
Missing E-Mail Is the Least of the IRS's Problems - luu
http://www.bloombergview.com/articles/2014-06-17/missing-e-mail-is-the-least-of-the-irs-s-problems
======
patio11
I buy widespread incompetence in government IT management in general and the
IRS in particular. (Not commenting on the political valence of this, in
observance of the HN politics rule.)

Last year, after requesting an ITIN for my wife (who is not a US citizen and
thus requires an SSN-esque replacement to be able to file joint taxes), we
received two letters from the IRS. One had the ITIN. The other denied our
request for the ITIN on the basis that "We have already issued her an ITIN."
Apparently, the IRS explains, that second letter should have immediately set
my accountant and I to doing forensic debugging of their protocols, because it
means that something "seriously wrong" happened to our returns.

What? Glad you asked. See, the IRS had lost my return. "What?" The paper was
"in the building somewhere" \-- we had gotten a receipt -- but they were
unaware of what desk it was at. (Their first hypothesis was "You failed to
file", and they threatened penalties for that, until being confronted with a
Post Office return receipt. Which is, by the by, why you should always get a
receipt.)

My accountant took over yelling at them for a while to find the return, and
they eventually did, and -- miracle of miracles -- they typed it into the
computer. _Twice._ Thus generating two separate and equal returns going
through non-idempotent processes, such as ITIN generation.

When those two returns met up in the reconciliation stage, they blocked each
other from processing. No one at the IRS noticed this, for approximately 7
months, until my third call to their CS line got someone to actually look at
the file. She hit "delete" on the duplicate. (I really hope she was
simplifying that for me, because it scares me if they can _actually_ delete
anything.) Return processed almost immediately, refund check cut 48 hours
later.

I almost feel sorry for them on being unprepared to unearth potential
political malfeasance, because that is after all a distraction from the day to
day administration of the Revenue Code, but processing returns is, as the
saying goes, "their only job."

~~~
001sky
Tying the healthcare system into this mess was shockingly shortsighted, in
retrospect.

~~~
_delirium
My experience (fortunately relatively brief) of the American healthcare
system's IT was that it could hardly get worse, although perhaps tempting fate
is unwise. Lost records, insurance filings never coded or processed correctly;
the only way anything got done was waiting on the phone for hours to get
claims fixed, and photocopying records myself to have a copy I could
physically carry somewhere. My favorite almost-worked-but-not-quite case was
when an ophthalmologist managed (after 4 weeks) to get a copy of a retinal
scan from my previous doctor in another city... but the photograph was sent as
a completely unreadable _fax_ , in the year 2010.

~~~
marincounty
Yes, the system is an embarrassment, but Obama knew the Only possible way to
provide Americans with Insurance was to use for for profit insurance
companies. I have huge concerns over health care, but at least I know I won't
end up in Superior Court and lose my house if I get sick. I didn't have
insurance when the Obama administration was trying to provide a Universal
Healthcare Plan--the Republicans and even some Democrates were ruthless, and
beyond dogmatic at attacking him. Obama knew if he didn't do something; we
would have nothing!

So Yes, Health Care is a mess and we need to fix it. I feel we need some
drastic changes; We need tort reform for Doctors. We need to build more
medical schools, and offer a free education to the best applicants. Many drugs
should be OTC.(If people abuse the system--they would lose the privilege). Use
of fingerprints could weed out the Narco pill poppers? Patients on long term,
daily medication should be able to refill their prescriptions--up to a
year.(This would include long term pain management drugs). I could go on and
on, but we need to drastically change the system, or at least do pilot trials?

I don't have all the answers; I'm just tired of doctors dragging me into
office visits for no real reason--other than to take my money, or charge the
Insurance companies. The next time your refills run out and you have to
schedule an office visit you will know my frustration.

I'm a Nobody, and basically just venting. Sorry about the lenght of this post.

~~~
ars
> but at least I know I won't end up in Superior Court and lose my house if I
> get sick

That would not have happened anyway. If you can't pay a medical bill then
don't. Just ignore it. Absolutely nothing will happen.

