Blog Editor

Paul Caron
Paul L. Caron

Associate Dean of Faculty
Charles Hartsock Professor of Law
Univ. of Cincinnati College of Law
Email
Profile
News

Herzog Summer Visiting Prof. in Tax'n
University of San Diego School of Law
Profile

Papers
• Book Series
..Graduate Tax Series (Lexis)
..Law Stories Series (Foundation)
• Books
..Tax Stories (Foundation)
..E&G Tax Casebook (Foundation)
..E&G Tax Problems (Foundation)
..E&G Tax Anthology (Lexis)
..Income Tax Anthology (Lexis)

About TaxProf Blog
Blawg 100 Honoree
The most-visited law-focused blog edited by a single law professor
"The undisputed champion of tax blogging" -- Tax Notes
"A must-read blog ... The frequent posting throughout the day ensures comprehensive coverage of tax news" -- Wall St. Journal
Email Me Comments & Content

Subscribe to TaxProf Blog Via RSS Feed or Email

Instructions on How to Subscribe
RSS Feed All Posts
RSS Feed Tax Posts
RSS Feed Legal Education Posts






Resources

Find Tax Profs
Google Scholar
Law Schools
SSRN
• Tax Prof Moves
.. 2008-09
.. 2007-08
.. 2006-07
.. 2005-06
.. 2004-05
Tax Prof Profiles

Graduate Tax Programs
By School
By State
Course Materials

Tax Rankings
US News Tax Rankings
Top 24 Overall
Top 12 Graduate Tax Programs
Most-Cited Tax Professors
SSRN Tax Rankings
Top 25 Tax Professors
Top 25 Tax Faculties
Top 15 Graduate Tax Faculties
Top 10 Tax Faculty Metro Areas
Top 10 Tax Papers (All-Time)
Top 10 Tax Papers (Recent)
Weekly Top 5 Tax Papers
W&L Rankings of Tax Law Reviews

Tax Teaching
Course Materials
Graduate Tax Courses
J.D. Tax Courses
Audio Excerpts of Oral Arguments
Davis
INDOPCO
Knetsch
Schlude
Charts of Tax Cases
Tax Stories
Business Tax Stories
Other Tax Cases
Presidential Tax Returns
• Obama/Biden, McCain/Palin
• Bush/Cheney, Clinton, Bush
• Reagan, Carter, Nixon, FDR

Tax Scholarship
Grant Opportunities
ATPI
SSRN Tax Papers
Search by Author/Title
Search by Tax Journals
Tax Canon
Recommended Readings
Tax Colloquia
Advice on Structuring
Boston College
Columbia
Connecticut
Indiana-Bloomington
Loyola-L.A.
Michigan
NYU
Northwestern
Pennsylvania
San Diego
Toronto
UC-Berkeley
UCLA
Virginia
Washington
Tax Law Reviews
Submission Information
Book Club
TaxProf Book Reviews

Tax Professor Organizations
AALS Tax Section
Upcoming Meeting
Subscribe to TaxProf Email Group
Managing Your TaxProf Subscription
Accessing TaxProf Exam Bank
ABA Tax Section
Upcoming Meeting
Publications
American Tax Association
Upcoming Meeting
Publications
Australasian Tax Teachers Ass'n
Upcoming Meeting
Publications
U.S. Members
European Ass'n of Tax Profs
Upcoming Meeting
Publications
U.S. Members

Tax Professor Blogs
ataxingmatter (Linda Beale)
Conglomerate (Vic Fleischer)
From Milan to Mumbai (M. Livingston)
Jack Bog’s Blog (Jack Bogdanski)
Mauled Again (Jim Maule)
Start Making Sense (Dan Shaviro)
Tick Marks (Dan Meyer)
Understanding Tax (Ted Seto)

