IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.

Wise move

[XXongo]

Changing a system that's insecure seems like a good thing to do.

Nice to see the IRS doing something smart, contrary to all stereotypes and expectations.

Re:Wise move

Leave it to the IRS to choose the option that would save them the most money.

Re:Wise move

[Calydor]

Government agency spends more money than they have to. People complain.
Government agency saves money. People complain.

This is called a lose-lose situation.

Re:Wise move

[pete6677]

That's because whenever a government agency decides to "save money" they do so in the dumbest possible way, which almost always costs them more later. Not that corporations never do this, but with government bureaucracies they seem to be a special kind of stupid.

Re:Wise move

[eric_harris_76]

One way out: have less government.

Then people will bitch about the Wal-Mart or FedEx store or whatever.

Hold Tme Accountable

I don't care who they are, they need to be held accountable for their terrible security posture and crap decision making (PINs are being generated by attackers? It's cool, it's only a small percentage of taxpayers.)

Re:Hold Tme Accountable

The IRS has wonderful security measures... They have the best military weapons that taxpayers money can buy, and lots of it.

Re: Hold Tme Accountable

They did get Al Capone....

in before

Some neck beard has to make a comment about PIN numbers!

Re:in before

Some neck beard has to make a comment about PIN numbers!

I've always been curious about the epithet. People have beards just on their necks? That's odd, but why should we care?

It's like "mouth breather"-- we care about whether people breathe through their nose or their mouth or both? Why?

Re:in before

[itsenrique]

Especially "neck beard" doesn't have the same sting to it since full beards are in fashion. Thin, wispy beards are 10 years ago.

Re:in before

Because much like the term 'redneck', 'neckbeard' has little to do with it's literal meaning. Same thing with mouthbreather. If you're social skills are lacking and you can't grasp the nuance of language, you might be one of the 'neckbeards' we're referring to.

Re: in before

I tip my fedora and applaud your speediness in correcting this error, m'lady!

Re:in before

they are? or is this some misguided, once-again-lack-of-originality by a younger generation that has no real self-identity, so must regurgitate what's already been done.

Re:in before

[AmazingRuss]

This should clear things up: http://www.neckbeard-news.com/

Re: in before

News flash: everything has been done before.

Re:in before

[TechyImmigrant]

Some neck beard has to make a comment about PIN numbers!

No beard here, but I an a crypto/security type person.

The PIN codes are very low entropy. They don't give the option for a nice high-entropy long password that you can keep in you password manager. So it's no surprise that there are automated attacks.

Re:in before

It's like "mouth breather"-- we care about whether people breathe through their nose or their mouth or both? Why?

Because mouth breathers are proof that evolution is an imperfect process and their existence is an insult to Humanity.

Re: in before

Or they have a deviated septum...

LOL

I'm still LOLing at the Europeans even today, most of whom are mourning the first of many nations to leave the EU. It's a matter of time before the rest of the EU fails, too. I'm so thankful for being a Canadian, because we are smarter and better than the Europeans and Americans. Unlike the United States and most of Europe, Canada is not a failed state. Look for Canada to become the dominant power as China sinks deeper into recession, the United States spirals downward in decay, and the EU breaks apart at the seams.

Re:LOL

[BlueStrat]

I'm still LOLing at the Europeans even today, most of whom are mourning the first of many nations to leave the EU. It's a matter of time before the rest of the EU fails, too. I'm so thankful for being a Canadian, because we are smarter and better than the Europeans and Americans. Unlike the United States and most of Europe, Canada is not a failed state. Look for Canada to become the dominant power as China sinks deeper into recession, the United States spirals downward in decay, and the EU breaks apart at the seams.

You'd better hope the US doesn't decay too much or too far. One of the hallmarks of failed republics is to become an aggressor-state to prop up the failing system, and Canada would be a tempting and convenient target for US annexation and subsequent plundering of it's wealth and resources.

The US has the very real potential to become the greatest threat to the world since Nazi Germany if it goes full-fascist/socialist-oligarchy, which is a distinct possibility if/when the US economy and currency collapses, particularly if there's a 'cult of personality' populist-demagogue type of leader like Trump in charge at the time.

Strat

Re:LOL

Hey Nanook! Go buy yourself a sunlamp, and put it under the truck so you can start it up in the morning.

There's more ice in your brain than there is in the Article Ocean.

