- Related Stories
-
Senators target Net, phone taxes
June 28, 2006 -
The politics of tech's tax breaks
May 1, 2006 -
IRS to search PayPal records for tax evaders
April 13, 2006 -
The tax man cometh after iTunes
April 13, 2006 -
States push to tax Net shopping
April 12, 2006 -
Congress proposes tax on all Net, data connections
January 28, 2005 -
Unnoticed fee could raise Net domain costs
December 16, 2004 -
States push for piece of online sales
April 9, 2004 -
The Massachusetts Internet tax mystery
November 10, 2003
But critics are wondering if the legislation will adequately protect Americans' security and privacy, and whether it's necessary for the IRS to regulate software developers.
At issue are a handful of sections of a massive tax bill--the summary alone is 151 pages--that the Senate Finance Committee approved last week.
One section lets the IRS use the Internet to let Americans know that they're owed tax refunds. Another directs the IRS to regulate any programmer who "develops software that is used to prepare or file a tax return"; the third eliminates privacy safeguards when the IRS opens confidential tax records to the FBI and other police agencies.
If the IRS chooses to use e-mail to alert taxpayers to potential refunds, that could cause problems, technologists warn.
"The preponderance of phishing attempts that involve the IRS is so high that it would be shortsighted for them to think that they could overcome what has obviously been something that has built up over time," said Ron O'Brien, a senior security consultant with the computer security firm Sophos. "People will have to unlearn that which they have already learned."
Scam artists last year began sending phishing e-mails (messages that try to trick the recipient into typing in personal information) purporting to be from the IRS and offering tax refunds. This phishing trick resurfaced during the Independence Day weekend, Sophos says.
At the moment, the IRS rarely uses e-mail to contact individual taxpayers. IRS spokeswoman Michelle Lamishaw said Wednesday that "I don't know what our plans are for potentially changing that process" and declined to comment on the Senate legislation.
Under existing law, the tax agency can use the "press or other media" to deliver such notifications, but it has interpreted the 1976 statute to exclude the Internet. Without the changes proposed by the Senate, the IRS claims it cannot use the Web or e-mail to contact taxpayers about refunds that they're owed.
Awaiting actual text
Complicating the situation is the Senate committee's unusual step of voting on a summary of the tax bill (click for PDF)--but not on the actual text, which has yet to be written. That means the final wording of the legislation is still up in the air, even though it's awaiting a floor vote.
A representative of the Senate Finance Committee, chaired by Republican Sen. Charles Grassley of Iowa, said the drafting process is expected to take a few weeks.
Another concern is that legitimate e-mail from the IRS would be flagged as junk e-mail and never delivered. "E-mail is not an authoritative protocol and should never be used to deliver information of importance by itself," said Lance James, chief scientist for Secure Science Corp. and author of a book called "Phishing Exposed." "I hope that if it's caught in spam filters, the IRS would send a letter to back it up."
If the IRS chose to set up a Web site instead of relying on e-mail, other problems could arise. "If the site has vulnerabilities, such as cross-site scripting, or in general just some way that a hacker can get in, then he can use that list to phish," James said. (The bill's summary says that the IRS may use the Internet to disclose a taxpayer's name, and the city state, and ZIP code of the taxpayer's mailing address.)
See more CNET content tagged:
tax, phishing, legislation, summary, Sophos Plc.
"One section lets the IRS use the Internet to let Americans know that they're owed tax refunds. Another directs the IRS to regulate any programmer who "develops software that is used to prepare or file a tax return"; a third lets the IRS open confidential tax records to the FBI and other police without maintaining logs of who saw what information."
One of these things is not like the other
One of these thigns just doesn't belong
Did you spot it? Use the mighty WAN refered to as the interweb for communications; novel, but it just might work. Regulate production of software relating to taxes; I kinda thought that might be done already. REMOVE security put inplace to protect the (inocent until proven guilty) public's information collected through tax processes; What? How does this benifit the tax payer? How (in a world where data machines are the new cool toy) exactly is it just too gosh-golly much work to require a supena (spelling?), maintain a sign-in log and afterward destory printed copy? Perhaps this would be too much to ask if the NSA was going to audit every citizen. After all, that means recording evidence that the No Such Agency exists and operates with the understanding that everyone is guilty until proven inocent.
