort, will have to be performed. The {RS circumstance, however, is unique in that the record system in question deals with a body of information about people which by law is confidential, must therefore be appropriately protected, and can be disclosed only under carefully prescribed circumstances. In addition, strong sensitivities about tax information on the parts of the citizenry at large, of various oversight committees and members of Congress, and of other agencies of the Executive branch have combined to foreclose certain technical options that might otherwise be available. As perceived by various parties, the consequences of such advanced technology have been seen as undesirable. Thus, in this report technology per se is not a dominant issue although comput- er hardware and software issues are commonly considered technical matters. Many technical questions normally considered in connection with computer system up- grades are not relevant. Usually, the design and configuration of a.computer-basec] system represent an engineering compromise in that the end product reflects a considered balance of many technical factors that are not always consonant and are sometimes in conflict. In the case of the {RS, however, the end product must in contrast reflect a socio-engineering compromise because of the social and political sensitivities associated with tax administration in general, and especially with the use and disclosure of tax information. The reader should, therefore, not expect discussion of many technical topics that would ordinarily be included in a treatment of computer-system conversions. Rather, he should be alert to the societal and cultural implications of a unique and essential recor~keeping system that is the object of much concern lest it become an instrument of government oppression. The Committee reviewed {RS plans for updating the computing equipment now used for tax administration and for moving from computer assembly language programming to the higher level programming language COBOL. The fRS pro- vided substantial material describing its planning, including a major document entitled, "Equipment Replacement Program Management Plan," issued in Septem- ber 1979 by the Assistant Commissioner (Data Services). The IRS plan envisioned a three-phase program that would begin in January of 1980 and end in January 1987. It covered (1) the replacement of computing equipment now used in its ten Service Centers (to begin in January of 1980 and be completed in January 1985~; (2) replacement of computing equipment in its National Computer Center (to begin in September 1983 and be completed in September 19861; and (3) replacement of the microfilm system for historical records, now in use at all operational levels of the IRS (to begin in September 1983 and be completed in January 1987~. The IRS requested that the National Research Council conduct a one year assessment of its plan for the transition from old equipment to new equipment, with 1X

OCR for page R1
x particular emphasis on security and privacy considerations. The National Research Council assigned responsibility for the effort to its Board on Telecommunications- Computer Applications, which organized the Committee on IRS Tax Processing System Planning for the purpose. The Committee, which began work in October of 1979, included people with broad knowledge of computer security and privacy, large scale project manage- ment, and computer technology, including both hardware and software. The Com- mittee also included people from academic, industrial, legal, and nonprofit insti- tutions; equipment manufacturers were intentionally not represented. Throughout its review, the Committee enjoyed complete cooperation from the Internal Revenue Service. Site visits were made to a Service Center and the Na- tional Computer Center. Several meetings held with IRS officials in Washington both supplemented and complemented written materials provided at TRS initiative or at the request of the Committee. The Committee did not involve itself in the actual {RS planning and made no judgments on the efficiency or effectiveness of the equipment and overall system now in use. Very importantly, the Committee also accepted as given certain con- straints which had been negotiated with the Office of Management and Budget on redesign of the present system, parts of which have been in operation since 1962. Furthermore, expressions of concern by Congress further limited the opportunity to exploit the newest technological ideas. Absent such restrictions, it is quite proba- ble that a different TRS plan would have been developed, and that this report would have discussed various technical and system architectural options. In fact, the Committee limited its review to the planning as it hac] actually been done. Chapter ~ consists of introductory material describing the Internal Revenue Service and its perceptions of the problems inherent in its current mode of oper- ations. The security and privacy issues relevant to the equipment replacement program are discussed in Chapter IT. Chapter Ill treats the management of the large scale transition involved. Appendix A contains background material on the legislative and legal aspects of privacy and confidentiality; Appendix B details the briefings provided to the Committee and the documents it reviewed. The Committee is most appreciative of the open and frank discussions it had with officials of the Internal Revenue Service, in particular with Jerome Kurtz, the Commissioner of Internal Revenue; Deputy Commissioner William E. Williams; Assistant Commissioner (Data Services) Donald J. Porter; Deputy Assistant Com- missioner (Data Services) Joseph E. Bishop; Director (Systems Development Office) Dean E. Morrow; and Deputy Director (Systems Development Office) Bernard Miller. The support and cooperation of these individuals was essential to the work of the Committee. The Committee also appreciates the support of R. V. Mrozinski, Executive Director of the Board on Telecommunications-Computer Applications; E. R. Lan- non, Study Director; and Mrs. Linda Jones, who provided secretarial support.

