nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
US taxmen pull plug on anti-identity-theft system used by identity thieves

Anonymous Coward

I P PINs

That sounds painful.

Needles too?

Would you like a cushion for that?

Do they tinkle when you tinkle?

Can you hear a pin drop?

...Just to make things worse, when I typed the first line, I got "pinful".

1
0
Anonymous Coward

Can we finnally stop re-inventing the wheel?

Why can't the .gov wrap it's collective head around the common, off the shelf solutions to these problems? Mabye use OAUTH, Google Authenticator, YubiKeys, etc. etc. etc. instead of their own sham pin system? 6 digits, issued based on easily obtainable information, or information that the .gov itself "lost" (cough, OPM) is not security... it's a liability.

We should cut a deal with some of the Googlers to offer them another year of tax breaks in return for fixing the IRS tax return portal.

0
4
Holmes

Re: Can we finnally stop re-inventing the wheel?

Careful what you wish for, Google could probably have a fair go at predicting your tax return thus saving you the need to log in.

I suspect they'd not be as good at avoiding tax for you as they are for themselves.

3
0
Bronze badge

Re: Can we finnally stop re-inventing the wheel?

the dirty "secret" is that no taxpayer can even file directly with IRS because of a lawsuit by tax preparer businessesscumbags, so most of Americans files with/signs to 3rd party service anyway (exposing themselves to hackers on multiple fronts). Paper and snail mail for me (since I can't avoid IRS system anyway).

1
0
Silver badge

Re: Can we finnally stop re-inventing the wheel?

"Why can't the .gov wrap it's collective head around the common, off the shelf solutions to these problems?"

Whilst a 6-digit pin might not be ideal - depending on how many guesses you get - it looks as if the real problem here is having something to anchor the trust system to. If the identifier gets handed out to an impersonator it doesn't matter much whether its OAAuth, Yubikey or a single digit pin.

5
0
Silver badge

Modernizing

If the ferals ever modernized we might get lucky and have technology suitable for 1916.

0
0
Silver badge

Re: Modernizing

Like punchcards and Hollerith-style sorting machines? Yeah, I bet IBM would love that.

0
0
Anonymous Coward

Yeah

Fuck the IRS. They deserve this. I hope it gets so bad they have to make an entirely new system of taxation here in the US.

Whoever is messing with these thieves (the IRS) would get my vote for president. I mean look at the stool samples currently vying for nomination to their respective organized crime groups!

2
0
Anonymous Coward

Re: Yeah

Whoever is messing with these thieves (the IRS) would get my vote for president. I mean look at the stool samples currently vying for nomination to their respective organized crime groups!

Please do not insult the real stool samples of the world.

3
0
Paris Hilton

Re: Yeah

Tee-hee.

Do you mean stool as in stool pigeon or stool as in grunt-grunt-plop-ahh?

0
0
Silver badge

Re: Yeah

Except it isn't the IRS that takes it up the ass, it's the taxpayer who over-withheld because his fucking employer can't calculate the taxes properly who is out the money the fucking IRS gave to Johnny Scammer.

0
0
Anonymous Coward

Re: Yeah

Nothing to do with employer. Employees fill out a W4 form which tells employers how much to withhold.

The US successfully put in place a system that overwithholds from the vast majority of taxpayers so that they are conditioned to see spring as "refund season" not horrible "write a check for taxes" season.

3
0

Re: Yeah

Don't buy it. Everyone has access to their W-4 information and if too much was withheld, they can change the info on it to tune how much is withheld the next year. Been there, done that.

0
0
Alien

TCO-ish

I wonder what the cost would be if US guvmint outsourced data collection to Amathong, the Goog, Heebay, ... and if that would represent a saving in tax dollars?

2
0
Bronze badge
Coffee/keyboard

Re: TCO-ish

Exactly what I thought - they'd do it better, and cheaper too. After all Google already knows all abouit who we all are and what we do - hell they know more about us than the government does!

1
0
Silver badge

So they pulled the security system... or a part of it. Is there now no security or minimal security?

I'm just assuming I've been compromised somewhere over the last 5 years... and waiting for the crap to hit the rotary air movement device. So far, been lucky...

I wonder if we can get rid of all security in the next two years. By then the attackers should own everyone and won't bother to re-attack.

2
0

The flaw in this plan was obvious...

PINs given out online can't be any more secure than the site that's giving them out. They need to do something like send them by snail mail only if you're still at your last known address, otherwise you can go to the post office with an ID and request one.

4
0
Silver badge

Re: The flaw in this plan was obvious...

How about using the private signing keys that you have pin protected in your if?

Oh, no id, I see......

1
0

shoestrings and chewing gum

What do you expect from an agency operating on a shoestring budget. They are lucky when they find somebody has broken in. Forget keeping skiddies out, and no hope keeping the more sophisticated scammers out.