But we know how this plays out in the end; it's for the good of the nation. No, how about to support the war on child abuse. Wait, sorry, now it's to support the war on terrorism.
But still the nagging questions:
Why does the FBI need unfetted access to tax payers information?
Why is it too much to ask that their reasons be reviewed by a judge?
Why is it too much to ask that a log be kept of who looked at information on whom?
As for the IRS plan to use the internet; I'm surprised they hadn't caught on to this whole "interweb" thing earlier. Sure anyone who's been online for more than a minute is going to be suspicious of any email refering to money and rightly so. Encrypted email would be nice and soon enough will become the norm but currently the number of people who bother to or understand encrypting of email is pretty small. Email obviously would have to be done in such a way as not too include personal information (banks seem to do it well enough) and too be backed up with mailed documents. The webserver idea should be easier to implement since any server going online today has the same security threats as a publicly accessed IRS server would; hire a good admin and research the best apps and config practices.
"One section lets the IRS use the Internet to let Americans know that they're owed tax refunds. Another directs the IRS to regulate any programmer who "develops software that is used to prepare or file a tax return"; a third lets the IRS open confidential tax records to the FBI and other police without maintaining logs of who saw what information."
One of these things is not like the other
One of these thigns just doesn't belong
Did you spot it? Use the mighty WAN refered to as the interweb for communications; novel, but it just might work. Regulate production of software relating to taxes; I kinda thought that might be done already. REMOVE security put inplace to protect the (inocent until proven guilty) public's information collected through tax processes; What? How does this benifit the tax payer? How (in a world where data machines are the new cool toy) exactly is it just too gosh-golly much work to require a supena (spelling?), maintain a sign-in log and afterward destory printed copy? Perhaps this would be too much to ask if the NSA was going to audit every citizen. After all, that means recording evidence that the No Such Agency exists and operates with the understanding that everyone is guilty until proven inocent.
But we know how this plays out in the end; it's for the good of the nation. No, how about to support the war on child abuse. Wait, sorry, now it's to support the war on terrorism.
But still the nagging questions:
Why does the FBI need unfetted access to tax payers information?
Why is it too much to ask that their reasons be reviewed by a judge?
Why is it too much to ask that a log be kept of who looked at information on whom?
As for the IRS plan to use the internet; I'm surprised they hadn't caught on to this whole "interweb" thing earlier. Sure anyone who's been online for more than a minute is going to be suspicious of any email refering to money and rightly so. Encrypted email would be nice and soon enough will become the norm but currently the number of people who bother to or understand encrypting of email is pretty small. Email obviously would have to be done in such a way as not too include personal information (banks seem to do it well enough) and too be backed up with mailed documents. The webserver idea should be easier to implement since any server going online today has the same security threats as a publicly accessed IRS server would; hire a good admin and research the best apps and config practices.
Let me send all the employees of the federal government a message: You are a bureaucrat. NOthing you do is so important that, if not done my 5:00 PM, cannot wait until the morrow. Neither you, nor your work, are important enough to potentially jeopardize even one citizen's personal information.
Understand?
Let me send all the employees of the federal government a message: You are a bureaucrat. NOthing you do is so important that, if not done my 5:00 PM, cannot wait until the morrow. Neither you, nor your work, are important enough to potentially jeopardize even one citizen's personal information.
Understand?
Smart people learn from their own mistakes.
Intelligent people learn from other's mistakes.
That said... the IRS is definately DUMB!!!
Nuff said. (* GRIN *)
FWIW
Smart people learn from their own mistakes.
Intelligent people learn from other's mistakes.
That said... the IRS is definately DUMB!!!
Nuff said. (* GRIN *)
FWIW
pushing to watch Internet habits and reading personal emails?
Why would would privacy even be a concern at this pint.
- Privacy concerns?
- by richtestani July 9, 2006 8:57 AM PDT
- This is the same government who is wiretapping their citezens, is
- Reply to this comment
-
(14 Comments)pushing to watch Internet habits and reading personal emails?
Why would would privacy even be a concern at this pint.