Posts Tagged ‘ GAO ’

GAO: IRS Taxpayer Data not Secure Enough

March 22nd, 2012. By AbiK

Your taxpayer info may be at risk. That’s comforting news as millions of Americans are gearing up to submit those 1040’s, eh?

Yes, the GAO—that would be the US Government Accountability Office—released a report this month titled: “Report to the Commissioner of Internal Revenue; Information Security: IRS Needs to Further Enhance Internal Control over Financial Reporting and Taxpayer Data”. It gives new meaning to the phrase “IRS Audit”…

So here’s the deal:  your taxpayer information may not be safe over at the IRS, which sounds like a security breach waiting to happen.

Hearing this is reminiscent of that AA 12-step adage: ‘admission is the first step to recovery’; i.e., it’s one thing when others point the finger about a problem—it’s another when you point the finger at yourself. Hell, then the problem must really exist—and that’s what’s a bit disturbing here—this is a government report pointing the finger at…the government. Time to raise an eyebrow, folks.

According to the GAO Report (GAO-12-393, 3/16/12), while the IRS did implement security controls and procedures for its financial and tax-processing systems, there are weaknesses in those controls and procedures. Weaknesses the GAO point-blank states “continue to jeopardize the confidentiality, integrity, and availability of the financial and sensitive taxpayer information processed by IRS’systems.”

Here’s another gem from the report: “…IRS’s security testing and monitoring continued to not detect many of the vulnerabilities GAO identified during this audit.”

Remember that viral TSA video last week—the one where Jonathan Corbett makes a mockery of TSA full-body scanners? The scanner in that instance ‘continued to not detect vulnerabilities’, too. That video has gotten roughly 1.9M views on YouTube to date and caused outrage on social networks. But, ok, not everyone flies or is online keeping abreast of viral videos—everyone, however, pays taxes. Everyone should be outraged by this.

Specifically, the GAO points to the following as examples in which the IRS systems fail to control access to information:

• IRS had not always implemented controls for identifying and authenticating users–such as having users create new passwords after set time intervals;
• IRS hadn’t appropriately restricted access to certain servers;
• IRS had not always ensured that sensitive data were encrypted as the data were being transmitted;
• IRS didn’t always audit and monitor systems to ensure that unauthorized activities would be detected;
• IRS had not always ensured management validation of access to restricted areas;
• IRS had not always patched or updated software leaving the agency exposed to known vulnerabilities;
• IRS had not enforced backup procedures for a ‘key system’;

Anyone for storming the Bastille after reading that?

Tags: GAO, GAO IRS Audit, Internal Revenue Service, IRS Security, Taxpayer Data, US Government Accountability Office
Posted in Emerging Issues, Internet/E-commerce, Personal Injury | No Comments »

The EnergyStar-Approved Gas-Powered Alarm Clock

April 1st, 2010. By Hunter West

Remember that fridge you bought with the EnergyStar label? Oh, y’know it may have even cost a bit more than other models that lacked the label. But it’s worth it, right? You’re using less energy…saving on hydro, and being the good environmental steward that you are. 

Don’t bet on it. As revealed last week in The New York Times and in the contents of a government report issued March 26^th, the EnergyStar program can’t be trusted. Okay, well maybe now that the proverbial dung has hit the fan things will improve. But for anyone who has bought anything bearing the blue EnergyStar seal in recent years—well, you really don’t know what you’ve got. 

Because EnergyStar may not know what you have, either. 

EnergyStar is run by the Environmental Protection Agency (EPA) in tandem with the federal Energy Department. A great idea, with lofty goals. As a consumer, you can be assured that by purchasing an appliance with the blue seal you are buying the very best, most efficient item in that class, on the market. 

Or are you? 

Audits are wonderful things. And when the Government Accountability Office (GAO) did a nine-month investigation, the auditors uncovered some interesting factoids: 

• A manufacturer can download the coveted EnergyStar logo from the government website as soon as they are registered as an EnergyStar partner. Many simply pasted the logo on items that had never been submitted for approval.  
• Many approvals are handled by an automated system. EnergyStar officials claim that final approvals are always vetted by a human being, and that the automated system is only used for screening. But this is allegedly not the case in all matters. 
• Many EnergyStar appliances actually use more power than others not carrying the EnergyStar logo. 

In what would make excellent fodder for a movie, the GAO set up four fictitious companies as part of its audit and submitted to EnergyStar various products seeking the EnergyStar seal of approval. Most products just existed on paper. However energy consumption data was issued as if the products were, indeed real. Figures submitted in some cases were 20 percent less than the best-performing appliances out there. That’s quite a feat. 

No red flag. They were approved. 

An air purifier was submitted for approval. Basically it was an electric space heater with a feather duster on top (see photo). 

Approved. 

And here’s the best one…a gasoline-powered alarm clock. An item I suppose for those who are into backwoods Read the rest of this entry »

Tags: EnergyStar, EPA, GAO
Posted in Consumer Fraud | 3 Comments »