IRS Fails To Comply With TikTok Ban

In a concerning revelation, the Internal Revenue Service (IRS) appears to be non-compliant with a White House directive aimed at bolstering cybersecurity. This directive mandated the removal of the social media app TikTok from all government devices. The Treasury Inspector General for Tax Administration (TIGTA), a watchdog for the IRS, has disclosed unsettling findings.

According to a TIGTA report released on December 18, over 2,800 mobile devices within the IRS’s Criminal Investigation (CI) division still have access to TikTok. Additionally, around 900 CI employees can access the app through agency computers. This breach of protocol raises serious questions about the IRS’s commitment to cybersecurity and adherence to federal guidelines.

In February, the Biden administration instructed federal agencies to eliminate TikTok from government devices within 30 days. This came after Congress passed the aptly-named “No TikTok on Government Devices Act.”

That law addressed widespread concerns about the security risks posed by TikTok, which is Chinese-owned and is subject to China’s draconian national security laws. Those laws compel companies based there to hand over user data to the Chinese state. U.S. Intelligence officials have repeatedly sent up red flags warning of the obvious national security risks that are implicated.

TIGTA’s investigation revealed a concerning loophole in the IRS’s attempts to comply with the act and the White House mandate banning TikTok. Even though the agency had conducted some internal testing to ensure compliance, at least 23 IRS devices deemed “unmanaged” still had TikTok access.

Unfortunately, the TIGTA report noted that as of August, the criminal investigations division of the IRS still had TikTok access available on all of its devices. The CI division had not sought exemption from the act or the mandate’s coverage. Even though top management at IRS responded at the time by declaring the entire CI division would shift to mobile software that would effectively block TikTok, that has yet to be carried out.

The IRS’s stance on this issue is troubling, especially considering the broader context of cybersecurity and data protection in today’s digital age. The agency’s reluctance to fully comply with the OMB’s guidance and the new federal law conveys a casual approach to a serious national security issue. One would be hard-pressed to imagine a data security breach that could be more harmful to American citizens than the vast amount of information the IRS sweeps up being compromised to the Chinese Communist Party.