In “Athenian Economy and Society: a banking perspective,” Edward Cohen uses the fascinating technique of trusting in offhand comments. He uses the technique to analyze court records to reconstruct banking. You might not be able to trust the main testimony in a trial, but no one will offhandedly say something shocking and strange, because it will undermine their credibility. (For example, “it’s snowing in Jamaica” makes no sense as a parenthetical, and would undermine my credibility if I said it.)
So I found an offhand comment reported by Beth Pariseau in “IRS sent tax database on unencrypted tapes” to be fascinating:
The IRS confirmed to SearchStorage.com that copies of its tax database were distributed to state agencies on unencrypted tapes before Sept. 30, 2007. A source at one state agency said the tapes were also sent using common carriers, such as FedEx.
The source, whose agency received the database information on a regular basis, said the IRS had formal guidelines for agencies to place the tapes behind three layers of physical security — inside a locked box, for example — and restrict access to “need-to-know” personnel. He added a fourth layer of physical security, but that still didn’t make him feel comfortable. “These were standard IBM mainframe tapes,” he said. “It didn’t take anything special to read them.”
I found this really interesting because our anonymous source tosses off the idea that reading a tape is easy. This is in stark contrast to everyone who reports breaches, who goes on and on about how hard it would be to read their DLTs.
This expert didn’t give that nonsense a second thought. Journalists should be more skeptical, and so should you.
Interestingly, there’s a second tie to Cohen’s book. In it, he lays out how the Athenians, worried about the taxman, created private banking. The taxman has rarely worried about the welfare of the taxed.
[Update: An anonymous correspondent points to “Who Must File Magnetically,” which points to IRS publication 1220. Encryption is specifically forbidden (“Do not send encrypted data.”), and the tape format is clearly documented. See part C.05 on page 35 of the PDF, or printed page #29.]