Thanks to OPM, I have implemented a security freeze with the major consumer(credit) reporting agencies. Because of this, I cannot use the IRS online PIN system anyway. They are not the only ones using this authentication system, so there are other services I cannot use online or even at all. Most ironic is the OPM breach credit monitoring cannot be used with the credit security freeze.

It would also help if the US tax code wasn't so complex that refunds became the default. My local income taxes are quite simple to figure. One percent, no ifs, ands, or buts; multiply what you made by .01 and remit to the taxman. The local taxman isn't being scammed for tax refunds, there are none.

1
0
Silver badge
Mushroom

Re: shoestrings and chewing gum

Shoestring? The IRS?! this is the agency that is always referred to with the definitive, because everything is "TheIRS". The have no lack of funds; if they are feeling a little tight, they can just "audit" someone. The IRS can claim that Joe Shmoe owes $X,000, and when Mr. Schmoe appeals, with the relevant reams of paper, the fax gets "lost", the resend is "not received", and the delivery-confirmed certified parcel arrives "after" they have raided your accounts for the money they claim you owe.

The IRS is not law enforcement, and as such are not bound by things like "innocent until proven guilty" or "beyond a reasonable doubt" or even "preponderance of the evidence".

1
0

Re: shoestrings and chewing gum

You're thinking logically. This is the US government we are talking about. Like most there is no logic. The IRS receives none of the funds found to be due in an audit. Their budget is set by congress (you know the opposite of progress). Staffing levels are so low that help-line on-hold times are at record highs. The IRS solution, transition to online help. Audits though are near record low levels.

Your assessment of guilt by audit is spot on.

0
0
Silver badge

Question and response

The problem is that the questions have to be simple - the solution is to keep your answers simple and irrelevant.

Q. "What's you mother's maiden name?"

A. Pacific Ocean

2
0

Re: Question and response

That would work if they used that type of secondary authentication. Instead they use a service of one of the major consumer reporting agencies.

The questions and answers are derived from the consumer's credit report. Things like "You have a mortgage, what is the name of the lender?" then you are given three or four to choose from and a "none of these". Others ask you to choose the correct range of the mortgage monthly payment, previous address, previous employer, credit card company, etc.

Prior to placing a freeze on my record, I had some minor errors in my report. Sometimes this would prevent me from obtaining my free annual credit report online.

1
0
Bronze badge
Terminator

Give the whole job to WATSON

Let WATSON be the overlord of the IRS - they could fire at least half the staff and still get a better job done, because IBM's genius boy could figure out when he's being scammed from a mile away. Just like the Hollerith engine came to the rescue of the US Census Bureau in 1890, the new kid on the block comes to the rescue of the entire US tax system!!

In fact - what the heck - he could even DO your taxes for free! There go the bloody tax lawyers! HA!

0
0
Pirate

No withholding = ZERO chance for "refund fraud"

The entire concept of withholding was done in order to lull the cattle into a sense of trust and resignation regarding the Income Tax. 1913 saw the instigation of the MANDATORY withholding of taxes. This was viewed so unfavorably it was repealed in 1917. During the 1930's the Social Security Act was passed and The Powers That Be decided to take another whack at stealing money in smaller tranches so as to be less noticeable. Individuals owing Federal Income Tax would pay quarterly prior to the 1940's. World War Two rolls around and the Federal Government finds it needs more money now, NOW NOA!!! and decides that withholding looks like a *dandy* answer to having to wait for those peons to pony up the cash. Thus the Current Tax Payment Act in 1943 was passed.

Pretty much downhill from there. The Government at *ALL* levels decided that nickel-and-diming the peons was SOOOOO much easier than actually having to go hat in hand to ask for *SPECIFIC* funds for *SPECIFIC* pork barrel projects.

After all..... what's a few billion dollars here or there?

The VAT tax is even more opaque and the continentals truly have not even an inkling of how much "their" government is skimming from them.

Governments... they are not really into this whole "transparency" thing.

0
0
Bronze badge
Trollface

Re: No withholding = ZERO chance for "refund fraud"

Then que LBJ's "Great Society", and deficits we will have until it all collapses around us.

0
0
Bronze badge

Re: No withholding = ZERO chance for "refund fraud"

It's somewhat telling to see what one of the people involved in the birth of the withholding tax has to say about it:

http://reason.com/archives/1995/06/01/best-of-both-worlds

"I played a significant role, no question about it, in introducing withholding. I think it's a great mistake for peacetime, but in 1941–43, all of us were concentrating on the war.

I have no apologies for it, but I really wish we hadn't found it necessary and I wish there were some way of abolishing withholding now.

"

0
0

Really?

All this talk about pwning people's tax returns, and no one's mentioned Trump's MIA tax returns?

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing