The IRS is giving Americans’ tax refunds to criminal imposters, and until recently its website was spilling your information to identity thieves.
Why can’t the IRS protect you? It depends on who you ask.
Either the IRS is too broke to guard your data. Or it’s not spending its $10.9 billion budget the right way.
Let’s consider the first option. The IRS says it’s underfunded. Republicans in Congress have slashed the IRS budget for five years straight — the same politicians who now criticize the IRS for not having better security.
The agency has 10% less money and 13,300 fewer employees than it did in 2010 — but it handles a bigger workload than ever.
It processes 7 million more individual income tax returns. Plus, Obamacare is a huge project at the IRS, forcing it to shift employees and money to coordinate information-sharing with state health exchanges. Last year, the IRS spent $252 million on just the tech and computer side of Obamacare — but got no additional funding to pull off the task.
The result? Its ability to protect its computers and website has suffered.
While companies and government agencies boost their computer security, the IRS has dialed it back. A CNNMoney review of government records found the IRS spent $10 million less on cybersecurity in 2014 than the previous year. And since 2011, its 410-person cybersecurity team — in charge of guarding the entire nation’s tax records — has been cut down to 363 people.
And that’s just the tip of the iceberg.
The IRS still uses Windows XP, which is dangerously outdated, exposed to hackers and no longer supported by Microsoft. IRS Commissioner John Koskinen has said it still uses some tech from the days of the Kennedy administration. Its 19-year-old fraud-catching software is antiquated and ineffective. A project to replace it is severely delayed.
In a speech about budget cuts last year, Koskinen said: “This compromises the stability and reliability of our information systems, and leaves us open to more system failures and potential security breaches.”
In testimony before the U.S. Senate last year, Koskinen admitted the IRS can’t keep up with identity thieves. Imposters file taxes in your name, grab your tax refund, and get away with it. There aren’t enough IRS employees to deal with the flood of phone calls, so it takes six months or more to clear it up.
Even an independent oversight board said the IRS needed $136 million more this year to deal with these tech problems. Instead, Congress cut the IRS budget by $600 million.
The IRS is being punished. House Republicans say so themselves.
In an April 22 report, Republican politicians on the House Ways and Means Committee said they keep choking the IRS to make it pay for unfairly targeting Tea Party and right-wing groups, hosting “extravagant conferences” in the past, and being so wasteful on government projects.
For example, that unfinished and overdue fraud-catching software project is $86 million overbudget, say investigators at the Government Accountability Office. Even the early-stage version that was supposed to be working by 2012 still isn’t up and running in 2015.
But Republicans argue that IRS isn’t really short on money. It’s just bad at spending it correctly. As evidence, they point out that the IRS made Obamacare work — but it still can’t find the money within last year’s $2.5 billion tech budget to swap out old computers and improve its cybersecurity.
But some at the IRS tell CNNMoney it’s not just a matter of budget versus priorities. It’s insanely difficult to create programs to stop fraudsters.
Consider the current IRS pilot program to give Americans special PINs. This six-digit passcode makes it harder for a fraudster to file in your name. Currently, this PIN is only available to tax fraud victims and residents of Florida, Georgia and Washington. But many people lose their PINs. If the program went nationwide, the IRS would be inundated with millions of phone calls it can’t answer.
Whatever the reasons for the IRS failure are, the Senate Finance Committee on Tuesday will hold a hearing to try to figure out why the IRS website failed to stop fraudsters from accessing 104,000 Americans’ tax documents.
The one thing everyone agrees on, though: Americans are worse off right now.