Re:LOL

[ArmoredDragon]

You'd better hope the US doesn't decay too much or too far. One of the hallmarks of failed republics is to become an aggressor-state to prop up the failing system, and Canada would be a tempting and convenient target for US annexation and subsequent plundering of it's wealth and resources.

Hmm...No, I think we already have plenty of maple syrup.

The US has the very real potential to become the greatest threat to the world since Nazi Germany if it goes full-fascist/socialist-oligarchy, which is a distinct possibility if/when the US economy and currency collapses, particularly if there's a 'cult of personality' populist-demagogue type of leader like Trump in charge at the time.

That's quite an if. Europe is much closer to that than the US is. Hell, in the bugger EU nations some 25% of their voters vote for actual self proclaimed fascists. And for all of the things you can say about Trump, fascist just doesn't fit at all. Sure, he's a loudmouth blowhard, and some people think that makes him dangerous, but it really doesn't.

Re:LOL

[WinstonWolfIT]

Canada population 35 mil and no military. Right...

Re:LOL

[MillionthMonkey]

Canada population 35 mil and no military. Right...

Canada gets invaded by forest fires, not countries. What's wrong with not having to spend money on a military? We send $2000 per capita to the Pentagon. I could buy an AR-15 every six months with that kind of money.

Now if Trump wins, he might tell Canada "we're tired of wasting money defending you" etc. In that case their military expenditures might go up. Even so, if that happens I'm going to find some Canadian to marry and so is my wife.

Re:LOL

[tsotha]

We don't spend money defending Canada. The US does maintain radar installations to pick up Russian missiles streaking over the pole, but that's not for Canada's benefit. Canada doesn't spend much on its military because there isn't any need - they maintain friendly relations with the US and everybody else is too far away.

I would add it is a decision which could be revisited should conditions warrant. At the end of WW II Canada had the third most powerful navy in the world, behind the US and the UK.

Re:LOL

Just wait for that Operation Greenland, or Northern Expansion. The game publishers have yet to address those scenarios. Call of Duty, where have you gone?

Re:LOL

No, what makes Trump dangerous is that nobody knows what his actual agenda is for his presidency, because nobody sane can believe the constant stream of lies he's spewing. That suggests to me that his agenda is something that would not get him elected if people actually knew anything about it.

Captcha: Damning

Re:LOL

[ArmoredDragon]

No, what makes Trump dangerous is that nobody knows what his actual agenda is for his presidency, because nobody sane can believe the constant stream of lies he's spewing. That suggests to me that his agenda is something that would not get him elected if people actually knew anything about it.

Captcha: Damning

It really doesn't matter what kind of "agenda" he has. This isn't a communist country; the president doesn't have unlimited power.

LOL

I'm still LOLing at the Europeans even today, most of whom are mourning the first of many nations to leave the EU. It's a matter of time before the rest of the EU fails, too. I'm so thankful for being a Canadian, because we are smarter and better than the Europeans and Americans. Unlike the United States and most of Europe, Canada is not a failed state. Look for Canada to become the dominant power as China sinks deeper into recession, the United States spirals downward in decay, and the EU breaks apart at the seams. Also, in Canada, we have a properly functioning taxation system, thank you very much. And we're also not in a massive amount of debt.

Crazy question

Wouldn't filing dozens/hundreds of fraudulent returns with the wrong PIN be pretty easy to spot? While attackers may be able to mask their location/identity through various means they can't mask which account they're trying to penetrate, just lock down an account if too many wrong PINS are used with a decent amount of other information that is correct (SSN, name, etc). This should prevent fraudulent access while limiting the ability of attackers to try to lock-down the entire system by spamming it.

Re:Crazy question

[guruevi]

You have a quarter billion (more if you include business) tax returns, most PIN being the birth year of the individual (common practice amongst accountants) or something equally stupid (1234, 0000). Since it is only used once a year, most people don't use a custom PIN like a bank card.

Re:Crazy question

I don't think so. The last few years when I filed taxes, my PIN appeared to be basically random. Not only that, but I never knew what it was - I just went to an IRS link, typed in my SSN and last year's gross income, and boom, they gave me the PIN. It's frankly harder for me to sign into my bank account than that. Now I'm shocked A) That it really was that ludicrously unsecure, and B) next year I will have to do something undoubtedly more time-consuming and anxiety-inducing, but probably just as insecure.

