We are live on capitol hill this morning where irs commissioner John Koskinen is set to testify on cybersecurity. Hell be appearing before the Senate Finance committee. Live coverage here on cspan 3. We expect it to start in just a few minutes. Again, waiting for the start of testimony from irs commissioner John Koskinen this morning. Hell be talking about cybersecurity and how the irs protects the information of taxpayers. This is taking place before the Senate Finance committee. Just a couple moments away. While we wait for this to get started, elsewhere on capitol hill today, visits continue for Supreme CourtJustice NomineeMerrick Garland. Hes meeting with 14 senators today, seven democrats, six republicans and one independent. So far, he has had meetings with 21 senators, 18 democrats, 3 republicans. Oneonone meetings with senators to take place in their offices today. Senate Judiciary Committee chair Chuck Grassley was up first and they started at about the 7 45 today. There was no coverage of that meeting. Afterward, senator grassley tweeted out, had pleasant breakfast with judge garland this morning. Explained why the senate wont be moving forward with his nomination. The next president will decide after the people have a voice. Other meetings set for today include senator murkowski of alaska. Its set to start about 10 15 this morning. Later this afternoon at 4 00, its senator booker, democrat senator booker of new jersey. Republican senator toomey start also at 5 00 p. M. Eastern. No coverage of that. And then tomorrow, more meetings with senators, senator king, warner, ayotte, senators murray and mccaskill. Thursday, meetings with senator portman, baldwin, flake, republican Judiciary Committee member, and then senator bennett and senator warren. Still a couple minutes away from testimony from irs commissioner John Koskinen talking about Cyber Security this morning. We understand the meeting is going to start a little later than expected. Want to tell you about some more programming coming up live here on cspan 3. U2 lead singer bono. Hell be joining state department and u. N. Officials testifying on the role of foreign aid and the resources needed to combat violent extremism. That will start live right here on cspan 3. While we wait for remarks, well take you back to this mornings washington journal for a discussion on campaign finance. Were talking about money and politics. The i pampact of the decision. Policy director at the Campaign Legal center. Christian burg is former deputy counsel at Citizens United. A bit of a History Lesson here. Remind us what Citizens United was about and what changed as a result. Sure, thanks for having me. Citizens united, a lot of people lose the fact this is a Small Nonprofit Organization trying to make a movie about hillary clinton. They wanted to make their film, produce the film and run Television Ads about it. When they look at the finance laws, realized their were sill and criminal penalties. If they were to run Television Ads saying come watch our movie. So they went to court really to just promote film. They went to court for some basic First Amendment rights. A lot people say, oh, Citizens United is about corporations. Its about corporations being people. Thats really not why Citizens United went to court. They just want to show the movie. Take us to 2016. Impacts of that case that youre seeing todayed in 2016. What were seeing in 2016 is the impact of not only sit steps united but also speech now, another case that was decided at the appellate level. But we have no shareholder protection and we have single candidate super pacs. None of those supposedly talked about in Citizens United, but other results that we have. So we have a decision that was wrongly decided in the sense that it created court went beyond and created this right for corporate free speech if you will in elections. But we are not even getting what the court promised. Were getting none of the disclosure that the court voted for. We do not have the ability of shareholders to know what is being spent. And we have single pac, single candidate super pacs coordinating closely only in the Legal Definition are they somehow independent. So we really have a wild west of money and we of course then have the dark money groups. Its hard to lay that necessarily totally at the feet of Citizens United. I think the Internal Revenue service has to claim a lot of credit for these groups that could have foreign money in them. We have no idea really what the source of the money is. Theyre spending significant anlt amounts to influence. Were not only talking about the president ial level but also the congressional and even state races. So the president ial level gets a lot of attention. The billion dollars raised so far in this campaign cycle, thats just the president ial cycle, not the center of elections. Christian, back to you, that wild west term, do you think its become a wild west . I really dont think it has become the wild west. I think when you look at superpacs, which is what a lot of people talk about these days, thats all transparent. We know where the 100 million raised to support jeb bush came from. We can see that in the fac reports. Certainly across the spectrum, i think there has been this worries that corporations are going to buy elections. It hasnt come to fruition. When we look at this cycle, were just not seeing it happen. This notion that the superpac money is transparent because its disclosed is not true. What we have is some disclosure at the federal Election Commission of where the superpac money is coming from. If one of those donors to the superpac is a group called lets say americans who love america, we have no idea where that money is from. So it is very limited and very inefficient and probably, you know, we dont even know where this money for the superpacs is coming from. Weve had llcs that have made contributions. The notion theres disclosure for superpacs is a bit of a misleading characterization. Christian, Citizens United, not the first ruling on money in politics. What was the legal precedent this case was built on . When you hear people blame Citizens United for a lot of things, there was legal precedent before that. Oh, sure. I think you have decades of legal precedent that made clear that money is speech. We go back to the 70s. What was that about . I mean really this was about whether or not in part whether you could curtail how much an individual candidate could spend on their own race. You couldnt limit that. You just couldnt. Money is speech. Money is a proxy for speech. I actually think this notion that money is speech, its not exactly what buckley said. There are a number of issues that play in buckley. Everything from expenditure limits, contribution limits. Limits on what candidates can spend themselves. These were all in the package. The court in that case did not say money is speech, but it did say it had serious implications for the First Amendment. I think Justice Stevens and the nixon case got it much more on point. He said money is not speech. Money is property. Obviously, he has not won the day with the court that has had 54 rulings in the last several years, but theres a very interesting notion here about how you apply the First Amendment to the notion that money is speech versus how you apply those protections if money is viewed as property. Let me promote the lines. If you want to join in the conversation, phone lines are open. Republicans. Democrats. Well get to your calls in just a second. To that point, buckley, 1976, Citizens United, 2010. Mccutchen. 2014. For those who want to limit spending, what are the wins they have had . Are there wins you hang your hat on on the Supreme Court level . I dont want to limit spending. The point is you have a system in which average people have very little ability to have any kind of impact on the races that are occurring. I want more speech. The question is, i want more speech by more people. I want more participation. We have a system now. It was actually raised in mccutchen by the dissenter saying we have a discussion particularly after mccutchen that got rid of the aggregate contribution limit. As Justice Breyer put it, the ability to drown out the rest of the voices. This is really a kw about amplification. We all want to have a system in which every american not only can but wants to participate. We dont have that right now. Are people being drown out . I really dont think so. I certainly dont think mccutchen led to that. Mccutchen we said of 2,700 given to one candidate isnt corrupting. Why not be able to give it to as many candidates as you want . Thats all we did there. Thats all the courts did there. Really i think postCitizens United people have more speech, they have more opportunities to speech. They can join together with their friends, with their peers. Hes asked i proceed without him. Well be happy to have him participate when he comes. Well, good morning. Its a pleasure to welcome everyone to todays hearing which weve entitled cybersecurity and protecting taxpayer information, unquote. These are really important issues that the finance committees been working on for some time. In june of last year for example, we had a hearing on the theft of Internal Revenue service data affecting taxpayer information. Much has happened since that time. At the urging of the finance committee, the irs, state revenue commissioners and leaders of the tax return preparation industry came together last year to convene a Security Summit which resulted in new information sharing agreements to help identify suspicious activity in the tax filing and refund process. We look forward to hearing more about that effort today. Weve also seen unprecedented growth in the scope and scale of cyberattacks aimed at stealing personal information and billions of dollars from our taxpayers. Last year alone, cyber criminals obtained access from several large health insurers, exposing tens of millions of americans to potential Identity Theft. Foreign governments gained access to poorly protected government databases including a treasure trove of information at the information of office of personnel management. Today, we will focus on three separate aspects of this problem. First, we will consider the ways the irs authenticates taxpayer identities from data thieves. To gain even more information about taxpayers or to file false returns and obtain refunds under stolen identities. Second, we will examine how the irs uses its resources to improve cybersecurity. This will include some discussion about the irs future state plan which the agency has developed in order to adapt to the realities of the 21st century. The ongoing efforts of the irs state revenue collectors and private tax preparers to see what can be accomplished. To protect taxpayers from fraud. Taking a look at our witness table, it is clear this is not a typical lineup of witnesses. Challenges to cybersecurity require not only smart and persistent leadership at the top but also technological expertise and skills down on the ground so today we not only have with us the heads of the irs, the Government Accountability office and the treasury Inspector General for Tax Administration, weve invited subject Matter Experts on the relevant issues from each of those agencies to testify as well. Thats a total of six witnesses. I suspect each of them will bring unique and important insights to this discussion. In closing, ill just say while we are clearly making Real Progress in this area, the challenges are continuing to grow and criminals behind this kind of data theft are getting more sophisticate and aggressive. Seemingly by day. American taxpayers and their livelihoods are their targets. In other words, we have a lot of work to do. My hope is well continue to be able to work on these issues on a bipartisan basis in order to do right by the American People. [ inaudible ] good morning, chairman. Thank you for the opportunity to discuss the irs ongoing effort has. As the chairman noted, im delighted to have our chief Technology Officer with me today for any specific technical questions you may have. Securing our systems and taxpayer data continues to be a top priority for the irs. Even with our constrained resources, we devote significant time and attention to this challenge. We work to protect our main Computer Systems from cyberattacks and to safeguard taxpayer information stored in our databases. The systems withstand more than 1 million malicious attempts to access them each day. Were continuing to battle a growing problem of stolen identity refund fraud. Weve made steady progress. Weve found the type of individual we are dealing with have changed. Now were dealing more and more with organized crime send dates here and in other countries. So they can do a better job of impersonating taxpayers. We joined with leaders of the Software Agency and the states to create the Security Summit group. This is an Unprecedented Partnership that is focused on making the tax filing experience safer and more secure for taxpayers in 2016 and beyond. Our collaborative efforts have shown concrete results this Filing Season. Over the past year, weve seen three examples of what eidentit thieves are capable of and why we cant let up in this case. Weve detected and stopped unauthorized attempts on our website irs. Gov. One of the Services Targeted was our get transcript online application used by taxpayers to obtain a copy their prior year return. Another was an online tool to retrieve a lost Identity Protection personal Identification Number or ip pin. Taxpayers who previously were victims of Identity Theft used these pins to prove their identity when they file a return. The third was a tool that some people used to generate a pin number when they efile their tax return. In all three cases, criminals were trying to use our online tool to help them pretend to be legitimate taxpayers and sneak false returns past our fraud filters. These incidents, which unfortunately in the case of the get transcript access, resulted in the loss of information for thousands of taxpayers. Have shown us that improving our reaction time to suspicious activity isnt enough. We need to be able to anticipate the criminals next moves and attempt to stay ahead of them. The ongoing work of the Security Summit group will be critical to our success here. As we confront the challenge of Identity Theft, were also working to expand and improve our ability to interact with taxpayers online to meet taxpayers