They might send you letters or call, but why subject yourself to that? Don't
open the mail and don't answer the phone (they are required to use caller ID).

People are worried about credit rating but medical bills are excluded from
that.

~~~
eli
Medical debt is, in fact, the most common type of overdue collection account
on American credit reports. Ignoring bills you owe is not good advice.

~~~
ars
If you can't pay then you can't pay. Don't make yourself crazy over it, and
you'll certainly not lose your house.

Even if recorded on a credit report it does not adversely affect your credit
score.

~~~
imroot
That's not completely true.

I have personal knowledge of a Children's Hospital taking the home of the
parents of a 13 month old infant who received a liver transplant and had ran
up at 3 million dollar bill in the hospital.

A little backstory -- I love to volunteer. Fire/EMS, STEM, Kids, you name it,
if it's a cause that I support, I'll generally be there with a bell if I've
got the free time. One of my non profits that I do a fair amount of technical
and 'feel-good' work is a foundation that caters to small children who have
terminal or other serious illnesses and helps their family out.

One night in 2013, a rather distraught woman came in saying that Children's
had placed a lien on her home because of the unpaid medical bills; apparently,
they had moved, civil service sucks in Ohio, and had a default judgement
against them. New collections company comes in, finds this family, and then
places a lien on her homes, car, and gets a court order to garnish their bank
account.

Ultimately, it took a pro-bono attorney about 80 hours to get the entire mess
cleaned up. Today, the little guy is almost 4 and the family has a clean title
on their home and car, and as long as she keeps less than $2K in her checking
account at all times and only has the one home and one car, Children's will
never come after her for the money that is owed, and in 3 years, they'll wipe
away the debt.

------
bane
A few years ago I interviewed for a senior architect position on an IRS
contract. To get the job I had to interview with the subcontractor who was
filling the position, then with the prime contractor and finally with the IRS.
You had to be accepted by all 3 layers, plus get through salary negotiations
to get the position.

The principle job was to build a fraud investigation system by integrating a
COTS analysis tool into the IRS systems to automatically generate cases for
fraud investigation officers to review. One hitch, as I found out after
getting through the gauntlet of interviews, the COTS product that they wanted
to use wasn't built to support this kind of integration and the vendor wasn't
interested in forking off a special build just for the IRS.

So I asked them a simple question "knowing what I know about this product, and
the fact that it can't be integrated as desired, it seems that this is an
impossible task, as the senior architect, I'd want to be clear that I have
powers to restart the selection process of the tools and systems so I can
build a solution that would actually perform as required, would I have this
authority?"

At this point, the senior manager from the prime and the pm from the
government side got very agitated. You see, there was only 2 months to get a
basic system functional and as a result the selection and purchase process had
already been completed.

"Without anybody leading the process?"

This was apparently the wrong question, as I had hit some sort of embarrassing
point I shouldn't have dug into. They pretty much just wanted somebody in the
role to rubber stamp the crap decisions they had already made. They became
very defensive, there was some raised voices. I told them I wasn't interested
in that kind of position and walked out.

2 years later I found out that they had scrapped the program completely after
spending goodness knows how much money and were restarting the entire thing
from scratch.

My gut feeling is that this new program too will fail since any working system
would likely detect the fraud in their IT acquisition and management.

~~~
bmelton
Not that you did anything wrong, but an IT architect restarting the selection
process would, ironically enough, be a violation of the Federal Acquisition
Regulations.

The correct way to go about it is to solicit for proposals, and any interested
applicants will create a proposal. The submitted proposals will be reviewed by
an applications board consisting of contracts officers, COTRs (Contract
Officer Technical Rep, IIRC) and maybe a couple of architects, and judged
against the criteria established in the solicitation, which may state that the
technical superiority is more important than price, or what have you.

Presumably, either the sub or the prime contractor you were interviewing with
had already submitted such a proposal, and was obligated to do the work as
advertised in their proposal.

If they believed that it couldn't be done, the prime and/or sub-contractor
would likely have been fired on inability to deliver, and the government would
have had to re-solicit for the project altogether.

