IRS | Bach Seat

Tag Archive for IRS

RB | April 19, 2018

Comments Off

System Fails Tax Day Delayed

Tax day 2017 was delayed one day due to a hardware failure in a system supporting the oldest IT system in the U.S. federal government. (rb- I wrote about the almost 60 years old system here.) Nextgov reports that 18-month-old hardware supporting the Internal Revenue Service’s Individual Master File experienced a caching issue causing the system to fail.

The failure disrupted almost all other IRS systems and services because those systems ingest data from the Individual Master File. When those systems—such as Direct Pay and the structured payments portal—called to the Individual Master File mainframe and got no response, they too failed.

Dave Powner, GAO’s director of IT management issues, told Nextgov, “This was our biggest fear about one of these mission-critical systems crashing. Fortunately, it wasn’t down for a long period of time, so in that way, we dodged a bullet.”

The crash delayed the submission of some 14 million tax forms. It could be several years before the Individual Master File is fully modernized and rid of 1960’s-era technology. The article speculates that the update timeline could slip because the IRS says it needs to hire at least 50 more employees—while backfilling any attrition—plus an extra $85 million per year in annual non-labor funding over the next five years. Trump’s fiscal 2018 budget request called for a $239 million reduction in funding for the IRS, which has faced many cuts in recent years.

The author explains that the Individual Master File has data from 1 billion taxpayer accounts dating back several decades and is the chief IRS application responsible for receiving 100 million Americans’ individual taxpayer data and dispensing refunds. IRS first attempted to replace the system with a modernized Customer Account Data Engine, but that effort was canceled in 2009. A delivery date for CADE 2, the IRS’ subsequent modernization effort, has slipped several years even as contractors working on the project have earned as much as $290 million.

GAO identified the Individual Master File as the oldest technology system still working in government in 2016.

U.S. Senators: Nation’s Election System Still at Risk (GovTech.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2018, Business, Fail, IRS, Taxes, U.S. Government

RB | April 10, 2018

Comments Off

IRS Systems Oldest in Federal Gov

As is often attributed to Benjamin Franklin, who wrote in 1789 that “nothing can be said to be certain, except death and taxes.” The taxman is coming again on April 17th, 2018. Despite ~~Trump’s~~ Uncle Sam‘s latest tricks to take more of our money the Internal Revenue Service’s (IRS) systems are the oldest running in the U.S. Government. Nextgov reports that one of the IRS’ most important tax-processing applications is old enough to be a grandparent, and officials warn a failure during tax season could have dire economic ramifications or delay tax refunds for 100 million Americans.

Reports from the General Accounting Office, the IRS’ Individual Master File (IMF), and its sister system, the Business Master File (BNF) are the two oldest tech systems in all the federal government at about 58 years old. The next oldest tech system identified is the Defense Department’s Strategic Automated Command and Control System, which helps coordinate U.S. nuclear forces, which was developed 55 years ago (rb- Thanks reassuring).

The IMF and BMF are relics of the early days of computing itself. In 1960, an IRS report announced plans to install computers to automate tax processing at a facility in Martinsburg, West Virginia. Today, almost 60 years later, the IRS is still using the same systems to process the nation’s tax returns.

The Individual Master File is a massive application written in the antiquated and low-level Assembly programming language. It runs on an IBM mainframe and holds the data from 1 billion taxpayer accounts going back decades. IMF is chiefly responsible for receiving individual taxpayer data and dispensing refunds.

Despite hundreds of millions in spending, plans to fully modernize the application are more than six years behind schedule, and in a statement to Nextgov, IRS revised its new timeline for a modernized IMF to 2022.“To address the risk of a system failure, the IRS has a plan to modernize two core components of the IMF by 2021, followed by a year of parallel validation before retiring those components in 2022.”

The timeline could slip further. The article says the IRS will need the authority to hire at least 50 more employees—and backfill any losses—and receive an extra $85 million in annual non-labor funding for the next five years. Trump’s fiscal 2018 budget request would cut IRS funding by $239 million.

In the statement, IRS said IMF “is antiquated, with an architecture and design that dates back to the 1960s,” and admitted fewer programmers understand the old Assembly code. Auditors at the GAO have said IRS has more than 20 million lines of Assembly code.

The IRS’ main efforts to replace the IMF is the Customer Account Data Engine, which was canceled in 2009, and the next modernization effort CADE 2. Nextgov reports that plans to fully deploy CADE 2 and replace IMF have slipped, even as each company working on the project has earned as much as $290 million in revenue from IRS.