increasing demand for digital services. Were aware, however, that in building towardings this enhanced online experience, we must continuously update and improve our ability to verify the identity of taxpayers using these services. Taxpayers will only use these services if theyre confident they are safe and secure. Were in the process of developing a strong framework. We have a delegate balance to maintain here. We need to keep the criminals out while letting the legitimate taxpayers in. Our goal is to have the strongest possible authentication process for Online Services while maintaining the ability of taxpayers to access their data and use irs services online. Congress can provide critical support by providing adequate resources for these efforts. We appreciate the 290 million in additional funding for fiscal 2016 which included funds to improve cybersecurity and fight Identity Theft. Sustaining and increasing funding in this area will be critical as we move forward. Another way congress helps us is by improving Tax Administration and cybersecurity. One of the most important requests we have made is for the reauthorization of streamlined Critical Pay Authority, the loss of which has made it very difficult if not impossible, to recruit and retain employees with expertise in highly technical areas such as information technology. Chairman hatch, Ranking Member wyden, this concludes my statement. Will be happy to take your questions. Thank you so much. In order to ensure we have the most robust discussion possible, weve invited the head of three vital government offices to testify as well as the subject Matter Experts in the relevant areas from each agency. Weve heard from our first witness, John Koskinen who has a tremendous reputation and background for the job that hes doing. Our second witness will be, and i put that discussion into the record. Our second witness will be the Inspector General from the treasury Inspector General for Tax Administration. Mr. George was confirmed to his current position in november 2004. Prior to that, he served as the Inspector General of the corporation for national and community service. Mr. George began his career as a prosecutor in the Queens CountyDistrict Attorneys Office in new york following which he served as assistant general counsel in the Counsel Office white House Management and budget. Also served as the associate director for policy and the office of National Service after which he moved to the private sect wear or where he practiced. Then in 1995, mr. George returned to washington, d. C. To join the committee on government reform and oversight as the staff director and chief counsel as government Management Information technology subcommittee. Mr. George sketched his bachelor of arts degree from Howard University and his law degree from Harvard University school of law. He will be joined by deputy Inspector General for audits michael mckinney. Mr. Mckinney is responsible for providing audit oversights of irs operations relate to the preparation and processing of tax returns and the issuing of refunds to taxpayers and finally from the Government Accountability office, we welcome back controller general. Confirmed as the eighth controller general of the United States and head of the Accountability Office in december 2010. Was confirmed to this position after serving as the acting controlling general, controlling general, since march of 2008 including this seven years of dedicated service. Has sebed the country for more than 40 years at the gao. He served most recently as the chief operating officer and has also headed gaos accounting and Information Management division where he directed the first ever audit of the comprehensive Financial Statements covering all federal departments and agency. Has also worked closely with congress and several administrations on Major Management and reform initiatives, including the 1994 government management reform act, the revised 1995 paperwork reduction act and the cleaner cohen act of 1996. He received a bachelors degree in accounting. He is joined by Information Security issues director gregory wilshouson. Want to think all of you for coming. I know this is an expansive topic. The more insight and perspective we can get, the better we will be. Well hear the witness testimonies in the order i just introduced them. Mr. George, well turn to you at this time excuse me, no, its whos next on there . Mr. George is next, yes, okay. Thank you, chairman hatch. Members of the committee. For the opportunity to testify today on the irs processes to protect sensitive taxpayer information. As you noted, mr. Chairman, im joined by by mr. Mckinney. The irs is a prime target for attack because of the extensive amounts of taxpayer data it stores. As such, the security of taxpayer data is one of the top concerns facing the irs. Has identified a number of areas in which the irs could better protect taxpayer data. For example, recently reported that the irs is working towards Continuous Monitoring of its overall security information past pastoostur posture. To perform ongoing realtime assessments of Information Security. We also reported that the irs needs to fully implement unique user identification and authentication that complies with the department of Homeland Security directives. Full implementation and integration of personal Identity Cards will help to ensure only authorized personnel can access the Computer Systems and facilities. Further, has evaluated the effectiveness of the Security Patch management process. This process is key to mitigating the security risks associating with known vulnerabilities to comb pupter syst Computer Systems. We found the irs is working to expand a process needed to ensure that all irs systems are patched timely and operating security. Web applications are significantly vulnerable because even without security, hackers can and have cleared the authentication process to gain access to and still valuable taxpayer information. The irs has established processes and procedures to authenticate individuals requesting Online Access to irs services. However, these procedures do not comply with government standards. For example, the processes the irs used to authenticate users of its get transcript and Identity Protection personal Identification Number, the i pin, ip pin, applications required only single factor authentication. Government standards require multifactor authentification for such highrisk applications. The Authentication Framework used for these applications did not comply with the government standards for single factor authentication. In august 2015, the irs reported that unauthorized users had been successful in obtaining Tax Information on the get transcript application for an estimated 334,000 taxpayer accounts. To prevent further unauthorized access, the irs removed the application from its website. Unfortunately, current review of the get transcript breach identified additional suspicious accesses to taxpayers accounts that the irs had not identified. Based on analysis, the irs reported on february 26 of this year that potentially unauthorized users had been successful in obtaining access to an aditional 390,000 taxpayer accounts. We also reported in november 2015 that the irs did not complete the required authentication Risk Assessment for its ip pin application and recommended that the irs not reactivate this application for the 2016 Filing Season. However, the irs reactivated the application on january 19th, 2016. We issued a second recommendation to the irs on february 24th, advising it to remove the ip pin application from its public website. On march 7th, the irs reported that it was temporarily suspending use of the ip pin application as part of an ongoing security review. The irs does not anticipate having the technology in place for either the get transcript or ip pin application to provide multifactor authentication capability before the summer of 2016. The number and sophistication threats to ataxpayer formation will likely continue to increase and these threats will be a continued focus. Chairman hatch, Ranking Members of the committee, thank you for the opportunity to share my views. Thank you. We appreciate having you. Now turn to and i understand the other two witnesses if necessary. Thank you very much, mr. Chairman. Good morning to you. Greg and i are very pleased to be here today to discuss gaos work related to Computer Security at irs. And identity thecht refund fraud. Our most recent audit showed that irs had instituted controls over its financial and tax processing systems. However, there was numerous weaknesses we identified due to the inconsistent application of their Information Security program across irs. Now, these weaknesses included easily guessed passwords to gain access to servers supporting key systems at irs including those to access and manage taxpayer accounts. Users at the irs that were given rights and privileges beyond what they needed to carry out their responsibilities, including access to electronic tax payment systems. We found that key systems that should have been encrypted were not encrypted. We found in other cases there was applications where user activities was not being logged in order to potentially investigate or know who was using those systems, including those that were used to transfer Financial Data and manage and access taxpayer accounts. And also we found that Software Patches were not being implemented in a timely fashion and a couple of key instances in particular. Now, to theres these weaknesses and strengthen irs security program, gao made 45 new recommendations to the irs. In addition, we reemphasized the importance of implementing 49 recommendations that we had made previously that were yet implemented. One area we were concerned about with this most recent audit was in 28 instances irs asserted that it implemented our recommendations for prior recommendations. In our subsequent testing we found in nine of those 28 instances indeed the problem had not been fixed so were very concerned about that. This included access to employees and visitors to one of irss computing facilities where lists have not been updated as appropriate. We have a lot of recommendations to strengthen irss Computer Security program. Were hopeful that theyll rigorously implement our recommendations over the next few years, all 94 recommendations we have outstanding. Now, with regard to Identity Theft, very pleased to report that the congress had acted on recommendations that we had made to allow for more timely filing by employ errs of the w2 data. I was here last year before this committee talking about the importance of providing earlier w2 information to the irs. In past years, they basically only had the w2 information from employers in april and they didnt have it earlier to match against filings. Including those being filed using fake identities. The new law now gives irs the ability to have that information at the end of january. We think its very important for irs to implement changes to its processes and systems in order to take advantage of the new information that will be available ahead of time. We also think that irs needs to continue to test and assess the cost benefits and risks. Techniques that can be used. This has been a key witness in the past on get transcript and the ip authorizations. And the irs also needs to give feedback to people who give external leads to them. Tips they can follow up to identify Identity Theft. One also recommendation we have to the congress of additional thing we think would help would be to lower the requirement for Electronic Filing from 250 returns down to a much lower number. This would give the irs more electronic information that it can use to quickly match to help fight Identity Theft in the future. Again, thank you for the opportunity to be here today. Gaos very committed to security areas. We actually designated it as a high risk area across the entire federal government. Weve been working on it since then. Made thousands of recommendations. Im pleased to be here today to participate in this hearing. Thank you very much, mr. Chairman. Thank you so much. I want to apologize to senator wyden. I should have called on him right away. Were going to call on him at this time. Mr. Chairman, thank you. To colleagues, my apologies for being late as well. I was at the public proceeding to look at steel overcapacity. We care a great deal about enforcing the trade laws on this committee, particularly the force act, level the Playing Field act. Dealing with the steel overcapacity that could really cost us family wage jobs, family wage jobs in oregon and around the country. We worked on this in a bipartisan way. I was at the ustrs proceeding to make sure they move aggressively to enforce the law. Now we turn to the question of irs cybersecurity. Its pretty obvious hackers and crooks, including many who work for foreign crime syndicates, are jumping at every opportunity to steal hardearned money and sensitive personal data from american taxpayers. It happens a lot and it happens in the real world. In my view, taxpayers have been failed to by the agencies, the companies and the policymakers here in the congress that they are counting on to protect them. It was unacceptable for the irs to leave the front door open to hackers by using a weak authentication process for its get transcript system. It meant that thieves could walk through the door and steal the Tax Information of three quarters of a million taxpayers. To make matters worse, after the irs mailed the special Identity Protection pin numbers to the hacking victims, it repeated its mistake and used lax security online. For the tax scammers, once again, it was as easy as going online, plugging in the personal data youve already stolen, and pretending to be somebody who lost their ip pin. So after leaving the front door open, the irs left the back door open as well. There is simply no excuse for this. Poor protection of taxpayer information is not just a problem at the irs. There is plenty of blame to go around. Already this tax season, hackers have gotten in to the inadequately guarded system of private Software Companies and stolen personal information from thousands of people. Its my judgment you cannot have an honest discussion about protecting taxpayer information without including the vulnerabilities from the efile providers as well as crooked return preparers who operate in the shadows and steal from customers. For years, republicans and democrats have agreed on the need for minimum standards for return preparers. The congress had sat back and watched while criminals have come in and preyed on taxpayers. When it comes to blocking hackers, congress has done next to nothing while the irs loses its ability to hire the experts who can keep taxpayer Information Safe. If you are a top notch tech expert, you already are taking a pay cut to work in Public Service compared to what youd earn at firms in oregon or california. Now, without what is called streamlined Critical Pay Authority, it can take 4 to 6 months to bring a new hire on board at the irs. So i want to be clear as we go to questions, taxpayer information is under assault every single day. But the irs does not have the Legal Authority it needs from the congress to build a Cybersecurity Team that can beat back the crooks. Already theres been an exodus of high ranking irs tech staff. The director of cybersecurity operations left a month ago. The terms for the remaining employees working under this Authority Continue to expire. Including for one of our witnesses chief Technology Officer. Come 2017, there are not going to be any left. So today, instead of rehashing the past and just beating up on one agency or one firm, to me, the priority ought to be to focus on the fight against hackers and crooks across the board. Its my view that streamlined Critical Pay Authority is a key part of the solution. There was a bipartisan bill colleagues ready to go last fall. This committee ought to move forward on it as soon as possible. Furthermore, the Congress Needs to make more than token investments. The congress has held the irs tech budget below where it was six years ago. You can bet that the hackers have not backed down since then. Next, the irs and private firms need to do more to keep taxpayer Information Safe inside their systems. The transcript hack i mentioned earlier have been well documented. A recent audit found the security maintained by private fee File Services did not meet expectations. It is unacceptable for troves of taxpayer data to be more vulnerable to hacking than many social media or email accounts. And the committee ought to consider whether the irs is to guarantee that the security used by private Software Firms is up to snuff. While many tax preparers are honest practitioners, we know there are always bad apples in the barrel. Last year, the senator and i introduced a bill giving the irs the authority to have basic minimum standards over these tax return preparers. Weve worked to create a bipartisan Identity Theft bill. Which i had very much hoped would include at least these minimum standards for return preparers. Its still my view that people handling sensitive taxpayer information should have to meet what our minimum standards and that the committee should vote to require it. Anybody who thinks western civilization is going to end if we have minimum standards can come to my home state because weve got them and its working well. And we heard from a preparer that that was the case. Its open season for hackers to steal money and data from hardworking americans, so congressional action should not make the situation worse. With tax day approaching, millions of americans are filing their returns online through the mail or with a private return preparer. The committee has a responsibility to protect taxpayers no matter what filing method they choose. So i see this hearing as an opportunity to find some bipartisan solutions, to do what the finance committee has always done best, which is to find common ground. I thank our witnesses. Mr. Chairman, i look forward to working with you and our colleagues. Thank you, senator, appreciate it. Let me just let me begin by asking this. The irs is working with state revenue commissioners and the private tax industry and the socalled Security Summit. And has made an agreement to create an information sharing and Analysis Center or isac. To facilitate and sharing information to prevent refund fraud and Identity Theft. I understand the agency has made progress on this. But it remains incomplete. I hope it moves forward as quickly as possible. I have two questions for the irs and anyone else who would care to comment. One, when do you anticipate the isac will be up and running . What impediments are delaying its launch, mr. Commissioner . Given that we are nearing the end of the 2015 tax Filing Season, describe the extent to which the irs and its partners are currently sharing information to prevent stolen identity refund fraud, and how you measure whether thats working or not. Thank you, mr. Chairman. The Security Summit has been thus far a great success. In fact, part of the indication of its success is that the private sector members have requested, which weve honored, that we make it a permanent partnership going forward, because it has already demonstrated its great utility. Weve been able to receive information from state tax commissioners as well as preparers about suspicious patterns. Weve been able to Exchange Information, when we see suspicious patterns or security numbers that have been abused, weve been able to share that information in realtime with the private sector and with state tax preparers. As you noted, we agreed early on the Information Sharing Center would be very helpful to increase the utility of that information and its availability. I would stress, the private sector and the irs and the states are all protective of individual taxpayer information. The information were sharing is about patterns. Its about activities going on, but basically were not sharing information taxpayer information except in situations where we know theres been fraudulent atempts to access those accounts. How we measure it thus far, weve had a significant increase in the amount of leads provided. Weve had a significant increase in the volume of refund fraud stopped. Weve stopped over a million tax returns this year that are suspicious. We identified thousands of them that are fraudulent. Weve shared all that information back and forth. We do think that as soon as we can, we will try to implement the isac. It takes some time because its a unique opportunity. We are funding it with some of the money that we were given out of the 290 million the congress provided us additionally this year. Some of its going, in fact, to develop under the isac. We hope to have it up and running. Its not clear well be able to get it fully operational by next tax season. Were already in realtime exchanging information back and forth and it has been extremely helpful. Thank you. This a question for all of the witnesses regarding unimplemented recommendations. In a report released last month, the irs, on irs Information Security, gao identified vulnerabilities, believe the sensitive taxpayer information of millions of americans quote unnecessarily vulnerable to appropriate and undetected use, modification or disclosure, unquote. Gao made 45 new recommendations on how to better protect this data and identified 49 prior Information Security recommendations, that the irs has failed to implement. Last year chairman brady, senator rubio, congressman yoho and i requested an update on recommendations relative to todays hearing. I was disappointed to learn that several continue to remain unimplemented. I would like to ask ticta and the gao to implement the recommendations you deem most important and discuss whether incidents like the unauthorized access of the quote Identity Protection personal information number unquote tool would have occurred had these recommendations been implemented. And i would love to ask the irs to respond to the status of these recommendations as well. Mr. Chairman, as did relates to the latter point, we believe if our recommendations had been implemented, while we could not guarantee that the breach would not have occurred, it would have been much more difficult for that to have happened. But i would like to defer to my colleague, michael mckinney, for the additional response. One thing especially in the area of authentication, weve got some probably one of the more important recommendations to improve the authentication, to move to the multifactor authentication. Theres also some concerns weve expressed in the past that i think are really primary here. And that is the irss willingness to accept risks, in these areas without really very well following a process to show why, to document why theyve accepted those risks and the rationale and what theyve done to mitigate those risks. Thats one of, of the most significant concerns we have, is the agency itself, when it decides to accept risk. Its unavoidable. But it should be kept to a minimum. And when they do accept risk, they should thoroughly document why rationale and what they will eventually be able to do to overcome those risks. Commissioner kaufman, it seems to me you do not cite the cheats and ripoff artists by osmosis, you do it by having the right kind of experts, talent you need. Many of those experts were hired using streamlined critical pay, including the head irs i. T. Official, who is sitting next to you, mr. Mulholland. But the authority expired in 2013 and the irs has already lost many of these experts. I think it would be very helpful if you laid out for the commissionty what a committee what are the going to be the consequences for Congress Failing to renew the authority to go out and get people who know how to beat the crooks . Well were concerned about it, thats the reason ive been talking about it for the last two and a half years. Because what it gives us, is the ability to find topnotch i. T. People and hire them with suitable background checks without going through the three to sixmonth normal Government Application process. And these are all highly desirable people. Our people are being recruited every day. And when you tell somebody wed love to hire you, we got a great position for you, if youll sit around for three to six months, well get back to you. And in the meantime, fill out the applications and apply for the job, needless to say, most of those people arent around when we come back. There are good people who are willing to work through that process, but at the top of the heap, cybersecurity experts, people who are expert at development of new techniques and technologies like mr. Mulholland, they simply dont need to go through that entire process. So the authority was provided in the restructuring act of 1998. Was renewed every four years, the i. G. Reviewed the program a year and a half ago and found we had used it appropriately. It only applies to 40 slots and we never used full 40. But if we continue to lose people, we have ten last i. T. People on the list, and by this Time Next Year theyll all be gone and our ability to replace them is very questionable. Okay. Inspector george, we always value your work. I gather that you all have looked at this issue as well and you largely agree with what the commissioner has said. That these were justifiable hires, that these are exceptionally well qualified individuals. And that this was something that really worked. Is that true . It is true. And it was actually even underbudget this is one of the programs implemented by the irs that we have to say was very successful and justified. Im going to repeat that for my colleagues. So here we have something thats been an essential tool, were not going to have it any longer, absent Congress Getting serious on a bipartisan basis to renew it. And inspector george, whose views we have long admired on both sides of the aisle said the program came in under budget. And i appreciate youre doing that, inspector, because if that isnt a wakeup call to the congress, i dont know what is. Theres something that works and if were going to beat the crooks, we ought to have it. Now commissioner koskanen, let me ask you about the private efile providers, think we all understand that the irs isnt the only place where the bad guys, the crooks, can go after innocent taxpayers. In january, two efile providers revealed that 16,000 taxpayer accounts had been breached. The independent Online Trust Alliance concluded that six of 13 private online freefile Tax Preparation Services failed the best practice assessment with respect to these cybersecurity tests. Are efile providers doing enough to keep taxpayer Information Safe . And in your view, what needs to be done on this issue again, the finance committee, democrats and republicans, working together, to insure that were using the tools that are essential . Thats an important question. One of the great outcomes of the Security Summit partnership we have with the private sector is from the start in our meetings with them, all the preparers and providers and Software Developers agreed that they would all meet the standards of operation. Most of them already met them. Its not been a question of our having to require it. They have actually voluntarily agreed to a standard system of security. And theyve gone beyond that. Theyve agreed to standard authentication procedures for taxpayers who use their services. So its one of the great examples of what happens if you have a Public Private partnership. Where both sides are working together to solve a problem. Can you make great progress. And we feel comfortable that our partners in the private sector see this as an important problem. They want to protect their clients, none of them want to have a breach and theyve all been willing to work cooperatively with us to set up appropriate standards and agree to them. The last leg of this game plan in addition to Critical Pay Authority and the tools to deal with the efile ripoffs is tax preparers. And once again, chairman hatch and i have had Bipartisan Legislation on this ready to go. And for the life of me, i cant understand when taxpayers are ripped off, why we cant have minimum standards. Where you all were sitting, we had a person from oregon who made it very clear, the sky is not going to fall. Western civilization is not going to end if we have minimum standards. I want to wrap up with a question for mr. Koskanen and mr. Darderro. My understanding su both think there should be minimum standards over these preparers, based on what you have seen over the years. With all the problems. That stem from the fact that while most preparers are honest and reputable business leaders, we unfortunately have some bad apples. Is that your judgment, gentlemen, that there need to be some minimum standards for these preparers . Yes. Senator wyden. Ive recommended that, that Congress Give the irs the authority to prepare tax preparers. We did an undercover investigation, sent teams out to 19 paid tax preparers. Only two of the paid tax preparers gave us correct answers. Some were very wrong. We also looked at three years of data back at that time. And found that paid tax preparers made errors, 60 of the time versus 50 of the time. That taxpayers who filed their own files made that. Irs found that paid tax preparers filed about 68 of earned income tax credit returns in a year or twoyear period of time and about 48 to 53 overclaimed the tax credit, based on paid tax preparer. So i definitely think there needs to be Authority Given irs to set minimum standards for paid tax preparers. I would also comment that we think the irs should have more monitoring and oversight of the security and privacy standards, that paid tax preparers agree to do. Weve had an open recommendation in this area. Since 2009. Thank you for your professional work. Thank you, mr. Chairman. Thank you, senator. I just say weve heard a lot today from the irs and the Ranking Member regarding streamli streamlined Critical Pay Authority. Senator wyden noted, reimplementing this authority is included in a bipartisan bill, the committee introduced last year. And we will be moving to consider this particular bill in the near future so hopefully we can resolve some of these problems. Senator grassley, well turn to you. Im going to sta with director willhausen, please. I spent a little time comparing your 20152016 reports on Information Security at the irs. Rhett me take a couple of examples, in 2015, one specific observation was on two databases, account passwords were not set to expire every 90 days as they should be. In 2016, the report says two of the 13 databases reviewed again had passwords that did not expire every 90 days as they should have. Do you know if these were the same two databases . Yes, sir, they were. It is common to hear that the lack of funding is why we cant have better cybersecurity. I might ask you, what is the approximate cost of setting up a password to expire every 90 days . It would be negligible, sir, it would not be a highcost issue it would be very low cost indeed. Again, do you both 2015 and 2016 reports had a section dedicated to physical Access Control procedure procedures that were not consistently implemented. 2016 report observes that security guards control physical access to each irs computing center. Quoting now from the 2016 report. Quote, irs has yet to address weaknesses pertaining to its review of authorized access lists to sensitive areas for both employees and visitors at one of its computing centers. So its not an either or. I wonder if you could compare the cost of a dedicated guard force to the cost of of reviewing a list of people who have appropriate access to the facility . Certainly employing and deploying a guard force would cost significantly more than what it would take to just review an access list on a periodic basis, that would be basically very low cost and its something that should be done as a normal course of business. Okay. Your 2015 report found the agency did not always insure that contractors received Security Awareness training within five Business Days as required. The 2016 report found the same problem and noted that the irs acknowledged it had not addressed the issue, could you say if this contractor problem is that they get the training, but that they get it late or do they just not get it at all, and then ill follow that up right now. How expensive would it be to get the training in a timely manner, rather than late . Well first of all, its that they dont receive it in a timely manner. The contractors dont receive this training for the most part in a timely manner. And in terms of costs, if its a webbased training, it shouldnt cost additional. Much money to insure that they receive it within the five days of gaining access to irs systems. A couple of questions about mainframe Security Policy. Both your 2015 and 2016 reports say according to the mainframe manufacturer, policy should address who can administer the Security Software configurations that control access to mainframe programs. Is that correct . Yes, sir. And both reports indicate that the irs mainframe Security Policy does not address who can administer these configurations. Is that correct . Yes, sir. What would be the cost of naming the person or person who is can administer the Software Configurations that control access to mainframe programs . There shouldnt be much of any cost associated with that its just an eye siassignment o responsibilities that the irs insure that the individuals have access to the mainframes as appropriate. Im going to ask commissioner koskinen about findings and relgss that appear over and over in the gao report or at least each of the last two years about cybersecurity. At your agency. I took special note of four areas, citing passwords to expire every 90 days. To Monthly Review of lists of who should have access to computer centers. Three timely Security Awareness training for contractors. And fourthly, the naming of administrators for Software Security on mainframe programs. Would you agree that these are lowcost changes that could improve cybersecurity and if it is, then why havent they been done . They are lowcost. I would note that we value highly both the reports and recommendations from gao and from the i. G. Particular in cybersecurity areas. Weve had in the last several years, we counted up over 2,000 gao recommendations, of which weve already implemented about 80 . In the internal security and these are important internal security issues, not external, but they could become extenl, obviously. One of the things were moving towards in terms of access is passwords themselves turn out to be somewhat questionable and were moving towards pivot cards, right now you can only access email with a personal identity card. You put into the computer. Were moving towards having that be the system to all access all mainframes and security online. It doesnt matter if youve given away your password or somebody seeks it, they wont be able to have access without the card. I agree to the extent we can, we have a wide range and a large number of recommendations from the i. G. And the gao, we do not disagree with those. We are working as quickly as we can to implement them. These are particular ones internally to make sure that we worry a lot about external threats, we also need to worry about internal threats. Inadvertent or otherwise, thats a high priority for us. Then i would expect that these wont be in the 2017 report. I can almost guarantee you working with gao, they wont be, gao i would note has done a very important thing for us. Out of their range of recommendations, theyve given us their priorities what they think are the highest priority for us to do. Both their limitations of time and resources, the ability to which of the recommendations have the highest priority is very helpful to us and gao has been very good about giving us that guidance. Thank you, senator. Senator harper . Thanks mr. Chairman. I want to associate myself with the comments of senator wyden earlier. I thought he nailed it with his comments with respect to streamlined critical pay program. Mr. Chairman, you mentioned in your comments that legislation has been introduced, Bipartisan Legislation was introduced last congress. Think its critical that we follow through on that. We follow through on that. Year after year, mr. Koskinen and others come to us and say please do this. To enable us to do our jobs more effectively. And a lot of times we point the finger at them and say you screwed up here and you screwed up there. Your people have as well. Well we have some responsibility for this, too. One of the things that we can do that would help out is to provide for the reestablishment of the streamlined critical pay program. I think we, youre going to hear mr. Chairman, youre going to hear a lot from me in the months to come, that say we do this lets do it. Lets get it done. We need to do our job, we need to do our job. We hear a lot about that lately. We need to do our job this is another area where we need to do our job. Mr. Dodaro, i want to ask you, i want to come back to this other point that senator wyden raised, and that is the minimum standard for paid tax preparers. You folks have looked at this before. Just give us a minute on what we should be doing in this regard. We made recommendations several years ago, that irs Institute Regulations over paid tax preparers, which they did do. And then those regulations were overturned by the court because they didnt have Statutory Authority to do this. As i mentioned earlier, our work has consistently shown that theres props with paid tax preparers. We sent teams of people to 19 paid tax preparers, then we checked in advance to see what the irs, what the right answer should be to our tax scenarios, only two of the 19 paid tax preparers gave us correct answers. Some were very well off. To the point where they could have cost themselves penalties and interest, both for themselves, as for the people that they were filing for. We also looked at irs data on a threeyear period of time, and found that paid tax preparers made errors 60 of the time. Versus 50 of the time. For normal taxpayers filing on their own behalf. Which is actually worse. Yes. What should we do . Well i think you need to give the irs the authority, the Statutory Authority to regulate paid tax preparers. They need to set minimum standards. They should go through a due process procedure, and just as you would with any regulatory approach, and set the standards. And enforce those standards. You know this is a particular problem, because irs resource levels, theyre not going to you know, i mean if were going to rely on paid tax preparers to largely carry out a very important function on the behalf of the government, we need to make sure that they are properly carrying out their responsibilities. And they could greatly leverage their activities as opposed to a need to continual beef up the irs. Thanks so much. Last year, mr. Koskinen i worked with a number of our colleagues, on the Homeland SecurityGovernment Affairs committee, some on the Intelligence Committee and others, that eventually passed the federal cybersecurity enhancement act of 2015. Among other things the bill strengthened an important cybersecurity system within the department of Homeland Security, known as the einstein 3 a. It uses the best Threat Intelligence from National Security agencies to block cyberthreats before they can reach our federal agencies in many instances. Its my understanding that einstein 3 a is now available to all federal agencies. However, not all agencies, including the irs has signed up for einstein 3 a. The bill we passed, last year also made participation in the program mandatory. For all civilian federal civilian agencies. When will the irs adopt einstein 3 a and start receiving its protections . I would like to give you mr. Mulholland. Mr. Mull who will snnd. Were very familiar with the Einstein Program 1 and 2 and were scheduled to receive the einstein 3 equipment this year. And theres the issue of implementing it. So certainly by next Filing Season i suspect that well have it all done. So by next Filing Season, a year from now . Yes, sir. We have to schedule ourselves with dhs to receive the equipment. Install it test it, and then implement it its not something thats done overnight. Thats a lot of nights. About 365 nights. Well, its again, were not yet scheduled from dhs. So its something we have to work out with another agency as to when we actually get the equipment. Were going to go to work on that and make sure that we do everything we can to move you up on the queue. Thank you, sir. Thanks so much. Thanks, mr. Chairman. Senator scott . Thank you, mr. Chairman. Good morning to the panel, thank you for taking the time to be here. We certainly appreciate your investment of time and your energies towards making sure the taxpayers information is secure as possible and i know firsthand that Identity Theft is a air fiing experience, one that we should hope that all taxpayers have an opportunity to avoid. But the reality of it is that what weve seen over the last several years is too many taxpayers having too much information exposed inappropriately, very poor results. Unfortunately there seems to be a systemic failure at the irs in protecting taxpayer information, despite repeated warnings that the irs needed to strengthen and modernize the protection of taxpayer information. Due to these failures, ive received a number of emails from constituents throughout south carolina, one in the last couple of days, specifically from a taxpayer in lexington, south carolina, who seemed bewildered at what the federal government, specifically the irs is doing to protect personal information. Im interested in learning more about what the irs is doing. Weve certainly heard a number of presentations and a lot of information about some programs that would be successful. Other than whats already been mentioned, what else do you think should be done and can be done, if you can take make 60 seconds to share that with us. We are doing a wide range of things. One is we are getting ready to establish a significantly increased authentication protocol. It will mean more taxpayers wont be able to answer the questions they get in. But it will make the system more secure. As noted, were moving to protect the systems with pic cards so people can only access emails or servers with personal Identity Cards. Were working the private sector working closely with us, and we have a Public RelationsCampaign Going with them out to taxpayers trying to give them information on how to protect their data. I would stress the access thats been obtained by the irs were criminals able to masquerade as taxpayers, they already had the information on the taxpayers. We think its important for individuals to be careful what they do with their information, not to give out their Social Security numbers, not to use the same user i. D. And passwords across the board because were all in it together. Thank you very much. Another issue that i have been, weve had many conversations about. And certainly one that i think should be deeply troubling to all of us, is the ruling last month by the sixth circuit court, that basically said United States versus Norcal Tea Party patriots, demanding that the irs