IRS Left Taxpayer Data Vulnerable and Lied About It

Bruce66423 writes with news that the IRS hasn't made much progress improving its poor IT security. From the article: "The Treasury Inspector General for Tax Administration found that the IRS had only partially implemented 42 percent of the corrective plans it checked off as completed in recent years. ... The review (PDF) showed that the IRS failed to properly track its progress toward completing many of the fixes auditors had recommended in recent years. The agency closed most of the cases without adequate documentation and did not always upload the necessary information into a database that helps ensure compliance."

Say it ain't so!

[amiga3D]

A Federal agency lying? Surely not.

Re:Say it ain't so!

[JustOK]

Here is your tax refund, sir.

Re:Say it ain't so!

[Bruce66423]

They are obviously only following the example of their boss Barak 'You will be able to keep you medical insurance policy period' Obama. Good to see they aren't showing their boss up now...

Re:Say it ain't so!

[Joining+Yet+Again]

Gentlemen, engage your confirmation biases.

Re:Say it ain't so!

Is it bias if its true?
How many occasions of complete government incompetence/corruption must exist before my bias of govermnet incompetence/corruption is no longer a bias and is instead fact?

Re:Say it ain't so!

[Joining+Yet+Again]

The US government - which in its current form has led the world's leading/only superpower for over a century - is "incompetent"? No, my friend. It might be miles from perfect. It might be partly corrupted by power and the powerful (though it experiences nothing like the corruption of some governments). It might fuck up royally from time to time. But, as an organisation, as a whole over time, it is as far from "incompetent" as any large organisation can hope to be.

And I say this as someone who doesn't think of the US government as particularly moral. I just think it's fucking good at what it does, which is why it's where it is, and my country is not.

Re:Say it ain't so!

Far fewer than have already happened.

The only means of preventing incompetence and corruption is the rigorous application of transparency and accountability. Those in power always resist this as much as possible, meaning those not in power must constantly demand and push for this.

Complacency is our enemy, eternal vigilance, and so on. Everyone already knows all this. It is very trite. And very true.

Re:Say it ain't so!

[Joining+Yet+Again]

Hear, hear! It is when everything looks like it's going right that you can be most sure that everything is going wrong.

Re:Say it ain't so!

If you think its true is it not a bias?

All human systems will have some level of incompetence and corruption. The question is whether the government is systemically incompetent and corrupt. It may or may not be, but the question can't be answered by anecdata.

Also, a belief in the inherent incompetence and corruption of government tends to support the agenda of other powerful interests which are themselves human systems subject to incompetence and corruption, so an unfounded bias against government competence is itself an example of incompetence and/or corruption on the part of the believer.

In conclusion, human behavior is a land of contrast. Thank you.

Re:Say it ain't so!

[smpoole7]

> The US government - which in its current form has led the world's leading/only superpower for over a century - is "incompetent?"

Yes. The fact that you can point to other governments that are worse don't make me feel any better. I can be shot by a bow and arrow or a .45, either way, it's really gonna hurt and I'll probably be dead. You could argue that the bow isn't quite as bad, but that's small consolation to the one being ventilated. (I.e., me.)

Any large organization will be corrupt. (That's the answer to those who inevitably -- invariably -- answer a post like this with, "but .. but ... big business is worse!") It is the nature of the beast. And if you then make it to where that large beast cannot easily purge itself of that incompetence, well, you really have a problem then.

That's where we're at now.

Only people who've never had to deal with the government OR a large business to resolve a problem think that either is competent. :)

Other side of the coin: I once had a problem with my state (Alabama) income tax. I was able to speak directly with the person who was working my case, by phone, and we ironed it out in short order. Problem solved.

There is no way I would attempt to do the same with the IRS without at least three lawyers and two CPAs behind me.

Re:Say it ain't so!

Actually we're coasting on top of what the govt did in the 60's and 70's.
Since then we've had fuckup after fuckup in charge and a massively wasteful system where no real work gets done. and no real challenger in the world either.

The cracks are really starting to show now.
If you're under 50 you're going to live to see the fall of the american empire.
Unless we pull our heads out of our wallets and get things fixed we're pretty much done.
Till then incompetent is being nice about it. We have that special kind of stupid that only middle layer paper pusher do nothings bring. We're ripe with them.

It's pretty damm funny in a sad way. Altho it would be alot funnier if i wasnt an american.

Re:Say it ain't so!

[Joining+Yet+Again]

The UK Inland Revenue was quite approachable IME before the past 5-10 years, when they merged with Customs and then gradually closed down all their walk-in offices. One can run a large organisation accessibly or inaccessibly - in the case of the British IR/HMRC, the present problem has been management consultants from private industry turning it into a callcentre-style service company.

A family friend was a commercial tax collector in England - it was her job to arrange payment plans for businesses which were unable to pay what they were owed, so they would not have to face bankruptcy. She was all but pushed out because she stubbornly held on to the Revenue's traditional spirit of strict, conscientious and fair dealing with taxpayers. Today it's all about slapdash target-driven money collection.

Re:Say it ain't so!

Does not mean that it is not true.

Re: Say it ain't so!

[O('_')O_Bush]

For 99.7% of Americans, what he said was correct. For the 0.3% of Americans that were paying for inadequate coverage, he was wrong. Since there are always exceptions to any claim, my threshold for lies is when it is less than 95% true (5% margin of error). By that standard, Barack is as honest as any politician has ever been.

And compared to "Let's invade Iraq to get WMDs" GWB, you can hardly fault Barack for there being a few outliers.

And Barack never made the claim absolute the way you have spun it.

Re:Say it ain't so!

[khallow]

The US government - which in its current form has led the world's leading/only superpower for over a century - is "incompetent"?

Of course. It's like you haven't been paying attention. The reason the US government is currently the world's leading/only superpower is because it scraps 15-20% of the GDP of the largest national economy in the world. You can buy a lot of graft with that kind of captive revenue stream and still have some left over for the services you're actually supposed to provide.

Re:Say it ain't so!

[khallow]

Actually we're coasting on top of what the govt did in the 60's and 70's.

And that would be? My view is that what the government did in that time, as well as since, is largely responsible for the mess now. For example, most of the problems with the big three living expenses which rise much faster than official inflation: higher education, health care, and housing, stem from government policies during this period.

It's also when the US started to get exposed to cheaper labor from the rest of the world. For example, the US got out of TV manufacture about then. As I see it, a lot of the complaints about the decline of the US come solely from this exposure to global labor competition. It's a basic principle of economics, increase the supply of something and the price for it goes down.

Re:Say it ain't so!

[smpoole7]

> The only means of preventing incompetence and corruption is the rigorous application of transparency and accountability.

And you're right, middle management in the US bureaucracy fights this tooth and nail. Their natural inclination is to go after the whistleblower for "rocking the boat."

Another true story: guy was a middle manager, had been there for years. Did virtually no work. Sat at his computer and played Solitaire for an hour or so, then went down and smoked his pipe for an hour or so. Came back up and played more Solitaire.

If his division manager tried to yell at him, he would just grin. He knew they'd never go to the trouble of firing him, and besides, he knew enough dirt on some of those who might try to do so, it would get ... messy. He didn't care.

I remember reading a quote from a Soviet defector years ago. He said that the KGB actually LIKED it when you had a few skeletons in the closet, because they'd have a way to control you. They hated an idealistic, squeaky-clean person.

I'd like to believe our government hasn't reached that point, but some of the stories I've heard honestly make me wonder.

Re: Say it ain't so!

[smpoole7]

> For the 0.3% of Americans that were paying for inadequate coverage ...

We're getting off topic here (I'm tired of Obamacare arguments myself), but according to the latest Congressional Budget Office figures, the eventual number who will lose plans because they don't meet ACA standards will be anywhere from 50-100 million. That's considerably more than .3%.

Provide a believable, authoritative cite for your figures.

Re: Say it ain't so!

"inadequate coverage" is a smoke screen.
Most of the millions of people who are losing their private/individual insurance were able to pay for their "inadequate" insurance. They are not able to pay for their new, "adequate coverage" insurance and will lose their insurance. (In insuring the uninsured, the ACA will create at least the same number of newly uninsured.

Why does "adequate insurance" include mammograms, birth control, pregnancy coverage for men? It seems to be a waste for men to pay for coverage that they will never use in an individual policy.

My individual plan paid 100% for my cochlear implant. The cost was over $64K. My individual plan paid all the costs with no deductibles--doctors, diagnosis, hospital, cochlear implant and hearing processor, audiology testing and therapy and ongoing tune-ups for the cochlear implant. The new plan has a deductible. I need a second cochlear implant and I can't afford to pay the deductible along with the increase in premiums.

These millions losing their individual policies doesn't even count the people who will lose their small business, large business, and retirement insurance policies. That number is predicted to be 90million (some predict higher but 90 million was the first number I saw).

By the way, Obama has confirmed around 30 times that "if you like your insurance plan, you can keep it. Period." I guess he mislead the voting population to get the votes he needed to win. It is just as much a lie to misdirection or misstate a thing if you don't promptly correct the misdirection or misstatement. He waited years even though the Main Stream Media has reported that he knew he was lying or misdirecting or misstating. (This is now common knowledge.)

Re:Say it ain't so!

[Joining+Yet+Again]

To you, the chicken came first.

To reality, eggs require chickens require eggs require chickens...

Re: Say it ain't so!

[aztracker1]

Well, we are still paying for troops in Iraq (not as much millitary, but paying for plenty of mercenary troops), and still have prisoners in gitmo.. but hey, promises mean nothing to a politician.

Re: Say it ain't so!

[Mashiki]

For 99.7% of Americans, what he said was correct. For the 0.3% of Americans that were paying for inadequate coverage, he was wrong.

Wow talk about spinning, I'm sure you can explain that to the 20-30m or so who've already lost their insurance, and if the estimates are accurate upto another 85m are going to lose theirs in the next 6 months.

And Barack never made the claim absolute the way you have spun it.

Really? "If you like your insurance you can keep it. Period." "If you like your doctor you can keep them. Period" Odd, those seem to be absolutes. Perhaps you should get away from the Media Matters and DNC talking points.

Re: Say it ain't so!

[amiga3D]

It's the most clear presidential lie since "Read my lips, no new taxes!" and of course "I did not have sex with that woman!" I'm just assume everything they say is a lie nowadays unless I can verify it with a reputable source. i.e. non-political group.

Re:Say it ain't so!

[khallow]

In reality, we have history to look at. Here, the US became an economic power well before its federal government grew to substantial size. The economy came before the government did.

Re:Say it ain't so!

Wrong. Government incompetence is simply covered up by the fact that they cannot be sued for any damages, but more importantly they have an extremely forgiving purse. When they fuck up and lose money, they just get more (sell bonds to the federal reserve that has an unlimited supply). It's still possible to fail in that environment, however it requires a lot higher level of incompetence. Give anyone an unlimited purse and put me above the law and they'll run a lasting business from that.

Re:Say it ain't so!

In reality, we have history to look at. Here, the US became an economic power well before its federal government grew to substantial size. The economy came before the government did.

Incorrect. The Gilded Age came after the Civil War, the event which triggered government expansion (perhaps unintentionally, as I'm sure Lincoln and the Republicans had all the best intentions, even if we may know what road that paves)

History also tells us that the colonists rebelled against Britain over less. I don't know what your definition of "substantial size" is, but it's certainly not one derived from looking at history.

Re: Say it ain't so!

if the estimates are accurate upto another 85m are going to lose theirs in the next 6 months.

Over 60% of Americans are going to lose their insurance in the next 6 months? I'm not sure how you can honestly believe that. Hopefully in 6 months you think back to today and think, "I was so totally wrong about that."

I've listened to the sob stories on talk radio and in the news paper about people who've "lost insurance". Every single one of them was getting an amazing deal. They have cancer or some insanely expensive disease. They don't want treatment. They want treatment at the best facilities in the country. Oh, and they want to get it by paying a 1/1000 of what they are getting out of the system. But guess what. They now need to pay 2/1000 of what they are pulling out if they insist on going to the best clinic they can find. I've yet to hear an "I lost my insurance" story that wasn't like that. I'm sure I will eventually, but seriously. With the old system, did everyone get to keep insurance that good forever or did they get cancelled? Because I remember lots and lots of stories of people who lost all insurance, not just access to the best of the best clinic.

Re:Say it ain't so!

[khallow]

The Gilded Age came after the Civil War, the event which triggered government expansion

But before the far larger expansions following the two world wars.

Jebus

The posts on that site are enough to give you an aneurysm.

Re:Jebus

[JustOK]

Good to see you're recovering knicely with no ill rafter-effects.

IRS only uses 'Privacy' to Avoid Transparency

[glennrrr]

It seems as though every time you here about the IRS invoking 'Taxpayer Privacy' it's to avoid having to admit the agency is doing something criminal.

Re:IRS only uses 'Privacy' to Avoid Transparency

[Joining+Yet+Again]

Yeah, "every time". Like the way I read about a few dozen murders in the paper every year so it seems like "every time" someone is in the papers, they are murdered.

Re: IRS only uses 'Privacy' to Avoid Transparency

Thank you JYA for being a voice of reason

Re:IRS only uses 'Privacy' to Avoid Transparency

[JBMcB]

So what other times do they invoke taxpayer privacy?

Re: IRS only uses 'Privacy' to Avoid Transparency

While I'm sure the IRS invokes privacy in a earnest way all the time, the examples that make it to the papers are of the form: 'The IRS would not comment on how the confidential donor list got leaked to the group's political enemies, citing taxpayer confidentiality. '

From the article

[BringsApples]

The IRS said in its response to the findings that it issued a new manual this year to help improve its monitoring practices and that the agency would audit completed actions in the future.

So, if I file the wrong kind of taxes, can I take the same sort of stance? "Yeah yeah, I know I filled out the form totally with the wrong numbers, and made it look like I needed a huge return, but I've purchased a new pen, and I've trained myself to better understand the form. So in the future, I will do better."

I'm tired of hearing so much wrong done by our governing body, and never hear of any repercussions.

Re:From the article

I'm tired of hearing so much wrong done by our governing body

Too bad. Here's more. "IRS Overpaid on Tax Credit for the Poor by Up to $13.6 Billion (in 2013)"

http://www.dailyfinance.com/2013/04/23/irs-overpaid-eitc-earned-income-tax-credit/

Re:From the article

well, actually, if you genuinely failed to understand the direction, caught it internally and submit an ammended return, yes, you can generally "get away with it", paying only accrued interest on the underpayment and no fine. Yes, I did that.

Re:From the article

I'm tired of hearing so much wrong done by our governing body, and never hear of any repercussions.

Have I got the solution for you - oh boy, you're going to love this one:
Whine about it on an online forum!
Preferably a niche forum, for example on a tech blog, or on a blog about a scifi or fantasy movie or series. Comic book forums are also a great place for this. Just post your generic aggravation statement there, and you'll find sensible people nodding and saying how smart you seem to be!

And if you put the following quote in your signature, everyone will know you mean business:
"It's action that counts, not words. And it's action we need. Action now!"

Consequences?

[JBMcB]

So the punishment for not securing taxpayer data is... nothing? So why bother fixing anything?

Re:Consequences?

[Joining+Yet+Again]

"Punishing" the IRS would be moving money from one part of government to another, and wouldn't fix anything.

Fines don't work. Prison doesn't work, except to protect future victims. Punishment in general does not fix behaviour. Values, not regulations.

Re:Consequences?

[JBMcB]

Fines? Prison? How about just firing those not doing their job?

Re:Consequences?

[ISoldat53]

Amen!

Re:Consequences?

[Joining+Yet+Again]

If it's clear that the IRS employees dishonestly or incompetently disobeyed the auditor's instructions then removing them makes sense. I wouldn't really identify that as a "punishment", though - that's just removing people who aren't doing their job. People are not fired as punishment. Indeed, from the IRS PoV it'd be a good opportunity to obtain better workers - again, assuming they demonstrated dishonesty/incompetence.

Re:Consequences?

My problem of this, is more self-fullfilling. Give me a few moments of your time...

In short, tax code is too bloated. Lawmakers are paid, err... lobbied by specific industry groups, to make sure it stays that way. IRS is also underfunded, and/or incompetent, and unable to do its due diligence with matters of taxation.

Now naturally, like everything else broken at the Government, first solution would be to throw more money at it. Here's the problem. You have an agency whose soul purpose is to collect money. They in turn, require more money to do that. I'm not saying there isn't a viable medium between those two elements, but it starts to become a self-propogating instution. 'We must fund it more, to get more monies from taxes'.

I know the same could be said for any 'regulatory' or legal agency or department, but the IRS seems like its singled because of its sole purpose. I won't get into diatribes concerning matters of Justice. That is its own mess of corruption.

Re:Consequences?

[jmac_the_man]

"Punishing" the IRS would be moving money from one part of government to another, and wouldn't fix anything.

You work, right? Unless you work for the government, there will be some kind of expectations set out for you. If you don't do your job properly, you can lose bonuses, get demoted, have to take paycuts, or eventually be dismissed for cause. That's how most jobs are. The parent poster is arguing for firing whoever made poor security decisions.

Values, not regulations.

The IRS is an organization that decided it didn't like a Supreme Court decision that limited its power and benefited people that its employees didn't like, so they used their powers as the nation's tax collectors to harass their political enemies. They have pretty shitty values, and heads should be rolling until we get people in there with better values. "Should" is the operative word here, as no one has actually been punished for this.

Re:Consequences?

[anegg]

Firing a US federal government worker? An unlikely outcome.

Re:Consequences?

[anegg]

As you imply, the IRS doesn't make the tax code - Congress does. In fact, if it weren't for the fact that the IRS is the enforcer of the US tax code, it would almost be possible to feel sorry for them. Congress can pass legislation right up to the end of the year. Within a very short period of time afterwards, the IRS has to have forms, instructions, and processing software ready to go that completely and correctly explains the consequences of the tax code, walks taxpayers through whatever byzantine provisions Congress has come up with, and then calculates taxes owed, refunds, etc. There are no boundaries on the wackiness of the tax code, and it sometimes seems like even the Congress critters don't really understand what the actual rules will be to enforce the tax code provisions.

Re:Consequences?

[Joining+Yet+Again]

Unless you work for the government...

Oh, grow up.

Re:Consequences?

[smpoole7]

> So the punishment for not securing taxpayer data is... nothing? So why bother fixing anything?

Exactly. It is very, very difficult to fire someone who works for the Federal Government. One case that I knew of: there was this woman in a wheelchair who pinched butts, stole things from the cafeteria (in plain sight, right in front of everyone) and did so little work they had to search for it with microscopes. True story. They had to apply to the regional office in Atlanta, have several hearings, go through several "counseling sessions," and finally, after about A YEAR ... this worthless piece of flotsam was terminated.

Then she sued them for discrimination and they were tied up for another year in court. She lost, of course, but it cost time and money.

Ergo: the strong inclination, when you have incompetents, is just to leave them in place. If they're doing too much damage, you try to transfer them to where they can't do as much harm. Barring that, if you think it'll work at all, you PROMOTE them. (Again: true stories. I'm not kidding.)

So ... now you end up with incompetents in middle management. The problem gets worse.

Rinse. Repeat until the entire building is like a M.A.S.H. episode, with a few who will actually do their jobs, and who can only stay sane by either taking drugs or joking about it incessantly.

(And in real life, by the way, if you're not careful, such "joking" will actually result in counseling and a reprimand.)

I am not kidding. There is no hyperbole in the above. Re-read it and let it nourish your brain. There's at least part of your answer.

(The other parts are so unpalatable -- such as outright nepotism and granting favors to friends and supporters -- that I shall spare you.)

Re:Consequences?

So the punishment for not securing taxpayer data is... nothing? So why bother fixing anything?

No, the fix is to give the government more money and more power. If everyone paid their fair share of taxes, things would be so much better with a bigger, more expensive government.

Right?

Re:Consequences?

[bill_mcgonigle]

So the punishment for not securing taxpayer data is... nothing? So why bother fixing anything?

Did you expect something otherwise? This is government, not ... anything else.

Incentives matter. In a monopoly government system, if you deem one to be necessary, due to the incentive problem that government should only be doing things that absolutely cannot be done by a non-monopoly actor, if for no other reason than the incentive issue.

A 'lean' government would find providers for each of the functions it wants done that it could fire if they did a bad job and have the very minimal number of employees immune to consequences. There's always the corruption problem, but at least public opinion is more strongly against corruption than incompetence.

