Inside DOGE's Dangerously Hasty IRS Modernization Plan

This is the second installment in the Notes on the Crises series on the IRS. While the first essay traced how the agency has become a political target and potential tool of authoritarianism, this piece investigates how DOGE’s so-called tech modernization efforts may further entrench those risks. 

Anisha Steephen (they/them) is a nationally recognized expert in domestic economic policy and mission-driven investing, with over 15 years of experience advancing public policies that address structural inequality. Anisha served as the first Senior Policy Advisor for Racial Equity at the U.S. Department of the Treasury.  Anisha can be found on bluesky ‪@asteephen.bsky.social‬.

Ira Regmi (they/them) is a macroeconomic policy analyst with a background in international development. They can be found on ‪@iraregmi.bsky.social and iraregmi.com.

If you are a current or former career IRS Employee, especially if you’re a COBOL programmer or a project manager with experience on the CADE or CADE 2 projects, please contact us at sanumaya.99 or as2795.01 on signal. We are also looking for more information on access to and use of IDRS. 

As we shared in the first installment in the series, in early February, DOGE officials entered the Treasury and the IRS and acquired access to some degree of sensitive information. Since then, many DOGE personnel have transitioned into formal roles within these agencies, embedded as federal employees –  some through political appointments, others via opaque hiring mechanisms. The current situation involves two prongs. First, concerns exist that DOGE is seeking access across a range of federal government data systems, including those of the Social Security Administration and the IRS, potentially using the latter not for legitimate tax enforcement, but for political purposes  Second, while IRS system modernization is promoted as a positive technical advancement, this may serve as a means to expand surveillance and violate data privacy laws and protections. While integrating federal data systems may seem efficient, those barriers exist because they prevent the weaponization of data against the public.

This investigation peels back the layers of the power of the technological infrastructure at the IRS.  In the first piece, we demonstrated the importance of the IRS within the US government system and the potential for surveillance and control. In this piece, we reveal what we know about new tech activities under the guise of modernization and how these differ from the IRS's decades-long operational history. To better appreciate the gravity of these actions, we also examine the IRS’s institutional knowledge embedded in its extremely experienced civil service employees and the agency’s historical context that DOGE has been determined to steamroll and ignore.

Despite our in-depth reporting efforts, the deliberate opacity surrounding DOGE’s actions and plans may be the most disturbing aspect. To truly grasp the scope of their intervention, we need more information - most crucially, their data access and usage (if that’s you, send us a signal DM!). Yet even in this information vacuum, we already know quite a lot about these systems and the tremendous power that comes with controlling the IRS's vast infrastructure.

Let's first examine what we know about DOGE's actions and motivations before exploring how they diverge from the institution's history and their potential implications.

DOGE’s initial rhetoric was full of grand promises about modernization, but their immediate priority quickly revealed itself: securing unprecedented access to sensitive taxpayer data. The reality is DOGE now wields access to the Integrated Data Retrieval System (IDRS) - a system which enables IRS employees to have instantaneous visual access to centralized digital records that contain all tax-related information for individuals or business entities managed through the IRS's legacy systems, many of which still rely on COBOL programming (more on this later). Who is associated with DOGE and has access to this system, and whether they are political appointees or hired in the civil service, is shrouded in secrecy. There is the potential that, regardless of their employment status, DOGE staff may now have access that exceeds what most IRS career civil servants—whose roles actually require access to taxpayer information—are allowed, let alone political appointees.

Treasury officials have claimed that DOGE wasn’t given “broad access” to the IDRS or that the access is "anonymized" or, in some cases, "read-only." These claims ring hollow given the absence of verifiable security protocols or independent oversight. Besides, even if the DOGE’s access was technically limited, there are serious risks associated with this level of access. The lack of transparency regarding data handling is particularly concerning, as staff have reported to Nathan Tankus from early on in the payments crisis that they have no designated authority left within the Treasury to whom they can safely report security protocol breaches.

While the Internal Revenue Code provides robust protections for taxpayer data through Section 6103, which establishes confidentiality with strict penalties for violations and permits access and sharing only under specific, explicit circumstances, we cannot verify that DOGE officials comply with these rules. This oversight gap is especially troubling as they prepare to undertake their next ambitious project: a complete rewrite of legacy systems written in Assembly Code and COBOL - programming languages that form the foundation of many critical government functions.

The COBOL Gambit

It’s important to note that IRS modernization was underway long before DOGE arrived. The agency has spent years attempting to upgrade legacy systems and gradually phase out older programming languages like COBOL. What DOGE is attempting is not modernization in principle, but modernization at reckless speed, divorced from institutional knowledge and technical prudence.