Re:Crazy question

[ShanghaiBill]

most PIN being the birth year of the individual ... or something equally stupid (1234, 0000)

I was not given an option to select a PIN. It was randomly generated by the IRS. And it was five digits, not four.

Obvious solution: Since the numbers are random, people are going to record them anyway, so just add extra digits. Make it 10 digits instead of 5, and the problem is basically solved.

Re:Crazy question

[93+Escort+Wagon]

I was not given an option to select a PIN. It was randomly generated by the IRS.

Interesting. When I've filed electronically the last five years or so, I've been instructed to self-select a PIN. For most of those years I was using TaxAct.com - but even this year, when I used freefillableforms.com, I also selected my own PIN.

Re:Crazy question

[ShanghaiBill]

I used TurboTax. So maybe the PIN was from Intuit, rather than the IRS.

Re:Crazy question

The tax software I use let me pick it. I admit I haven't changed it in years though - I use my zip code when I was a kid for my pin, and my wife's childhood zip code for hers. Neither of us live anywhere close to those locations but they aren't numbers we're going to forget, yet there's no records tying us directly to those locations since we were little kids at the time.

What Are Words For

when no one listens anymore?

You will be hacked and cracked and fiddled about. Hide, or sit back and relax and accept it.

Re:What Are Words For

I think I'll dye my hair blue.

Re:What Are Words For

Nobody gets it? Punk band from the 80s with a blond in a bikini.

All this crap...

[Ecuador]

All this crap just because tax preparation companies throw lobbying money to keep the current system. Most Americans would not need to actually file for taxes, the IRS already has all the data it needs, but noooo we have to keep an obsolete industry going no matter the cost...

Re:All this crap...

What's obsolete is any US citizen having to file federal taxes in the first place. Change it to a system of state income, state sales, and/or state property taxes. Each state can choose their system. The counties and states collect the revenue, and they pay the feds.

You should only have to deal with your local taxing authority where you actually live, not some unaccountable bureaucrats in DC. The states created the fed, let them deal with the consequences of that action.

Re:All this crap...

Just shut the fuck up with this libertarian caveman bullshit or whatever you think this is.

The 16th Amendment was passed explicitly to allow this central taxation: "The Congress shall have power to lay and collect taxes on incomes, from whatever source derived, without apportionment among the several States, and without regard to any census or enumeration."

https://en.wikipedia.org/wiki/Sixteenth_Amendment_to_the_United_States_Constitution

Re:All this crap...

an amendment can be created, and can also be repealed. they're not the fucking ten commandments and inviolate. one can also hope you 'murkins will eventually smarten up and repeal your silly 2nd too. there isn't a single event thats been prevented due to its existence, but there sure as fuck has been a lot of unnecessary deaths due to it.

Re:All this crap...

Well, to be fair, the amendment should be repealed. The federal government should only collect taxes from and regulate the states, not individuals. But if we are going to delegate authority, we should demand some service. The IRS has all the paperwork at their fingertips. Let's make them fill it out.

Re: All this crap...

Yes and no. But our tax system in the US is just out of date on every level. Even as a method for political policy - like promoting energy policy with tax credits, deductions and what have you.

With the advent of helicopter money and QEs, those all are just an unnecessary burden.

Re:All this crap...

The 14th is what gave the Federal government direct citizens that it could rule and tax as it's leisure; it converted the states into corporations instead of sovereign governments. Prior to the 14th, people were citizens of the states in which they resided. It also gave the federal government the authority to tax through issuing debt (Article 4 of the 14th: The debt shall not be questioned).

Literally read the text.
https://en.wikipedia.org/wiki/Fourteenth_Amendment_to_the_United_States_Constitution#Text

The 16th was just a formality.

Get your history right if you are going to get angry, otherwise you're just wasting your effort.

What I find Archaic is we have 70,000+ pages of IRS tax code nobody can seem to understand or interpret, except for a small select group of "experts", all in the name of what, fairness? That sounds an awful lot like tyranny to me. Thank God we have a presidential candidate who's willing to light the entire stack of IRS tax code on fire, it's come time to slaughter some sacred pigs and that there is one of em'.

Now, back on topic.

Declare an additional exception on your W2 by accident, then pay it back on April 15th. When you do pay, mail out a physical Check along with your return and keep a record of what you sent. The check gives you a 3rd party attestation that payments were made going back many, many years unlike electronic records which, as we've seen time and time again, end up getting "lost". Find a tax preparation service that has no problem doing the physical paperwork. Keep copies onsite.

