IRS
TikTok Ban Not Fully Enforced at the IRS, Report Finds
Hundreds of IRS-CI employees still had access to TikTok months after the app was banned from all government devices, TIGTA said.
Jan. 02, 2024
A recent report from the Treasury Inspector General for Tax Administration (TIGTA) said hundreds of employees in the IRS’s Criminal Investigation unit had access to TikTok on their computers and mobile phones months after the social media app was banned from all government devices.
Last February the Office of Management and Budget (OMB) issued “No TikTok on Government Devices” implementation guidance, which required agencies to take actions and meet deadlines within 30, 90, and 120 days after date of implementation. TIGTA evaluated whether the IRS was compliant with the new OMB guidelines 30 days after the rules were issued.
Here is a summary of what TIGTA found during its review:
The IRS took a number of steps to comply with the OMB requirement for the removal of TikTok from IRS devices. According to IRS management, they have always blocked access to TikTok on IRS computers. In October 2022, the IRS took steps to block Internet access to TikTok on 6,300 mobile devices and also noted that the TikTok application is not available for download on mobile devices.
However, TIGTA determined 23 mobile devices used by the IRS’s Communications and Liaison group to monitor social media sites had access to the TikTok website and could download the TikTok application. We notified management of this concern on May 12, 2023, and in response, the IRS took corrective action to add these devices to the existing mobile device management software to ensure that the 23 devices could not access TikTok.
In addition, the IRS did not update its Bring Your Own Device (BYOD) policies to comply with OMB guidance. Specifically, guidance was not updated to inform participants in the BYOD program that the TikTok prohibition also relates to their personally owned devices.
Finally, the IRS does not comply with the OMB’s mandate as computers and mobile devices assigned to CI employees continue to have the functionality to access TikTok and other related websites. For example, TIGTA identified more than 2,800 mobile devices used by CI that could access TikTok’s website and approximately 900 CI employees that had the ability to get access to TikTok’s website via computers assigned to CI.
TIGTA noted that as of August 2023, IRS-CI has yet to request the required exception from the Treasury Department, nor has it taken steps to block access to TikTok on computers and mobile devices assigned to its personnel.
IRS-CI officials told TIGTA that they are not planning to request the law enforcement exception for those 900 CI employees because the workers can only access TikTok via a third-party software, which does not directly connect IRS devices to TikTok, according to the report. In addition, for its 2,800 mobile devices, IRS management said CI should look at moving their mobile phones over to the existing mobile device software that the rest of the tax agency uses which has the ability to block access to the website.
“As such, CI did not comply with the Act and OMB guidance, which required that within 30 days from the issuance date of the OMB memo TikTok be removed and installations be disallowed on information technology owned or operated by agencies, except in cases of approved exceptions, and that internet traffic to TikTok be prohibited from information technology owned by agencies, except in cases of approved exceptions,” TIGTA said in the report.
TIGTA made six recommendations in the report, five of which IRS management agreed with, including working with the OMB to update the BYOD program’s policies and procedures to ensure that IRS employees comply with the rules.
However, IRS management disagreed with TIGTA’s recommendation to block access to TikTok on more than 2,800 mobile devices used by IRS-CI, saying “the IRS is establishing an internal process to adjudicate limited exceptions, as defined by the Act and described in Section IV, and requests will be considered by the commissioner or his designee.”