------
autokad
I worked for a company that sold EMC products. one of those was an email
product that made sure companies captured ALL emails for ETERNITY. these were
mainly banks, where (pardon my spelling) sarbanes oxley required banks to keep
them (always and forever). emails from say exchange would be copied before it
went to their in box, stored on disk and also immediately stored to optical
media, which would also automatically be copied. not getting into the other
parts that prevented emails from being lost,

I havent worked at that job since 2007. I find it unbelievable that any major
government organization such as the IRS does not make sure ALL emails are
never lost.

edit: the fact that they lost emails is a huge scandal in its own right IMO

~~~
yourapostasy
The official party line from Koskinen's testimony this week is that IRS staff
members are individually responsible for determining what email is "official"
IRS correspondence, then...I shit you not... _printing hardcopies_ of those
emails and filing them into physical file cabinets. All other email is subject
to a capacity quota, and staff members are instructed to rotate out the email
sitting on the servers to free up space when needed, rotating the old email
into PSTs on their IRS-issued laptops/desktops (they use Exchange/Outlook).

I would be interested to find out what the email lossage rate is for IRS
staff. Not just the 6-8 individual members identified in relation to the
Lerner issue, but across the entire organization (even more interesting would
be a statistical analysis of the Lerner Group's lossage rate compared to the
organization-wide rate).

The NSA has proven the Federal Government has the wherewithal to record
everything. I'd like to see what the arguments are against Congress mandating
that all forms of communication (snail mail, email, voice comms, telex, _etc._
) at all Federal agencies for all Federal employees are continuously
e-vaulted.

~~~
Spooky23
It's probably true. Most of the government is busy moving to cloud email, but
the IRS's IT security bible -- Pub 1075 is too prescriptive and narrowly
focused (it includes mandates for things like rack door locks) to allow that
to happen. So they are probably stuck paying some contractor $50/GB for SAN
disk to run mail.

After the South Carolina Tax Department was owned, lack of encryption was the
main technical issue, so encrypting "all of the things" is probably their main
focus.

As a government employee, records management is a shitshow. There's a 50 page
schedule of documents with prescriptive retention periods -- but these are
intended for the "record copy" only. An email itself isn't a document.
Employees either squirrel away everything or toss everything... The higher up
you go, the more you toss.

------
nospecinterests
None (Edit: I'm talking about digital data retention) of this even matters
when you take into account the fact that it is IRS policy to print out each
and every e-mail sent and received by their employees. One would assume that
this is required to maintain a permanent record of all communications for the
Federal Archives and for legal matters that arise for confidential taxpayer
cases.

"The Treasury Department’s current email policy requires emails and
attachments that meet the definition of a federal record be added to the
organization’s files by printing them (including the essential transmission
data) and filing them with related paper records."[0]

[0]
[http://www.irs.gov/irm/part1/irm_01-010-003.html](http://www.irs.gov/irm/part1/irm_01-010-003.html)

~~~
morganvachon
So why have the emails in question not surfaced in paper form yet? If the
whole scandal and potential lawsuits are riding on missing emails, which
should have been printed and archived from day one, where the hell are they?

~~~
fpgeek
As I understand it, the policy is that only emails that should be permanent,
official records are supposed to be saved - and the judgement of what those
are is left up to the individual employee. If you're someone investigating
that employee, you're not going to trust that judgment. You'd want to see all
of the employee's emails - even ones about lunch plans and carpool
arrangements. Not to mention going through thousands of of paper emails is
likely to be even more labor-intensive than the electronic search and review
so far.