OCR for page R1
OVERVIEW The Internal Revenue Service is basically an operational agency charged with administering tax law; therefore, it behaves as such on a daily basis and operates its computer systems on a factory-like production schedule. As happens to other federal agencies from time to time, the {RS now finds itselfin the system acquisition business as it upgrades the computer equipment supporting various recor~keeping functions. Even though the IRS has been involved continuously in computer soft- ware modification and improvement, it has not undertaken a large engineering development task since the equipment now in the 10 Service Centers was installed in the late 1960s and early 1970s. While the plan is basically to replace equipment, unavoidably a certain amount of software change will also have to be done; to- gether, the two constitute a substantial undertaking. Much of the discussion in Chapter Ill comments on certain {RS decisions (e.g., choice of the programming language COBOL). Many recommendations in the chap- ter are directed to management of the large effort planned, and especially to strengthening the role of the {RS internal Systems Development Office by eniarg- ing its size and giving it control over funds. Other recommendations speak to essential aspects of planning, and to the detailed process of cutting over from the present system to the new one. In the {RS discussion of its Equipment Replacement Program with various external oversight committees of Congress and with the Once of Management and Budget, security and privacy have been special concerns. In the context of the Privacy Act of 1974, the IRS is required among other things to take reasonable precautions to safeguard the information it holds, i.e., to provide computer secur- ity safeguards. Importantly, the Act also stipulates careful control of dissemina- tion, a point which the Tax Reform Act of 1976 also addresses by explicitly de- fining recipients who may receive tax information. In addition, the latter Act also establishes tax information as confidential in the legal context. The Committee found security at the Atlanta Service Center and at the Na- tional Computer Center at Martinsburg to be very good in terms of physical ar- rangements, employee training and awareness, procedures, and administrative controls. The software security safeguards in the Service Center machines are con- sistent with the state-of-art extant at the time of implementation, but also reflect upgrades as the art has advanced. The Committee also finds that the TRS has responded properly to the Privacy Act of 1974. Nonetheless, new threats against the tax information in the {RS computer- based recor~keeping systems will continue to develop. Therefore, the recommenda- tions of Chapter lI are directed toward ensuring that, in the recor~keeping context ensuing from the coming Equipment Replacement Program, the TRS will have computer security safeguards that are the best possible and that reflect the leading edge of the art. The recommendations also stress that all available resources should be exploited to help design the safeguards, including the Internal Audit Division of the {RS, the experience and research base of the Department of Defense outside of the {RS but within government, and appropriate private consultants who special- ize in the area. The conclusions, findings, and recommendations follow. xi

OCR for page R1
. . X11 CHAPTER 11: PRIVACY, SECURITY, AND CONFIDENTIALITY The Committee concludes that the existing legislative framework is an ade- quate foundation for protecting privacy and ensuring confidentiality, provided there is intelligent and good faith administration and interpretation of the law. The Committee concludes that the TRS must proceed slowly with its planning for computer-based systems and pace its expectations to the willingness of the country and its leadership to accept increasingly comprehensive tax administration recor~keeping systems. The Committee finds that the {RS is properly fulfilling the obligation imposed on it by the Privacy Act of 1974. With regard to the physical protection plus administrative and personnel as- pects, the Committee finds that the security situation at the Atlanta and Martins- burg sites, which it visited, is very good. The Committee recommends that the TRS conduct a thorough audit of all security features that safeguard its computer systems, its data and files, its person- nel, and its facilities. Since the Department of Defense has experience in both attempting to pene- trate computer operating systems and developing methods for increasing the secu- rity of computer operating systems, the Committee recommends that the {RS seek its assistance in the computer security area. We recommend that the IRS carefully monitor computer security research efforts and exploit any results that can strengthen the in-place safeguards. The Committee therefore recommends that the {RS create, as part of its overall planning for transition from the existing computer environment to its new one, a specific plan for heightening security awareness and overseeing the special security aspects of transition. The Committee recommends that technical procedures and administrative means for controlling access to the National Computer Center computers, not only for program development runs but also for access to real data, be thoroughly reviewed for completeness, for possible loopholes, and for other shortcomings. The Committee recommends that relevant expertise from inside as well as outside the {RS be used to ensure that the software security controls and audit traits will be consistent with the best state-of-the-art. The Committee recommends that the {RS review both at the National Comput- er Center and at the Service Centers the number of personnel positions identified as "critical sensitive." The Committee suggests that the Internal Audit Division now contains special- ized skills that can be exploited during source selection considerations and also exploited for conceptualizing software security controls and audit trails. The Committee recommends that the Commissioner of the Internal Revenue Service invite the General Accounting Office to provide such an independent assess- ment of the capability of the Internal Audit Division. CHAPTER TIT: TRANSITION The Committee recommends that the existing general structure of programs and files not be altered to change the processing flow, the functions provided, or the overall system architecture.

