
IRS Security - privong
https://www.schneier.com/blog/archives/2016/04/irs_security.html
======
sbuttgereit
This is probably the worst article that I've read by Schneier.

In his opening paragraph he says that he's not there to answer the questions
of " _What 's our money being spent on? Do we have a government worth paying
for?_" And then draws a conclusion that can only be rationally argued for in
the context of those very answers: " _We all need to urge Congress to give it
the money to [improve security]._ "

Let's be clear information security related to tax information is a basic need
and of paramount importance. But the suggestion that the answer to better
security is simply to throw money at it is deeply flawed and naive if you
don't know how existing funds are being used. This is true even if budgets are
cut or workloads increased. Without first answering why current funds are
insufficient (i.e what the money is being spent on and is it worth it) you
cannot answer the question of there being insufficient budget.

In fact, this line of argument is the old trick politicians to fool voters
into approving ever more tax increases. During the budget year you fritter
away your funds on frivolous projects and ignore inefficiencies (bonus points
if you benefit friends & family along the way) while at the same time
underfunding infrastructure, police, fire, etc. Then, during the election
cycle, you encourage talk about how desperately underfunded these basic
services are and how they are in dire need of increased funds. This talk never
results in a discussion of where the money currently goes... after all, _our
police /fire aren't getting the money they need and you want to debate the
budget!?_ So you go to the voters for more money for these essentials using a
purely emotional appeal... and you get to eat your cake too.

Sorry. Scheier is wrong until he answers those questions that he dismisses.
Those spending discussions need to happen even if it's to justify additional
money for something as important as security.

~~~
wfo
Alternately, similar actions are taken by many on the right as part of a
concerted effort to slash and destroy social programs.

They support widely popular resolutions (tax cuts? Nobody is against tax cuts.
The only debate is which section of the population gets bulk of the money,
hint: it's not the poor).

They shift money around and remove it from sound programs like social security
so it goes bankrupt.

They intentionally privatize and mismanage government programs so they fail.

Then when there isn't enough money to go around come budget balancing time,
whoops looks like we have to slash health care budgets. Education budgets? You
only really NEED 50% of that, right? Why is the state paying to help kids go
to college? These programs are horribly mismanaged and inefficient [because we
have made them so], the market will do a MUCH better job if we just insert a
corporate middleman between the people who need services and the people who
provide them. It would be nice to let public employees exercise their rights
and bargain collectively, but you know it's just too darn expensive. Those
contracts we signed to give people pensions? Well it's not our fault we can't
pay them now, it's just the economic reality. We all have to make sacrifices
[except the rich]. Look at the adult conservatives being responsible, making
the hard choices to cut things that need to be cut.

Rinse, repeat, slash and burn.

~~~
sbuttgereit
Which bills from left or right have removed money from the Social Security
Trust Fund? The deficit in Social Security has more to do with the fact that
population dynamics don't favor a scheme where younger worker's money is taken
from them and given to older people when the population is declining.

Let me make your _The only debate is which section of the population gets bulk
of the money, hint: it 's not the poor_ statement more accurate: The only
debate is which section of the population gets to keep it's money that was
slated for confiscation, hint: it's not the poor since they don't pay taxes to
begin with.

What was the last program that the "right" actually rolled back that wasn't
actually replaced with something more grand? Sure, in new programs they maybe
didn't grow things as much as today's radical, er, mainstream left would like.
But our compassionate conservatives have expanded government at every turn;
they'll talk about reform, but the majority never mention terminating these
things... even good ol' Trump makes no such claims. Ted Cruz, maybe, but most
rank and file Republicans don't like him, remember?

I'm sorry. But most of your arguments sound like propaganda and are
disconnected from reality. I grant you so-called conservatives like to have
their private/public partnerships, which are as wrong as the programs that
they target. But few actually try to dismantle the programs... they simply try
to structure the gravy train.

------
zdw
The SSA is even worse than the IRS - look at these password requirements as an
example:

[http://i.imgur.com/fkWNDF3.png](http://i.imgur.com/fkWNDF3.png)

(exactly 8 characters, >1 number, >1 letter, no symbols, case insensitive).

------
a3n
It's like this because we're mandatory customers, and there's no
accountability and no competition.

~~~
OneOneOneOne
Last time I checked citizenship was optional... though how could one give up
their mother country?

~~~
a3n
OK, all but mandatory. But I believe the USG will not recognize your
renunciation until you've paid all your back taxes.

~~~
OneOneOneOne
That's not all. I think you have to pay an additional fee if your assets are
>2M...

[https://www.washingtonpost.com/business/economy/youd-have-
to...](https://www.washingtonpost.com/business/economy/youd-have-to-
pay-2-million-to-give-up-your-citizenship-corporations-
nada/2016/02/09/7afb77ac-cf2c-11e5-88cd-753e80cd29ad_story.html)

I'm not planning on leaving or have assets in the range. It seems like kind of
a ripoff though.

------
nxzero
Until the IRS stops using social security numbers to file, it's insecure.

~~~
privong
> Until the IRS stops using social security numbers to file, it's insecure.

But if they move to another form of unique identifier, that'll just shift the
fraud to that new identifier. The problem with SSN's isn't the IRS using them,
it's everyone else using them as a de facto national ID number.

~~~
zeveb
They could move to a chip-and-pin smart card, e.g. a Common Access Card[0].

I know that a lot of folks don't want a national ID card. I don't either. But
that's easy enough with a smart PKI: the federal government and its agencies
can trust the state governments' issuing agencies. Each state could issue CAC-
like cards to its citizens, and then those folks could sign their taxes and
conduct other official business.

It'd probably end up relied upon by other vendors, just like Social Security
numbers, but at least a) it'd be more secure b) it'd be breakable only by the
government, rather than by the government and anyone else.

[0]
[https://en.wikipedia.org/wiki/Common_Access_Card](https://en.wikipedia.org/wiki/Common_Access_Card)

~~~
x1798DE
Something like a proper authentication protocol would be useful for sure, but
I would bet good money that the government would roll out some weird homebrew
nonsense that would be compromised in hours.

Not to make the perfect the enemy of the good, but realistically I doubt we'd
get anything actually secure.

~~~
zeveb
> Something like a proper authentication protocol would be useful for sure,
> but I would bet good money that the government would roll out some weird
> homebrew nonsense that would be compromised in hours.

Did you read the linked article? CACs are in use by the DOD and have been for
years.

------
andrewljohnson
The problem is that taxes are private data at all. Everyone's annual revenue
and taxes should be an open data set.

The impediment to that is corrupt rich/powerful elites who make a lot of money
fudging their taxes, and the industries that serve them - (see Panama Papers).

Anyone in the middle class and lower should be pro-open-tax-data. This would
lead to less regressive taxes, since we'd see what shady tricks the rich
employ, and close those loopholes with legislation. It's a great step to help
us iterate on and improve the tax code.

~~~
justinlardinois
Yeah, no thanks. I'm sure one could think of many reasons why this is bad, but
the first one that comes to my mind is that I don't like potential future
employers to know my current salary because I don't want it to be taken into
consideration when they make initial offers.

------
bawana
would be fun to find out how much people REALLY pay vs what they SAY they pay.
Trump? Obama? I think transparency would solve many our problems (healthcare
inflation, govt expense accts, etc..) Since privacy is dead, let's let it all
hang out. I feel like it's the 60s all over again.

~~~
maxxxxx
I think in Sweden or Finland tax records are public. Personally I would be for
transparency.

------
tmaly
identity protections services and insurance should be a full tax credit dollar
for dollar.