That way there's no money to be stolen by from the IRS and if they do come after you, you have your paperwork in order. It isn't dishonest, and nobody ever gets in trouble given they pay the money back on time and you file your return on time.

Re:All this crap...

[gtall]

You are blaming the wrong party, Einstein. Congress created the Swiss cheese that is the U.S. tax code. And the latest estimate is the sainted American people are skipping out on about $450 Billion in taxes they should be paying. That's enough to cover the yearly deficit.

By the way, the IRS does not have all the data they need and they don't even have enough compute power to process what they do get. Congress has seen fit to starve them for the same idiot reasons you think they are to be held to account. If they did have all the info they needed, the tax cheats would be filing up for their court dates to explain to a judge why they skipped out on their taxes.

Re:All this crap...

Posting AC for obvious reasons...

I have a Hong Kong company that I own. Before I started it, I read the ENTIRE Hong Kong tax law. It was 187 pages - and each page was half English, half Cantonese. So about 95 US pages. It works, it's simple, it's direct, and it's 100% understandable.

The US code is so confusing and so long and SO self-contradictory that the IRS doesn't even guarantee it's own calculations! If you ask them to do your taxes for you (which is entirely legal, they offer that service), and they do it wrong - you're still at fault for their error. One tax return, sent to 6 different preparers, will most likely end up with 6 different numbers owed - which may be different than what the IRS believes in the first place.

The US IRS tax system is set up to make us ALL guilty of tax fraud so that, if nothing else, we could be arrested and jailed for that violation. We're vassals and servants, not citizens.

It also explains why there are tens of thousands of armed IRS agents, equipped with REAL assault rifles (fully automatic, short barrel carbines) and other real military-grade equipment.

Re:All this crap...

[LynnwoodRooster]

You are blaming the wrong party, Einstein. Congress created the Swiss cheese that is the U.S. tax code. And the latest estimate is the sainted American people are skipping out on about $450 Billion in taxes they should be paying. That's enough to cover the yearly deficit.

Not quite. The US Debt as of 10/1/2015 (start of FY2016) was $18.15 trillion. It's now $19.26 trillion. So that's about $1.1 trillion added in 9 months, or about $1.46 trillion annually. About 4 times your estimate of uncollected taxes. That $450 billion would help, but would get nowhere NEAR to eliminating the actual annual deficit (not the fake, "on budget" number that's reported).

Re:All this crap...

[Solandri]

It's not just tax preparation companies. EVERY company with employees uses this system to pay employment taxes (unless they pay a tax preparer to pay it on their behalf, then pay the tax preparer). About a decade ago, the IRS got rid of mailed employment tax payments. Companies must pay their 940 and 941 taxes (and a variety of other taxes) online via electronic funds transfer, either monthly or (if your payroll is big enough) semi-weekly. To login to the system, you need your EIN, your password, and a PIN.

The PIN is snail mailed to you during your initial application for online tax payments. For some stupid reason it takes nearly a month from your application to when you get your PIN in the mail. I screwed up and made a typo in the EIN in my initial application, and it took 2 months before I was able to figure out from the IRS what the problem was, submit new paperwork, and receive a new PIN. During that time, I couldn't use their online tax payment system to pay my taxes, and I couldn't mail them a check since they don't even have an address for that anymore. After a few calls to the IRS, the procedure they told me to follow was to send them the money as a wire transfer with my EIN in the comments and notes section of the wire.

It's slow, it's stupid, and (being a static 4 digit PIN) is not very secure. But it's a rudimentary form of 2FA. To confirm you're you, you need your username (EIN), something you know (password), and something you have (PIN mailed to your business address).

Most Americans would not need to actually file for taxes, the IRS already has all the data it needs

And therein lies the rub. The "IRS already has all the data it needs" because companies are submitting it via the same system you're saying they don't need. EFTPS tells the IRS how much was paid in total employment taxes, and the W-2 (W-3 from the company's end) filings with the SSA gives an employee-by-employee breakdown. They cross-reference the two together to confirm that the amount claimed as paid in the W-2s matches the amount actually paid. But to get into EFTPS, you need your mailed PIN. (The SSA has their own system, with a forced password reset after a few months of non-use.)

The whole system needs to be overhauled in one fell swoop.