OCR for page R1
. . X111 Therefore, to maintain control and visibility, we strongly recommend that the Systems Development Office have sufficient stab and be organized so as to review the decisions and tradeoffs made at all management levels on the project. The Committee recommends that specific detailed plans be prepared for the cut-over phase, including acceptance criteria, and that prior preparations be made for emergency back-up actions. We recommend that the test-and-evaluation program contain precisely defined criteria for cut-over qualifications. We therefore recommend that the stab of the Systems Development Office be approximately doubled from the planned fifteen; that the Systems Development Office obtain expert advice on the adequacy of its project management system at the earliest date; and that representatives of the Systems Development Office routinely attend planning and design review meetings where program issues are discussed and decided, to develop their own sense ofthe information being provided by various task teams and also to maintain the automated project control system. The Committee recommends that the IRS require close and careful control of project funds by the Systems Development Office. The Committee strongly recommends that the TRS hold separate all project funds. It further recommends that the Director of the Systems Development Office be given budget assignment and control authority for project funds. The Committee recommends that the Systems Development Office maintain and periodically review its master plan and the necessary project reporting proce- dures to ensure a steady flow of management information. The Committee recommends that contingency plans be developed for the cir- cumstances most likely to raise difficulty with the project system performance, schedule, or cost. The Committee recommends that the IRS evaluate the desirability of contract- ing with a firm that is expert in test-and-evaluation operations, either to undertake the actual test-and-evaluation or to ensure the adequacy of the test-and-evaluation procedures developed by the TRS. The Committee recommends that a project documentation tree be specified by the Systems Development Office. The documentation tree should name all required specifications, test documents, manuals, handbooks, and reports. We recommend that the {RS staffcontinue to study the response time issue and estimate by mathematical analysis, simulation, or test the likely effects on the performance of the computer system. The Committee recommends that the TRS investigate the availability of a program translator to aid in the conversion of programs from assembly language to a higher level language.

OCR for page R1

OCR for page R1
CONTENTS FOREWORD In PREFACE ix OVERVIEW xi Background........... Organization ........... Data Processing Equipment. Operating Statistics ......... The Problem........................ CHAPTER I: THE INTERNAL REVENUE SERVICE 1 1 2 CHAPTER II: PRIVACY SECURITY, AND CONFIDENTIALITY 6 6 Terminology Pertinent Law Privacy Protection Study Commission Position 8 Classical Privacy vs. Information Usage The Balance Point Committee Inputs Privacy Computer Security Security During Conversion Personnel Threat The Role of Internal Audit Technology and the Future CHAPTER III: TRANSITION Introduction .............. Strategy of Transition .... Organization, Management, and Resources ...................... The National Computer Center ........ 10 ........ 12 15 15 16 18 19 20 22 23 23 25 29 39 APPENDIX A: LEGISLATIVE OVERVIEW The Privacy Act of 1974 The Tax Reform Act of 1976 42 The Freedom of Information Act 44 Court Resolution of Conflicts and Overlaps in the Statutory Authority 45 41 41 APPENDIX B: BRIEFINGS AND DOCUMENTS PROVIDED TO THE COMMI11EE.................................... Briefings..................................................... Documents Reviewed........................................ xv ... 48 48 48

OCR for page R1