The House Ways and Means Oversight Subcommittee held a hearing Tuesday on the 2016 filing season and the Internal Revenue Service’s cybersecurity efforts.
“I am pleased to report that the 2016 filing season has gone smoothly in terms of tax return processing and the operation of our information technology systems,” IRS Commissioner John Koskinen said in his opening statement. “Through April 8, the IRS has received more than 107 million individual returns, on the way to an expected total of 150 million. We have issued more than 81 million refunds totaling more than $228 billion.”
He credited the extra $290 million boost in funding for helping the IRS improve taxpayer service, particularly on phone calls, for which it added 1,000 temporary employees. But Koskinen admitted a backlog in responding to taxpayer correspondence, with about 300,000 pieces of correspondence still awaiting an answer after more than 45 days.
One of the main focuses of the hearing was cybersecurity and protecting taxpayer information. Koskinen said the IRS is working continuously to protect its main computer systems from intrusions and attacks and preventing criminals from accessing taxpayer information in its databases. However, he admitted there were challenges, and the IRS had to take down its Identity Protection PIN system for identity theft victims after criminals were able to gain access.
“The reality is criminals are becoming increasingly sophisticated and are gathering vast amounts of personal information as the result of data breaches at sources outside the IRS,” said Koskinen. “We must balance the strongest possible authentication processes with the ability of taxpayers to legitimately access their data and use IRS services online. It is important to note that cybercrime (theft by unauthorized access) and privacy breaches are increasing across the country in all areas of government and industry. Cyber criminals and their methods continue to grow in sophistication, frequency, brazenness, volume and impact. IRS will continue to be challenged in our ability to maintain currency with latest technologies, processes and counter-measures.”
Subcommittee chairman Peter Roskam, R-Ill., noted that identity theft is a growing problem for many taxpayers. “Fraud related to identity theft is growing at an alarming rate,” he said. “It’s a serious crime that hurts millions of Americans and costs the government billions of dollars. In 2012, the Treasury Inspector General for Tax Administration, or TIGTA, reported the IRS could pay out $21 billion in fraudulent refunds over five years … While the IRS has taken some steps to prevent and detect identity theft, the agency is not keeping up with the criminals.”
Two nonpartisan government watchdogs—the Government Accountability Office and the Treasury Inspector General for Tax Administration—have repeatedly expressed concerns that the IRS’s efforts to prevent fraud are insufficient. At the hearing, witnesses from the GAO and TIGTA highlighted the agency’s failure to effectively implement many of their recommendations to better protect Americans during tax season—including fixing the authentication system to prevent fraudsters from accessing taxpayer information.
Tim Camus, Deputy Inspector General for Tax Administration, said in his testimony, “In response to our reporting that the IRS did not have a process to measure the impact of identity theft, the IRS initiated a research project in CY 2012 to develop a measurement process to assess its efforts to defend against identity theft and identify areas that require additional effort. For the 2014 filing season, the IRS reported that identity thieves had been successful in receiving approximately $3.1 billion in fraudulent tax refunds. TIGTA is evaluating the accuracy of the IRS’s measurement process and expects to issue its report early next fiscal year.”
Jessica K. Lucas-Judy, acting director of strategic issues at the Government Accountability Office, presented a GAO report on how the IRS needs to better combat identity theft refund fraud and protect taxpayer data.
Members of Congress expressed concern that because of cybersecurity hacks, such as the Get Transcript hack, criminals now frequently have access to all of the taxpayer’s information. This means they can file fraudulent returns that are completely identical to the legitimate return. To combat this, the IRS needs to step up its data analytics and work with other stakeholders to share information more effectively.
When Rep. Pat Meehan, R-Pa., asked about how to improve the authentication system, members and witnesses agreed the IRS faces many challenges. Koskinen admitted part of the problem is that the agency runs “the world’s most complicated tax system.” Rep. Jim Renacci, R-Ohio, who personally experienced tax-related identify theft, said, “The real answer is we have to simplify the tax code.”
Rep. John Lewis, D-Ga., the ranking Democrat on the subcommittee, also expressed concern about the rising levels of identity theft. “Across the country, there is an increase in identity theft,” he said. “Many of you read the news or have family and friends who have been victims. There are already many criminals impersonating the IRS. They seek to cheat taxpayers out of their hard-earned money.”
He also voiced his objection to recent legislation requiring the IRS to revive a private debt collection program that will require the IRS to hire private contractors to collect outstanding tax debts. “Confusion about whether the private debt collectors were acting for the IRS or were criminals was a problem 10 years ago,” he pointed out. “With more predators and criminals, the program is bound to do more harm than good. Bringing back private debt collection is a mistake, and it should be repealed.”
Lewis called for increased funding for the IRS. “Congress should focus on giving the IRS the tools it needs to serve taxpayers,” he said. “Since 2010, funding for the IRS has been cut by around $1 billion. Last week, the Republicans on this committee passed a bill to cut it by $400 million more each year. These budget cuts have resulted in the loss of 12,000 jobs, reduced employee training, and delayed computer system upgrades.”
Republicans, however, contend the IRS needs to do more with its funding. “It’s clear the IRS’s existing efforts to address identity theft and cybersecurity attacks are not enough,” said Roskam. “The troubled agency’s failure to improve its information security puts all of us at risk. We need to hold the IRS accountable for protecting taxpayer information and strengthening security. That starts right here, right now.”