The Internal Revenue Leak Service The tax agency still can’t say how taxpayer files were stolen.
Democrats want to give $80 billion to the Internal Revenue Service to audit millions of Americans each year. Yet six months after the progressive website ProPublica first published the secret tax information of rich Americans, the tax agency still can’t explain what happened. Senate Republicans led by Iowa’s Chuck Grassley are demanding answers.
In a Dec. 1 letter to IRS Commissioner Charles Rettig, all 14 GOP Members of the Senate Finance Committee express frustration at how little the agency has discovered or reported on the ProPublica leak. Mr. Rettig promised when the leak occurred in June to find out what happened, but in September he told Senators, “We do not yet have any information concerning the source.” Since then it’s been crickets.
The scale alone should make investigating the breach a priority for the IRS. ProPublica claims to have thousands of individuals’ tax information, and it has continued publishing confidential details since its first report. Neither the publication nor federal authorities have said they know who leaked the records. No one seems to know, or least admit, how it was done, or how many more taxpayer files might have been stolen.
The leak is a crime, but tracing it isn’t merely a matter of criminal enforcement. The breach highlights the general failure of the IRS to protect taxpayer data. In their letter, the GOP Senators refer to several known weak points in the agency’s systems.
The problems include the agency’s master file for tax submissions, which was developed in 1962 using a coding language now broadly considered to be outdated. Yes, 1962. That’s several digital revolutions ago. The Government Accountability Office concluded a review of the agency’s systems in 2020, and its report was unsparing. More than a year before the leak, it warned of holes that enabled “unauthorized access to, modification of, or disclosure of financial reporting and taxpayer data.”
As troubling is the limp response by the IRS. A separate GAO report this May found that the tax agency failed even to enforce its own authentication protocols, which would help to detect breaches when they occur.
These data-security problems may soon be amplified as Democrats hand the IRS more resources and power in their multi-trillion-dollar tax and social spending bill. The main purpose of the $80 billion is to expand audits to millions of law-abiding Americans. The bill also provides for “modernizing information technology,” but doesn’t specify which systems need reform or where the money would go.
As the GOP letter puts it, “the IRS is to be provided with a mandatory stream of $80 billion, after which the IRS would report to Congress on how it plans to use the funds—that is; fund now, plan later.”
Maybe the IRS has overlooked security because it’s been focused on ways to gather personal data. The GOP Senators’ letter refers to an IRS proposal for a software system that “captures information from public facing digital media records.” In other words, auditors want to browse social media or the broader web to hunt for individuals they can target for audits.
The new money for the IRS is harmful on its own terms, but it’s all the worse when it is provided without strings to an agency that has no idea who is stealing private tax data.
Comments are closed.