IRS Scrubs Electronic Tax-Filing System Plans
WASHINGTON — The Internal Revenue Service has canceled plans to start a new electronic tax-filing system after discovering serious flaws that jeopardized the security of confidential taxpayer information.
The system, known as Cyberfile, was supposed to allow Americans to file their tax returns from home computers through the World Wide Web before April 15.
But the IRS pulled the plug on starting the system after a General Accounting Office investigation found a large number of security concerns and technical problems.
IRS spokesman Steve Pyrek said the agency largely agrees with the GAO’s findings about security. “We have not put the program in place this year because we want to make sure we address those security concerns,†Pyrek said.
The problems are the latest in a series of difficulties the IRS has had in modernizing its 1960s-vintage computers under a massive $20-billion program. They demonstrate how far the agency remains behind the American business world in giving individuals the ability to use home computers for routine financial tasks.
The new system was to have allowed computer users to file returns directly to the IRS, a change from the existing system that requires taxpayers to use private companies that forward electronic filings to the agency for a fee.
As more Americans file their tax returns electronically, the integrity of the IRS system will become increasingly important. A massive disruption could have profound consequences on government finances.
The GAO concluded that the Cyberfile system, housed in a dusty subbasement of the Agriculture Department headquarters, is vulnerable to electronic attack, as well as having 17 separate weaknesses in its physical security.
There were a number of fire hazards, including large trash piles near the computer banks and a sprinkler system with pipes so low that workers had to duck when walking around, the GAO said. Locks on the doors to the center were so poorly installed that they could be defeated just by flipping the latch with a finger, the investigation found.
“Packages and other personal articles were not inspected before being allowed into the data center, increasing internal security threats,†the report said. “This leaves the center vulnerable to physical attack from concealed weapons, as well as technical attack. For example, malicious software could be brought in to introduce [computer] viruses.â€
Electronic security was also suspect, the GAO said, in part because the IRS decided to forgo requiring a digital signature on tax returns in favor of requiring only an electronic filing number that would “not ensure data integrity.â€
The GAO also found the system lacked backup computers and was without a contingency plan for emergencies. The IRS also did not have any risk analysis for whether employees could compromise taxpayer data.
The computer system was built by the Department of Commerce’s National Technical Information Service, a little-known federal agency in Springfield, Va.
The director of that office, Donald Johnson, said in an interview that the IRS system had been designed with the best practices of computer security.
“There is a perception of vulnerability of anything that occurs on the World Wide Web,†Johnson said. “On the other hand, we have taken every measure of security.â€
The IRS had planned to make the Cyberfile service available to taxpayers in a limited number of states before April 15. Pyrek said the agency may still activate the service this year to allow its use by taxpayers who file late, after April 15.
Private tax firms say the IRS has botched the electronic filing system in a number of ways in recent years. More than 13 million Americans filed electronic returns through third parties last year, down from 16 million the year before, according to Les Clem, owner of Tax Link, a tax software and filing firm in Columbus, Ohio.
The decline occurred after the IRS changed its regulations overseeing the issuance of electronic refunds in response to widespread fraud in the use of earned-income tax credits, Clem said.
Without Cyberfile, individuals filing electronic returns must purchase private software and then pay private firms to file their returns. Tax Link, for example, charges $19.95 for tax preparation software it sells on the World Wide Web and another $10 per return for electronic filing.
Clem said the private electronic filing industry is set up with inherently more security than the IRS will achieve through the World Wide Web.
But Johnson said the Cyberfile system has the latest security, making it impossible to penetrate the IRS’ main computer systems or alter taxpayer returns.
Johnson dismissed concerns about physical security, saying that the site is not accessible to the general public and is well-guarded.
The GAO report also found serious contractual and financial management issues with the Cyberfile program.
The audit uncovered $2 million in purchases that were made outside normal federal regulations. The IRS said the purchases were needed because “unusual and compelling urgency†existed and “that the government would be seriously injured.â€
The GAO found that a minority firm was selected for the Cyberfile work without competition.
In addition, the audit found that the IRS billed taxpayers for a number of questionable items, including cellular telephones at a cost of $1,099 each that were supposed to provide 24-hour access to personnel operating the Cyberfile system. Thousands of dollars were spent on phone and pager charges even though the Cyberfile system was not operating.
Johnson said the system was completed under budget and is ready to start operations at any time.
Sign up for Essential California
The most important California stories and recommendations in your inbox every morning.
You may occasionally receive promotional content from the Los Angeles Times.
