Over the past several years, the Internal Revenue Service (IRS) has been increasingly using data collection, mining and analytics to perform its growing responsibilities. Historically, the IRS chose tax returns to audit based on internal mathematical mistakes or mismatches with third party reports, such as W-2s. Today, however, the IRS is engaging in data mining of public and commercial data pools, including social media, and creating highly-detailed profiles of taxpayers upon which to run data analytics. Not only is this concerning due to lack of transparency and accountability, it’s a direct violation of consumer privacy.
Mostly unknown to the general public, current IRS practices disregard fair information policies at the federal level. According to information obtained by the American Civil Liberties Union, the IRS violated the Electronic Communications Privacy Act by obtaining electronic communication without a warrant. This practice directly contradicts the U.S. v. Warshak ruling, which reaffirmed citizens have a reasonable expectation of privacy in their emails, and the government needs a warrant to obtain them. While the IRS agreed in a Senate hearing to stop reviewing emails less than 180 days old without a warrant, nothing was said about social media.
Although the Computer Matching and Privacy Protection Act states government agencies are to keep only as much information of individual records as is relevant and necessary to accomplish the purpose of the agency, it is highly likely that much of the data being purchased and mined by the IRS today is well beyond this limit and is not being verified for accuracy, as is required. The Privacy Act of 1974 also requires compliance with fair information practices, stating the government must inform citizens when data is being collected about them and provide them a chance to review and correct the information. The IRS is certainly not informing citizens when obtaining such information through data mining on social media, nor is it giving consumers a chance to review the information obtained.
Rapid technological developments, in combination with the internet becoming such an integral part of people’s daily lives, have expanded the ability of the government to access personal information. Since a budget squeeze seven years ago, and the consequent creation of the Office of Compliance Analytics in 2011, the IRS has relied more heavily on data, using predictive algorithms to draw from social media sites such as Facebook, Instagram and Twitter, to audit, track and analyze the online lives of taxpayers. However, the IRS does not disclose its analytics program and algorithms, claiming that would help tax cheats game the system and undermine law enforcement.
This overall lack of transparency and accountability not only violates federal law regarding the government’s data collection activities and use of predictive algorithms but may also result in discrimination. While not initially set up to use factors such as race or religion, an algorithm may result in targeting certain groups based on associations developed as the algorithm learns. For example, the IRS might flag certain groups of people for auditing based on certain spending patterns and deductions, even though they may have done nothing wrong. Although audits are supposed to be random, or as a result of mismatched third-party documents like a W-2, the use of algorithms could also cause the IRS to repeat its history of appearing to target certain groups for political purposes.
The potential efficiencies big data analytics provide may appear to be a modern solution for the IRS’s budget woes, but when unchecked, these activities pose a significant threat to privacy. Other concerns include the potential for political targeting, data breaches and the misuse of taxpayer information. The IRS has a dismal record of keeping personal information secure (720,000 social security numbers were wrongly released though the “Get Transcript” function on its website in 2015 before the IRS disabled the button).
With this in mind, it is a good idea to research and understand as much as possible about the IRS’s data collection practices and use that information to inform your online activity. Becoming more cognizant of what information you share online could help you avoid becoming a potential target for auditing this tax season.
Kimberly A. Houser, Ph.D., is an assistant clinical professor of business law at Washington State University’s Carson College of Business. She teaches courses in the Legal and Ethical Environment of Business, Business Law for Masters of Accounting and Social Media Law. Dr. Houser’s research includes marijuana legalization and tax issues, law and technology issues, unconscious bias and ethical decision-making. She is the author of The Legal Guide to Social Media, and a contributing author to Cheeseman’s Legal Environment of Business and Online Commerce textbook. Her article “The Use of Big Data Analytics by The IRS: Efficient Solution or The End of Privacy As We Know It?” with co-author Debra Sanders was recently published in the Vanderbilt Journal of Entertainment and Technology Law.