Just Before Tax Day, IRS Blows an Expensive, Important Deadline

The IRS is way behind on upgrading its computer systems.

Photo by Kevin Lee/Getty Images

Taxes are due tomorrow, but the Internal Revenue Service is overdue on its Windows XP upgrades. Even though Microsoft ended support for XP last week, about 53 percent of the agency’s 110,000 Windows-based computers are still running the outdated operating system. The other 52,000 computers were successfully upgraded to Windows 7 ahead of XP’s retirement date.

Like government agencies in the United Kingdom and the Netherlands—plus other U.S. agencies—the IRS will have to pay Microsoft so its computers can continue receiving security patches until they can be upgraded. By some estimates, this will cost the IRS $11.6 million per year.

At an IRS budget hearing last week, Rep. Ander Crenshaw, chairman of the House Financial Services and General Government subcommittee, summed the situation up nicely. “Now we find out that you’ve been struggling to come up with $30 million to finish migrating to Windows 7, even though Microsoft announced in 2008 that it would stop supporting Windows XP past 2014. I know you probably wish you’d already done that.”

John Koskinen, the IRS Commissioner, admitted that the agency knew about XP’s end of support deadline for years and added that budget constraints have caused almost $300 million worth of unfinished IT projects within the agency. “So we are very concerned that if we don’t complete that work, we’re going to have an unstable environment in terms—in terms of security,” he said.

In a statement to the Washington Post, the IRS said that none of its systems for processing tax returns or other critical filings were on computers running Windows XP. But in addition to concerns about vulnerabilities related to XP, the Government Accountability Office found in the last year that the IRS wasn’t doing enough to monitor the security of its databases. According to the GAO’s report, many of the weaknesses have to do with lack of updates, or partial implementation of security plans in different parts of the system. Not exactly a boon for citizen confidence.