Contracting data obtained by Nextgov indicates contractors Deloitte, CSRA, Northrop Grumman, and MITRE Corporation all earned more than $60 million through fiscal 2017 through CADE or CADE 2 task orders.

In the meantime, IRS runs its legacy systems like IMF on newer hardware, though GAO’s latest audit stated 64 percent of the agency’s hardware is aged. Dave Powner, GAO’s director of IT management issues, said before the House Committee on Ways and Means in October. “But relying on these antiquated systems for our nation’s primary source of revenue is highly risky, meaning the chance of having a failure during the filing season is continually increasing.”

Such a failure would be “catastrophic,” according to former IRS Commissioner John Koskinen.

“If this failure were to occur during the filing season, we could be looking at a lengthy interruption in processing returns and issuing refunds … This could have a devastating effect on more than 100 million taxpayers waiting on their refunds as well as the nation’s economy, which sees some 275 billion dollars of refunds each winter and spring.”

Mr. Koskinen told Nextgov that work on CADE 2 stalled “because of the budget crunch of the past year or two, along with the critical need to protect taxpayers against identity theft.” IRS diverted resources toward partnerships with private companies and state and local tax agencies to battle identity theft. The agency spends $2.7 billion annually on IT.

“Victims of identity theft dropped by two-thirds, after years of barely being able to hold our own,” he said. “It was the appropriate decision to protect accounts against identity theft, but it has meant that other critical information technology programs have gone more slowly.”

rb-

The government’s technology woes are worse than you think. Over 80% $90 billion federal IT budget goes toward outdated, legacy IT systems, leaving little leftover innovation commonplace in the private sector.

Don’t Look Now, but America’s Tax System May Collapse Soon (Vice.com)

Category: Uncategorized | Tags: 2018, Assembly code, Benjamin Franklin, Identity Theft, IRS, Mainframe computer, Politics, Project management, Taxes, U.S. Government

RB | July 30, 2016

Comments Off

More IRS Tech Troubles

The U.S. gooberment agency in charge of ~~extorting~~ collecting taxes from citizens, but not businesses, has more IT troubles. In the past, the IRS has had problems with hackers attacking its online systems which exposed more than 720,000 taxpayer accounts. It has had data breaches that released 101,000 taxpayer SSNs, Its internal processes are so weak that the IRS could not find 1,300 PC’s to complete the upgrade from Windows XP.

The latest report says that the IRS off-boarding processes are so porous that former employees have “unauthorized entry.” Former employees have access to workplaces, IRS computers, taxpayer information, and could allow them to misrepresent themselves to taxpayers, according to an article at Nextgov.

The article cites a new watchdog report. In the report, there was a random sampling in 2014 that said the IRS couldn’t verify it had recovered all security items from more than 66 percent of roughly 4,100 “separated” employees. The employees had left due to retirement, resignation, death, etc.

If the IRS had just checked with me, this would not have been a surprise. In 2014 wrote about this issue. Lieberman Software released the results of a survey of IT security professionals. 13% of IT Pros at the RSA Conference 2014 admitted to being able to access previous employers’ systems using their old credentials. Perhaps even more alarming is that of those able to access previous employers’ systems nearly 23% can get into their previous two employers’ systems using old credentials.

rb-

This is just another example of why passwords suck. If the tax collectors used a two-factor authentication (2FA) process, chances are must greater that ex-employees would not be able to access taxpayer’s records. Two-factor authentication is a security process where the user provides two means of identification from separate categories of credentials.

An authentication factor is an independent category of credentials used for identity verification. The three most common categories are often described as something you know (the knowledge factor), something you have (the possession factor), and something you are (the inheritance factor). For systems with more demanding requirements for security, location and time are sometimes added as fourth and fifth factors.

One rising authentication measure is biometrics. Biometrics is the measurement and statistical analysis of people’s physical and behavioral characteristics. The technology is mainly used for identification and access control. The basic premise of biometric authentication is that everyone is unique and an individual can be identified by his or her intrinsic physical or behavioral traits. An individual’s biometric uniqueness can fulfill the inheritance factor of identify verification (“something you are”). Using biometrics in its various forms (I have written about different forms of biometrics on the Bach Seat; voice, brain waves, retina scan, behavioral biometrics, etc.) when combined with a strong password can form a 2FA.

There are drawbacks to using biometrics for authentication too.

Global Two-factor Biometrics Industry to Grow at a CAGR of 22.87% to 2020 (newsmaker.com.au)

Category: Uncategorized | Tags: 2016, 2FA, Biometrics, Hack, IRS, Passwords, Security, Two-factor authentication, US Government

RB | April 7, 2016

Comments Off

9 Emails You Should Never Open

The increasing pace of life coupled with mobile computing which bombards us with emails and messages, from more sources, and across more devices than ever before has created what Proofpoint calls a generation of trigger-happy clickers.

