Report finds IRS employees continue to abuse Internet privileges

Internal Revenue Service workers are still visiting inappropriate Web sites during work hours and spending too much personal time online despite an agency effort to foster better online behavior, according to a new investigative report.

In response to reports showing that a substantial number of IRS employees used the Web more for entertainment than for job-related activities, the agency implemented a new Internet use policy in May 2002. The policy allows workers to use the Internet for personal reasons, as long as they do not "overburden" the agency's information network, get distracted from their official duties, or violate the federal government's ethical standards.

There are no governmentwide rules governing civil servants' Internet use, according to Bob Huley, OPM's assistant chief information officer. Agencies are left to establish and enforce their own policies if abuse of Web privileges becomes a problem, he said.

"My guess is that depending on the level of checking they do, most agencies discover varying levels of problems," Huley added. "That's just the nature of the beast." OPM has a policy similar to the IRS, in that it allows employees to surf the net and send personal e-mails within reason.

IRS distributed its May 2002 policy to all employees in a packet, which included a list of the types of sites employees were not permitted to visit and the possible penalties for breaking the rules. The agency also installed computer software that blocks employees' access to certain Web sites and monitors Internet use in general.

But half a year after creating and publicizing the new policy, a number of IRS employees still surfed the Internet for personal purposes during work, downloading games or music, visiting pornographic sites, entering chat rooms, checking personal e-mail accounts, and instant messaging friends, a June 16 report by the Treasury Inspector General for Tax Administration found.

"IRS rules on Internet usage are clear and comprehensive," said Sen. Chuck Grassley, R-Iowa, chairman of the Senate Finance Committee, which oversees the IRS. "They've been distributed to all employees. The fact that IRS employees persist in accessing inappropriate sites is stunning."

Investigators tracked the agency's Internet use over a week in October, and found that as a group, IRS workers spent more than half their time online engaging in non-work-related activities. During the one-week period, IRS employees accessed more than 1 million "questionable" Web pages from 19,000 computers. This does not necessarily translate into 19,000 IRS employees misusing the Internet, the inspectors cautioned, because some employees may have viewed questionable Web sites from more than one computer. But regardless of exact numbers, the investigators said they feel confident they uncovered "substantial" misuse.

In response to the report, David Mader, acting deputy commissioner for modernization and chief information officer at the agency, said investigators might have overestimated the number of inappropriate sites visited by defining "questionable" too broadly. For example, a worker could visit a member of Congress' site to participate in a work-related chat, and that would count as a "questionable" visit under the investigators' criteria.

Mader told the inspectors he is concerned that their report might lead "those who do not understand the mechanics of the Internet to question the ethics and integrity of the vast number of IRS employees who are complying with [the agency's] Internet use policy."

The report does note that "although a large number of employees accessed sites likely to be inappropriate, a relatively small number of employees appear to be chronic abusers." Nearly 30 percent, or 300,000, of inappropriate site viewings over the one-week period in October can be traced to 122 computers, the inspectors said.

"Nobody should collect a government salary to sit on their behinds and play around in chat rooms," Grassley said. "The IRS should weed out the bad apples who give [the agency] a bad name and the taxpayers lousy service."

In addition to making workers less productive, personal Web use creates security concerns, the report said. For instance, when employees download games or send messages through their private email accounts, they are often bypassing programs installed to detect computer viruses. Internet abuse could also lead to lawsuits claiming that the IRS has created a "hostile work environment" by allowing workers to visit pornographic and other potentially offensive sites, according to the report.

To fix the problem, the inspector general recommended that the IRS require employees to sign a document stating that they understand the May 2002 policy, enhance technology used to monitor Web usage and humiliate Internet abusers by publishing their names. The investigators also urged the agency to focus on punishing workers for misuse, and to make the consequences of violating the agency's Web policy known and feared.

In a June 4 memo, Mader pledged to act on the inspector general's recommendations and noted that the IRS has already taken steps to address some of them. The agency has added a review of Internet usage policy to annual computer security training sessions, and has centralized responsibility for monitoring Web usage, putting the chief of security services in charge and assigning a program manager to assist the chief.

"Using IRS systems to gain access to sexually explicit sites is offensive and wrong," Mader wrote. "Even one employee using the Internet for this purpose is one too many, and the IRS will not stand for it."