excerpted from: The Washington Post 5 August 1993 page A6 Accused of Failing to Protect Data, IRS Says It Will Buttress Safeguards by Stephen Barr Washington Post Staff Writer The Internal revenue Service, assailed by senators yesterday over a breakdown in computer security that allowed IRS workers to browse through tax records and monitor fraudulent tax refunds, pledged to strengthen safeguards set up to ensure taxpayer records are kept confidential. "it's not easy. it's painful to admit mistakes you make," Internal revenue Commissioner Margaret Milner Richardson said after listening to members of the Senate Governmental Affairs Committee express outrage that IRS workers abused their public trust. Addressing committee Chairman John Glenn (D-Ohio), Richardson said,"I feel very strongly about protecting the integrity of the tax system, and I told you we will not tolerate anything that will impinge on that integrity or the credibility of the American people." But Richardson rebuffed a suggestion by Sen. David Pryor (D-Ark.) that the IRS notify the taxpayers whose files were improperly reviewed. "I'm not sure there would be a serious value to that in terms of tax administration or in the connection with what I see as protecting the taxpayer's rights," she said. Pryor said he would continue to press for taxpayer notification, saying, "I'm going to really come down hard.... I think anyone that we can identify whose files have been browsed for no official reason, I think that taxpayer needs to know." Richardson's testimony followed the release of a report this week that showed almost 370 IRS employees in the agency's Southeast Region have been investigated or disciplined for creating fraudulent tax returns or browsing through tax returns of friends, relatives, neighbors and celebrities. In 154 cases, employees were disciplined. Deputy Commissioner Michael P. Dolan said three employees were forced to resign, three were fired, 38 received suspensions, 67 were given reprimands, 24 were admonished, 17 underwent counseling and two received "caution letters." Sen. Byron L. Dorgan (D-N.D.), noting that few employees were dismissed, questioned Richardson and Dolan on whether "we are dealing appropriately enough" with violators. They said the IRS would provide the committee with detailed information on how disciplinary judgements were made. Few details emerged at the hearing on how IRS regional employees created bogus refunds. An IRS investigative report released by the committee said that four employees are facing criminal prosecution. "In one case," the IRS report said, "an employee prepared over 200 fraudulent tax returns and monitored the refunds" on IRS computers. The report suggested that the fake refunds cost the government more than $300,000. In another case, "the employee used her position to input fraudulent adjustments and monitor the accounts of local taxpayers. She also prepared fraudulent returns, including returns for herself and her parents," the IRS report said. Dolan noted that the violations ranged from the serious to the benign, such as employees who were asked by neighbors for a favor: determine the status of their income tax refund. In answering questions, Richardson pointed out that IRS's internal audit staff had uncovered the information with the General Accounting Office. The IRS audit examined the Integrated Data Retrieval System, a database of taxpayer accounts used by 56,000 IRS workers nationwide. Richardson said the IRS is developing a "comprehensive review" of computer security issues that will improve the agency's ability to detect "inappropriate use." The IRS also is reviewing its high-risk operations, such as credit transfers amd taxpayer adjustments, in a renewed effort tp avert employee misconduct. Dolan said a review of the agency's most sensitive computer commands would be completed within the next six weeks. Richardson was a washington tax attorney before being selected earlier this year by President Clinton to run the IRS. Dolan, a career civil servant, was named deputy commissioner last year. 8<--------- End article ------------------- A old friend of mine sent me an e-mail this afternoon; it appears we see eye-to-eye on this entire fiasco -- and the dangerous role the government wants to play in the Information Age: 8<--------- forwarded message -------------- Subject: Clipper, escrows, and honesty. . . To: "fergp" <sytex.com!fergp> Saw your recent posting on SCI.CRYPT. I generally shun public postings in such an arena. . . . However, it occurred to me, with only a little bit of thought, that after the recent articles in the Washington Post regarding the employee's of the IRS browsing through friends, enemies, and famous folk's 1040's -- simply for kicks -- how would this be any different than an escrow key arrangment. Isn't it simply a given truth that if one man can view a personal secret of another, that he will be tempted? And let's face it, history proves that, more often than not, the "apple is bitten," ---- or at least "nibbled." No matter how you work it, there will always be a small group, perhaps even one, that will have access to your key. Just like that little girl that sits behind the faceless terminal can pull up my 1040 and run through the schedules to see what I won on and what I lost ---- and I'll never know that it even happened. Of course, until someone who shouldn't know does know, and perhaps at a cocktail party makes mention. . . . . Small potatoes. . . . but not if you're encrypting.. 8<---------- end forwarded mail ----------- Once again -- "Be afraid; be very afraid." Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp@sytex.com | - Thomas Paine, Common Sense I love my country, but I fear its government.