IRS sets timetable for encrypting tax returns

The IRS will require professional tax preparers, software vendors and third-party transmitters to use approved encryption methods when sending individual and business tax return information over dedicated lines, beginning in 2005.

Encrypting the transmissions between trading partners and the IRS will complete the existing security provided by the trading partners' systems and by the IRS security zone, the IRS said in a notice in Monday's Federal Register. The encryption options strengthen the security of financial information as it travels over software vendors' and third-party transmitters' dedicated lines to the IRS. Previously, taxpayer information could be encrypted over dedicated lines but was unlocked before it entered IRS systems.

Beginning with the 2005 filing season, trading partners will need, at minimum, a 128-bit Federal Information Processing Standard encryption method to transmit tax information. With encryption written into tax software packages, professional tax preparers also will have the option to transmit directly to the IRS via the Internet or through their software vendors.

At the same time, the IRS will begin to phase out support of non-encrypted transmissions by dedicated or dial-up links. Tax practitioners currently send return information either directly to the IRS over dial-up links or to the software vendors whose tax programs they use. The vendors or third-party transmitters send the taxpayer information over dedicated lines in batches to the IRS.

The IRS will publish the required software standards by March 31 and the URL for the secure Web service model by July 31. It also plans to make a secure Web test facility available to registered users by July 31 and establish a production Assurance Testing facility for the secure Web method by Nov.1.

The IRS encourages e-file transmitters to begin using one or both of the two new encryption methods by Nov. 1.

During 2005, the IRS plans to reduce the number of its existing analog, dial-up line services and ISDN dial-up line services, and discontinue them completely Nov. 30, 2005.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group