WASHINGTON — U.S. Sens. John Thune (R-S.D.), ranking member of the Subcommittee on Taxation and Internal Revenue Service (IRS) Oversight, and Marsha Blackburn (R-Tenn.), a member of the Subcommittee on Taxation and IRS Oversight, today demanded answers from IRS Commissioner Daniel Werfel regarding a report from the Treasury Inspector General for Tax Administration that found devices used by certain IRS employees can access TikTok. In their letter, the senators note that the IRS is failing to comply with the federally mandated No TikTok on Government Devices Act, which bans the use of TikTok on any federal device due to security risks that the Chinese-owned social media application presents. 

“Not only has the IRS failed to comply with the law, but its lack of action with regard to implementation of the No TikTok on Government Devices Act has potentially compromised confidential taxpayer information located on devices that have TikTok, which has close ties to the Chinese Communist Party and alarming data practices,” wrote the senators. “This is particularly troubling as the Chinese Communist Party continues to target American institutions, businesses, and citizens’ data.”

 

Full letter below:

Dear Commissioner Werfel,

We write today regarding reports that the Internal Revenue Service (IRS) is noncompliant with Congress’ directive banning TikTok on federal devices, calling into question the IRS’s ability to adequately safeguard confidential taxpayer information.

As you are aware, the Consolidated Appropriations Act, 2023, included the No TikTok on Government Devices Act, which bans the use of TikTok on any federal device due to the security risks the Chinese-owned social media application presents. 

The Treasury Inspector General for Tax Administration (TIGTA) recently found that over 2,800 mobile devices used by IRS Criminal Investigation (CI) employees, as well as computers that were assigned to CI employees, can access TikTok. Additionally, TIGTA reported that the IRS has not updated its policies governing the “Bring Your Own Device” (BYOD) program, which allows IRS personnel to use their own personal devices for business purposes. Without updating the BYOD policies, IRS personnel were never notified that TikTok was not allowed on personal devices that are also accessing sensitive, work-related information through the BYOD program. Furthermore, the report stated that the IRS is refusing to comply with the TIGTA recommendation to block access to TikTok on these personal devices and that the IRS will not commit to updating the BYOD program policies until October 2024.

Not only has the IRS failed to comply with the law, but its lack of action with regard to implementation of the No TikTok on Government Devices Act has potentially compromised confidential taxpayer information located on devices that have TikTok, which has close ties to the Chinese Communist Party and alarming data practices. This is particularly troubling as the Chinese Communist Party continues to target American institutions, businesses, and citizens’ data.

We therefore ask that you immediately take the necessary steps to ensure IRS employees are not able to access TikTok, and we request that you provide written responses to the following questions no later than February 8, 2024.

1. With respect to the BYOD program:

1. How many agency employees use personal devices for IRS-related functions?

2. How many IRS employees have accessed TikTok on personal devices that they also use for government work through the BYOD program?

3. What types of employees are able to participate in the BYOD program?

4. What confidential taxpayer information can these employees access on their personal devices?

5. What security protocols must these employees follow to ensure the integrity of IRS data?

6. How does the IRS plan to update BYOD program policies in light of Congress’ ban on federal devices accessing TikTok?

2. Why did the IRS refuse to block access to TikTok on the 2,800 mobile devices and the computers that were assigned to CI employees?

3. What steps has the IRS taken to remove access to TikTok on the 2,800 mobile devices and the computers that were assigned to CI employees since the release of the TIGTA report in December 2023?

4. What is the work purpose for accessing TikTok?

5. In the interest of national security and taxpayer security, have you considered ending the BYOD program altogether?

Thank you for your attention to this important matter.

Sincerely,