Re:All this crap...

kill yourself you authoritarian piece of shit

Re:All this crap...

It's easy... Have paychecks deduct 5% of your income for Federal tax. Everyone. No loopholes. No tax brackets. No exceptions. The poor will still get by with 5% deducted, as well as the rich. Only the rich will bitch and moan... but tuff-titties. Don't like it? Here's a one-way plane ticket.

Re:All this crap...

[TheLongshot]

I think you misunderstand what the OP was talking about. What he's saying is that the IRS has enough information that they can calculate taxes for most people and it wouldn't require them to file. This is done in other countries. Reference #2 in the following link:

http://www.vox.com/2016/4/8/11...

Re: All this crap...

The rich don't pay withholding because they don't have earned income. They get dividends and capital gains.

Re:All this crap...

I fall into the camp of people who don't mind paying taxes, provided everyone else does, too, because we all benefit from the services. As a result I tend to do a half-ass job on my deductions, mostly in finding receipts to itemize the sales tax (which always exceeds the table amounts). Usually I keep finding more receipts for months after the taxes are filed.

Anyone who audits me will get to go through a year's worth of receipts again, and when we're all done I'll re-file that year and thank them for finding me an additional $4.37 in refunds. I hope I can convey it in just the right way to piss them off.

Re:All this crap...

Incorrect: http://www.usgovernmentspending.com/federal_deficit_chart.html $450B comes pretty close. And stop conflating deficit with gross debt, it's more complicated than just adding the deficit to that debt.

Btw, you know the difference between the public portion ($11.6T) and total debt ($19.3T), right?

Re:All this crap...

[i.r.id10t]

"should be paying" != "congress/president spending like a drunken sailor on shore leave"

Most of us realize that we should spend less or equal to our income. Ideally, less so we can save for large purchases or retirement.

Of course, there are some that live on credit cards (or refinancing their homes at the height of the bubble and withdrawing cash to spend spend spend) but they get "caught up" eventually - usually by declaring bankruptcy.

Re:All this crap...

[LynnwoodRooster]

What do we owe, as a country? According to the Treasury department, it's $19.3 trillion - that's our outstanding debt. Trying to say "but some of that is owed to our own people!" and that is true - but it's still a debt because it's money that needs to be paid. You do understand that, don't you?

Re:All this crap...

[LynnwoodRooster]

Yep. And for the Federal Government they only talk about the "on budget" deficit, and ignore all the restof the debt that racks up (over 3 times the "official" on-budget deficit). It's like declaring your mortgage payment is no longer on-budget, so if you stop paying it, you can take that money and pay off other debt and reduce your spending! All the while debt continues to accumulate - but it's not "on budget" so it doesn't matter...

Re:All this crap...

Just shut the fuck up with this libertarian caveman bullshit or whatever you think this is.

The 16th Amendment was passed explicitly to allow this central taxation: "The Congress shall have power to lay and collect taxes on incomes, from whatever source derived, without apportionment among the several States, and without regard to any census or enumeration."

https://en.wikipedia.org/wiki/Sixteenth_Amendment_to_the_United_States_Constitution

The 16th amendment was adopted in 1903 - not exactly old enough to be considered a part of the original constitution. The US was designed as a federation of states (independent nations) with a shared defense pact. Every federal tax dollars not for that original intent is against the foundation of the country as a whole.

Re:All this crap...

[imidan]

The US IRS tax system is set up to make us ALL guilty of tax fraud

No, it isn't. It's just the result of a hundred or so years of feature creep and kludges meant to encourage/discourage certain behaviors in the population (like mortgage interest deductions to encourage home ownership) and to favor certain businesses as a result of lobbying and cronyism. It sucks, and it should be simplified drastically, but the tax preparation lobby is now very powerful and strongly resists efforts to make taxes easier.

It also explains why there are tens of thousands of armed IRS agents, equipped with REAL assault rifles (fully automatic, short barrel carbines) and other real military-grade equipment.

This is just untrue. The IRS' enforcement division has a payroll of about 3,500 people, about 2,500 of whom are agents (1). According to IRS policy, those agents might be armed with Remington Model 870 or 11-87 shotguns; Smith & Wesson M&P15 rifles; and/or Glock 22, 23, and 27 pistols (2). None of these weapons is fully automatic, none is unavailable to civilians, and there is nothing specially 'military-grade' about any of them.

You are entitled to your own opinions about the IRS, but not your own facts.

1) https://www.irs.gov/uac/crimin...
2) https://www.irs.gov/irm/part9/...

It also seems

[Ecuador]

It also seems you are very proficient in duplicate troll-posting. Kudos.

Please run a sting opertion

[BlueCoder]

The checks have to delivered somewhere.

Re:Please run a sting opertion

[guruevi]

Plenty of mules willing to work on their own dime for a promise of a 10% return.

lol nice title

"Get's hacked"

right, because brute forcing pins is hacking. yes, those accounts got compromised but the system itself didn't. slashdot is just spewing bullshit at this point. a correct title would have been "IRS shuts down their PIN system due to weak PINs being bruteforced"

Re:lol nice title

I already though the hacker was a guy, just like most people do.

Trump's tax returns

will he release them?

The Broken MS Windows fallacy. Try 250 accounts.

[raymorris]

> Just lock down an account if too many wrong PINS are used

The bad guys don't care which account they access. Suppose you limit it to four tries at a PIN. The bad guys try 250 accounts with four PINs each, not one account with a thousand PINs.

Locking out the account rather than the attacker is just DOSing yourself. I like to call this the Broken MS Windows fallacy, because Windows does it.

"SECURITY MEASURES" = "FINDING OUT"

[CaptainDork]

This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack...

The IRS is not alone in this. After entities get hacked, they implement tighter detecting tools and sigh with the false comfort that they "are on top of things."

Look ...

If your storage building is being ransacked and you put up security cameras that show people breaking in, you have not actually SOLVED anything if the thefts continue.

It's not hard, folks: Get a goddam lock.

Re:"SECURITY MEASURES" = "FINDING OUT"

It's a usability vs security tradeoff. They need to keep out the black hats without making it too difficult for legitimate users. Just locking down the system doesn't satisfy that need.

Re:"SECURITY MEASURES" = "FINDING OUT"

One of the biggest problems with the IRS being hacked is that when you contact the IRS about it they agree that you've been hacked. Then they suggest that you may not be the real you and that they have no way of knowing who you are for sure. They proceed to then ignore you as you attempt to fix your own identity theft, and continue to treat the person who has stolen your identity as the real you thereby expanding on the existing identity theft. I know this because a relative of mine recently had this problem, he still doesn't have it solved and feels helpless. They're allowing his identity thief to continue to steal his tax refund.

Re:"SECURITY MEASURES" = "FINDING OUT"

This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack...

The IRS is not alone in this. After entities get hacked, they implement tighter detecting tools and sigh with the false comfort that they "are on top of things."

Look ...

If your storage building is being ransacked and you put up security cameras that show people breaking in, you have not actually SOLVED anything if the thefts continue.

It's not hard, folks: Get a goddam lock.

We should really take the military approach for network security when it comes to banking, taxes, government interaction, universities, etc: you get two air-gapped networks, one is the internet and one is secure. If anyone does anything wrong on the secure one they are guaranteed to go to jail because there is absolutely going to be a traceable point at which you can actually enforce policies (since the secure network doesn't exist outside of the country at all.) The infrastructure cost would be a bit more but the secure network doesn't exactly need to be super high speed.

Easy solution PIV

[cciechad]

Why can't I just submit the public key from one of my PIV tokens(say with a copy of my passport or some other ID and maybe a notarization) and use that to sign stuff I want to submit to the IRS? That seems like a simple solution.

Re:Easy solution PIV

[markus]

There are plenty of great second factor solutions. The better ones are really easy to use and provide a lot more security. But providers don't want roll out fancy new technology, and users are blissfully unaware of how security works, so they want the same thing that they have had for the last couple of decades.

The upshot is that even when second factors are rolled out, we essentially end up with something no more secure than password and pin, whereas there are beautiful solutions such as FIDO U2F that are ignored.

Re:Easy solution PIV

[cciechad]

Makes sense. The only reason I thought PIV would be easier is it's a US government standard in use at most or all federal agencies and works on Linux/Mac/Windows out of the box. Very likely the IRS agents and staff use PIV cards to authenticate to IRS systems and obtain physical access to IRS buildings.

Re:Easy solution PIV

Easy solution for you. Try explaining it to a dozen randomly chosen taxpayers.

Re:Easy solution PIV

[houghi]

In Belgium it is handled with the combination of you (obligatory) ID card that has a chip, a reader and a PIN you select yourself.