------
coldcode
My friend works at the IRS, and his computer, network, software and
environment are a complete nightmare. Each congress votes less and less budget
because they don't want their wealthy buddies to get audited or the corps that
give them money to be messed with. So the agency responsible for collecting
most of the US governments revenue gets further and further behind. Some
politicians even want the agency abolished. How revenue comes in then is
beyond me. Sure all government agencies waste money but the IRS is one of the
few that actually brings money in. Like the Post Offices's crippling advanced
pension payment that makes them constantly in the red, political decisions
about funding is very much a large part of the problem. My friend just wants
to retire and get out of there before it reaches the Stone Age.

~~~
keithpeter
_"...and his computer, network, software and environment are a complete
nightmare."_

Are we talking P4 and XP here or something worse? Just interested (I teach and
we have mostly Core Duos with 2G/4G and log into a roaming profile system
based on Server 2008, all seems to work ok).

------
freerobby
I'm seeing this line of thinking a lot, and it's driving me bonkers:

> A private company under investigation that responded to regulators, or a
> judge, with this sort of explanation rather than producing the requested
> documents would rightly expect to be handed an adverse judgment or a
> whopping fine.

Why? Since when is the onus to disprove on the defense and the onus to prove
not on the plaintiff? If you suspect a conspiracy to cover up one's tracks,
you can go after the defendant additionally for that. But you still have to
prove it. I'm not a lawyer but if there is any truth to this statement it is a
tarnish on our judicial system. A legal system that convicts based on the
possibility of IT problems is hardly reliant on surpassing "reasonable doubt."

~~~
hga
She's only referring to your duties to not actively destroy evidence.

If you have a regular expiration cycle for data, that's not a problem, unless
you're informed you're being sued or otherwise investigated, at which point
it's incumbent for you to turn off that process, and do whatever's necessary
to continue to preserve the data.

There are other reasonable things that can trigger the requirement to not
destroy data.

The only thing you would be required to prove, if you do lose such data, is
that it was entirely accidental, and you didn't have any culpability. Say a
tornado destroyed the office with the only set of paper copies, and it was
reasonable for you to only have that one set.

------
seacious
"Such policies indicate either an agency that is not concerned with preserving
good audit chains or one that has an extremely penny-wise, pound-foolish
approach to IT policy."

I think AND is more appropriate than OR here.

------
hamiltonkibbe
What happened to the hard drives of everyone she sent emails to, certainly
parts of the email chains in question are somewherre on the hard drives of the
people she corresponded with

~~~
crazy1van
According to CNN:

What about the other missing emails? Did six other hard drives also crash?

The House Ways and Means Committee says that this past Monday, the IRS told
them that the agency also lost emails belonging to six other IRS employees
whose hard drives had also crashed.

One of those six employees was particularly important: Nikole Flax, who had
worked as chief of staff to the former head of the IRS. Flax was known to be
involved in discussions about the tea party targeting.

Source: [http://www.cnn.com/2014/06/20/politics/irs-
emails/](http://www.cnn.com/2014/06/20/politics/irs-emails/)

------
sliverstorm
_The IRS 's policies on e-mail storage were primitive even by the standards of
15 years ago_

What? I'm almost certain the hard drive I had in 2000 was less than 10GB. At
500MB per email user, that's 20 users per entire disk...

~~~
seacious
He's probably not referring so much to the specific limits on mailbox size as
he is to the policy of forcing responsibility for maintaining permanent
archives on the users of the system rather than the administrators of it.

~~~
etrevino
It's a she, Megan McArdle.

I'm not trying to be that guy, just letting you know. If you have time, check
out some of her other articles. She's a pretty balanced commentator.

~~~
seacious
My bad. I wish there were gender neutral pronouns I could use so that I
wouldn't have to worry about shit like this when it doesn't matter.

~~~
etrevino
Trust me, I get it. There's always the "singular they," though English majors
will hate you for it.

------
Randgalt
According to this: [http://dailycaller.com/2014/06/22/irs-cancelled-contract-
wit...](http://dailycaller.com/2014/06/22/irs-cancelled-contract-with-email-
storage-firm-weeks-after-lerners-computer-crash/) \- the contract was canceled
just before the crash happened. Hmmmm

------
ChuckMcM
I find it interesting she was archiving on her local hard drive in 2011.
Especially given the stories of things people found on hard drives bought at
scrap auctions. A better question might be "is it better now?" or not, I'm
guessing not.

~~~
bane
What's interesting is that in many really large Windows based enterprises I've
seen. The space your desktop points to is on a network someplace. You can use
this for roaming profiles and all sort of other things (quotas, centralized
virus scanning etc.) Everything else on the system is not accessible to the
user. So even if you archive your outlook stuff into a PST on your desktop,
it's still on the network someplace an admin can get to it. I've even seen
this used to recover emails from terminated employee's accounts.