Trigger-happy clickers are falling more and more for fake emails from cybercriminals. These fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link according to the article. To put that into context a legitimate marketing department typically expects <2% click rate on their advertising campaigns.

So, despite the best efforts of security professionals, too many people are still falling prey to email scams at home and work. Whether it’s a get-rich-quick scheme or a sophisticated spearphishing attack, here are some emails to steer clear of:

1. The government scam

These emails look as if they come from government agencies, such as the IRS, FBI, or CIA. If these TLA’s want to get a hold of you, it won’t be through email.

2. The “long-lost friend”

This scammer tries to make you think you know them, but it might also be a contact of yours that was hacked.

3. The billing issue

These emails typically come in the form of legitimate-looking communications. If you catch one of these, log into your member account on the website or call the call center.

4. The expiration date

A company claims your account is about to expire, and you must sign in to keep your data. Again, sign in directly to the member website instead of clicking a link in the email.

5. You’re infected

A message claims you’re infected with a virus. Simple fix: Just run your antivirus and check. In a recent twist, scammers claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.

Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans, and send alarming messages to try to convince you that your computer is infected with malware. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.

But wait it gets worse – If you paid for their “tech support” you could later get a call about a refund. The refund scam works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund.

Or the caller may say that the company is going out of business and providing refunds for “warranties” and other services.

The scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account.

6. You’ve won

Claims you won a contest you never entered. You’re not that lucky; delete it. It’s illegal to play a foreign lottery. Any letter or email from a lottery or sweepstakes that ask you to pay taxes, fees, shipping, or insurance to claim your prize is a scam.

Some scammers ask you to send the money through a wire transfer. That’s because wire transfers are efficient: your money is transferred and available for pick up very quickly. Once it’s transferred, it’s gone. Others ask you to send a check or pay for your supposed winnings with a credit card. The reason: they use your bank account numbers to withdraw funds without your approval, or your credit card numbers to run up charges.

7. The bank notification

An email claiming some type of deposit or withdrawal. Give the bank a call to be safe.

8. Playing the victim

These emails make you out to be the bad guy and claim you hurt them in some way. Ignore.

9. The security check

A very common phishing scam where a company just wants you to “verify your account.” Companies almost never ask you to do this via email.

What To Do Instead of Clicking Links

In the case of your bank or other institution, just go to the website yourself and log in. Type in the address manually in the browser or click your bookmark. That way you can see if there’s something that needs taken care of without the risk of ending up on a phishing site.

In the case of your friend’s email, chances are that they copied/pasted the link into the message. That means you can see the full address. You can just copy/paste the address into the browser yourself without clicking anything. Of course, before doing that make sure you recognize the website and that it’s not misspelled.

Proofpoint’s bottom line is that unless you explicitly know and trust it, avoid it. That’s all there is to it. Make this a habit and you can avoid one of the biggest mistakes in internet safety.

HCSO warns of jury duty scam (wishtv.com)

Category: Uncategorized | Tags: 2016, Bitcoin, CIA, Confidence trick, email, FBI, Fraud, Identity Theft, IRS, Lottery, Malware, PII, Proofpoint, Ransomware, Scam, Security, Social Security number, SPAM, Tech Support, Western Union, Wire transfer

RB | February 6, 2010

Comments Off

Taxman Still Coming

Updated 04-13-2010 It is being reported that the U.S. House has scheduled for April 15th consideration of the Taxpayer Assistance Act of 2010. The bill’s major provision would remove cell phones and similar telecommunications devices as listed property, effective for tax years beginning after 2009.

Ways and Mean member John Lewis (D-GA) was expected to introduce the bill. It would include several individual taxpayer assistance measures. As offsets to the bill’s cost of $411 million, it would expand the bad-check penalty to electronic payments and increase information return penalties.

—

Taxman Still Coming By 2013 mobile phones will overtake PCs as the most common Web access device worldwide according to Gartner forecasts. The IT research firm says the total number of PCs in use will reach 1.78 billion in 2013. By 2013, the combined installed base of smartphones and browser-equipped enhanced phones will exceed 1.82 billion units. These devices will be greater than the installed base for PCs afterward.

Despite these projections, the U.S. Internal Revenue Service (IRS) continues to treat mobile phones as a luxury. According to an article on Mobile Enterprise, since 1989 IRS tax regulations have identified the cellphone as “listed property.” A listed property is an item obtained for use in a business but designated by the tax code as lending themselves easily to personal use.