So all people need to do is get a card reader and install the software. It runs under Windos, Mac and Linux.
If you are paranoid, you could even compile it yourself as it is open source. http://eid.belgium.be/en

Waste

[gbear711]

Abolish the agency.

Re:Waste

[fustakrakich]

On the contrary, make them actually serve. They should fill out our tax forms. They have all the W-2s.

Re:Waste

[LynnwoodRooster]

The IRS won't accept liability for its wrong actions on your behalf. If it calculates your taxes wrong, you're liable for the error and penalties related - even though they did the work (and yes, you can ask them to do your taxes for you).

Re:Waste

[clodney]

W-2s are the easy part, and if you take the standard deduction they are probably enough for the IRS to do your taxes for you. But, there are lots of other things that come into play:
- State income taxes are deductible.
- Capital gains are taxed at different rates depending on how long the asset was held, and only on the gain in value, with losses offsetting gains
- Mortgage interest is deductible.
- Property taxes are deductible

Plus a whole host of more complicated situations. If you have only wage income and take the standard deduction, it is simple. But that is also where 1040EZ comes in to play, which is already a single page form.

Re:Waste

[fustakrakich]

Right, all those statements are also reported to the IRS, they have everything they need. If they have questions, they can call the banks, brokers, or those other government offices. They can leave us alone, expect when it's time to send the refund.

PIN Numbers.

Is this a number you use to call and talk to pins? Can you also talk to needles?

Because if by "PIN" they mean "personal identification number," then a PIN number is a personal identification number number. Which is something you might use with an ATM machine, (an automated teller machine machine) probably for withdrawing out cash-money dollars.

Now to you, did something about that seem redundant to you?

Did they fire everyone who knows how to write or edit?!?

Re:PIN Numbers.

Did they fire everyone who knows how to write or edit?!?

Their has never been an editor here that knows how to edit.

Re:PIN Numbers.

Their has never been an editor here that knows how to edit.

There has never been an editor hear that knows how to edit.

Re:The Broken MS Windows fallacy. Try 250 accounts

"is just DOSing yourself"

That's why I noted the other criteria (SSN, Name, etc). While an individual fraudster might have detailed information on a few dozen/hundred accounts they probably don't have it for thousands plus accounts (or at least hopefully). If the attempt is missing confidential information that would cause it to fail authentication anyways the PIN attempt wouldn't count towards the account lockout. For those returns that have been compromised to that degree they should probably necessitate more severe security precautions anyways. Maybe a yearly alphanumeric token mailed to their home. Unfortunately you'll never stop fraudsters by locking out connections, bot-nets, proxies, etc all make it impossible to do. It should probably be a first line of defense (a few hundred filings from a single residential IP should definitely result in a short ban of that IP) but its a pretty easy precaution to bypass.

Time to replace the system.

A nice simple flat tax with no writeoffs.

Or better yet a nice simple consumption tax like the Fair Tax.

Problem solved.

But of course this takes power away from the elites. It takes away elite's favors to each other. And it takes the power these elites have over the ignorant.

So obviously all Democrats and Half of the Republicans will be against these solutions.

Re:Time to replace the system.

[LynnwoodRooster]

We are told time and again that everyone benefits from Government largesse, so how about a truly flat tax? The US Federal Government is spending about $4 trillion this year, so that's about $12,500 per man, woman and child in the US. Every legal resident is sent a bill for $12,500. That's a flat tax. After all, we all benefit, right? So we should all pay the same amount...

Re:Time to replace the system.

Hey, as a millionaire, I love this idea - $12,500 is an eighth of my monthly income ... too bad for my gardener though, since $12,500 amounts to 4 months of his wages.

Re:Time to replace the system.

Herp a Derp. Let's misrepresent the idea so it bolsters your "eat the rich, feed the poor" mentality.

Everyone knows, or at least they should, a most flat tax proposed are proportional to income. A 20% flat tax would cover your 4 trillion dollar budget. A millionaire would pay $200,000 in taxes and gardener making $10,000 would pay $2,000. But go ahead, distort away and look like a dick head who wants the status quo where the rich pay 0% and the self employed guy making 100k pays 45%...

Re:Time to replace the system.