stop their games of delay and deception and turn over the documents requested by the plaintiffs. In fact the sixth circuit called the conduct displayed by the irs attorneys outside the tradition of defending the nations interests and enforcing its laws. While we spend a lot of time on cyberbreaches, the reality is that protecting all taxpayers is, should be one of our top priorities. Has the irs complied with that court order . We have complied with that court order. Weve given the plaintiffs the information they requested. The names and addresses of the organizations. As you know our strong view was that was taxpayer information that we would give a lot of, have a lost applications for a lot of things. Whether its private letter rulings or applications to become a c 3, 4, 5, 6 or 7 and oftentimes when people apply they dont assume that the fact of application will be made public we disagreed with the court, but we have complied with the court. Because we have that order. But weve only complied with the information specifically in that case. And weve only done it in that case. Weve not made a decision about any other case. Thank you. Thank you, mr. Chairman. I chair the joint economic committee. By camera, we have to recognize republicans, democrats, senate, house, and im forever getting it wrong. So you only miss me by one and thats no big deal. I apologize. Im happy to yield to my colleague. Like to direct my question to mr. George. Mr. George, i raised the issue of employmentrelated Identity Theft with the commissioner the last time he testified before the committee here. And i know that tigta has done a lot of work on this issue. These are cases in which someone else uses someone elses identity. Their name or their Social Security number to get a job illegally on the employment side. A w2 form with this false information is then sent to irs, and Social Security administration. By an employer. Or the w2 may be attached to the tax return of the undocumented worker. Our staffs met to try to work this out. It was a couple of months ago. What we learned is that one, the irs continues to process tax returns with a false w2 information and issues refunds as if they were routine tax returns, saying thats not really our job. Were there to process the returns and issue the refunds or collect the, whats overdue. We also learned the irs ignores notifications from Social Security administration. That a name does not match a Social Security number. And use, you use your own system to determine whether or not a number is valid. We learned that employers are liable for irs fines and penalties if they submit false w2 information. Yet neither of the irs nor ssa are notifying employers that the information theyre submitting is false. We learned that irs identified 200,000 new cases of employmentrelated Identity Theft last year. And marked the victims accounts, yet did not notify the victims. Again, saying thats really not our job. In fact the irs forbids i had employees from notifying victims that their information has been stolen. The irs does not examine returns submitted on paper for employmentrelated Identity Theft. And lastly, we learned that when the irs marks the account of a victim, it does not notify Social Security administration that the victims did not earn the income reported on a w2. As a result, the victims could relose incomerelated benefits, because their Social Security earnings are not corrected. My question to you is one, have we made progress since we met . And on the basis of what we learned . And secondly, if you dont have the authority that better inform victims or connect with ssa, on a potential fraud and notify each other, do you need authority to be able to do that . Do you need statutory mandate here from the congress to do that . Or how do , where do we go . I think all of us can agree that victims need to know that theyre victims and they need to know that an agency of the federal government, whether its irs or whether its ssa or both, ought to have some ability to talk to each other and to make sure that you know, we dont run afoul of one or the other. Happy to hear your response. Thank you, senator. What you stated at the outset, of your question, is completely accurate. I would note the irs did have a Pilot Program to address this issue. They, that program ended. So they are not providing the information that you pointed out. But we are literally, sir, in the process now of assessing this overall issue. And expect to issue our report in june of this year. Well glad to hear that. But was the Pilot Program false . I mean its just didnt work out . Is that you know, i will defer to the commissioner to describe whether or not he thinks it was, was it false . No. I mean, but they made a decision not to continue it. And i dont know whether it was resourcedriven or whatever factor that they took into consideration, senator. Commissioner, could i have you address that . Surely. Again as you know, what happens in these associations is someone is using a Social Security number to get a job but theyre filing their tax return with their undocumented aliens. They file taxes, its in everybodys interest to have them pay the taxes they owe. The question is whether the Social Security number theyre using to get the job has been stolen. Its not the normal Identity Theft situation. We did run a pilot and we are looking at and appreciate your discussions about this. Whether theres a way we could advise people, a lot of time those Social Security numbers are in fact barred from friends or acquaintances and people know theyve been used. Other times they dont. Were looking at and one of the reasons the pilot was, whats the most effective way to deal with this, without necessarily having people decide not to file their taxes. Obviously the priority is for taxpayers and the irs is collecting those taxes. Id be delighted to have us get back to you with more detail on exactly where we are. And in some cases there may be a need for Statutory Authority. Because we are very sensitive to protecting taxpayer information on both sides. We will be delighted to give you the update on what weve learned and what we might be able to do, going forward. I want to add that there was a bill introduced entitled the Social Security identity defense act, that would require the irs to inform an individual whether their ss number has been fraudulently used. I dont know where it stands now in terms of the legislative process. We can economic that out. I would note specifically, we do advise taxpayers when theres been any kind of access to one of our online applications, that their Social Security is in the hands of criminals. What were talking about here is a very limited case of people filing taxes with an itn, but its clear that they used the Social Security number to get the job. But in all the other cases, weve sent out hundreds of thousands of letters, even when our system hasnt been accessed, warning taxpayers no information was obtained from us, but you should know, criminals have your Social Security number and other identifiers so you should take whatever action you can to protect their information. One last question, my tax preparer, by the way who is fully certified, just sent me an email saying would you, would i prefer to have my tax returns filed electrically, or by paper . How am i safe centre which way . Youre actually safer electrically, because we can mark accounts, the only difference when you file in paper it just takes longer to process, it takes longer to get a refund. We get fraudulent paper returns, so its not as if the criminals dont file paper as well. So we encourage everyone to efile, over 86 filed last year electrically. And as noted, it does give us the ability to track patterns more easily. Its part of the data we share with the private sector. So our advice to you is, file electrically. Any other answer would probably flood your agency with a lot of paper. Ill put that in context. Anyway, i end up doing it electrically, i hope it works. Thank you, mr. Chairman. Senator cardin, youre next. I thank all of our Witnesses Today in regards to the integrity of the system. Were very concerned about the recent warning that was given to maryland, virginia and d. C. Taxpayers due to the phishing scams trying to trick victims to verifying the last four digits of their irs number in order to get unsuspecting taxpayers information that can be used to compromise their privacy and their financial integrity. Could you just, i guess ill go with the commissioner. Can you just update us as to the status of that particular concern . And whether theres still should be high alert in our region in regards to this scam . I think there should be. One of the things i think everyone should be aware of is people should be aware of all the possible scams out there. There are the phone scams where people call you and pretend to be from the irs and threaten you. We keep telling people if youre surprised to be hearing from us, youre not hearing from us and you should report that call. We work with the i. G. Very closely on that there are phishing expeditions of all kinds from masquerading as coming from Financial Institutions or the irs, seeking information or personal information. A lot of times youll get a note that says your account is frozen. Click here and you can unfreeze your account. You should never do that. No bank or Financial Institution will put you through that system. So this is one of the most recent, weve had a couple of new ones this year. Weve had privatesector companies where what appears to be an email from the ceo asking for personal information about employees, turns out to be an email thats a phishing expedition from criminals in this area were encouraging people to always remember, no ones asking legitimately for any personal information like Social Security numbers online or on the phone. And so you should not either click on the link or you should not provide that information. Do you know why this has been geographically in this region, that this particular scam is being used . Is there we dont. We know i. D. Theft began kind of flourished in florida. We have a Pilot Program for i. P. , p. I. N. S, thats run for a couple of years in florida, georgia and District Of Columbia. Why thats the area for Identity Theft is hard to know but the district has always been one of the areas thats most prone to Identity Theft. So its not unusual for a permutation on that scheme to happen in the same geographic area. Theres no other indication, we cant even tell you why the District Of Columbia and georgia are on the high end of Identity Theft. It just turns out to be one of those things that develops. One of the challenges in this environment is we have to use all the resources we have at our disposal. The federal agencies need to work with the state and need to work with private entities and need to work with taxpayers. What efforts are under way to try to coordinate the resources, to go after those who are committing these frauds . We have a great effort, as i say, we work closely with tigta, theyve been tracking down people who have been participating in phone scams. Weve prosecuted, thrown in jail about 2,000 people for Identity Theft. We have about 1700 investigations going on right now. We work closely with the department of justice in those areas. In more general phishing expeditions, theyre harder to track down. We work with the federal trade commission and others to make sure that that information is r readily available to the public. The partnership we created a year ago with the private sector and the states has been a great vehicle for us, not only exchanging information, but also exchanging information about fraud. We learned about the private Sector Company ceo emails from one of our paners. And whats happened is we all then can publicize that and put it out. So it is i think a significant step forward. But your point is well taken. We need everybody working together on this matter. As i told the states and the private sector when we brought them together. Its clear no one of us by ourselves is going to be able to successfully deal with this problem. Senator, just to give you a sense, as of this week, approximately we at tigta received approximately 1. 2 million calls concerning impersonation cases with approximate approximately 31 million having been sent by people in scams. So as the commissioner noted, we at tigta have engaged in Public Service announcements, were doing as much local media as possible. The key is getting the word out. Youd be shocked how difficult it is sometimes to convince people, that as the commissioner indicated, that the irs, if you dont think you have an irs problem and someone calls you out of the blue, you should hang up immediately. And they fail to do so. Let me make one final point. And that is, working with our states in maryland, we, our controller has the ability to deal with paid preparers and being able to suspend their rights in maryland. That of course has been compromised by the Supreme Court interpretation there will be an effort made to give the irs the ability to regulate again those who are paid preparers. Mr. Commissioner, i know youve supported that. And well hopefully we can use that as an opportunity to work more closely with our states. We look forward to that as i would say. The regulation is basically just requiring minimum standards and information, your october to process tax returns, were not talking about all sorts of other regulations, it is appropriately described as requiring minimum standards of paid preparers. Thank you, mr. Chairman. Senator casey . Mr. Chairman, thank you very much. I want to thank the panel for being here and for your Public Service. Im going to be addressing my questions to commissioner koskinen. Butday want to say because mr. Dodaro has great pennsylvania roots that i apologize for probably not getting to you today. But ill tell everyone at belvern high school that you said hello. And the chairman of course has pennsylvania roots as well. We want to highlight that. But i wanted to i wanted to start with commissioner, some of the data points that you had in your testimony, i know i missed your presentation, but i, the written testimony highlights a number of things we should, we should focus on in terms of the volume of your work. Fiscal year 2015, you processed 244 million returns. Issued more than 400 billion in refunds. Your new filters stopped 1. 4 million returns filed by identity thieves. Thereby preventing 8. 