Comment by lozenge
2 days ago
Although authorised by some members of the executive branch, it is missing some of the oversight the executive branch is supposed to have.
2 days ago
Although authorised by some members of the executive branch, it is missing some of the oversight the executive branch is supposed to have.
Such as what oversight exactly?
Congress is in charge of the IRS, and the president is charged with operating it.
Since the president and members of Congress are not posted up in there 24/7, the IRS has created internal controls and procedures so that when the president or Congress asks for a report, the IRS can give them an accurate one. It’s these controls that people are thinking of. The article has an example:
> Political officials do not have access to the Integrated Data Retrieval System, or IDRS. The IRS’s commissioner, national taxpayer advocate and even senior officials in the office of the chief information officer, do not have IDRS access either.
“Do not have access” in this case means they have made internal rules, essentially denying themselves access, in order to better document that they are doing what Congress wants them to do.
This is true in many agencies, and one of the concerns with DOGE is that they seem to be trying to circumvent these controls. That may impair the ability of an agency to meet their legislative mandate (e.g. protecting taxpayer privacy), and also impair the agency’s ability to even document what they are doing.
So the answer to “what oversight” is that Congress ultimately has the power of oversight, and the executive branch has the responsibility to operate in such a way that they can accurately satisfy requests from Congress.
Security clearances are surely one? Government employees with access to that data are heavily vetted. DOGE, not so much.
Security clearances for classified information and most IRS employees don’t have security clearances.
7 replies →
I'm familiar with IRS contracts and while security clearances are not involved, they do have a unique background investigation process that involves a tax audits.
It would not be security clearances, but some form of assurances for protecting PII. Think of it this way. If this system contained people’s credit cards numbers, the entire system would be required to be PCI certified, and that requires that processes and procedures be in place so that even employee access is extremely limited. Data shouldn’t even be plaintext at rest. No one really needs to see anyone’s credit card number. Anonymized data is just fine.
So some agency, authorized by the president or not, barging in asking for read/write access to card numbers should not be allowed, because the data aren’t the president’s to give.
Same should be valid for social security numbers. You can’t guarantee that 100% of DOGE’s employees are benign, or that they are have the best opsec, or that their devices are not exploitable (or exploited already). So you minimize this attack surface by minimizing access.
Because if anything happens, then you can be 100% certain that Musk/Trump will not voluntarily answer for it/make people whole. They will at best be taken to court where they will fight for years while the victims suffer the consequences in the present.
So you do everything you can to prevent this nebulous, blameless “we meant well, we couldn’t know this would happen, we’re sorry for all the pain, let’s move forward together” outcome.
The legislation and the judiciary, this is Civics 101.