Re:Consequences?

[GPierce]

At one time, there was a sensible reason for making it difficult to fire a federal employee. In theory, civil servants were not partisan and they were not supposed to be affected by the political ideologues who we appointed to run government agencies.

The ideologues were prevented from firing those who wanted to do a non-ideological job..

It worked for a while, but if you keep someone from being fired for political reasons, eventually they figure out that they can f#ck off on the job without penalty. I guess the powers that be decided that it was still better than a politicized civil service - or else they didn't notice or didn't give a damn..And today, we do have a politicized civil service. (Look and all the 'loyal bushies' in the Justice Department..

Re:Consequences?

[girlintraining]

Exactly. It is very, very difficult to fire someone who works for the Federal Government.

It's also very difficult for people to justify that the federal government works so radically different from that of a large corporation. Bureauacracies are the same on each side, with similar problems. I can't say a whole lot about what any individual will do in response to a given situation, but when you start talking about groups of 20 or more people, it becomes very predictable.

Firing people doesn't accomplish anything. This is a structural problem, and at that, not even the one under discussion. Anyone who's worked for a big business knows that a lot, if not the majority, of IT work doesn't get documented. A 42% compliance rate on paper looks terrible, but that is not reflective of what's actually going on. Many of those projects probably did get farther along than reported, but there's no documentation. This could just be some database only used by a small group of internal auditors. There's no way to assess what the actual compliance rate is without a full external audit, which hasn't been conducted.

But the low compliance rate does suggest a few things; For one, a lack of uniformity. The IRS is comprised of dozens to hundreds of departments, each with their own goals and priorities. Flat out it's a failure of leadership to have this many cooks in the kitchen -- every initiative, IT or otherwise, will suffer from a combination of the telephone game to endless meetings in which everyone has a voice and nobody takes concrete action. When you increase the number of people responsible for fixing something, individual responsibility falls correspondingly. If 5 people are responsible for something, they feel 20% responsible for the result. At 10, 10%, and so on. And there's a crucial threshold below which everyone's own sense of responsibility for the problem is so small that nobody does anything because they all feel somebody else will do it. This is the real structural problem at the IRS, not their compliancy rate.

Cut out large swaths of middle management in a big restructuring initiative and centralize your IT. Your compliancy rates will go up then, and there'll be less inconsistency between the departments. People charge millions to say this; I'm doing it for free. Twenty years in the business says you lead from the top down -- keep the management chain short and you'll be nimble and responsive. Make it long and unclear, and I'll charge you $2.50 for a small mirror -- so you can bend over and properly kiss your ass goodbye.

Re:Consequences?

[smpoole7]

> Flat out it's a failure of leadership to have this many cooks in the kitchen

And remember, when you're dealing with bureaucrats (and I fully agree that they're the same, private sector or government), they're covering their butts. They do everything by consensus and committee meeting. No one wants to stick his or her neck out.

So, for example, when they were designing the ACA Website: Even though I wasn't there and have no direct information on this, I would bet you any amount you want to name that I KNOW what happened. First, a committee got together and decided (after weeks and weeks of discussion) what the main page should look like. "We need a smiling face!" Then, they spent MORE weeks (if not months) vetting images and tweaking things just to make that smiling face appear as they thought it should. They would have suggested a zillion changes.

In this particular case, knowing how a government agency works, I can guess what happened at the IRS. Middle-to-upper management is judged primarily on case counts: how many cases they turn out. If there's a backlog, they get scolded. Since (as I noted elsewhere) there are many employees who don't do much work, the relatively few who do are pressured to turn out more and more cases. "Security" to them means, "do only as much as I have to to satisfy this hornet who is yelling at me. Just enough to make them go away. Whatever."

Re:Consequences?

[grep+-v+'.*'+*]

... as no one has actually been punished for this.

Punished? Of course they have -- they still work there, don't they?

(I was going to go for the "comfy Chair" line -- but, well, that just seemed as easy as shooting congressmen in a barrel. Waay too easy.)

Re:Consequences?

[jmac_the_man]

You're the one who said that it's impossible to punish government employees who screw up.

Re:Consequences?

[Joining+Yet+Again]

No, I indicated that it makes no sense to punish the government, then went on to describe that e.g. firing someone isn't punishing them. But, in general, punishing an employee doesn't make them work harder.

Anyway, I wouldn't work for any private firm which paid bonuses or cut pay according to performance in a particular role. I will do the best in any role I am given, and expect all my colleagues to do the same. If one of us genuine can't do the job, we shouldn't be in that position. I have never worked for the government.

FWIW, your sentence read:

Unless you work for the government, there will be some kind of expectations set out for you.

That's about expectations, not punishment.

Re:Consequences?

[jmac_the_man]

No, I indicated that it makes no sense to punish the government, then went on to describe that e.g. firing someone isn't punishing them. But, in general, punishing an employee doesn't make them work harder.

If you punish a government employee for breaking the law it makes it less likely that another government employee breaks the law.

Anyway, I wouldn't work for any private firm which paid bonuses or cut pay according to performance in a particular role.

That's fine, I guess. Most people are OK with performance incentives.

I will do the best in any role I am given, and expect all my colleagues to do the same.

I expect IRS employees not to break the law because they disagree with it, and not to stifle free speech because they disagree with the speaker but my standards are apparently too high.

FWIW, your sentence read:

Unless you work for the government, there will be some kind of expectations set out for you.

That's about expectations, not punishment.

Right. The next sentence is about what the punishment should be for breaking those expectations. THAT's the part about punishment

Re:Consequences?

[Joining+Yet+Again]

If you punish a government employee for breaking the law it makes it less likely that another government employee breaks the law.

Since AFAICT no individual has broken the law here - at worst they've broken an employment contract - "punishment" of an individual would have to be extra-legal.

Ofc we're going by the assumption that humans really do think "oh that guy's being punished for X so I should avoid X" rather than "that guy's being punished for X so I should be more sneaky when I do X", which - if the existence of crime is anything to go by - is how people actually think.

Re:Consequences?

[jmac_the_man]

Since AFAICT no individual has broken the law here...

OK, you're right here. Technically, they are violating federal regulations, not necessarily the law. I conflated the two concepts by using the label "illegal" to describe "violating federal regulations." I assure you, however, that the IRS punishes taxpayers for violating regulations passed by the executive branch in addition to laws passed by the judicial branch.

Ofc we're going by the assumption that humans really do think "oh that guy's being punished for X so I should avoid X" rather than "that guy's being punished for X so I should be more sneaky when I do X", which - if the existence of crime is anything to go by - is how people actually think.

I'm genuinely curious. If you're against giving people incentives to do the things you want, and against punishing people for doing the things you don't want, how do you propose getting people to follow rules?

It's real simple. I need to give the IRS documentation that they can use to find out how much tax I owe under the law. Since unscrupulous types can use some of that information to hurt me, the IRS has to make sure that nobody else gets access to that documentation. How do I know I can trust the IRS safeguard the information?
Right now the official answer is, "Well, depending on how they do it, revealing that information is a violation of federal laws and regulations. An IRS employee who is careless or malicious with the data is subject to termination, fines, and possibly imprisonment." (It's not true, but that's the official answer.)

;-o NO

This is truly astounding.. Amazing! Unbelievable.

Wrong angle

[lennier1]

It's just their way of streamlining the ways the NSA can grab off everyone's data.

Hey, I have an idea

[Kohath]

We should put these guys in charge of our health care!

Re:Hey, I have an idea

[naff89]

No, we should definitely leave it to for-profit corporations. Certainly they have our best interest in mind!

Re:Hey, I have an idea

Response #1: At least the corporations can get a website to work.

Response #2: Do you think the government has our best interests at heart?

Re:Hey, I have an idea

[Kohath]

If I don't like a private sector company, I just take my business elsewhere. If I try to do that with government, the government sends guys with guns to my house.

That word, "lying", stop using it

[davide+marney]

If you read the specifics, you'll find that there is plenty of leeway between what the auditors asked for (things like scanning for empty/default admin passwords, filing security audit reports in a central location, documenting that managers approved admin accounts, etc.) and what the IRS believed it had done to implement them.

If you ask me to implement something, I think I did so, and so I check that off as "completed", that is not lying.

This is more like a failed test case. The auditors are complaining that the IRS' implementation of their recommendations are insufficient.

Re:That word, "lying", stop using it

[Joining+Yet+Again]

Yeah but that sort of logic won't allow people to add a poorly understood event to their "LIST OF REASONS WHY IRS (AND GOV IN GENERAL) IS EVIL AND SHUD BE ELIMINATED".

We could be happy that government is so open that even the tax collectors are audited, and a public announcement is made when they are judged to have not complied sufficiently. If only everything was so well overseen. (and, no, I don't have a hard on for tax collectors, but half my family was brought under a dictatorship, so I know what it looks like when a government is not accountable.)

damn..

[Rhurazz12]

And here I thought that only Snowden does stuff like this!!

Just like in The Mikado

It's like this : when your
Majesty says, "Let a thing be done", it's
as good as done. Practically, it is done be
cause your Majesty's will is law. Your Majesty
says "Kill a gentleman", and a gentleman
is told off to be killed. Consequently,
that gentleman is as good as dead. Practically
he is dead and if he is dead, why not say so?

Re:Just like in The Mikado

[Joining+Yet+Again]

But consider that the Mikado also said

Three little maids from school are we
Pert as a school-girl well can be
Filled to the brim with girlish glee
Three little maids from school

Everything is a source of fun
Nobody's safe, for we care for none
Life is a joke that's just begun
Three little maids from school

Three little maids who, all unwary
Come from a ladies' seminary
Freed from its genius tutelary
Three little maids from school
Three little maids from school

One little maid is a bride, Yum-Yum
Two little maids in attendance come
Three little maids is the total sum
Three little maids from school
Three little maids from school

From three little maids take one away
Two little maids remain, and they
Won't have to wait very long, they say
Three little maids from school
Three little maids from school

Three little maids who, all unwary
Come from a ladies' seminary
Freed from its genius tutelary
Three little maids from school
Three little maids from school

wat

and so what

are you going to do about? seriously? well, i have your answer: nothing!

sincerely,

The IRS

That phrase, "inadequate documentation", read it

If you ask me to implement something, I think I did so, and so I check that off as "completed", that is not lying.

It *is* "inadequate documentation" however. Simply saying "completed" means that no one but you knows what was actually implemented because no one but you knows what you thought you were asked to do. The correct documentation in response to every item on a Corrective Action Plan is an actual list of what you did.

Imagine if the only written documentation from a doctor visit was "treated" or if a kid tried to turn in homework where the only thing written on the answer paper was "completed". The IRS gave a "go away" response to the audit actions because they didn't feel the things listed in the audit needed fixing. I've been on a recipient of those audit action plans and I understand that *some* of the actions listed are there mostly as CYA for the auditors, but the professional will write down an audit response that clearly identifies what you decided made actual risk vs cost sense and choose to do.

That settles it

[frovingslosh]

If they are going to be that way with my private data, I'm going to stop using their service.

Larger context

[Shoten]

What is the case at the IRS is actually true pretty much across the board at civilian federal agencies. The problem is FISMA, which is more about ridiculously long reports of checklists about what is in an environment than about any meaningful security approach. The worst part of it, however, is the compliance reporting which is so odious and operose that it actually gets in the way of getting anything changed. (That reporting is the "things we said we do to protect information" part of this story.) So much manpower (or, if consultants are used, money) goes into reporting on security that it significantly drains away those resources from efforts to improve things. So, you can either continuously report a fairly static state of affairs or skimp on the accuracy of the reporting and try to fix things. But, as with all unintended consequences, there is another road...just become so discouraged that you stop giving a shit and just fudge it. Obviously, that third path isn't uncommon among federal workers in many things, not just IT security.

Re:That phrase, "inadequate documentation", read i

[davide+marney]

Point well taken

The real problem...

[ai4px]

....is why is my SSN worth so much? My SSN should only have one purpose and that's pretty irrelevant to ID thieves.

NSA Pays IRS For Access And Data

NSA payed Tim Cook, CEO Apple Inc., 10,000 prostitutes in Bangalor!

Tim Cook, promptly ordered the killing of the prostitutes (Building Collapse).

Both side happy.

QED