Watch CBS News
U.S.

Report: New IRS Computers Have Defects

/ CBS/AP

Add CBS News on Google

Two new IRS computer systems that will eventually cost taxpayers almost $2 billion are being put into service with known security and privacy vulnerabilities, a Treasury watchdog said in a report coming out Thursday.

The office of the Treasury Inspector General for Tax Administration said Internal Revenue Service officials failed to ensure that identified weaknesses had been addressed before putting the new systems into use.

Inspector General J. Russell George said it was "very troublesome" that the IRS "was aware of, and even self-identified, these weaknesses."

The report focused on the Customer Account Data Engine, which will provide the foundation for managing all taxpayer accounts, and the Account Management Services system, which will provide faster and improved access by employees to taxpayer account data.

Both systems are gradually being put into use. CADE, scheduled to cost more than $1 billion through 2012 to develop and operate, this year processed about 20 percent of the 142 billion returns filed. AMS, still in its initial stages, will cost more than $700 million to develop and maintain through 2024.

The IG report said the IRS organizations responsible for giving the go-ahead to partial deployment of the systems were aware of security and privacy problems but did not consider them significant.

But it said those vulnerabilities increased the risks that unscrupulous people could gain access to vast amounts of taxpayer information with little chance of detection and that systems could not be recovered effectively during an emergency.

It said administrators to the CADE system could access, modify and delete information without being detected, that contractors could make changes to system configurations without approval and that backup tapes from offsite storage facilities were not adequately tested to ensure that data would be restored without errors or losses.

The report said the CADE system might be vulnerable to malicious code attacks such as computer viruses.

Similarly, it said the auditing controls for the AMS system were not sufficient to make sure that illegal browsing, changes or theft of taxpayer files would be detected.

The report recommended that the committee in charge of approving implementation of new stages of the systems consider all security vulnerabilities before giving that approval and that interim measures be put in place when significant security problems have been identified. It said the IRS agreed with their recommendations.

© 2008 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

View CBS News In
CBS News App Open
Chrome Safari Continue