Wired Reporting indicates an alarmingly naive plan to convert decades of critical COBOL code to Java through a 30-day “hackathon”, yet the true scope and timeline of this risky undertaking remain opaque. While the project's exact details are murky, their messaging suggests an unprecedented urgency in modernization efforts. In a March FOX News appearance, Sam Corcos (representing DOGE), alongside Treasury Secretary Scott Bessant, launched targeted criticisms of the IRS's legacy systems. Bessent amplified these claims, declaring on social media that the IRS modernization program lags 35 years behind schedule. Corcos is now a Treasury political appointee who serves as the agency’s Chief Information Officer. A career civil servant previously held that role. 

This rushed rhetoric perfectly exemplifies DOGE's toxic combination of technical hubris and institutional recklessness. Despite repeated inquiries from oversight bodies and the press and urgent warnings from veteran civil servants, Treasury and the IRS maintain radio silence on the details of this unprecedented system overhaul, keeping taxpayers and Congress blind to changes that could potentially devastate America's tax infrastructure.

A History of “Modernization” and What We’ve Already Tried

Modernizing the IRS or any current government system is not a one-time software upgrade; it’s a multiyear institutional overhaul requiring stable funding, cross-agency coordination, and continuous technical labor. It also means maintaining dual systems for extended periods to ensure continuity for internal operations and taxpayer use, which is an expensive but necessary measure. What failed in the past wasn’t the vision of modernization but the refusal to consistently fund and maintain it. The Government Accountability Office (GAO), the Treasury Inspector General for Tax Administration (TIGTA), and the National Taxpayer Advocate have all stated the same thing for years: the IRS cannot modernize without multi-year, predictable investments.

GAO reports dating back to the early 2000s have flagged the absence of long-term funding as an impediment to the agency’s modernization goals. The National Taxpayer Advocate has echoed this repeatedly, noting in a 2019 report that the IRS’s Business Systems Modernization program was delayed not by poor planning, but by the piecemeal and inconsistent nature of congressional appropriations. This is not a controversial opinion by any stretch. In fact, the private sector consistently emphasizes multi-year stable funding as a necessary condition for most projects, especially large-scale IT initiatives. There are many examples of multi-year stable funding being the prerequisite for success. JP Morgan invested over $12 billion every year for many years, resulting in the successful modernization of legacy systems and the development of new digital banking platforms.

The IRS's technology investment funding has seen many ups and downs since Congress's establishment of the Information Technology Investment Account in FY 1997. These funding levels fall far short of what private companies spend on system improvements, despite government agencies serving millions more people and facing higher costs and consequences of service disruptions. The spending categories vary over the years, but we can consistently identify the Business Systems Modernization category that clearly shows fluctuating modernization spending between 2006 and 2022. Before the Inflation Reduction Act (IRA) funding in 2023, business system modernization spending peaked at $468 million (2024 $) in 2011 and reached its lowest point at $309 million (2024 $) in 2018. Following the IRA allocation, spending increased dramatically to $926 million (2024 $) in 2023 and $1.3 billion (current $) in 2024 for system modernization, not including Direct File and certain other specific expenditures.

Agency staff we interviewed recognized this need for stable multi-year funding. Many expressed appreciation for the increased IRA spending and advocated for ways to maintain higher funding levels even after the IRA funds expire, noting that this influx had been instrumental in advancing several critical projects. Despite these challenges and contrary to DOGE's positioning as pioneers in recognizing the IRS's technological needs, the reality is that the agency has been actively pursuing modernization for over six decades. As we said earlier, there have been mixed results, not because of government inertia but because of political neglect and chronic underfunding.

Beyond the funding and political challenges we discuss above, there is a fundamental misunderstanding about what IRS modernization entails - specifically, which aspects need modernization, the best path forward, and which elements have already been acknowledged and are being addressed versus what new components DOGE is introducing. 

What does modernizing the IRS entail? 

At its core, IRS modernization represents an overhaul of technical infrastructure and taxpayer services. This approach addresses both internal operations and public-facing capabilities. Like many other organizations with legacy systems, the IRS faced a major IT challenge: the Y2K project - a massive undertaking to address the problem with the year 2000. This issue stemmed from the way dates were stored in computer systems, using two digits for the year instead of four, which meant that when the calendar turned to 2000, systems might interpret "00" as 1900 rather than 2000. A more recent example of modernization effort on the public-facing side is the introduction of Direct File, which was launched as a pilot program in 2024 to offer eligible taxpayers a free, government-provided tax filing option that simplifies the process and eliminates the need for third-party software.

But for the most part, the IRS has focused on modernizing its core infrastructure by gradually replacing COBOL and Assembly Language Code systems, especially within the Individual Master File (IMF). The IMF is the oldest operating database in the federal government, conceptualized in 1959 and developed in 1962 using Assembly Language Code and COBOL. IMF remains the authoritative system for tracking every individual taxpayer’s account activity: income, credits, payments, and refunds. Legacy systems written in COBOL and Assembly Language—many still operational—form the backbone of tax processing infrastructure. While DOGE officials claim to be replacing Assembly code with Java, COBOL-based systems were reportedly being migrated to new compilers or systems known as RM/COBOL which was also being implemented at the Bureau of the Fiscal Service. A major advantage of RM/COBOLis that it makes the code platform agnostic, allowing it to run on platforms other than large powerful computing systems such as mainframes. To be clear, the details that have come out about DOGE’s efforts are murky and contradictory while it is difficult to get clarity on what exactly they are either doing, or even claiming to do.

The IRS has been planning and implementing a transition away from the original COBOL for over 20 years. That initiative, known as the Customer Account Data Engine (CADE), was launched in 2000 to replace the IMF and deliver a faster, more flexible system that could support real-time processing. According to a 2024 Congressional Research Service Report, CADE 1 ran into early trouble - delays, vendor issues, scope creep - and was shelved in 2009. Its successor, CADE 2, showed more promise but stalled, slowed by unstable funding and shifting political priorities.  Nevertheless, progress has occurred. According to a GAO report from March 2023, the IRS had completed major components of the Individual Tax Processing Engine and was preparing CADE 2 for broader testing. 

These achievements remain partial, however, as modernization requires more than a one-time software upgrade. While DOGE may present this process as merely inefficient and project that they can do this better in a much shorter time, that is likely impossible. The IRS systems involve layers of complexities that come with operating at such a scale. There are intricate issues that require years of institutional knowledge - intimate understanding of the system in the context of the IRS and not just the expert technical know-how that some DOGE staffers may possess.

As Nathan has covered in his previous reporting on the Treasury payments system, the complexity of COBOL systems is widely misunderstood in general discourse and within modern tech industries. He explains: "The issue with understanding and grasping a COBOL system is not knowing COBOL, as a programming language, in the abstract... The issue is understanding the specific physical limitations of the system, the way that it interacts with the 'Business Logic' of the code, and a million other contextual factors." This shows why contextual and institutional knowledge is crucial. Modernizing these COBOL systems requires more than mere language syntax fluency. These systems have developed intricate internal business logics that constitute vital institutional knowledge. Consequently, retaining engineers and staff who possess this knowledge and can train new engineers familiar with COBOL is an integral part of any successful modernization process.

Why this contextual knowledge matters is easily exemplified by the story behind a widespread misconception about social security beneficiaries. Contrary to claims amplified by Elon Musk, thousands of deceased individuals are not receiving benefits. The reality is far more mundane: early COBOL dialects handled null values poorly, so when someone applied for social security with a missing birth date, engineers implemented a specific date as a placeholder. They chose May 20, 1875 - the anniversary of the International Bureau of Weights and Measures' creation. Thus, while records might appear to show 150-year-old people receiving payments, the reality is entirely different and far less sensational. Yet, as Notes on the Crises covered in late April, these misconceptions have had profound consequences as DOGE moved millions of people to Social Security Administration’s “Death Master File”

This context of chronic and inconsistent funding, as well as the need for institutional knowledge, matters. DOGE now positions itself as the savior of an intentionally starved system. However, they’re doing so without the humility or historical understanding that modernization requires.

The challenges of modernization are not limited to external factors. IRS career staff we spoke with described a deep internal tension: while many recognize the agency’s outdated infrastructure, they’ve also grown wary, if not defensive, about change. This defensiveness isn’t irrational. The civil service has kept the IRS running despite a decades-long war of attrition, where budget cuts and political attacks have left it operating under siege. Staff described a churn of political appointees at Treasury arriving every few years, launching ambitious reform plans, and then departing before implementation, leaving half-built systems and institutional fatigue in their wake.

This constant disruption has created a culture that prizes internal stability, process, and procedure,  sometimes to a fault. As some staff acknowledged, parts of the agency have accumulated administrative bloat and redundancies over time, not because of modernization but due to the uneven political targeting of different IRS functions. Over the past few decades, enforcement divisions, taxpayer assistance programs, and IT infrastructure have all faced rolling waves of political scrutiny and budget cuts, while other areas remained untouched. This has created a patchwork organizational structure, where some offices are understaffed, while others carry redundant roles that once served as safeguards against chronic instability. 

This raises a deeper question: if the IRS is essential political infrastructure and central to the functioning of the entire fiscal state, should it be subject to annual political fights over appropriations at all? Modernization can’t succeed if it remains hostage to short-term political cycles. What’s needed is structural commitment: stable funding, institutional continuity, and governance mechanisms that treat the IRS not as a punching bag, but as core democratic infrastructure. DOGE’s narrative ignores decades of defunded effort, bureaucratic workarounds, and congressional gridlock and pretends modernization failure was solely a product of technical incompetence rather than political constraint.

Lessons from the VA, the 1985 Tax Season, and DOGE’s “MUNCHABLE” Debacle

Modernization done right is incremental, transparent, and cautious. One of the clearest historical lessons comes from the IRS itself. In 1985, a rushed update to its computing system caused one of the worst tax seasons in U.S. history. Refunds were delayed for months. Erroneous notices were mailed to millions of Americans. Lines at local IRS offices stretched out the door. Congress was flooded with constituent complaints, and the crisis led to a series of internal audits and public hearings. That episode became known as the “tax season from hell.” It was a cautionary tale about the risks of rushed reform - an example of how modernization without governance can backfire. 

Recent events at other agencies have already demonstrated the dangers of hasty implementation. At the Department of Veterans Affairs, a DOGE staffer rapidly developed an AI tool to identify supposedly "non-essential" private company services, labeling them as "MUNCHABLE." This resulted in the termination of nearly 600 contracts. When confronted about the errors, the DOGE staffer dismissed concerns, telling ProPublica, "I’m sure mistakes were made. Mistakes are always made." The consequences of this cavalier approach proved severe. Among the terminated contracts were truly essential services, including maintenance for a gene sequencing device crucial for cancer treatment research, blood sample analysis for VA research projects, and tools designed to enhance nursing care quality.

With DOGE’s entrance into the IRS, the specter of catastrophic system-wide failure certainly looms large. The cautionary tale of 1985 still haunts the IRS. Given today's exponentially more complex tax systems and transaction volumes, DOGE's aggressive timeline and contempt for institutional knowledge could trigger a meltdown that makes 1985 look like a minor glitch.  IRS staff we interviewed described the MUNCHABLE episode as a “canary in the coal mine” for what could happen if similar tools were unleashed on taxpayer data or IRS operations.

The IRS cannot afford such recklessness. A single misstep in the system that processes refunds, verifies identity, or tracks withholding could delay paychecks, trigger false audits, or compromise vast swaths of sensitive personal data. DOGE’s insistence on speed and dismissal of internal IRS expertise doesn’t just increase the risk of failure. It makes failure all but inevitable.

Meanwhile, additional risks have emerged around DOGE’s broader digital ambitions. Multiple sources flagged DOGE’s parallel effort to develop a “mega API” - a centralized interface intended to integrate IRS data with other federal databases. While framed as an efficiency tool, staff expressed alarm that it could enable cross-agency data sharing without adequate safeguards, including possible tracking of migrant populations, nonprofit activity, and union operations. These concerns echo broader patterns in administrative surveillance, where modernization rhetoric has historically masked new capacities for control. There are also growing concerns from staff about undocumented system changes and the possible removal of legacy records, raising alarms about data governance, audit integrity, and long-term institutional continuity. Thus far, DOGE has declined to respond to multiple FOIA requests or provide detailed documentation of these efforts, citing national security and cybersecurity exemptions. As oversight bodies begin to take notice, the opacity itself has become a warning sign.

Finally, while DOGE insists their mission is public service, several technologists and policy staff we spoke with raised red flags about the expanding role of private contractors, especially high-profile firms like Palantir. Though not formally disclosed, report  suggest Palantir may be involved in early-stage backend integration or pilot analysis projects. If true, this marks a significant shift in how IRS data is governed and who has access to the informational backbone of the American tax system.

What Real Reform Requires: Governance, Continuity, and Public Infrastructure

There’s no question that the IRS needs modernization. A progressive vision of IRS reform begins with a simple premise: public systems should be built to serve the public, not to impress venture capitalists or mimic the latest private-sector trends. That means modernization must be led by public interest technologists, not external disruptors with limited institutional knowledge and no stake in long-term stewardship. It also means investing in people, not just software. One of DOGE’s most dangerous moves has been to sideline or push out experienced IRS staff, including COBOL engineers and IT veterans who understand legacy systems' logic, dependencies, and vulnerabilities. These people are not relics. They are keepers of institutional memory, and any transition plan that ignores their insight risks erasing critical knowledge that cannot be recovered.

Modernization must also be incremental and dual-tracked. That means running new systems alongside old ones until full interoperability is confirmed. It requires building in redundancy, not stripping it out. It requires regulatory oversight, including privacy reviews, public documentation, and congressional reporting. And yes, it requires real money - multi-year funding, not patchwork grants or short-term political windfalls. Security concerns around COBOL are real, but they’re not insurmountable. Most are not about the language itself but about hardware constraints, vendor deprecation, and decades of deferred maintenance. TIGTA has noted that while COBOL systems present challenges, many vulnerabilities stem from funding shortfalls for patching and hardware upgrades, not the language itself. These are problems of political will, not just code architecture.