Tax filers use IRS Web site in record numbers

Security experts and the agency are confident that the site is secure from hackers.

Tax filers flocked to the Internal Revenue Service's Web site this month, with a record number of visits logged last week. Online tax filing also has reached record levels this year.

At 12:30 p.m. on April 17, IRS.gov recorded 3,237 visits per second. The site registered a record total of more than 3.3 million hits over the tax deadline day, making it one of the most heavily visited sites on the Internet. Online filing is up more than 6 percent from 2005, with more than 70 million tax returns filed electronically so far, and more expected from taxpayers who requested extensions.

IRS Commissioner Mark Everson said there was an unusually large surge in electronic filing at the end of the tax season, "signaling that more balance due filers are embracing this service."

The IRS expects those anticipating a refund and those who filed for the Oct. 16 extension to continue using the site. The refund feature, which requires people to provide their Social Security number, filing status and refund amount, has been used more than 25 million times since the beginning of the year.

Despite a recent Government Accountability Report knocking the IRS for weak internal information technology security controls, the agency and independent technology experts say federal online tax filing is heavily guarded against hackers.

"Electronic filing has been going on for 20 years now," said Eric Smith, an IRS spokesman. "There's no evidence that any return has been lost electronically. That's really a remarkable track record."

The GAO report found new weaknesses in information security controls that "threaten the confidentiality, integrity and availability of IRS' financial information systems, and the information they process." It also cited 40 previously reported, but uncorrected, problems.

But the report did not directly examine the agency's online filing systems.

Gregory Wilshusen, author of the report and GAO's director information security issues, said GAO last reviewed electronic tax filing in 2001. The IRS was quick to address the issues raised in that report, he said.

The IRS online filing system is cutting edge in terms of security, said Alan Paller, research director of the SANS Institute, a nonprofit cybersecurity research group based in Bethesda, Md. In addition, the information filed on the site is not that valuable to hackers, he said.

"There are no credit card numbers … no [Defense Department] secrets," Paller said. "Although it would be terribly embarrassing for that data to get out, it's not terribly valuable … unless somebody's trying to embarrass people."

Securing the IRS tax-filing systems involves authenticating the taxpayers' identities and then securing the storage of the information, said John Pescatore, vice president for Internet security at Gartner Inc., an information technology research and advisory firm. While there have been no known comprises of personal information filed to the site, the IRS, like the private sector, is weak in authenticating users' identities, he said.

In another recent report (GAO-06-310), GAO found that the IRS has yet to establish adequate policies and procedures to guide its business systems modernization project. IRS Commissioner Mark Everson generally agreed with the report's findings and in a written response, outlined steps taken to address some of GAO's recommendations.

Like the cybersecurity report, this one dealt with weaknesses in IRS systems that are used regardless of whether the information was gathered from online filings or the traditional paper filings.