[LynnwoodRooster]

"Herp a Derp" yourself... The rich already pay more than 20% and the gardener pays zero. So what does the gardener care when his Congressman says he's going to raise taxes and increase spending? No skin off his back, right? Just tell Peter to steal from Paul...

Trump's tax plan

[Okian+Warrior]

All this crap just because tax preparation companies throw lobbying money to keep the current system. Most Americans would not need to actually file for taxes, the IRS already has all the data it needs, but noooo we have to keep an obsolete industry going no matter the cost...

Donald Trump's position on tax reform eliminates much of the paperwork. If you're single and earn less than $25,000 or jointly earn less than $50,000 you pay no tax. Send in a single-page form and you're done.

There's not a lot of federal income to be had from low wage earners, so it makes perfect sense to eliminate the extra work on both sides. Also, poor people don't have to spend money on tax filing services (H&R Block, et al).

Poor people get to keep more of their money, the IRS has a lot less work to do (estimated 75 million households), and the federal government gets just as much revenue.

Hillary Clinton doesn't have a unified plan to reform tax reporting (posted on her website).

If you think this issue is important, elect Hillary and nothing will change.

Re:Trump's tax plan

[gtall]

Yes, because Americans wouldn't think twice about hiding their income to get under the $50,000. The already skip out on about $450 Billion a year they should be paying, Bam-Bam and his pseudo-policy isn't going to change that.

Re:Trump's tax plan

[LynnwoodRooster]

The simpler the code, the harder it is to hide income. Eliminate 99% of the tax code (seriously, if it's more than a few hundred pages it's too complex), eliminate 99% of all deductions, and you will have a hard time hiding income - unless you operate an all-cash business (which, in itself, draws a lot of attention with the reporting of structured deposits, etc.)

Re:Trump's tax plan

[93+Escort+Wagon]

Donald Trump's position on tax reform eliminates much of the paperwork. If you're single and earn less than $25,000 or jointly earn less than $50,000 you pay no tax. Send in a single-page form and you're done.

So they pretty much still have to file, basically ("send in a single-page form").

Plus you neglect to mention that he's getting rid of the Earned Income Tax Credit - that'll save the government a bunch of money as well, at the expense of the poorest of the poor.

Re:Trump's tax plan

If you're single and earn less than $25,000 or jointly earn less than $50,000 you pay no tax. Send in a single-page form and you're done.

The vast majority of people who fall into these categories a) already pay no tax (or "get a refund"), and b) can already send in a single-page 1040EZ and be done. They're even eligible to file the form online for free instead of mailing it in.

Speaking of Donald Trump and tax forms, why has he still not made his public?

Re:The Broken MS Windows fallacy. Try 250 accounts

[ShanghaiBill]

That's why I noted the other criteria (SSN, Name, etc).

In most companies, anyone who works in HR has access to name/SSN for all employees. Employees at hospitals and clinics have access to name/SSN of all patients. When I was in the military, my name/SSN was printed on hundreds of routine forms, often in triplicate. SSNs are not private information, and we shouldn't pretend that they are.

In my country

in most cases you could send your annual declaration by net.
However, validating your ID or setting bank account for returns require some contact (visit) at the tax or local office.

It wuz haxx0rz!

You keep using that word...

The IRS

Everybody hates the IRS. Boo, hiss. People cheer whenever the IRS gets defunded in any amount, it makes them happy, because they don't have a fucking clue how things work (how quintessentially American.)

The IRS has had to make do without proper support, and shit like this is the result.

This shit happened on Obama's watch by the way. YEAH it's his fucking failure to own. Let's not pretend he isn't the head nigga in charge of the country. Just add it to the list.

Easy solution Yubikey

https://www.yubico.com/

The solution is easy and cheap. Heck Chrome already supports it, and Mozilla has a plug-in.

Re:The Broken MS Windows fallacy. Try 250 accounts

[DarkTempes]

There have been so many major database leaks at this point that I feel it's a given that your name, address, SSN, etc are probably in the hands of nefarious people.

Remember when Slashdot reported multiple databases holding detailed information on millions of U.S. voters were publicly available online?
One had 154 million voters with names, addresses, social networking accounts, etc.

If you google database leaks you'll see leaks involving hundreds of thousands of records that include social security numbers.

Secrecy

... info from other websites, which was then used to generate 100,000 PINs ...

Secrecy via public knowledge. This might be the biggest reason for the large number of data breaches in the USA. Another being that corporations store the details of their international customers in the USA.