The IRS appears to believe that its primary threat is from unauthorized browsing of tax returns by employees. This is in part a response to congressional pressure after the IRS discovered and reported previous unauthorized access.1
It is the committee’s opinion that browsing is not the only important threat, nor should it be the primary driver behind security requirements. The threats that the committee believes the IRS needs to design against are the following:
Outsiders, including individuals, organizations, companies, and foreign governments that want to obtain confidential IRS taxpayer information and to access control passwords and protocols for the purpose of selling the information, blackmailing taxpayers, causing political embarrassment to the IRS, improving their negotiating position in criminal or civil actions, denying system availability, and modifying or destroying records;
IRS employees, contractors, and vendors who are disgruntled or have been bribed to obtain such information for the above-stated purposes; and
Some combination of outside and inside collaborators.
Until several years ago, all taxpayer data were processed on stand-alone systems and moved physically on magnetic tape. There is no precedent or culture for secure electronic transmission of sensitive data within the IRS. The vision of a completely interconnected network providing access to any and all taxpayer data required for IRS operations is convenient from a business standpoint but ignores the extremely complex security and privacy issues involved. It is readily accepted within the government that the technology to construct and implement large-scale distributed systems connected with local and wide area networks outstrips the technology to secure these networks in a cost-effective manner.
A rough rule of thumb is that in a very stringent security environment, at least 1 employee in 10,000 is or can be compromised. With the uncertainties of government employment and the potential for downsizing, a minimal clearance process for IRS employees, and the much greater access to networked systems, the risk of a compromised employee is much higher.
Although the committee believes (based on past incidents) that no more than a small percentage of IRS employees will engage in unauthorized behavior, it is the greatly increased vulnerability of a widely connected distributed environment that makes even a handful of malicious or untrustworthy individuals a substantial threat. Furthermore, with the public’s perception of the IRS as an increasingly aggressive arm of the federal government, its systems are major targets for highly skilled and dedicated groups of citizen hackers who see the IRS as a legitimate target for information warfare.
The dependence of the IRS upon the public switched network only heightens the threat. There are numerous reported cases of outside hackers as well as telephone company employees actively manipulating and wiretapping traffic and signaling circuits