Tax policy

According to the IRS, “unless the employer has a policy requiring employees to keep records, or the employee does not keep records, the value of the use of the phone will be income to the employee.” The IRS goes on to say, “At a minimum, the employee should keep a record of each call and its business purpose. If calls are itemized on a monthly statement, they should be identified as personal or business and the employee should retain any supporting evidence of the business calls. This information should be submitted to the employer, who must maintain these records to support the exclusion of the phone use from the employee’s wages.”

On the other hand, if the phone is employee-owned there are different tax rules. The IRS says “the listed property requirements do not apply. Any amounts the employer reimburses the employee for business use of the employee’s own phone may be excludable from wages if the employee accounts for the expense under the accountable plan rules.”

In June 2009 the IRS proposed to tax up to one-quarter of an employee’s use of a work cellphone. However, the IRS has since decided to let Congress handle the matter. IRS Commissioner Doug Shulman announced on January 8, 2010, the IRS is now taking a “wait-and-see” attitude. The policy leaves its current regulations in place until Congress passes new legislation. Shulman said on the C-Span’s “Newsmaker” program: “We’re quite hopeful Congress is going to act on this. In the meantime, we’re not doing anything special or moving forward with any initiatives. Our hope is that there will be legislation to clean this up.”

Senator John Kerry (D-MA) sponsored the Modernize Our Bookkeeping In the Law for Employees – Mobile Cell Phone Act of 2009, (S. 144/H.R. 690). The bill would remove mobile devices from the listed property rule to exempt them from the tax. The House approved the bill during the last Congress but is still in committee in the current session.

CTIA response

The Cellular Telecommunications & Internet Association (CTIA) trade association welcomed the news. In a Jan. 11, 2010, prepared statement CTIA President Steve Largent said, “The existing rule is an anachronism and it can’t be saved simply by giving it a facelift. That’s why we are focused on continuing to secure congressional support for the Mobile Cell Phone Act, which enjoys broad bipartisan support on both sides of the Capitol. It is our hope that Congress act soon to help employers and employees alike by repealing this absurd, outdated rule.” According to CTIA, employees are still required to maintain logs detailing their business use on a mobile device. The IRS expects individuals to record the following items, according to the CTIA:

the amount of such expense or other items,
the time and place of the use of the property,
the business purpose of the expense, and
the business relationship to the taxpayer of the persons using the property.

The results of the stalled legislation have been predictable. The article cites the example of Rocky Mount, VA, which stopped issuing cellphones to employees. Town employees whose job requires 24×7 availability via cell phone are required to buy their own phone. They will be given a flat stipend for using the phone for work purposes. If employees do not keep careful records, despite paying for their own cellphones for business purposes they may not be able to claim the service as a business deduction. The article notes that “For a for-profit business, the designation of an item as ‘listed property’ has implications for depreciation deductions taken by the business and the computation of net income.”

How to comply with existing tax rules

To comply with existing tax rules, Thompson’s Employer’s Guide to Fringe Benefits Rules says employers must satisfy the onerous substantiation requirements. They do this by requiring annotated monthly statements from employees to support deductions and employee income exclusions. Or firms must treat the value of the benefits as wages for Federal employment tax purposes and report this value as wages on Forms W-2.

For practical reasons, Thompson says, some employers opt to reimburse employees for cell phone purchases on an after-tax basis. This would negate the employer’s ownership of the phones and the requisite fixed asset tracking that follows. Employers should also provide reimbursements of service and usage fees on an after-tax basis unless they collect annotated documentation from employees to substantiate the reimbursements. Employers should either collect all monthly statements from employees. Otherwise, they should require employees to maintain those records to effectively respond if the IRS inquires into the claims.

What should a firm do if they provide employees with cellphones?

Assess your existing policies for corporate-issued smartphones, and require employees to keep records of each call and its business purpose.
Regularly audit smartphone records and require employees to reimburse the company for all personal use.
Consider whether an individual-liable model for the cellphone users in your enterprise would work.
Get involved and contact your Senator or Representative and tell them to update the IRS code.

Category: Uncategorized | Tags: 2010, Business, CTIA, IRS, Lobbying, Mobile, Policy, Smartphone, Tax

Bach Seat

Tag Archive for IRS

System Fails Tax Day Delayed

Related articles

IRS Systems Oldest in Federal Gov

Related articles

More IRS Tech Troubles

Related articles

Taxman Still Coming

Tax policy

CTIA response

How to comply with existing tax rules

Meta