Other Tax Blogs
409A Dismay (Richard Meisner)
Another 71 -- A CPA Exam Blog
AZ Estate Planning Blog
Benefits Blog (Janell Gernier)
Bill's Blog (Bill Lowrance)
California Tax Atty Blog (Mitchell Port)
CPA Sense (Milt Baker)
Death & Taxes (Joel Schoenmeyer)
Dirty, Sexy Taxes (Tax Vixens)
Don't Mess With Taxes (Kay Bell)
Estate Planning Bits
Everything Tax Law (Kreig Mitchell)
Federal Tax Crimes (Jack Townsend)
Frederick Focke Mischler
From Wall Street to Main Street
Gina's Tax Blog (Gina Gwozdz)
Government Bytes (NTU)
Int'l Tax Blog (Andrew Mitchel)
IRS and the Law (Howard Levy)
Linda Keith CPA
Mass. Estate Planning
New Jersey Tax Practice Blog
New York Probate Litigation Blog
New York Trusts & Estates Law Blog
Nonprofit Law Prof Blog
N. Carolina Estate Planning Blog
Ohio Trusts & Estates Blog
OMB Watch
Our Taxing Times (Trish McIntire)
PA Estate Planning Blog
Practical Int'l Tax (World Trade Exec.)
Roth & Co. CPA (Joe Kristan)
Talking Taxes (Cit. for Tax Justice)
Tax & Business Law (Stuart Levine)
Tax Blog (New Zealand)
Tax Blog (U.S.)
Tax Controversy
Tax Girl (Kelly Phillips Erb)
Tax Grotto (Chris Bale)
Tax Guru (Kerry Kerstetter)
Tax Info Blog (Ryan Ellis)
Tax Justice Network
Tax Lady Blog (Roni Deutch)
Tax Law by LexisNexis
Tax Law Report
Tax Lawyer's Blog (Peter Pappas)
Tax Mama (Eva Rosenberg)
Tax Monkey (Laurence Bernstein)
Tax Policy Blog (Tax Foundation)
Tax Precision (Fernando del Canto)
Tax Prep Source (Justin Musterman)
Tax Professionals Blog
Tax Relief Blog (Mike Habib)
Tax Research UK (Richard Murphy)
Tax Resolution University
Tax.com (Tax Analysts)
Taxable Talk (Russ Fox)
Taxalicious
Taxation & Development
TaxVox Blog
Texas State & Local Tax Blog
Thorndike.com (Joe Thorndike)
Toronto Estate Law Blog
UT & NV Estate Planning Blog
The Wandering Tax Pro
Wills, Trusts & Estates Prof Blog
You and Yours Blawg

Tax Students
Writing Competitions
ABA
ACTEC
Tannenwald
Moot Court Competitions
Buffalo (Mugel)
Florida

Tax Policy Groups
Americans for Fair Taxation
Americans for Tax Reform
American Tax Policy Institute
Better Way USA Plan
Burch Center for Tax Policy
Cato Institute
Ctr. for Econ. & Policy Research
Ctr. for the Study of Taxation
Ctr. on Budget & Policy Priorities
Citizens for a Sound Economy
Citizens for an Alt. Tax System
Citizens for Tax Justice
Coalition for Tax Fairness
Concord Coalition
Deathtax
Economic Policy Institute
Fair Taxes for All
Heritage Foundation
Institute for Policy Innovation
Institute on Taxation & Econ Policy
Internet Fair Tax Coalition
Mich. Office of Tax Policy
Nat’l Bureau of Econ. Research
Nat'l Center for Policy Analysis
Nat'l Retail Sales Tax Alliance
Nat'l Taxpayers Union
Policy & Taxation Group
Reform AMT
Tax History Project
Tax Foundation
Tax Policy Center

Federal Tax Law
Congress
Internal Revenue Code
Joint Committee on Tax'n
Joint Economic Committee
Senate Finance Committee
House Ways & Means Com.
Thomas—Legislative Info
Congressional Budget Office
GAO
GPO Access

Executive Branch
IRS
Treasury Department
Office of Tax Policy
DOJ Tax Division
Regulations
Public Rulings
• Private Rulings
... Actions on Decisions
... Appeals Settlement Guidelines
... Chief Counsel Bulletins
... Exempt Org. Field Memoranda
... General Counsel Memoranda
... Information Letters
... Field Service Advisories
... Private Letter Rulings
... Technical Advice Memoranda
Electronic Reading Room
AFR
Internal Revenue Manual
Tax Forms and Publications
Statistics
Bureau of Labor Statistics
Census Bureau Statistics
FedStats
GPO Access

Courts
Tax Court
GPO Access

State Tax Law
State-Specific Sites
Forms
Agencies
Organizations

Foreign Tax Law
Treaties
Country-Specific Sites
European Union & VAT
Organizations
Other Resources

Tax Publishers
BNA
CCH
Int'l Tax Institute
Kleinrock
RIA (Thomson)
Tax Analysts
World Trade Executive

Free Tax Web Sites
Findlaw
JURIST
Legalbitstream
Tax Jobs
Tax Links
Tax Sites

Research Associate

Ron Jones
Reference & Electronic Serv. Librarian
Univ. of Cincinnati Law Library
Email

Disclaimer

TaxProf Blog provides resources, news, and information for law school tax professors. It is not affiliated with Auto Didactix LLC's TaxProf, a software-based tutorial for law students in the federal income tax course.



Blogware

Powered by TypePad

Notices

© Copyright 2004-2009 by Law Professor Blogs, LLC. All rights reserved.

« 7th Circuit Vacates Tax Court's Bank One's Interest Swap Decision, Criticizing "Perfunctory" Adoption of IRS's Position | Main | WSJ: What Your Email Inbox Says About You »

August 10, 2006

TIGTA Finds Inappropriate Email on 74% of IRS Employees' Computers

Treasury_10 The Treasury Inspector General for Tax Administration has released Inappropriate Use of Email by Employees and System Configuration Management Weaknesses Are Creating Security Risks (2006-20-110):

This report presents the results of our review to determine whether the IRS's email system was being used properly by employees and was secured by system administrators.