7 billion in fraudulent returns so i want to state that for the record. Because i know those numbers bear repeating. Wanted to focus on two areas, one is cybercriminals and the Security Summit, to have you comment on that. And also on tax scams. With regard to the Security Summit itself, if you can just reiterate or amplify some of the earlier comments about some of the recommendations that came out of that Security Summit. And secondarily, how irs can be more adaptive in terms of dealing with some of those security recommendations. Well, what we all agreed on at our first meeting and weve been developing it since then, of the Security Summit, was that it would be critical to Exchange Information in realtime. We are very sensitive about protecting taxpayer information, and as a result, over the years have not been particularly forthcoming with our partners about sharing information back. One of their concerns was they would give us leads and then we never told them wlt leads were good and we never built on that. One of the purposes of the summit was to change all that and to have a Robust Exchange back and forth about patterns of activity, suspicious activities. We created a Rapid Response team. With representatives from the states, the private sector and the irs. If there ever is a significant incident, and there have been a couple of them, we immediately have a way of getting that information out simultaneously, immediately. They gave us and we all agreed on 20 different data points we would get. What ip is being used on a computer. How long people are using. If youre filing several returns very quickly. Its pretty clear youre not checking your deductions, you probably are a criminal filing. The additional funding we got from the Congress Allows us to fund the development of the Information Center for analysis. Which will simply facilitate more quickly the ability for states and the private sector to access the data rather than having come into us and then us have to push it back out. So we think that it is significant, it is important for it to be an ongoing partnership. One of the things that has been interesting to me was that the first meeting, the private sector preparers and Software Developer said that we, the irs, were the only people who could set standards. I told them that was fine, as long as they worked with us to establish the standards, as opposed to us just imposing them. Thats how we ended up with security standards, how we ended up with increased authentication standards that all the prepare remembers using this year. Were working to broaden those activities as we go forward. Well have more data points used in the next Filing Season. And we already see an up to 40 increase in the refund fraud stopped as a result of just sharing the information about leads. Well i appreciate that. And i hope as you begin do implement recommendations, that you keep us updated. And number two, if you find any, either institutional obstacles or policy gaps that we can help with, i hope you, you tell us that. I want to move in the remaining seconds i have, to tax scams, i went across the state in our break and held a couple of roundtables regarding senior scams more broadly. A lot of them having their origin in irs impersonation or tax scams. What can you tell us about that in terms of the recent work, and what taxpayers should be focused on as we approach tax day . As we approach tax day. The most important thing for taxpayers to focus on is, if youre surprised to be hearing from us, if you havent gotten a letter before, you should have gotten several letters, youre not hearing from us. We never threaten people, we never tell you youre going to jail the next day, we never tell you to make your payment to a bank account or a debit card. If you pay your taxes, you pay them to the United States treasury. Weve been working on this for over two years, a, we dont threaten you. B, we dont surprise you. And c, if youre going to pay your taxes, make sure they go in a check payable to the United States treasury. And tigta has been very good at working with us, the private Sector Partnership has been very good at working with us. Theyre the ones that said we have to have a Public Campaign to get taxpayers to Pay Attention to all of this. Well that, the irs will never do list is something we read. At various meetings. But we need to reemphasize that to give people the information so they understand that. The marketers say you have to make seven impressions before anybody hears you. Weve tried to make more than seven impressions, tigta has been a wonderful partner with us with their work as well. Weve had very good coverage from the media, local and National Media over the last couple of years. But the people most vulnerable are elderly, are immigrants, lowincome people who you know kind of live in a state of worry or fear. And theyre the most likely to be prey to these kinds of events. Which is why were so concerned. Thank you, commissioner. Senator portman . Thank you, mr. Chairman, thanks for holding this important hearing today. Its a topic that affects all of our stishs, im sure, i will tell new 2014, we had one case, one constituent case of identity fraud. In 2015, we had 32. I dont know if thats consistent across the states. But that kind of increase, unfortunately, is an indication of the growing problem that were all facing. I am very concerned, particularly about mr. George, your report as the Inspector General for Tax Administration, indicating that the irs has not established an irswide approach to authenticating someones identity. Im open to more funding. I for one believe, as you know weve talked about this, that more funding may be appropriate, as we did at your end. I want to be sure that the money is well spent. I look forward to following up with you on that i want to shift to another issue this morning. It has to do, commissioner koskinen, with a very urgent issue for a group of our constituents. And senator brown and i have worked closely on this issue. Think he has similar concerns to mine. I look forward to hearing from him in a moment. This has to do with the Health Coverage tax credit. As you know, section 407 of whats called the trade preferences extension act last year reinstated that Health Coverage tax credit through 2019. And basically, it extended the advanced Monthly Payment program, which is essential. Its a program that gives advanced Premium Payments to these hctc recipients. In that statute, the program was to be in place one year from the date of enactment. So in this case, we enacted it in june of 2016. We said that it would have to be in place by june 2016, this year, one year. We were unfortunately told on march 7th of this year, nine months after the bill had originally passed, by way of a letter, from you, mr. Commissioner, stating that the irs would not be starting the advanced Monthly Payment program, by june as required under law. But that you all hoped to start making advanced payments by january of next year. So january of 2017. So this has caused a huge problem. Six months go by, we dont hear anything. And then all of a sudden, taxpayers are told that the rug is being pulled out from under them. Were not going to go ahead with this required advanced payment program. Expecting that theyre going to get this advanced Monthly Payment starting mid year, a lot of these taxpayers signed up for the Health Coverage in december and january. They thought they could get premium help starting on july 1 z as required under law. And this isnt an easy decision to make. These premiums as you know are thousands of dollar as month. In some cases taxpayers had to borrow money from family and friends, borrow money from a bank or take money from their retirement accounts, to pay for the fullpremium prices knowing that help was coming. Furthermore some taxpayers had an option of receiving premium subsidies on the plans health care exchange, but they turned down their that opportunity, because they wantsed to stay in their private plansth and they fully expected to get to 72. 5 premium starting in july. By the time the middle of march 2016 rolls around, these taxpayers have made a lot of lifealtering decisions, based on the fact that the payments are going to be there. These are resilient folks, theyve been through a lot. These are people who are left behind frankly by our own federal government. In terms of their health care and pensions. They can plan for stuff and theyve done this. When the hctc was unavailable in 2014, 2015, they made sacrifices and they got by. But to pull the rug out from under them, three months before theyre expecting this help is completely unacceptable. And the fact that the irs had july, august, september, october, november, december of last year to provide them with some sort of notice to me is also unacceptable. And the options left to these taxpayers to try to find another way to fund these Premium Payments for the next six months or drop the Health Care Plans altogether because they cant afford them is also unacceptable. I understand our staff, senator browns staff and i have been working to find a solution so the advanced Monthly Payment programs can get up and running by july. Weve been having discussions of alternative methods of administering the system so theyre ready to go by july as required by law. I would ask today, mr. Commissioner, that as you have in the past on some issues, you get personally involved in this and help us to work out an arrangement so we can be sure we dont have an unacceptable result. Ive been personally involved since it was passed. It is a Critical Program and one of our obligations, we feel as a high commitment is to implement statutory mandates as we advise people when they were considering this, the last time the program was initiated, we got a 74 million appropriation to go with it and that allowed us to hire a contractor to set the program up and it ran well this time, we got no money, but we said were going to work to our best. The reason we didnt notify people until the first of march, is we worked very hard to try to see if in addition to allowing people, which they can, file in 2014 and 15 for reimbursement. We could get the advanced payment up and running. And as soon as we figured out that we would not be able to have be up in june, we notified you and everyone else. I understand your points are exactly well taken. We dont take them lightly. If they were a way to do it, we would. I would say in addition to the 74 million. The last time the program was set up, it took two years. If we can get it up and running by january and were committed to doing that, it will be a year and a half. So without any funding at all. Well be six months faster than the last time. But your point is still valid, it doesnt necessarily help people who in fact are waiting for those payments. The fact that well reimburse them after the fact, is still a burden for them and we regret that and were delighted to work with you and senator brown, to find any way to get there before january. But our commitment is that we will be able, we have to build systems to make payments, we normally dont make Monthly Payments, we have no system to do it. We can do the credit at the end of the year, because we give credits, which is why we could get 14 and 15 up and running. We are delighted to work with you, we recognize that this is a burden on a number of people who have had a lot of other problems as well. Well it is a burden and again, mr. Chairman, thank you for your diligence. But nothing you have said explains to me why we wait until march, mid march of 2016 to tell people that these lifealtering decisions that theyve made are not going to work out for them. Theyve got to now find some alternative, which in many cases is going to mean again theyre not going to have Health Care Coverage that they fully expected under law. So i do hope that you will instead work with senator browns staff, my staff to come up with an acceptable solution, so we can get these people some sort of coverage through this advanced health care system. I will do that the reason it took until september, was we made a goodfaith effort to see if we could get it done. We thought there was one possibility we could get it up and running. We worked on that and finally decided that in february that the i. T. Systems would not be ready. But it was not because we didnt care about it. It was because we were actually trying to see if we couldnt make the year deadline. But well work with you. Were delighted to do that. Senator nelson . Thank you, mr. Chairman. Mr. Commissioner, you were kind enough to respond to my march letter, on april the 1st, i hope that it was not an april fools. But here was one of the questions in the letter. And let me read to you your offices response to me. And i need a clarification. The question was, under 26 cfr 1. 501 c 41. The promotion of social welfare does not include direct or indirect participation or intervention in Political Campaigns on behalf or in opposition to any candidate for public office. Given these requirements, please provide examples, mr. Commissioner, of when it is permissible for 501 c 4, 501 c 5, or 501 c 6 organizations to run ads supporting or attacking the positions of a candidate for elected office. R please provide examples of when this activity would be impermissible. I know this is delicate subject. Especially in front of the chairman. And those of us over here. All right. This was your answer. And i think its quite clear. Quote unlike section 501 c 3, charitable organizations, organizations described in sections 501 c 4, 501 c 5, 501 c 6, are not prohibited from engaging in Political Campaign intervention. However, section 501 c organizations, that engage in Political Campaign intervention may be subject to tax under 527 f. On their exempt function expenditures. Continuing. Whether an organization is engaged in Political Campaign intervention depends upon all the facts and circumstances of each case. Revenue ruling, such and such, 22046 provides six examples illustrating facts and circumstances to be considered in determining whether a section 501 c organization, that engages in Public Policy advocacy, has expended funds for a section 527 exempt function, that is, influencing or attempting to influence the selection, nomination, election, or appointment of any individual to public office. The final couple of sentences. Revenue ruling 200741, provides an additional 21 examples illustrating facts and circumstances to be considered in determining whether a 501 c 3 organizations activities result in Political Campaign intervention. The analysis reflected in these revenue rulings for determining whether an organization has engaged in Political Campaign intervention or has expended funds for a section 527 exempt function, is factintensive. A copy of both revenue rulings is exclosed with this letter. That was a very extensive answer and i want you to know, i appreciate it. Now heres the clarification that i need, please. So if thats the case, and if the irs is really enforcing the law, how much tax revenue have you collected for a political expenditures of 501 c 4 groups, this year or last year or any year . And i fully dont expect you to have that on the top of your head. But i would like you to give the answer to this member of the committee. I carry around a lot of numbers in my head, but thats not one of them, as you suspect. Understandably. We will be delighted to get you that information as quickly as we can. Because its a straightforward. And one we should be able to answer quickly. Thats correct. Thank you, mr. Chairman. Thank you, senator nelson. Senator cantwell . Thank you, mr. Chairman. I thank the senator for his work on this issue. I wanted to ask you any of the commissioners, one of the issues that i think all Government Faces is the shortage of highly skilled i. T. I. T. Personnel and previously had support that would allow you toe streamline the pay and authority and reduce you could get the skill level that you need. My understanding is, though, that this Legislation Authority has expired and we need to relegislate that streamlined authority so that you can have the critical pay. So how much is this affecting us in getting the workforce that we need at the irs . Its a significant challenge for us. We have only 13 or 14 people left. Its a there were 40 slots. We never used more than 34, of the 13 or 14 left ten are senior i. T. People working on cybersecurity online. By this Time Next Year theyll be gone. Replacing them is challenging for us. Its theist, although a lot of people want to come to us because of the interesting challenges, but putting high level i. T. People are through great demand and putting them through the hiring process of we like you, you get to wait six months to put you through if application process. Our people are being recruited every day. Those were recruiting are being recruited every day. Saying sit still for six months and well get back to you doesnt work. Our concern is in this area of information technology, particularly where were talking about tapping the best in the country, without the authority, and we havent had it since 2013, its made it impossible for us to recruit and retain at the level that we need to. Is this affecting cybersecurity at the irs . Our head of cybersecurity left recently rather than waiting until his term ran out. It is a the reason its four plus two would allow us, with the people remaining to have two years to in fact replace them as we good forward. Its a critical need. Not a major expenditure with the not a lot of people but its critical because its focused on an area of high need. The competition for people knowledgeable in cybersecurity in general is very high, and i. T. Still also remains very high. So the fact that even in a i can hire you tomorrow environment youre facing very, very stiff competition. So i think, mr. Chairman, this legislation that i think might be i think it keeps getting delayed or postponed based on markups. Or maybe its going to be on the next legislative schedule is important for us to make sure we have the flexibility. I think this is an issue for all of our government to continue to make sure that we have the best technology people, which is challenging for a whole lot of reasons. But i think that this authority to help you streamline that hiring and pay is something that we need to do as quickly as possible. Thank you. Thank you, mr. Chairman. Thank you, senator. Thank all of you for appearing here today. U want to thank any colleagues for their participation. And considering the tax day is just a few days away, i hope this hearing helped us better understand the current environment for the taxpayers. And i hope to continue working with my colleagues from both sides of the aisle as we continue to examine ways to improve cybersecurity and better protect taxpayer information at the irs. I would ask that any questions for the record be submitted by tuesday, april 26, 2016 and if you could get your answers back to us promptly, it would be very meaningful to us. With that well recess until further notice. And if you hissed any of the hearing you can find it online, c spann. Org. Well be walk on capitol hill later this afternoon for a hearing on violent extremism with testimony from the lead band u2, bono. Hell be long the witnesses at the hearing along with state department and u. N. Official to talk about the role of foreign aid and the resources needed to combat violent extremism. Thats 2 00 right here on c spann. Also on capitol hill today, Merrick Garland is continuing visits with lawmakers. This morning he met with the chair of the committee that holds confirmation hearings, Chuck Grassley. Senator grassleys Office Released a description of their meeting. He explained why the senate will not be moving forward during this hyper parp zahn election year. Senator grassley thanked judge garland for his service. Hell meet with corey book are of new jersey and republican patrick too my of pennsylvania later late. Madam secretary, we proudly give 72 of our delegate votes to the next president of the United States. Next a look at water safety and affording infrastructure with a panel of local leaders and utility officials from around the United States. They testified before a Senate Committee on the challenges of modernizing deteriorating Water Systems and financing Unfunded Mandates. Senator james inof of oklahoma chairs the environment and Public Works Committee hearing. Good. The meeting will come to order. Ive been talking to some of you down there. We have one from oklahoma. Youll be real happy to do this. The epa has identified 271 billion in wastewater needs over the next 20 years, based on Capital Improvement plans developed by local utilities. According to the u. S. Conference of mayors which i really enjoyed visiting with you, im glad to have you here to represent them. That was what, just about three weeks ago or so . Anyway, your meeting. Its nice to see some of the people who are still in the u. S. Conference of mayors who were there when i was a mayor. Thats a long time ago. But according to the u. S. Conference of mayors, through 2013 local governments have invested over 2 trillion in water and sewer infrastructure and continued to spend 117 billion a year. These local expenditures represent over 98 , 98 of the cost of providing services and investing in infrastructure, these costs are paid by you and by me and by our rate payers, and as a general rule, this is an appropriate thing to have users pay. Water and wastewater is refunded by the taxpayers who receive these services. Thats fine. Unfortunately, however, we are no longer just paying for services. Were also paying for unfunded federal mandates, as i mentioned. And as federal mandates pile up, the bills paid by individual homeowners get bigger and are becoming unaffordable for Many Americans. Federal mandates force local communities to change their priorities. In the water and sewer world, this pushes basic repair and replacement to the bottom of the list we forced communities to chase mandates that may have small changes in environmental health. There is a federal interest in maintaining these Health Protections and economic benefits and there are a variety of ways we can help. First, im going to list four here. You have to continue to support the clean water and Drinking Water state revolving funds that provide the low cost loans for infrastructure improvements. The president s fiscal year 17 budget proposed cutting the Clean Water Fund by 414 million and providing a 197 million increase in the Drinking Water fund. This is robbing peter to pay paul. The net is a loss. Second, we have no we have to find new ways to increase investment and infrastructure. We took action by adding the water advanced innovation act to the water bill. Epa is requesting funding to start up the program. They are only requesting 15 million. And our proposal to help flint and other communities around the country, we are planning to provide around 70, not 15 but 70 million to capitalize wifra. Third, we need to look for ways to encourage even more private investment in water and wasteWater Infrastructure. Its a 50 50 thing, if it cant be raised through municipal ponds, where is it going to come from. Fourth, we need to increase support for small Rural Communities who simply cant afford the investment that epa wants them to make. And need Technical Support to keep up with all of the federal mandates. Mr. Robert moore will offer testimony on this. And, finally, we have to make sure that federal mandates dont force communities to spend hundreds of millions of dollars for projects that may have little impact on water quality. While delaying other Critical Programs, the u. S. Conference of mayors has spent a lot of time trying to work with the epa on this issue. Despite the epas rhetoric on inflexibility, communities are still being threatened with penalties even as they are trying to negotiate with the epa. I strongly believe that investment and infrastructure expands our economy. The u. S. Conference of mayors reports that each public dollar invested in Water Infrastructure increases long term Gross Domestic Product by 635. The joint Tax Committee has not been persuaded by these numbers. They assume these programs increase the use of tax exempt bonds creating a loss to the treasury. And that we need to offset. This is a barrier to increasing Funding Authority for the staterevolving funds and loan programs and wifra also. The Water Environment Federation is represented here today as conducted a new study to measure the increases in personal and Corporate Income taxes paid into the u. S. Treasury, attributable to Water Infrastructure investment. In other words, more money is coming into the treasury as a result of this and this type of investment. This hearing is laying the foundation for legislation on water and wasteWater Infrastructure, and hope theyll be ready to move the same time our Water Resources development act, wrda, is taking place. Senator boxer . Thank you so much. I am very pleased that were having this hearing and i think its important to look at this issue of mandates, where the parties do have some significant differences. To me, useless mandates are ridiculous. They make no sense. For example, we had a hearing on Nuclear Power plants. We could say, you know, lets not spend any money worrying about the safety, but then wed have more problems like we had at three mile island, god forbid at fukushima. Were not going to have that, because we have a law that says were going to set standards and regulate these power plants. Now, the senator and i may have a disagreement on how far that should go, thats fair. We do something important for the American People its called protecting them, and that is critical. As we discussed the federal role in our water structure, safety should be prominent in our minds. Aging Drinking Water pipes and waste Treatment Systems are a nationwide problem. And the society of Civil Engineers they are not democrats or republicans they give us a d for our Drinking Water and wasteWater Infrastructure. Thats unacceptable. The way we do it, we have to be smart. But we have to do it. I believe its national problem. I dont think its fair in one city in the country our kids are getting poisoned water, and we have examples of that all over including in my state because weve had some disposal of dangerous lead. We have it in mississippi, in flint, michigan, ohio, its not fair that the child born there just by the circumstances of their birth have less of a right to clean water. The American People have a right. These minimum standards also extend to our infrastructure. I was proud to join with my colleagues in a rare moment, where we said theres too much lead in faucets and those facilities that deliver our water and we changed that lead requirement based on science. Now, millions of Homes Across America receive water from pipes that date to an error before the scientists understand the lead exposure. Eric is an expert from protecting kids from dangerous toxins. We worked on these. And we know now from the American WaterWorks Association that 7 of homes this is a new study. 7 of homes, thats 15 to 22 million americans have lead service lines. It doesnt mean that that lead is leeching. But some of it could be, and a lot of it could be in the future. As parents in flint know, there is no safe level of lead in children. It affects their brains, their nervous systems, the fetuses. The children poisoned in flint will be dealing with these harmful consequences all their lives. We have a long way to go. We also have cities across the u. S. With Sewage Systems that discharge raw untreated sewage waste into waterways where our children swim. We know the problem in flint was decision to switch to the highly corrosive flint river as a source of Drinking Water. But the flint river is not alone. Nearly half of u. S. Waterways are in Poor Condition and one in four have levels of bacteria that fail to meet human health standards. I know some testifying today have expressed concerns of affordability for protecting their own people. I understand the concerns. I was a county supervisor like many of us, i started there, and i dealt with nose mandates. What we have to do is hear you, if you think something is totally useless, tell us. But if its going to have a benefit, we have to Work Together and make it easier for you. To protect your people, your kids, you want to do that as much as any one of us. We need increased investment. Its clear. We should fund existing financing programs, such as the state resolving fund, theres broad agreement on that one, at least there should be. We should update those programs to target those investments where its needed most. When we invest in water structure, we support jobs in the economy. The Clean Water Council estimates that a billion invested can create up to 27,000 jobs. Jobs are important to all of us. Mr. Chairman, i believe there is broad bipartisan support for the need for federal investment in Water Infrastructure. Aeng the and the next word out. Im very excited about working with my colleagues on both sides. We have an opportunity to address our aging Drinking Water infrastructure. The health and safety of our children and families depends on a modern infrastructure that provides safe Drinking Water and ensures clean rivers and streams. I certainly look forward to our panel. Can i put my full statement in the record . Without objection. What were going to do we normally dont have this many people on a panel. Were going to try to keep within the five minute limit we have. Well start with david berger, the mayor of the city of lima, ohio. Good morning. Thank you for the invitation to give mine and the conference of mayors perspective on the nations water and wastewater issues. My name is david berger and im in my 27th year as the mayor of lima, ohio. I spent near 20 years in negotiations with ohio epa and us epa. Also participated in over five years of discussions with epa concerning integrated planning, Green Infrastructure and affordability. This makes me a reluctant expert in the field. Local government, not the federal government is where the job of providing water and Wastewater Services gets done. Its paid for. Local government has invested over 2 trillion in water and sewer infrastructure and Services Since the early 1970s, and 117 billion in 2013 alone. At the conference we have unanimously adopted policies dealing with this issue. One is a simple message to the congress and the administration, give us money or give us relief. The mayors of this nation would be happy to implement any rule or regulation you or epa comes up with, you have to provide at least half the resources, im talking real money, not authorization levels that never get funded. Im talking about grants, not loans that must be paid back. The costs for Unfunded Mandates are paid for by our customers, our citizens many of whom are residential households. And the cumulative costs of these mandates have exceeded tlesh thresholds of clear burden on Many American households. Epa demanded i spend 150 million to fix combined sewer overflows for a community which has only 38,000 residents. The projected average annual sewer bill will be over 870 a year. This means that 46 of lima households will be spending more than 4 of their Household Incomes on just their sewer bills. With nearly 14 of my residents spending 9 of their Household Income on their sewer bill. In the conference of mayors study of just 33 california cities, 24 cities report that more than 10 of their households are now paying more than 4 1 2 of their income on water, sewer and Flood Control costs. With ten of those cities having more than 20 of their households spending 4. 5 . Please keep in mind that many of these cities have not yet factored in the cost for tmdls, which now are estimated to put just the cities in Los Angeles County up to 140 billion. One county, 140 billion. How did we get here . When the clean water act and the safe Drinking Water act were first established, congress set lofty aspirational goals. That investment fostered a reasonable attitude about how to accomplish those goals together. That is not the case now. Congress retreated from the Grant Program because of the high costs, but the implementation of the water policies by successive administrations did not retreat with congresss retreat from funding. Quite the contrary, the administration transformed the aspirational goals into unfunded main dates, involving hundreds of billions of dollars of costs imposed on local communities. Let me give you some examples. Cities are held by epa policy to an arbitrary number of no more than four overflows per year. However, there is no science substantiating the need for that. So in some cases, cities are allowed 14 while in other cases zero overflows. Engineering a system that could handle any type of storm event with zero overflows is almost impossible, needlessly expensive and wasteful of local resources. In my own city, i have a river that is labelled as fishable and swimable. That river dries up in the summer to only fourinch deep pools of stagnant water. I can safely say that no one is ever going to swim in that river, yet were held to that standard of compliance. The bottom line, epa is dictating our priorities and where our taxpayer money is spent. I do not want to give any impression that mayors dont care about clean water, we do. We care passionately and our actions speak loudly. We need federal and State Government to once again be our partners. We fundamentally believe that change must take place, and were asking congress to act on the following. Codify integrated planning, define affordability, develop reasonable and sustainable goals, allow for additional time and establish a review process to appeal decisions made at the regional level. I thank you for the opportunity to speak here today. Thank you, mayor. Mr. Ciao is the director of department of public works the city of baltimore. Good morning, chairman, senator boxer and members of the committee. Im the director of the department of public works for baltimore city. Its my honor to be here today on behalf of the city of baltimore to discuss the importance of the federal role in keeping water and wasteWater Infrastructure affordable. I have over 30 Years Experience working in the water and wastewater field. Today you are examining a very Important National issue, how we can address the need for investment in our Water Infrastructure. My boss, mayor rawlingsblake appeared before this committees subcommittee back in 2012 to testify on the challenges of financing Water Infrastructure using baltimore experience. Baltimore is faced with massive costs of over 3 billion of regulatory mandates, including enr as well as storm water improvements and covering up our open finished water reservoirs. This is just a snapshot of the project we must undertake to upgrade and meet todays standard. We consider ourselves to be good stewards of the community and take these obligations seriously. We are tasked with maintaining and improving a large and aging infrastructure system. How do we pay for all of these. To say that baltimore is not a wealthy city is a gross understatement. The Median Income 40 of the national income. 25 falls below the poverty line. It is that population base that will be disproportionately impacted by water bill increases to pay for the investment we must take. My written testimony highlights areas we are identifying policy changes and programs that will assist communities and rate pay your payers dealing with affordability issues. Payers dea affordability issues. Payers dea affordability issues. Payers dea affordability issues. Payers dea affordability issues. Payers dea affordability issues. Payers dea affordability issues. Payers dea affordability issues. Payers dea affordability issues. Ayers deal affordability issues. I urge you to review these items in the testimony. The srf program is an important first step. Congress should reauthorize both srf programs. In baltimore, we have direct experiences with trf programs and know they have worked well. We have gotten over 168 million in low interest loans from the maryland srf program, and 4. 5 million of principle forgiveness loans. Addition ali, congress should support increased funding from other existing financial financing grants programs such as wifra, usda development programs. All these programs are vital to help communities make needed and wise investment in their infrastructure. When i speak about the Water Infrastructure. I use the word investment. Those of us that are familiar with our federal infrastructure funding program, have long known the Congressional Budget Office scoring for the program does not fully reflect the complete economic benefits of these programs. For this hearing a team of economists to conduct a quick analysis of the economic benefits although the report has not been completed, but upon completion well submit that for the record. The nation is estimated the Economic Impact of srfs spending in four states namely, california, ohio, maryland and oklahoma. Which represent a good Cross Sections of states, representing size, cost of living and rural and urban population and general age of infrastructure. The model of analysis was based on the economic model. Labor income, jobs and federal tax revenues in the four states it captures the effects of spending as it ripples through the economy. Utilities will result in a direct impact, which is the Construction Contractor. When the Construction Contractor reused that money to buy goods and services. Thats what we call an incorrect effect and the fact that the indirect spending creates employment in induced effect. Its the sum of the direct, indirect and induced effects. The result of the Analysis Shows that federal investment in water and wasteWater Infrastructure have meaningful benefits to the economy, u. S. Treasury and households across the nation. So for starters the srf spanning tax revenues, total state and annual spending in the four states, average about 4. 4 1. 46 million. And so in other words, every Million Dollars of srf spending is estimated to generate 2. 25 total output for the state economy on average. I urge the committee and congress to continue to support our efforts in the local levels, the investment we make with your support delivers environmeal Public Health and economic benefit to our country. Thank you very much. Thank you, mr. Ciao. Robert moore from oklahoma representing the National Rural water association. Robert . Good morning. I am robert moore from rural oklahoma, im a general manager of the Marshall County water corporation. Im representing all small and Rural Community water and wastewater suppliers today. Through my association with oklahoma and the National Rural water associations. Our member communities have the very important public responsibility complying with all federal regulations and for supplying the public with safe Drinking Water and sanitation every second of every day. Most all Water Supplies in the u. S. Are small. 94 of the countrys 51,000 Drinking Water supplies serve fewer than 10,000 people. I want to acknowledge that Rural America is appreciative of you for standing up for real Rural Communities on environmental issues, your actions have improved the lives of all rural families, environment and rural health. While we have fewer resources, we are regulated to the exact same manner as large communities. And in 2016, there are Rural Communities in the country and even in my county that still do not have access to safe Drinking Water or sanitation due to the lack of density or the lack of funding. I am what you would call a working general manager. Much of my day is spent in the field repairing waterlines. Helping conduct routine maintenance on our distribution system. If someone in our community loses their water in the middle of the night that call gets forwarded to my cell phone Marshall County water has a similar story to tell many other rural and small water suppliers. We were starting to provide the first Water Service to Rural Communities that had limited access to water or marginal water wells. In 1972 we began operations to supply water to 800 farms and ranches. The federal government provided that funding to begin and later expanded our Water Service through low interest loans through usda. We now serve approximately 15,000 customers through a little over 6,000 taps. In crafting Water Infrastructure funding policy. We urge congress to consider the following. Local communities have an obligation to pay nor their Water Infrastructure and federal government should only subsidize infrastructure, when the local community cant afford it, and theres a compelling public interest. Such as health, compliance or economic development. Weve recently been denied a usda loan for a waterline. They determined we could afford a commercial loan. The u. S. Da and epa funds achieved this principled objective by requiring that federal subsidies be segregated to communities most in need. One of our concerns with the new program is it lacks any needs based targeting means testing or focus on compliance issues. This year the request decreased funding for srfs and substantially increased funding for the wifra program. This means programs are being moved from communities to communities with less need. All programs should be dedicated to the compliance issues with epa federal mandates and standards. Profit generating Water Companies should not be eligible for federal taxpayer subsidies. Please note that the sfrs have no limitation on size or scope of a Water Project and can currently leverage federal dollars to create a much large loan portfolio. Oklahoma currently leverages dollars at a 1 to 10 ratio. According to the epa, most srf funding is allotted to large communities. A simple review of projects funded by the sfrs included in my testimony show numerous projects funded that cost over 50 million and some over a billion dollars, thank you for your assistance and this opportunity, ill be happy to answer questions. Thank you very much, mr. Moore. Mr. Arndt is from pennsylvania. Here representing the American WaterWorks Association. Good morning, mr. Chairman. Ranking member boxer and members of the committee. I want to thank you on behalf of the 50,000 plus water professionals that make up the member of the American WaterWorks Association for this opportunity to provide comments on the critical issue of affordable financing of Water Infrastructure and in particular what the federal role should be awwa has two policies on financing. First, that they should be selfsustaining from local rates and other charges, and second that Water Infrastructure can best be financed with a multifaceted toolbox, recognizing theres significant diversity among Water Systems in our country and their infrom structure needs also differ widely. I would like to provide some context for the suggestions ill make in a few minutes. I think theyre important to set the stage for the circumstances in which we face. There are many studies and reports out there that attempt to analyze or estimate what our country spends on average annually for Water Infrastructure. And those results vary widely. However most of the results hone in on the vicinity of 30 billion to 50 billion a year. The number fluctuates widely from year