Why archive at all? My guess is that their exchange server has some absurd
quote that requires you to purge after you hit 50MB of mail or something.
Nobody wants to delete things, so users generally just move old mail into PST
files.

------
higherpurpose
This seems to be the default 2 choices for government agencies lately when
something bad happens: either they were incredibly _incompetent_ , or they're
_lying_ about it. Neither of which puts them in very good light.

~~~
makomk
There's nothing about this tale of incompetence that's particularly
incredible. A lot of privately-run businesses apparently have the same mess
when it comes to e-mail archiving - central e-mail storage has restrictive
quotas and users have a bunch of PST archives stored locally on their work
laptops. It tends to come with running an Exchange server because central
storage is expensive and hard to maintain. Don't think the manual printing and
archiving of e-mails is terribly unusual either, though most places don't
bother.

~~~
hga
I seriously doubt any of those private companies have legal obligations to
keep this stuff forever.

See
[https://news.ycombinator.com/item?id=7926642](https://news.ycombinator.com/item?id=7926642)
about what banks do per SarBox requirements to do that.

------
Shivetya
Interestingly enough, the IRS contracts to an email backup service and has
since 2005. So perhaps the emails can be found?

~~~
Randgalt
Per this - [http://dailycaller.com/2014/06/22/irs-cancelled-contract-
wit...](http://dailycaller.com/2014/06/22/irs-cancelled-contract-with-email-
storage-firm-weeks-after-lerners-computer-crash/) \- the contract was canceled
just before the crash

------
x0054
Doesn't the federal government already have an entire organization dedicated
to preserving and archiving every email sent by government employees, as well
as members of the public? The NSA?

------
mathattack
It's a moronic policy, but it is the IRS.

~~~
XorNot
No, it's the IRS's budget.

The IRS _cannot_ spend money on things it's not budgeted for. Did you know the
IRS returns $7 in additional taxes for every $1 in fraud prevention funding it
gets at the moment?

Literally, a 700% return on investment, yet when was the last time any budget
passed by congress raised funding the IRS to hire more auditors?

EDIT: Or let's take the articles conclusion: yes, obviously the government
agencies should do better. So naturally we can conclude that the Republicans
championing this investigation will be pushing through legislation mandating
and funding appropriate upgrades - after all it seems like the inquiry has
revealed serious issues which require some dedicated staffing and finance to
sort out for a very important agency of the government.

Of course obviously that actually means this will never happen.

~~~
nospecinterests
The federal budget is __very loose __(unless Congress specifies something
specific. For example, According To The US Government Printing Office, Section
554 of the Bipartisan passed H.R. 4660, An Act Making appropriations for the
Departments of Commerce and Justice, Science, and Related Agencies for the
fiscal year ending September 30, 2015, and for other purposes.

"Sec. 554. None of the funds made available in this Act may be used to carry
out Operation Choke Point."[0]

My point is that managers and execs have a lot of wiggle room and the ability
to make a number of funding transfers and decisions. They could clearly use
budgeted funds or make a request for funding to accomplish actual data
retention if they wanted to.

What makes you think that the Republicans involvement will make sure that
"this will never happen". It doesn't matter what the Republicans do when the
Democrat administration under President Obama just ignores them and the law.

[0]
[http://www.gpo.gov/fdsys/pkg/BILLS-113hr4660pcs/html/BILLS-1...](http://www.gpo.gov/fdsys/pkg/BILLS-113hr4660pcs/html/BILLS-113hr4660pcs.htm)

Edited to change the source material because some people could not handle the
link originally used and to add the second sentence in the 3rd paragraph.

~~~
MisterBastahrd
News Busters is a far-right wing rag. I don't trust them any more than Mother
Jones for reliable information.

~~~
nospecinterests
True and True. That's why I quoted only a portion of the article and why I
checked their source material (the link I put in its place). I originally used
it only because it was A#1 on the top of Google when I originally searched for
a source.