Email allows an organization and its employees to better communicate with each other, customers, and business partners. The risk of computer viruses, however, has prompted the IRS to screen for questionable incoming emails, issue a personal use policy on what an employee can and cannot do with email, and conduct awareness training to all employees on the importance of complying with the email use policy. While these efforts established a good foundation for email security, employees are not following the IRS' personal email use policy. In addition, the IRS has unsecured and unauthorized email servers on its computer network. As a result, the IRS' internal network, its computers, and the data maintained on the network could be at risk of being compromised, destroyed, or shutdown.

  • IRS employees are violating provisions of the personal use policy with their email usage. Specifically, we found inappropriate email messages in 74% of the employee mailboxes reviewed. These inappropriate email messages contained chain letters, jokes, offensive content, and sexually explicit content. The IRS' personal use policy protects the organization from employee actions that might harm or bring unnecessary risk to the organization. For example, hackers have designed email messages containing computer viruses to entice recipients to open them because of their interesting subject lines. Opening these types of emails can activate the computer virus, which in turn could destroy data on computers, enable the hacker to gain unauthorized access to the computer and any sensitive information stored on the computer, and disrupt email and computer operations. While the IRS has conducted awareness presentations and distributed communications to encourage employees to comply with its personal use policy, it does not effectively monitor the email of its employees to ensure compliance with the policy.
  • Email servers, like any other computer component, can be vulnerable to computer attacks (e.g., denials of service4 or buffer overflows) and need to be properly secured and maintained. The IRS maintains 228 authorized email servers to support its email operations. To evaluate the security over email servers, we selected a judgmental sample of 28 email servers and found 687 security vulnerabilities on all 28 servers. People can exploit security vulnerabilities to shut down the servers and disrupt email service or to use the servers to access or attack other computers in the network, which could disrupt other critical operations in the IRS.

In addition, the IRS should limit the number of email servers needed for its email operations to the minimum needed. Aside from the 228 email servers cited above, we identified an additional 4,913 Internet Protocol addresses with devices/servers that have been configured to operate as unauthorized email servers. Any email received through unauthorized email servers would circumvent the security screening established to identify malicious software. If the email contains a computer virus, it could infect the computer as well as the computer network. To evaluate the security of these servers, we selected a sample of 30 and found 363 security vulnerabilities on all 30 computers.

Security vulnerabilities can be exploited to shut down the server and disrupt all other functions of these servers, or use the server to access or attack other computers in the network, which could disrupt other critical operations in the IRS. The majority of the security vulnerabilities on the email servers cited above occurred because system administrators had not installed current security patches to the email servers.

August 10, 2006 in Gov't Reports | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c4eab53ef00d8342ae6c953ef

Listed below are links to weblogs that reference TIGTA Finds Inappropriate Email on 74% of IRS Employees' Computers:

» MORE EVIDENCE THAT IRS EMPLOYEES ARE FELLOW HUMANS, DEEP DOWN from Roth & Company, P.C.
The Treasury Inspector General for Tax Administration reports that IRS employees use e-mail, well, a lot like everybody else: IRS... [Read More]

Tracked on Aug 10, 2006 10:01:03 AM

» A Lot of Inappropriate Email at the IRS from Workplace Prof Blog
Paul Caron at Tax Prof has the full scoop. Here's a taste: The Treasury Inspector General for Tax Administration has released Inappropriate Use of Email by Employees and System Configuration Management Weaknesses Are Creating Security Risks (2006-20-11... [Read More]

Tracked on Aug 11, 2006 8:46:52 AM

» Laughing with the IRS from Don't Mess With Taxes
Apparently, despite what most of us think, IRS employees are a lot like you and me. This report from the Treasury Inspector General for Tax Administration found that agency employees regularly violate their office's e-mail usage guidelines. Specificall... [Read More]

Tracked on Aug 13, 2006 2:37:53 AM

» Laughing with the IRS from Don't Mess With Taxes
Apparently, despite what most of us think, IRS employees are a lot like you and me. This report from the Treasury Inspector General for Tax Administration found that agency employees regularly violate official e-mail usage guidelines. Specifically, the... [Read More]

Tracked on Aug 13, 2006 2:43:07 AM

Comments

4,913 unauthorized mail servers?
Now I know where all of those offers for v!@gr/\ and Cial!s are coming from.

Really though, they need to get some sysads that take some pride in their job. I'd be ashamed of myself if I let my server get that far behind. From all the vulnerabilities it sounds like they're running Exchange on NT4 out of the box with sub7, netbus, and back orifice as "admin utilies."

So, is the IRS interested in a good Linux Sysad with lots of experience in postfix, amavisd, clamav, commercial AV, bayesian filtering, greylisting, etc? Considering the article, I doubt they could afford a good admin.

Posted by: Kevin | Aug 10, 2006 9:42:49 PM