taxpayer data security

IRS told to better protect taxpayer identities

A new law, signed into law by President Donald Trump July 1, will put into play a number tools to help the IRS shore up online authentication and prevent tax-related identity theft.

The Taxpayer First Act would create a new Identity Protection Personal Identification Number that could eventually replace Social Security numbers. For years, officials at IRS and Treasury have complained that Social Security numbers no longer serve as viable markers to authenticate a taxpayer's identity.

The new identity PINs will not immediately supplant Social Security numbers, as they would only be issued to taxpayers who request one, and the department won't have to make them available to every American until 2024. The new law also creates a single point of contact at the IRS for victims of tax-related identity theft.

The government is largely moving away from such "knowledge-based" verification practices. A Government Accountability Office report released in June found that large-scale data breaches like the 2017 Equifax hack have made Social Security numbers and other signifiers so prevalent on the black market that they are essentially useless for authentication.

The agency was also given authority to create an Information Sharing and Analysis Center that would be focused on curbing identity theft and return fraud. The center would be permitted to share return information with specific members in certain instances for cybersecurity purposes and to prevent identity theft. However, the law intends for such information to be closely guarded, and cabinet officials must conduct on-site reviews every three years or at the mid-contract point for every contractor at their agency that would have access to such information to ensure they're complying with necessary security requirements.

Adequate funding remains a concern after a decade of budget cuts have hollowed out IRS' personnel and enforcement capabilities. The Professional Managers Association, a national membership association representing non-bargaining unit federal employees, praised the law's provisions on IT modernization but warned it could all be for naught if "a lack of adequate funds and ongoing continuing resolutions prevent the hiring and training of well qualified personnel to carry out the agency's mission."

"While we thank lawmakers for their dedication to IRS reform and modernization, we hope they will acknowledge funding disparities which may prevent this important mission from being carried out effectively," the organization said in a statement reacting to the new law.

A longer version of this article was first posted to FCW, a sibling site to GCN.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected