The Committee met, pursuant to notice, at 9:27 a.m., in room SD-342, Dirksen Senate Office Building, Hon. Ted Stevens, Chairman of the Committee, presiding.

Present: Senators Stevens, Glenn, Levin, and Pryor.

OPENING STATEMENT OF SENATOR STEVENS

Chairman STEVENS. I have been notified that the Senators are going to be a little late, so since we are all here, why don't we start a little early.

Our first panel is Stephen Street from the Alaska Business Development Center and Susan Anderson from the Lower Yukon Economic Development Council.

I will just make a short introductory statement here this morning. The Internal Revenue Service is one of the most critical interfaces between the Federal Government and most Americans. It really touches every American at home and at work. The efficiency and effectiveness of the IRS depends on its use of information technology now. The IRS must change the way it does its work in order to keep up with the rapid changes that define the information age in our country.

Today, our hearing will focus on whether the IRS has the capability to fulfill the needs of the American public as we near the 21st Century. The taxpayer data entrusted to the Internal Revenue Service is among our most personal and private information, and one of the realities of this age is the threat to privacy and the possible manipulation of personal data.

We are very concerned about the findings of the National Research Council in its study of the Tax System Modernization Program (TSM), and I quote: "The gap between the current TSM security posture and the minimum security acceptable will continue to widen, thus virtually ensuring massive security breaches in the coming years." The IRS appears so far not to be able to protect taxpayers with TSM. Correction of even minor errors in tax return processing can be extremely difficult and costly to taxpayers. It takes considerable time, effort and money to make those corrections, but it would be impossible to correct the damage to the privacy of taxpayers and their families if the IRS cannot protect this taxpayer data.

(1)

OVERSIGHT OF THE INTERNAL REVENUE

SERVICE

TUESDAY, MARCH 26, 1996

U.S. SENATE,

COMMITTEE ON GOVERNMENTAL AFFAIRS,

Washington, DC.

The Committee met, pursuant to notice, at 9:27 a.m., in room SD-342, Dirksen Senate Office Building, Hon. Ted Stevens, Chairman of the Committee, presiding.

Present: Senators Stevens, Glenn, Levin, and Pryor.

OPENING STATEMENT OF SENATOR STEVENS

Chairman STEVENS. I have been notified that the Senators are going to be a little late, so since we are all here, why don't we start a little early.

Our first panel is Stephen Street from the Alaska Business Development Center and Susan Anderson from the Lower Yukon Economic Development Council.

I will just make a short introductory statement here this morning. The Internal Revenue Service is one of the most critical interfaces between the Federal Government and most Americans. It really touches every American at home and at work. The efficiency and effectiveness of the IRS depends on its use of information technology now. The IRS must change the way it does its work in order to keep up with the rapid changes that define the information age in our country.

Today, our hearing will focus on whether the IRS has the capability to fulfill the needs of the American public as we near the 21st Century. The taxpayer data entrusted to the Internal Revenue Service is among our most personal and private information, and one of the realities of this age is the threat to privacy and the possible manipulation of personal data.

We are very concerned about the findings of the National Research Council in its study of the Tax System Modernization Program (TSM), and I quote: "The gap between the current TSM security posture and the minimum security acceptable will continue to widen, thus virtually ensuring massive security breaches in the coming years." The IRS appears so far not to be able to protect taxpayers with TSM. Correction of even minor errors in tax return processing can be extremely difficult and costly to taxpayers. It takes considerable time, effort and money to make those corrections, but it would be impossible to correct the damage to the privacy of taxpayers and their families if the IRS cannot protect this taxpayer data.

(1)

Another concern is the treatment of taxpayers themselves. I think every one of us in Congress can attest to the litany of complaints constituents send to us about the IRS. The validity of these complaints can be simple really, in some ways, for some people just to put aside. I do think that this is the kind of hearing that we ought to have to bring the attention of the Congress to circumstances not only in terms of the national program, but to illustrations such as those in my own home State, which we will go through just briefly here this morning, to show the complexity of taxpayers trying to meet their needs during this modernization drive.

I think the cases we are going to discuss involve a unique effort of private citizens, State government, and the IRS to try to set up a system of compliance for rural fishermen in Alaska. The fragility of this effort has recently been exposed and I do hope we will find ways to mend it.

There is a third problem area and that is financial management. Despite $3 billion over 10 years, the tax system modernization is not really up to speed. The IRS has been unable to fix its financial management problems. In fact, the IRS does not have auditable, validated financial statements. It cannot tell how much has been collected in taxes and it cannot account for its own spending. This is the agency that is so strict on the way Americans keep their books, but it apparently cannot handle its own books in the way it demands of us. It is not only ironic, but it is unacceptable, I think, to Congress. While many leading companies like Wal-Mart are using computer technology and really have up-to-the-minute information on revenue, spending, and inventory, the IRS does not. Ten years ago, the IRS initiated the Tax System Modernization project to improve the administration of our Nation's tax laws, as well as its own operations. The TSM project is currently estimated to cost $23 billion. However, TSM is a solution that has turned into a problem. Since 1990, 36 GAO reports and 38 internal Treasury Department audits have found that the IRS does not know how much TSM will cost or whether it will work when it is installed. The National Research Council recently produced a sixth report summarizing TSM problems. It identified four problems that have never been fixed. They are technical management, systems architecture, IRS procedures, and systems security. The IRS response to the report was to institute new oversight procedures, but the Council cautioned that this type of response will not fix the problems they have identified.

Last December when the Committee became aware of the problems of the Cyberfile program, which is a new tax system modernization effort, we asked that it be investigated. The Cyberfile effort will allow taxpayers to file over the Internet by dialing a 1-800 number with a computer and a modem. However, the Cyberfile system currently will provide inadequate protection against fraud, abuse, diversion of data, or invasion of personal privacy.

The Committee's investigation has found that the problems in the Cyberfile program are the same as those in the overall tax system modernization effort. The new TSM program is plagued by poor program management expertise, little concern for cost effec

tiveness, no defined relationship to the TSM architecture, or the major shortfalls in computer security and privacy of that system. For example, GAO uncovered an internal estimate that 10,000 people may use Cyberfile this year, at a cost of $30 million, which means about $3,000 per return. Given that the IRS recently decided not to pursue the Internet version and the nearness of the filing deadline, the number of filers could be down, which would result in such costs going up. The Cyberfile system does not meet, I am informed, the standards established by the Computer Security Act for the protection of taxpayer data.

Management, not technology, is what needs to be fixed. For example, the room that houses the hard drives and network switches has door hinges on the outside of the room, making it very easy to break into that room, much easier even than picking the lock to get in. The Cyberfile program does not give us confidence about the way the IRS intends to acquire information from taxpayers.

The Committee is going to receive testimony today on the progress that the IRS is planning to meet the needs of the 1990's and the next century in these systems I have described. The first panel will be Alaska representatives, whom I have asked to testify on problems that have recently developed with regard to the IRS. This is a result in some ways of the IRS restructuring efforts. We are going to hear, also, from the General Accounting and the National Research Council experts who have spent years reviewing and making recommendations on the IRS modernization program. The GAO has provided extensive assistance to the Committee in its investigation of Cyberfile and these other systems and will make public its findings, I think, either today or soon. I want to thank the GAO for its assistance. We will later hear from the Commissioner of Internal Revenue.

I do unfortunately have to tell the Committee and the audience that I will be managing a bill on the floor starting just a little after noon, I am informed, so I do want to try and get through this hearing as scheduled, since there are people who have come long distances to testify. I hope there will be no objection that we limit, after our opening statements-mine that I have just given and Senator Glenn's-witnesses to 10 minutes and Senators to 5 minutes for each panel. That way, as I see it, we may be able to get through in time for me to answer the call on the floor. Senator Glenn?

OPENING STATEMENT OF SENATOR GLENN Senator GLENN. Thank you, and I will keep my remarks short too, Mr. Chairman.

Oversight of the IRS has been a major concern of this Committee for a long time. I have been on this Committee ever since I got in the Senate and I am in my 21st year here and we have been following this for the last couple of decades, literally, on trying to improve the operation at IRS.

We enacted in 1990 and oversaw the implementation of the Chief Financial Officers Act, which requires audits for the first time in government of all the different departments and agencies, and IRS was one of those that was singled out as one of the targets early