If you were a half-dozen years behind on your taxes, Uncle Sam would almost certainly be knocking at the door. But at the Internal Revenue Service, millions of dollars are still being spent to upgrade computers to the 6-year-old Windows 7 operating system, which is two generations outdated.
The long-overdue upgrades are leaving fiscal watchdogs scratching their heads and have security specialists worried about vulnerabilities to hackers.
Windows 7 was introduced to the market in October 2009, and the IRS didn’t begin upgrading until 2011. After four years and nearly $140 million, the IRS still had not upgraded thousands of Windows XP computers to the already outdated Windows 7 operating system by their “end of life” deadlines, according to a report by the Treasury Inspector General for Tax Administration (TIGTA).
In all, the IRS had 110,000 workstations to upgrade from Windows XP and 6,000 servers to upgrade from Windows Server 2003, but according to the report, the IRS had not accounted for the location or migration status of approximately 1,300 workstations and upgraded only about half of its Windows servers from the 2003 software version to Windows 7.
Now, the “new” operating system required for IRS computers is 6 years old and the XP system is no longer supported by Microsoft, leaving taxpayers’ information vulnerable, the watchdog warned. Since the upgrades began, Microsoft has issued two newer generations of its operating software, Windows 8 in August 2012 and Windows 10 this year.
“When an operating system reaches its end of life, companies such as Microsoft stop supporting the operating system, which leaves the systems vulnerable to attack. For the IRS, the use of outdated operating systems may expose taxpayer information to unauthorized disclosure, which can lead to identity theft,” auditors wrote. “Further, network disruptions and security breaches may prevent the IRS from performing vital taxpayer services, such as processing tax returns, issuing refunds, and answering taxpayer inquiries.”
SEE ALSO: Golden Hammer: Feds spending millions on racially targeted obesity studies
The report has outraged spending watchdogs, who say the IRS computer woes have been nothing but trouble for Americans for decades.
“For most people, it costs about $50 and takes a couple of hours to upgrade their computer software. For the IRS, it takes four years, they spend 140 million in taxpayer dollars and it’s still not done,” said Alexander Hendrie, a policy and communications fellow at Americans for Tax Reform.
For spending millions of tax dollars to upgrade to an outdated system while leaving taxpayers’ personal information vulnerable to attack, the IRS wins this week’s Golden Hammer, a weekly distinction awarded by The Washington Times highlighting the most egregious examples of wasteful federal spending.
“It is not surprising that an agency that has spent years ’searching’ for Lois Lerner’s emails would be in IT hell because of their blowing $140 million of taxpayer funds,” said Richard Manning, president of Americans for Limited Government.
TIGTA concluded that the agency’s process for updating its servers and computers lacked “sufficient oversight” and accountability. Auditors criticized the agency for its poor planning regarding costs, security implications and the amount of time it took to complete the upgrades.
In fact, progress was so unsatisfactory that the agency’s chief technology officer began to directly oversee this process.
In its response to the report, the IRS argued that the enhanced oversight provided by the chief technology officer provided better oversight and management of the project than what was originally required, allowing the IRS to “reduce complexity, mitigate delays, and improve transparency and stakeholder accountability.”
The IRS also blasted the report for not mentioning the steps the agency did take to protect taxpayers’ privacy, but those steps were not put into place until late in the project.
“The report does not mention that the IRS established a Microsoft Extended Support Agreement, during the period April 2014 through April 2015, that enabled IRS to continue to receive patches and security updates for the XP workstations. The IRS also implemented a strong risk mitigation strategy for the remaining XP workstations. We took immediate steps to develop and execute the strategy with specific threat management options to reduce the risk of exposure to exploitation through the use of malware,” the agency wrote.
TIGTA did acknowledge that the IRS undertaking was “monumental” and slowed by a variety of policy and budgetary constraints.
“We acknowledge that these Windows upgrade efforts were monumental and unprecedented for the IRS, particularly with the Windows XP upgrade due to its volume of approximately 110,000 workstations and geographical disbursement throughout the country, including Alaska, Hawaii, and Puerto Rico,” auditors wrote.
“In addition, budgetary constraints at the start of the Windows XP upgrade effort on April 2011 forced the IRS to upgrade old computers rather than purchase new computers, which would have made the upgrade process easier due to the compatibility of new hardware with new operating systems,” the report states.
The IRS has a long history of poor information technology management. The Government Accountability Office has documented how the IRS has spent billions of dollars on computer upgrades yielding poor results.
Charles Rossotti, as IRS commissioner in 1998, noted that “IRS technology is just remarkable for how backward it is.”
The agency’s wasteful IT spending is just a small part of a governmentwide culture of poor IT management.
In June, another GAO report on the government’s $80 billion annual investment in IT found that “investments frequently fail, incur cost overruns and schedule slippages, or contribute little to mission-related outcomes.”
Chris Edwards, a budget analyst with the Cato Institute, said, “You can see the same pattern with the failures, cost overruns and delays in air traffic control systems, weapon systems and homeland security systems. The federal government has a really bad management record with regard to upgrading its technology.”
But as the IRS and other agencies continue to flounder on IT upgrades at taxpayers’ expense, Congress has done little to remedy the situation.
“Congress should honor the spending caps in the Budget Control Act and build on them to put a real cap on federal spending. Without real spending constraints, why would we expect bureaucrats to concern themselves with being good stewards of taxpayer money?” said Romina Boccia, a federal spending analyst at the Heritage Foundation.
In light of the ongoing investigation into suspected IRS targeting of conservative nonprofits, Mr. Manning argued that this report further justifies legislation to defund all civil service bonuses for everyone at the IRS.
“This report reveals that the IRS is not only venal against Obama’s political foes, but has failed at the most basic tasks. There is no reason for anyone at the IRS to get a bonus, and Congress should take the decision out of Obama’s hands by prohibiting these bonuses in the upcoming funding bill,” Mr. Manning said.
• Kellan Howell can be reached at khowell@washingtontimes.com.
Please read our comment policy before commenting.