I P PINs
That sounds painful.
Needles too?
Would you like a cushion for that?
Do they tinkle when you tinkle?
Can you hear a pin drop?
...Just to make things worse, when I typed the first line, I got "pinful".
The US Internal Revenue Service (IRS) has suspended its Identity Protection PIN tool, designed to safeguard people at risk from identity theft, because scammers are using it for identity theft. American taxpayers can request a six-digit PIN code from the IRS that is supposed to lock down their account with the taxmen: no valid …
Why can't the .gov wrap it's collective head around the common, off the shelf solutions to these problems? Mabye use OAUTH, Google Authenticator, YubiKeys, etc. etc. etc. instead of their own sham pin system? 6 digits, issued based on easily obtainable information, or information that the .gov itself "lost" (cough, OPM) is not security... it's a liability.
We should cut a deal with some of the Googlers to offer them another year of tax breaks in return for fixing the IRS tax return portal.
the dirty "secret" is that no taxpayer can even file directly with IRS because of a lawsuit by tax preparer businessesscumbags, so most of Americans files with/signs to 3rd party service anyway (exposing themselves to hackers on multiple fronts). Paper and snail mail for me (since I can't avoid IRS system anyway).
"Why can't the .gov wrap it's collective head around the common, off the shelf solutions to these problems?"
Whilst a 6-digit pin might not be ideal - depending on how many guesses you get - it looks as if the real problem here is having something to anchor the trust system to. If the identifier gets handed out to an impersonator it doesn't matter much whether its OAAuth, Yubikey or a single digit pin.
Fuck the IRS. They deserve this. I hope it gets so bad they have to make an entirely new system of taxation here in the US.
Whoever is messing with these thieves (the IRS) would get my vote for president. I mean look at the stool samples currently vying for nomination to their respective organized crime groups!
Nothing to do with employer. Employees fill out a W4 form which tells employers how much to withhold.
The US successfully put in place a system that overwithholds from the vast majority of taxpayers so that they are conditioned to see spring as "refund season" not horrible "write a check for taxes" season.
So they pulled the security system... or a part of it. Is there now no security or minimal security?
I'm just assuming I've been compromised somewhere over the last 5 years... and waiting for the crap to hit the rotary air movement device. So far, been lucky...
I wonder if we can get rid of all security in the next two years. By then the attackers should own everyone and won't bother to re-attack.
PINs given out online can't be any more secure than the site that's giving them out. They need to do something like send them by snail mail only if you're still at your last known address, otherwise you can go to the post office with an ID and request one.
What do you expect from an agency operating on a shoestring budget. They are lucky when they find somebody has broken in. Forget keeping skiddies out, and no hope keeping the more sophisticated scammers out.
Thanks to OPM, I have implemented a security freeze with the major consumer(credit) reporting agencies. Because of this, I cannot use the IRS online PIN system anyway. They are not the only ones using this authentication system, so there are other services I cannot use online or even at all. Most ironic is the OPM breach credit monitoring cannot be used with the credit security freeze.
It would also help if the US tax code wasn't so complex that refunds became the default. My local income taxes are quite simple to figure. One percent, no ifs, ands, or buts; multiply what you made by .01 and remit to the taxman. The local taxman isn't being scammed for tax refunds, there are none.
Shoestring? The IRS?! this is the agency that is always referred to with the definitive, because everything is "TheIRS". The have no lack of funds; if they are feeling a little tight, they can just "audit" someone. The IRS can claim that Joe Shmoe owes $X,000, and when Mr. Schmoe appeals, with the relevant reams of paper, the fax gets "lost", the resend is "not received", and the delivery-confirmed certified parcel arrives "after" they have raided your accounts for the money they claim you owe.
The IRS is not law enforcement, and as such are not bound by things like "innocent until proven guilty" or "beyond a reasonable doubt" or even "preponderance of the evidence".
You're thinking logically. This is the US government we are talking about. Like most there is no logic. The IRS receives none of the funds found to be due in an audit. Their budget is set by congress (you know the opposite of progress). Staffing levels are so low that help-line on-hold times are at record highs. The IRS solution, transition to online help. Audits though are near record low levels.
Your assessment of guilt by audit is spot on.
That would work if they used that type of secondary authentication. Instead they use a service of one of the major consumer reporting agencies.
The questions and answers are derived from the consumer's credit report. Things like "You have a mortgage, what is the name of the lender?" then you are given three or four to choose from and a "none of these". Others ask you to choose the correct range of the mortgage monthly payment, previous address, previous employer, credit card company, etc.
Prior to placing a freeze on my record, I had some minor errors in my report. Sometimes this would prevent me from obtaining my free annual credit report online.
Let WATSON be the overlord of the IRS - they could fire at least half the staff and still get a better job done, because IBM's genius boy could figure out when he's being scammed from a mile away. Just like the Hollerith engine came to the rescue of the US Census Bureau in 1890, the new kid on the block comes to the rescue of the entire US tax system!!
In fact - what the heck - he could even DO your taxes for free! There go the bloody tax lawyers! HA!
The entire concept of withholding was done in order to lull the cattle into a sense of trust and resignation regarding the Income Tax. 1913 saw the instigation of the MANDATORY withholding of taxes. This was viewed so unfavorably it was repealed in 1917. During the 1930's the Social Security Act was passed and The Powers That Be decided to take another whack at stealing money in smaller tranches so as to be less noticeable. Individuals owing Federal Income Tax would pay quarterly prior to the 1940's. World War Two rolls around and the Federal Government finds it needs more money now, NOW NOA!!! and decides that withholding looks like a *dandy* answer to having to wait for those peons to pony up the cash. Thus the Current Tax Payment Act in 1943 was passed.
Pretty much downhill from there. The Government at *ALL* levels decided that nickel-and-diming the peons was SOOOOO much easier than actually having to go hat in hand to ask for *SPECIFIC* funds for *SPECIFIC* pork barrel projects.
After all..... what's a few billion dollars here or there?
The VAT tax is even more opaque and the continentals truly have not even an inkling of how much "their" government is skimming from them.
Governments... they are not really into this whole "transparency" thing.
It's somewhat telling to see what one of the people involved in the birth of the withholding tax has to say about it:
http://reason.com/archives/1995/06/01/best-of-both-worlds
"I played a significant role, no question about it, in introducing withholding. I think it's a great mistake for peacetime, but in 1941–43, all of us were concentrating on the war.
I have no apologies for it, but I really wish we hadn't found it necessary and I wish there were some way of abolishing withholding now.
"