Thursday, July 16th, 2015

Computers and the ATO

The Australian Taxation Office appear to have little idea of what they are doing when it comes to computers and the internet. There are constantly new issues arising as they don’t think out things properly before implementing.

One of the latest issues is their lack of capacity planning with regard to the new version of their MyTax online software for people to lodge their own individual tax returns this year. Now obviously with millions of people wanting to lodge their returns in the first couple of weeks so as to claim their refund the system would need to be able to handle several tens of thousands of people trying to use it at the same time (at least) however as it turns out, some parts of the system have a maximum capacity of about two thousand people – only a small fraction of the number of people would reasonably be expected to want to use it at the same time during July. It looks like no capacity planning was done at all and the ATO is surprised that so many people would actually like to lodge their tax return.

Another issue with the ATO is security. They claim that their system is secure and yet a part of their security sysytem requires that Java be installed on the computer trying to access their business and tax agent portals. Not only is Java itself considered by many to be a security risk that they would prefer to not have installed on their computer but the way the ATO implements their security is using other features that at least some browsers consider to be a security risk and no longer allow to run. The ATO’s response is to tell people to switch to less secure browsers that are yet to implement the security that will block the ATO’s insecure security module.

Yet another issue with the ATO is their reliance on restricted access to people’s tax file numbers. Now if documents containing tax file numbers are emailed then fragments of those documents may be held on mail servers all over the place making it theoretically possible that someone could obtain copies of tax file numbers from these mail servers without the sender or recipient of the email ever knowing. To prevent tiis happening the ATO hace advised that no documents containing tax file numbers are to be emailed. This means that when all of the payment summaries for employees are done that companies will need to remove the tax file numbers before emailing them to their staff. Of course this isn’t going to happen particularly since the email button in most software for producing these payment summaries almost certainly doesn’t remove the tax file numbers and so eventually the taf file numbers will be compromised. The ATO apparently has no plans for how they will handle when this happens.

Basically the ATO online security system is a joke and someone breaking into their system and publishing everyone’s tax info for the world to see is just a matter of time. Unfortunately there appears to be no way to opt out of dealing with such a backward organisation as there is no competitor to switch to who actually has proper security installed.

Be Sociable, Share!

Comments are closed.