IRS to rein in unapproved PDA use

The IRS has more than 2,000 unapproved personal digital assistants that can connect to the tax agency's network, which could allow loss or theft of sensitive information, such as taxpayer data, the Treasury Inspector General for Tax Administration said.

The IRS purchased 427 PDAs for key personnel who would be involved in continuity of operations during an emergency. The CIO's office approved those PDAs, which can encrypt data for security, the IG said in a report last week.

But IRS business units could not account for the unapproved PDAs, which managers and employees use while traveling. So the Treasury IG located the PDAs by scanning the network to identify computers depicting PDA synchronization software.

The business units did not provide employees with guidance on how to use the handhelds in a secure manner. A few IRS employees and contractors had connected their personal PDAs to the IRS network and had installed their own synchronization software onto IRS computers, the report said.

'When synchronized to a network computer, the PDAs provide a back door into the network and bypass many of the existing security detection controls,' said Gordon Milbourn III, Treasury's acting deputy inspector general for audit. In general, employees were not aware of the sensitivity of the information they had placed on their PDAs, he said.

Earlier this month, IRS CIO Todd Grams told the IG's office that 'it was clear that we must take a more aggressive approach to the management of PDAs.' Grams will select a security package with password and encryption capabilities and establish a process for removing or replacing existing PDAs that are not certified.

The IRS will also inventory all PDAs in use and scan the network to confirm that connected PDAs comply with security controls. IRS will remove unauthorized synchronization software from networked computers.

IRS' Assurance Programs director has incorporated PDA training into the annual security awareness program beginning last month. The office will coordinate with procurement offices to remind contractors that they cannot connect personal equipment to the IRS network.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected