Privacy vs. Convenience: The Benefits and Drawbacks of Tax System Modernization

E. Maria Grace *

Introduction

I. Information Privacy and Security

A. The Privacy Act

B. The Computer Security Act

C. The Internal Revenue Code

II. The Internal Revenue Service

A. Background

B. The Business Vision

C. Tax Processing System

1. Electronic Filing

2. Joint Federal and State Tax Returns

3. TeleFile

4. TAXLINK

D. Electronic Payment and Refund Options

1. Credit Card or Debit Card Payment Options

2. Direct Deposit Refunds and Refund Application Loans

E. Remaining Return Filing Options and Processing Systems

1. 1040PC Filing

2. Return Free Filing

3. Paper Returns

F. Account Information Database

G. Telephone Communications

III. Analysis and Recommendations

A. Access Controls

B. Software Controls

C. Disaster Recovery Plans

D. Uniform Privacy Standards

E. Maintenance of Techonological Competitiveness

Conclusion

Introduction

 The federal government's most massive information processor, the Internal Revenue Service (IRS or Service), has embarked on a $23 billion project through the year 2008 to modernize its computer and information systems. Termed "Tax System Modernization" (TSM), the program is the most all-inclusive and costly civilian agency effort since President Kennedy's challenge to NASA to put a man on the moon and is "the largest computer system upgrade ever."(note 1) It is also, however, an endeavor that risks compromising the personal privacy of taxpayers and offending minimum security measures required by law.

The current privacy and security standards to which the IRS and its employees must adhere are provided in the Privacy Act of 1974,(note 2) the Computer Security Act of 1987,(note 3) and the Internal Revenue Code.(note 4) Privacy and security are two distinct concepts. To a taxpayer, privacy means "freedom from intrusion and the right to have control over information" entrusted to the IRS.(note 5) For the IRS, "privacy is protecting the taxpayer from unwarranted intrusion."(note 6) The confidentiality expectations of taxpayers also factor into the determinations of what kinds of, and to whom, return information is shared.(note 7) To many, privacy includes more than the legal gathering of information; it includes notions of ethics and fairness. Although security may serve to promote privacy, the two concepts are distinguishable. Security involves the physical safeguarding of existing data and assets. It also includes "procedures for signatures and access" that influence the degree of data integrity a system may possess.(note 8)

This Note questions the extent to which the IRS's Tax System Modernization effort will be able to incorporate into its data storage and telecommunications facilities the confidentiality and record security standards required by Congress. Also questioned is whether the current regulatory codes will provide sufficient protection to taxpayers as the Service expands information transmission mechanisms to allow greater public interaction. As has been recently reported, "[S]ecurity risks to federal computers and telecommunications systems are worse than ever. Every day the confidentiality, integrity and availability of government information is being threatened by amateur hackers, [viruses], professional eavesdroppers, power outages, natural disasters and human error."(note 9) Given the sensitive nature of tax returns, which reveal information ranging from income, occupation, and employment to medical problems, savings, and home address, safeguarding such information should be paramount in the minds of both the public and the IRS alike.(note 10)

In Part I, this Note will review the legal framework that presently regulates IRS information collection and storage. Following a summary of the modernization efforts that have begun to take place, Part II will offer several recommendations for identifying areas of particular security and privacy weakness that require immediate attention. This Note concludes that the IRS must match the innovations it uses to facilitate tax collection with innovations to protect the privacy of taxpayers.

I.Information Privacy and Security

Concern about information privacy is not new. Over a century ago, Samuel Warren and Louis Brandeis wrote a renowned article advocating a right of privacy and warning that innovations in technology and business procedures would diminish the personal dignity of the individual if protection was not provided.(note 11) The common law doctrine of personal privacy that developed from the Warren and Brandeis article has since been supplemented with legislative action, particularly when the judiciary has been reluctant to extend protection. Courts generally have limited protection to those instances where the individual has had a reasonable expectation of privacy. When dissatisfied with the level of protection afforded by courts, legislatures have sometimes provided individuals with privacy rights without requiring them to prove that a reasonable expectation existed. The proliferation of new computer and information technologies in the last two decades has rendered some areas of legislative protection obsolete. Other areas of protection have had to be revised or removed to eliminate a negative impact on technological progress. Changes in information and communication technology have left the legislative branch barely able to keep pace with the privacy protection needs of the public. Three pieces of legislation provide the privacy and security standards for the IRS: the Privacy Act; the Computer Security Act; and the Internal Revenue Code.

A.The Privacy Act

The Privacy Act is Congress's attempt to strike a balance between the government's need to gather, store, analyze, and disseminate information, and the right of the individual to prevent personal information from being publicly disclosed or disclosed in error within the government. The Privacy Act of 1974 prevents government agencies from divulging or sharing citizens' personal information without proper authorization. The Act also regulates the type of information that an agency may gather, the means used to gather such information, and the degree of integrity of the information storage system.(note 12) Under the Act, each federal agency is required to maintain a system of records with the highest degree of accuracy, relevance, timeliness, and completeness.(note 13) In addition, each government agency must establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. It must also protect records against anticipated threats or hazards to their security or integrity.(note 14) The Act mandates that rules of conduct be established and provided to each person involved in the design, development, operation, or maintenance of the agency's system of records.(note 15) Where an agency's records are inaccurate, the Act provides citizens with procedural guidance on how to amend the errors.(note 16) Additionally, the Act provides civil remedies when an agency has violated the Act and, in cases of an agency's willful violation of the Act, criminal and stiffer civil penalties.(note 17)

B.The Computer Security Act

The Computer Security Act of 1987 is an additional device by which confidentiality, integrity, and access to information are regulated in the public realm. Congress recognized that standardization of communication protocols, data structures, and interfaces in telecommunications and computer systems was essential to the future functioning and competitiveness of the federal government. The National Institute of Standards and Technology (NIST), under the National Security Agency (NSA), promulgates technical, management, physical, and administrative standards, as well as security and privacy guidelines for federal computer systems.(note 18) NIST, in carrying out its duties, may draw upon the NSA guidelines where information is considered sensitive.(note 19) The Secretary of Commerce, on the basis of the standards and guidelines developed by NIST, has the authority to make the standards compulsory and binding on federal government agencies when the Secretary determines standards are necessary to improve the security and privacy of federal computer systems.(note 20) To assist the Secretary, the Computer Security Act provides for the establishment of a Computer System Security and Privacy Advisory Board.(note 21) The Board must (1) identify emerging managerial, technical, administrative, and physical safeguard issues relative to computer systems' security and privacy; (2) advise NIST and the Secretary on security and privacy issues pertaining to federal computer systems; and (3) report findings to the Secretary, the Office of Management and Budget (OMB), the NSA, and congressional committees.(note 22)

C.The Internal Revenue Code

Section 6103 of the Internal Revenue Code, originally codified in the Tax Reform Act of 1976, generally prohibits the disclosure of any federal return.(note 23) However, where a federal, state, or local agency meets stringent requirements, such as adequate safeguards over return material and a proper purpose for use of information, it may examine a return's contents. The public policy underlying Section 6103 legislation is the protection of the taxpayer's right to privacy and is designed to prevent the use of taxpayer information for purposes unrelated to tax administration, such as intel-ligence gathering.(note 24)

The Internal Revenue Code specifically covers employees of the IRS, subjecting them to discipline and/or penalties for noncompliance with Code mandates. Criminal penalties may be imposed upon federal and state employees, and others who make unauthorized disclosure of return information under Section 7213 of the Code.(note 25) In addition, the Code prescribes civil damages for confidentiality breaches in violation of the Code under Section 7431.(note 26)

II.The Internal Revenue Service

The mainstay of the federal government is its revenue source, without which it cannot function. The IRS is the federal agency charged with the task of collecting revenue. One could argue that the very role the IRS must fulfill should warrant the use of broad powers to guarantee that it carry out its mission. However, like other federal agencies, the IRS must adhere to constraints imposed by the Privacy Act and the Computer Security Act, but must additionally comply with the security sections of the Internal Revenue Code. Under the auspices of the Department of the Treasury, the IRS must maintain accurate, relevant, timely, and complete records on all of the entities, including individuals, required under the tax law to report and pay taxes. The IRS must demonstrate to Congress and other government bodies that it has established and presently follows the appropriate administrative, technical, and physical safeguards which ensure the security and confidentiality of taxpayer records.

The IRS's TSM effort has great implications for the agency's ability to comply with legislative mandates. In general, TSM, when fully operational, will permit taxpayer information to be "retrieved, delivered and used electronically through an enhanced nationwide telecommunications network," and will be "available on automated workstations where authorized IRS employees will have on-line access to current tax account information."(note 27) Improvements in the methods by which the IRS conducts business have been a long time coming. A review of the historical background and the new developments in tax administration adds some perspective to understanding how the IRS has come to so desperately need a technical and organizational restructuring.

A.Background

The evolution of an internal tax system administration is largely intertwined with the history of the United States. The colonial government met its need for revenue through tariffs, customs duties, and land sales, allowing the government to function without an internal agency devoted to that purpose. With the government's intermittent use of excise taxes in the 1790s and during the War of 1812, an internal tax administration was essential but not always effective. The result was usually an administration that lacked effective enforcement mechanisms or was the subject of popular protest. The Civil War introduced the nation's first income tax and the brief existence of the Office of the Commissioner of Internal Revenue. Income taxation during the 1800s, which only truly affected the nation's wealthiest citizens, seemed to occur only when the government's need for funds was dire. After a bitter struggle over the constitutionality of the income tax in 1894, and after the Sixteenth Amendment to the Constitution-permitting the income tax-was ratified in 1913, an internal tax administration finally achieved permanence in the federal government.(note 28)

The year 1914 was a milestone for the government as the first 350,000 Form 1040s were processed, generating $28.3 million in tax revenue.(note 29) Although there has been an exponential increase in the number of returns that must be processed and revenue that must be accounted for, the IRS has experienced only one significant organizational restructuring (in 1952) and one period of technological restructuring (in the 1960s).(note 30)

In the 1960s, an overhaul provided IRS employees with data-processing equipment that would store only 40 percent of the information originally contained in the tax form which had to first be manually keypunched by employees into the system.(note 31) The information storage system was, and still is, paper- and tape-based, labor intensive, and highly inefficient, but, it was an improvement over the earlier method of collection accounting. When advancements in information storage technology began in the 1970s, Congress stubbornly refused to allocate funding for the purpose of modernization; instead, Congress permitted the IRS to procure equipment that could be characterized only as a replacement, not as an advancement in technology. In order to meet frequent changes in tax law, workload growth, and reporting demands, the Service added subsystems on a piecemeal basis, resulting in the generation and storage of redundant data.(note 32) Although there has been a proliferation of supplemental information systems over the years, the IRS's basic system has never changed and continues to be based on a 1950s file structure and individual ledger-card concept.(note 33)

The turning point for the IRS came in 1985 when a new replacement computer system overloaded during the 1985 processing season at the Philadelphia Service Center. This caused the postponement of return processing and cost $15.5 million in interest payments on delayed refunds, making Congress finally take notice of the inadequacies of the system.(note 34) Funding and support for the TSM effort has been a direct result of belated congressional recognition that mere replacement of processing equipment is not sufficient and that a complete upgrade and reorganization of the current system is in order.(note 35)

The inefficient means by which the IRS processes returns is not the only deficiency that has attracted the attention of Congress. The integrity of the Service's procedures has been scrutinized since the 1940s. The 1952 reorganization was spurred by the hundreds of IRS employee convictions for "crimes ranging from accepting bribes to not filing personal tax returns."(note 36) In the mid-seventies, privacy concerns escalated. In fact, it was in the wake of the Nixon administration's Watergate scandal that Congress refused to allocate funding to the IRS, fearing that the agency could not implement a processing system that would protect taxpayer information from unauthorized use and disclosure.(note 37) Prior to the Privacy Act and the Tax Reform Act of 1976, virtually every federal agency could access information on private citizens, while government employees were subject only to minimum penalties for inappropriate disclosures.(note 38) Although accessibility has been curtailed and penalties have become more harsh, compliance with sections of the Internal Revenue Code has always required attention. As recently as August 1993, hundreds of IRS employees were found to have "exploited ineffective security controls to snoop through computerized tax accounts."(note 39) In fact, some employees altered files, generated false returns, and one collected thousands of dollars in fraudulent tax refunds.(note 40)

While TSM fosters hope that such breaches of security and privacy will be a thing of the past, there is actually now even greater reason for concern. The TSM will expose information to more employees and, with greater telecommunications technology, to third-party businesses, practi-tioners, and individuals. While the Service diligently reports its efforts and programs for the implementation of advanced telecommunications and computer technology to Congress, it has virtually ignored plans for the incorporation of security and privacy safeguards.(note 41) Oversight agencies repeatedly report that the TSM effort has been slow to address design weaknesses and carelessness in the systems that have actually been implemented. The plan that initially guided the TSM effort, the 1991 Design Master Plan, was based on unfinished business operations studies, and lacked what the new plan calls the "Business Vision."(note 42) The IRS now contends that no longer will technology alone drive the modernization effort, but that other business needs, such as privacy, security, telecom-munications requirements, human resources, and physical facility considerations will also play a role.

B.The Business Vision

The new vision requires that (1) the agency shift from paper-based processing to an electronic tax-processing system, (2) a database become fully operational with all account information accessible to employees to assist taxpayers, and (3) all telephone communications be consolidated into a few, centrally located areas. In order to achieve these goals, the IRS will salvage some of its preexisting system plans. Conceptually, these plans can be broken down into interim and long-term systems. Interim systems are comprised of stand-alone workstations that do not share data with other systems and are designed to support the current, overloaded tape-based systems.(note 43) Long-term designs will eventually replace the interim systems and "form an integrated electronic environment in which all systems share data automatically."(note 44) Many of the interim systems are currently serving as pilots for planned long-term systems, such as the Electronic Filing program (ELF) and TeleFile, spotting problem areas and drawing attention to potential market expansion opportunities. The interim systems have generated mixed reviews, primarily because of privacy questions and security-control weaknesses. Some projects that have left the prototype stage are beginning to reap marginal cost and efficiency benefits. Other interim systems, however, are still in the prototype stage or are experiencing procurement schedule delays that will prolong the implementation and ultimate benefits of the long-term TSM designs. The delay may be somewhat of a blessing, since the IRS is continuing to stall on plans for processing, security, and data standards necessary for integration. Still, delay in implementation of the long-term system has caused the IRS to expand the capacity of existing interim projects, perpetuating the lack of proper controls and generating needless expense.(note 45)

The following sections review some of the current interim systems that have emerged from the prototype stage or that are being evaluated as potential pilot projects. Each section addresses the advances that have been achieved and each project's respective privacy and security weaknesses.

C. Tax Processing System

The IRS decision to shift from paper-based processing to electronic processing is consistent with private sector developments in data transfer. Various prototypes and pilots have been working since 1986 and have spawned several filing options and refund payment and receipt alternatives to paper.

An individual may use ELF and TeleFile as a filing alternative, while businesses required to make federal tax deposits (FTDs) may use TAXLINK to meet their filing obligations.(note 46) The Service is also piloting joint state and federal tax returns via ELF for individuals and is presently considering a similar effort for businesses. Electronic refund and payment options are less numerous. Direct bank deposits and refund anticipation loans are two refund alternatives. For a business or individual with a balance due, the credit card may be the preferred payment means in the near future. There is little doubt that a transition to electronic processing will reap many benefits. It will reduce costs for processing, storing, and retrieving returns. It will also improve the speed and accuracy of returns and refunds.

1. Electronic Filing

Electronic filing involves the transmission of refund information over communication lines to an IRS service center where the information is then processed, edited, and stored. ELF first became available nationwide in 1990 and has since attracted numerous taxpayers.(note 47) The primary benefit to the taxpayer is that refunds become available within three days of transmission via a financial institution or two to three weeks by mail directly to the taxpayer. Where financial institutions are the intermediary, taxpayers may receive their refunds as a direct bank deposit or in the form of a refund anticipation loan (RAL).(note 48) The IRS derives a benefit because electronic filing has a 2.8 percent error rate, as compared to an 18 percent error rate with paper returns.(note 49) Errors are reduced because not only does the transmitting computer perform checks to catch errors, but after submission, there is no opportunity for manual processing mistakes, in contrast to paper returns.(note 50)

Electronic filing, however, is not yet completely paperless and is not without costs to the taxpayer. The IRS requires the taxpayer to have an IRS-approved third party prepare and/or transmit the return, usually at a fee in addition to preparation fees.(note 51) There is another fee if the taxpayer wants to obtain an expedited refund through a financial institution.(note 52) Those most attracted to electronic filing are people who need a refund quickly and are typically the ones least able to afford its additional cost.(note 53) Once the information is communicated to the IRS service center via electronic transfer, the preparer is required to send additional documents, including Forms W-2 and a Form 8453 with the taxpayer's signature.(note 54) Not only does the preparer have the burden of making two submissions, one electronic and one paper, but when a change or error is discovered, the preparer must file an amended return and IRS employees must update two different systems.(note 55) The IRS, therefore, still incurs costs associated with paper transport and storage. The IRS still engages in manual delivery of the paper documents and is compelled in some cases to make and store printouts of electronically filed returns. The steps requiring mailing and storage of documents after the electronic transmission greatly diminish the value of electronic filing.

An additional and more serious drawback to electronic filing has been the proliferation of fraudulent returns submitted by transmitters and IRS employees alike. For the 1993 filing season, the IRS detected $115 million in fraudulent returns, but only 66 percent of the errors were detected before refund checks had already been mailed.(note 56) "No one knows how many other false refunds are going undetected," but estimates range from $1 billion to $9 billion.(note 57) The IRS has attempted to reduce fraud by prescreening return transmitters with suitability checks. These checks investigate applicants for infractions involving tax law violations, breaches of trust, or convictions for embezzlement, money laundering, or stock fraud.(note 58) The checks will be expanded for the 1994 filing season to include fingerprinting and credit reports.(note 59) Attempts to conduct some checks have been unsuccessful since IRS employees conducting them are prevented by interagency memorandum agreement from accessing the National Crime Information Center database and, in some states, are prevented from accessing the National Law Enforcement Telecommunications System.(note 60) Employees who conduct the suitability checks are also often responsible for promoting ELF and, therefore, lack the incentive to deny approval to an applicant.

The IRS also tries to stymie fraud attempts at the service centers where the mailed documents are first received. Unfortunately, by the time IRS employees receive the follow-up documents and make the necessary checks to detect fraud, the refund has already been deposited in a financial institution or received through the mail.(note 61) Since the IRS employee has released the refund without a valid signature on the return, legal redress against the return filer who has received a payment is more difficult.(note 62) The IRS has decided against waiting to determine whether the return is fraudulent before paying the refund since a delay negates the incentive of taxpayers to file in the first place.(note 63)

To counter some of the drawbacks of electronic filing, the IRS has initiated legislative proposals to eliminate the follow-up mailing of refund documents. This effort has involved the submission of legislation that would eliminate the need for paper signatures.(note 64) Electronic signatures would provide the IRS with a means to assess taxes and penalties, and prosecute for tax fraud since the return would be rendered complete upon filing.(note 65) In addition, the IRS has stated its intent to enhance its questionable refund-detection program and more closely scrutinize first-time filer returns.(note 66) While these measures are necessary and commendable, IRS procedure continues to compromise the security of the system by failing to implement more immediate controls to identify and investigate perpetrators and the returns they submit. More must be done not only to screen external return transmitters, but to incorporate security checks into existing interim systems. The IRS has promised that the long-term system, the Electronic Management System, which will replace the ELF system, will remedy the lack of security controls in the existing system. In fact, in anticipation of a fully operational TSM, the IRS encouraged employers, military instal-lations, colleges and universities, and financial institutions to provide electronic filing services to their employees and customers.(note 67) Security and privacy safeguards surrounding third-party data sharing have yet to be addressed. Several interested parties have raised questions regarding the methods for detecting and preventing unauthorized use or disclosure of taxpayer information by third-party electronic filers-especially by employer electronic filers-and the kinds of encryption protocols available or required for taxpayers who file electronically.(note 68) Additionally, the IRS is considering another legislative proposal that would give the Secretary of the Treasury the authority to mandate that, under certain conditions, returns must be filed electronically, further expanding the pool of potential problems, with or without a third-party intermediary.(note 69)

2.Joint Federal and State Tax Returns

Twenty-three states, to varying degrees, have joined the IRS in testing the joint electronic filing of state and federal tax returns.(note 70) This program is essentially an extension of the ELF process. The taxpayer may file a joint state and federal return by providing a qualified preparer or transmitter proper identification and financial information. The preparer collects the data into one electronic record and transmits it to the IRS and, after the IRS checks the information, it provides the preparer with an acknowledgment of receipt. The taxpayer's state then receives the information that it requires to process the taxpayer's state return via the IRS. Rather than filing two separate returns and submitting them to two different places, the taxpayer's information is automatically routed to its proper destination.(note 71)

Since the joint federal-state filing project processes are essentially the same as the ELF program, they are subject to the same criticisms. In addition, because federal agency information is being provided to a state agency, the Privacy Act is even further implicated. The IRS has tried to prepare for some foreseeable privacy infringements. A provision is pending in Congress that would permit the IRS to engage in cooperative agreements with state tax authorities, a proposition normally disallowed.(note 72) The IRS is not permitted to use Federal Tax Administration funds for nonfederal services, even if reimbursement is contemplated. With congressional authorization, however, the Treasury Secretary could enter into agreements with the states on issues involving joint electronic filing information, payment exchange, and other joint tax administration endeavors. To participate, states must agree to comply with federal privacy guidelines.(note 73)

3.TeleFile

TeleFile is another option the IRS is exploring to encourage electronic filing. This alternative permits a select group of Form 1040EZ filers to file using a touch-tone phone. A filing taxpayer will first be required to enter an identification number and then the amounts of wages, withholding, and interest generated throughout the year. The computer immediately performs the necessary calculations, indicates to the taxpayer the amount of tax liability, and discloses either the amount of refund or balance due. The computer will then ask the taxpayer whether she or he wishes to file.

Originally tested in Ohio in 1992 and 1993, and still in the pilot stage, TeleFile is now available in seven states.(note 74) A major step in paperless returns, TeleFile will test in a limited area of Ohio the voice signature technology that will eventually eliminate the need for a follow-up signature form. The states that joined Ohio for the pilot test in 1994 still require taxpayers to submit a Form 1040-Tel as evidence of their signature and as confirmation of the amounts given over the phone. TeleFilers receive a confirmation number from the computer at the end of the filing.

TeleFile is an attractive alternative for 1040EZ filers. Because neither a fee nor a third party is involved, refunds could be expected in about three weeks. Some taxpayers may be discouraged from using this form since the option is available to 1040EZ filers only and, where a balance is due, a document or check has to be mailed anyway. For the IRS, the jury is still out on the effectiveness of the voice signature, but the option lends itself well to ensuring completeness and accuracy in taxpayer records. At issue, however, is the ability of the IRS to detect fraudulent filings without prior checks on the transmitter or on the authenticity of the filer placing the call. Expansion of the TeleFile system to include other form types and, therefore, other market segments will involve increased risks. However, the IRS would likely take the position that it is not responsible for the privacy of data transmitted over public communications networks.

4.TAXLINK

Also in the prototype stage is TAXLINK, an electronic filing system for FTDs. Three southern states-South Carolina, Florida, and Georgia-have participated in the program since June 1992 and the IRS plans to expand the prototype to include other states in 1994. Although the program is limited to businesses for now, the IRS is testing TAXLINK with the Bureau of Financial Management Services and the Federal Reserve Bank of Atlanta. Three forms of the test exist: the Cash Concentration, the Central Processor, and the Federal Reserve Bank test.(note 75) The FTDs presently being tested are employment, unemployment, corporate income, and excise taxes.

Under a paper system, employers are required to fill out FTD coupons that are remitted with their company checks. These coupons provide essential information, including company address, tax period, and to which account the payment must be applied. The coupons are prone to errors, first, when originally filled out by the taxpayer due to the awkwardness of the filing dates, and, second, when manually key-punched at an IRS service center. Under an electronic system, tax deposits can be made by phone, computer, or electronic transfer to a designated financial institution "which will, among other things, (1) receive tax payment information; (2) initiate the transfer of tax payment funds between a taxpayer's account and Treasury's general account for a debit payment transaction; (3) receive information from an automated clearinghouse for a credit payment transaction; and (4) transmit related tax payment information to the IRS."(note 76) Without the additional time required to process the paper coupon, the IRS receives its payments faster and realizes greater business taxpayer account posting accuracy. The system will eventually be expanded to include individual estimated income tax payments and a greater variety of other business tax payments. Electronic Funds Transfer (EFT) will be adopted as the long-term system to integrate the TAXLINK concept into the comprehensive IRS database. Included in NAFTA legislation is a provision on EFT that permits the Secretary of the Treasury to make mandatory electronic transmission of FTDs.(note 77) This will be phased in through 1998.(note 78)

D. Electronic Payment and Refund Options

Separate from the filing issue are the issues surrounding the method of tax payment and refund. Several payment alternatives are still on the IRS drawing board, including payment by either credit or debit card as opposed to mailing a check. Already in place for refunds are RALs and direct deposit alternatives.

1.Credit Card or Debit Card Payment Options

Under present laws, the IRS cannot accept a credit card as a means of payment for taxpayer liability.(note 79) If Congress passes the proposed legislative initiative to allow credit card payments, use of electronic filing will become a more attractive option for a taxpayer who has a balance due. Several implementation issues must first be addressed before such a payment option can become reality.

One issue involves the treatment of transaction fees that are normally paid by the merchant accepting a credit card. Credit card issuers, such as Visa and MasterCard, do not permit merchants to pass these fees on to their customers, and the IRS is not willing to discount taxes for credit card taxpayers.(note 80) Several states already accept tax payments by credit card.(note 81) These states have engaged in contracts with intermediary companies that accept the credit card payment. The states are paid the entire amount of the tax and the taxpayer agrees to pay the transaction fee incurred by the intermediary. One option for the IRS is to join the Financial Management Service's (FMS) Credit Card Collection Network. The IRS would not be the first federal agency to participate in such an arrangement. Through the FMS, an agreement could be made with banks where the IRS would be permitted to accept credit cards without incurring a transaction fee if it maintains a non-interest-bearing account at the participating banks.(note 82)

Another issue that must be resolved is the question of how federal taxes paid with a credit or debit card will be treated in the event of a bankruptcy proceeding. Generally, federal taxes are not permitted to be discharged in a bankruptcy proceeding. Visa and MasterCard representatives have been less than enthusiastic about permitting credit or debit card tax payments unless the amounts remain nondischargeable in bankruptcy.(note 83) The IRS has noted, however, that cash advances and credit card convenience checks are currently available for cardholders to use to pay their taxes.(note 84) Any concern by the major credit card companies regarding increased payment risk is not very well grounded, according to the IRS.(note 85)

Resolution of billing errors remains an issue. The Truth in Lending Act(note 86) and state laws(note 87) govern the procedure for credit card billing, while the Electronic Funds Transfer Act provides guidance for debit cards.(note 88) The IRS has not fully addressed these concerns, particularly if error resolution requires the cardholder to explain personal tax matters to third parties. In addition, the IRS has expressed an interest in using private collection agencies to perform various functions.(note 89) The IRS is currently prevented from using private collection agencies to collect taxpayer debt.(note 90)

Privacy issues arise because the credit card companies, banks, and now possibly private collection agencies, will become an integral part in the tax payment process. At minimum, the IRS will have to disclose the amount charged to the taxpayer in order to obtain payment from the cardholder's financial institution or to engage a collection agency.(note 91) Problems of privacy are further compounded by problems that could occur if credit card companies, tax preparers, and others engage in marketing efforts that would divulge, among other things, who pays taxes with credit cards. This issue has been raised in particular by the consumer group Bankcard Holders of America, a group also concerned that a credit card campaign would further encourage credit card use among those individuals unable to pay.(note 92) While some federal legislation governs the behavior of collection agencies, privacy constraints still face problems of uniformity throughout the states.(note 93)

2.Direct Deposit Refunds and Refund Anticipation Loans

The primary appeal of electronic filing for taxpayers is a faster refund. Electronic filers have the option of receiving payment by (1) the traditional bank check in about three weeks (as opposed to six weeks when a paper return is originally filed), (2) a direct deposit to an account at a financial institution in two weeks, or (3) a commercial RAL in as little as three days.(note 94) The third option is the most controversial because of the cost involved and the fraud with which it has been associated.

An RAL is obtained from a private lender who charges the taxpayer a fee for the extension of a loan in the amount of the expected tax refund.(note 95) The IRS sends the taxpayer's refund directly to the lender, who then applies it to the taxpayer's debt. Both lenders and preparers benefit. The lender captures a fee for a loan and the preparer can, with the approval of the lender, arrange to have preparation fees deducted from the refund, ensuring collection.(note 96) A taxpayer must pay a disproportionately high premium to receive a faster refund.

Due to the proliferation of fraud in the electronic filing process in 1994, the IRS stopped providing what is called a "direct deposit indicator" on RALs. Previously, an indicator was evidence that the taxpayer was due a refund. Financial institutions, however, were making loans based not on risk factors, but on the deposit indicator as assurance that the taxpayer was due a refund. Fraud perpetrators could obtain a RAL in two or three days and, when the IRS would later detect the scheme and stop the refund, the lender would be left bearing the loss. The difficulty of this payment process has its roots in the control failures associated with electronic filing. While not all fraud can be eliminated, regardless of how many controls are in place, this step seems to be a positive preventive measure in protecting a useful and convenient benefit for taxpayers.

E. Remaining Return Filing Options and Processing Systems

1. 1040PC Filing

The notion that electronic transfer principles could be applied to electronic filing of tax returns first came to the attention of IRS management when it realized that many individuals were using their personal computers to compute returns.(note 97) Electronic filing with a home computer is not yet widely available. For most taxpayers, this option has progressed only to allow persons to use IRS-approved commercial software to produce a tax return in an answer-sheet format.(note 98) The benefit is that the answer sheet is one or two pages long, compared to the twelve pages in traditional format. The return, however, must still be mailed to the IRS where it is manually processed.(note 99)

In 1994, a newly launched experiment permitted taxpayers to file using CompuServe, a commercial on-line service. Available in nine states, this option also required taxpayers to follow up with supporting documentation including wage and signature forms. The taxpayer received immediate confirmation of receipt by the IRS via e-mail.(note 100)

PC filing, while in its infancy, is likely to be the next area to produce a dramatic shift in the way information is exchanged between the IRS and the general public. In February 1994, the IRS held a meeting for all parties interested in establishing a consortium to fund, design, build, and maintain an electronic communications network for public use.(note 101) The primary concern expressed by the group was whether, and to what extent, such a facility would permit the public to provide information to as well as access information from the IRS in light of privacy and security limitations.(note 102)

2. Return Free Filing

Another filing choice, Return Free Filing, is still being evaluated as a filing option. Originally tested in Texas in 1991 and later expanded to Rhode Island and Washington, this initiative permits taxpayers to report their interest income and W-2 Forms to the IRS.(note 103) The IRS will then prepare returns for individuals and send them a bill or refund. Designated as the 1040EZ-1 test, this option is easy for the taxpayer and results in a computation with no errors-nor need for IRS follow-up. As the predecessor project to TeleFile, however, Return Free Filing is a less efficient alternative to TeleFile because the taxpayer must still mail the documents to the IRS.(note 104)

3.Paper Returns

The IRS contemplates that there will remain quite a number of paper filers, at least until the modernization effort is complete.(note 105) In addition, some paper taxpayer correspondence will always exist. To facilitate the gathering of information into what will be the Integrated Case Processing (ICP) database, the IRS will use two new systems, a character recognition system for simple documents (called the Service Center Recognition Input Processing System (SCRIPS)), and a Document Processing System (DPS) that will optically scan the paper information, rather than require an IRS employee to manually transcribe the return into the database.(note 106) The IRS is presently devising Answer Sheet Returns to improve the accuracy of the scanning process. SCRIPS is currently operational, while the recently awarded DPS contract is now under development in Austin, Texas, and is scheduled to pilot in 1995.(note 107) The IRS has proposed legislation that would permit returns stored in digital image format to qualify as originals, reducing storage and retrieval costs and enhancing security.(note 108) Digital images are not easily altered, and the encryption process would limit access to unauthorized parties.(note 109)

F. Account Information Database

Through the use of Corporate Files On-Line (CFOL), IRS employees and taxpayers alike are experiencing a taste of a fully operational TSM.(note 110) With CFOL, information from existing tape-based master files is accessible on-line to IRS employees. This system allows the employees to respond immediately to taxpayer inquiries, and change name and address errors. Originally launched as read-only with limited information on-line, the system continues to be enhanced to allow for data storage and retrieval. CFOL will eventually support the Electronic and Magnetic Inputs and Outputs/Electronic Filing System (EMS/EFS).(note 111)

While still in prototype, EMS/EFS will integrate many of the interim electronic processing capabilities, and under the ICP system, it will become the primary database to which all taxpayers-practitioners, businesses, and the general public-will forward tax return information. EMS/EFS will facilitate the transfer of all electronic tax returns, including return information to be forwarded to a state, electronic tax payments, federal/state data exchange, and information returns.(note 112) In conjunction with Workload Management and the Case Processing System, the database will provide all account information and will be accessible to employees to assist taxpayers. Other systems, also not yet operational, will interact with the EMS/EFS system to facilitate taxpayer correspondence, compliance, and criminal investigation efforts.(note 113)

G. Telephone Communications

The IRS has recently dedicated itself to providing "one-stop" service to taxpayers and intends to fulfill this promise by using telephone communications rather than paper correspondence. The goal is to resolve 95 percent of taxpayer questions during the first contact.(note 114) Currently, through the Tele-Tax System, representatives provide refund information and answers to basic tax questions. A new system, Telephone Routing Interactive System (TRIS), however, will use Voice Response Unit (VRU) capabilities.(note 115) This feature permits callers to self-route to specialized customer service representatives or to a basic system of interactive services. The service has already experienced positive feedback from the TRIS pilot projects, due in part to improvement in IRS telephone accuracy rates,(note 116) and it continues to be implemented in various sections of the nation. Complementing the use of telephone communications will be the on-line database, ICP, which will greatly enhance taxpayer interactions with the IRS. As previously discussed, it is this interface between telephone operators and the database which, if not properly controlled, has great potential to put taxpayer privacy at risk.

III. Analysis and Recommendations

The foregoing review provides the basis upon which several recommendations may be made. Five areas in particular merit immediate attention and cause for concern: access controls, software controls, disaster recovery plans, privacy standards, and plans to maintain technological competitiveness. The long-run solution, however, lies in the ability of the IRS to draft a systems security architecture that addresses all controls and, in particular, the weak control areas. Interim systems must be thoroughly reevaluated and long-term plans assessed broadly enough to address issues involving third-party data and information sharing. Cost, of course, is a consideration in every attempt to address a weakness and eliminate information leakage or security failure. Every new procedural implementation requires an investment which, ideally, should not exceed the potential benefits the procedure is designed to reap. Some benefits, however, such as taxpayer confidence and utility value of privacy, are difficult to quantify. The IRS now has the challenge of addressing both its internal and external weaknesses and objectives in a manner that is both effective and cost-efficient.

A.Access Controls

In September 1993, and again in July 1994, the Comptroller General's Office issued a report on the most significant deficiencies in present access controls.(note 117) This is not surprising given the large number of IRS employees that have been caught browsing and manipulating taxpayer records without authorization in the past year.(note 118) The Comptroller General's report found that the IRS did not adequately restrict access to computer programs and data files, or monitor the use of these resources by computer support staff and users in accordance with procedures and the law.(note 119) Access controls will continue to be an issue at the IRS as the TSM becomes fully operational. With TSM, the IRS will be required to safeguard taxpayer information not only from employees but also from hackers, professional wiretappers, and curious employers. Even former IRS Commissioner Donald Alexander is skeptical: "The idea of having one-stop service is incompatible with the idea that you have complete privacy and that no one is going to know about you and your tax returns."(note 120) Already, third-party electronic filing transmissions have resulted in numerous fraudulent refunds, even though the IRS claims that none of the third-party transmitters has perpetrated fraud through accessing the master files.(note 121) The IRS has only recently disclosed its preliminary TSM plans for implementing audit trails, its policies for detecting unauthorized use or disclosure, and its third-party encryption protocols that will be used during transmission.(note 122)

B.Software Controls

In comparison to access controls, software controls have greater implications on system security and privacy, since the failure to ensure the security of software can create more systemic problems. Without correctly implemented software controls to ensure that the proper software versions are being used or that unauthorized software changes have not been made, destruction of programs and data, and the creation of errors can be introduced into the system. In addition, software changes can generate fraudulent refunds and, even worse, leave no trail if security detection devices are disengaged. Software control weaknesses were also identified during the annual review.(note 123) The issue will become more prevalent as the traditional and interim systems are converted into long-term TSM. As required by congressional mandate, the new systems must be brought on-line in such a way as to retain the accuracy and completeness of existing files. In addition, IRS management must begin now to enforce security policies and procedures that provide both physical and technical safeguards, since changes in procedure, particularly, do not occur overnight.(note 124) With the introduction of third parties, the risk that viruses will be introduced, intentionally or unintentionally, to contaminate the TSM system is a very real problem. Steps to insulate the system may require rigid security procedures (like those implemented by the Department of Defense), which would likely hamper the flexibility of TSM but would not subject the system to potential ruin. The IRS must evaluate the impact of slippages on the ability to meet capacity, update its disaster recovery plans for the present system, and formulate its TSM plans.

C. Disaster Recovery Plans

As required by the Privacy Act (and indirectly by the Computer Security Act), the IRS must protect records against any anticipated threats or hazards to their security or integrity.(note 125) The IRS has been adding interim systems to the traditional systems in order to meet capacity while procurement slippages catch up with the Design Plan. While such a recommendation may at first appear trivial, one must recall the system crash at the Philadelphia Service Center resulted in serious delays and breaches of integrity.(note 126) Power outages and natural disasters present risks of equal magnitude, which the IRS has yet to address with both its present systems and with TSM.

D. Uniform Privacy Standards

The time has come for the integration of federal and state filing for both businesses and individuals. The Privacy Act and Computer Security Act, as they read today, are not applicable to the states.(note 127) It would be beneficial for both federal and state governments if the cooperative agreement proposal currently being considered by Congress was enacted. For the safeguarding of privacy rights, however, it is imperative that the states be required to abide by standards similar to those established in the Privacy Act. Ignoring such a gap in legislation would put taxpayer rights at risk and compromise the IRS's ability to function within its legislative constraints. As in the computer matching amendments to the Privacy Act,(note 128) which provided regulatory guidance on the procedures by which information obtained by one federal agency may be shared with another federal agency, information sharing between the state and federal governments must be subject to storage and disclosure restrictions.

The privacy standards that regulate the private sector and, to a lesser degree, the regulations that govern the public sector are scattered throughout the U.S. Code, making it difficult for businesses and taxpayers to grasp their responsibilities.(note 129) In the interest of protecting public privacy rights and facilitating a smooth transition to a fully operational TSM, the rights and obligations of third-party transmitters and information accessors must be made abundantly clear. Consolidation of privacy legislation would not only facilitate such an understanding and improve taxpayer compliance, but would also relieve some taxpayer burden.

E.Maintenance of Technological Competitiveness

The TSM effort is currently scheduled to be fully operational in the year 2008 at a total estimated cost of $23 billion, with $19 billion in development costs and $4 billion for phasing out current systems.(note 130) The investment cost has been estimated at $8 billion, the same figure reported last year.(note 131) A report by the GAO in its annual audit found that approximately $4 billion in estimated phase-out costs are "not budgeted, recorded or reported as TSM costs."(note 132) With no system in place at the IRS capable of accurately estimating the costs and benefits of the TSM effort, decisions to go forward, avoid, or scrap a project could be erroneous.

Assuming the IRS's cost figures for the purchase of all the equipment by the year 2008 is accurate, implementation delays noted earlier will have the effect of shifting the cost to taxpayers who suffer inconvenience and added uncertainty. A more devastating consequence of delay is the potential for obsolescence. The possibility of the operational and security aspects of the system becoming obsolete in thirteen years is quite high.(note 133) Computer programmers have a difficult enough time inoculating and securing state-of-the-art software and data from sophisticated hackers. Antiquated models do not have a chance.

Conclusion

The implementation of security and privacy controls bears directly on the regard an institution has for its respective customers. Even without legislative or judicial constraints, the privacy of an individual deserves to be respected and dignity preserved. Whether the IRS will be able to incorporate into its data storage and telecommunications facilities the confidentiality and record security standards-which it is required by law to do-will be a reflection of its dedication to serving the public interest. The IRS appears to be genuinely interested in improving the processes by which it operates, but if it merely implements the technology without the necessary organizational structure, control procedures, and management reinforcement, the IRS will not earn the confidence and support of the taxpayers. By focusing on the trouble areas touched upon in this Note-access, software, disaster recovery controls, privacy standards, and maintenance of technological competitiveness-the IRS will be on a more productive course. However, the long-run solution lies in the ability of the IRS to implement and maintain strong procedural protocols and a systems security architecture that addresses all present and anticipated control weaknesses.

*******

Notes

    *B.S. (accounting) Pennsylvania State University, 1989; M.B.A. University of Illinois, 1992; J.D. Indiana University School of Law-Bloomington, 1994. Member, Indiana Bar, 1994. Return to text

  1. IRS, IRPAC Materials from May 19-20 Meeting, 93 Tax Notes Today 110-107, May 24, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  2. Privacy Act of 1974, 5 U.S.C. 552a (1988 & Supp. V 1993). Return to text

  3. Computer Security Act of 1987, 15 U.S.C. 278g-3 (1988). Return to text

  4. The Internal Revenue Code provisions include: I.R.C. 6103, 7213 (1988 & Supp. V 1993), 7431 (1988). Other laws also restrict the disclosure of taxpayer information. The Freedom of Information Act requires the government to provide citizens with information relevant to the public's self-governing purposes. Not only must the information requested be necessary to self-governance, but it also must not fall within the nine categories of exemptions designed to protect the privacy rights of individual citizens. 5 U.S.C. 552a (1988 & Supp. V 1993). More recently, Congress has enacted the Computer Matching and Privacy Protection Act of 1988, an amendment to the Privacy Act of 1974, which regulates the procedures by which information obtained by a federal agency may be shared with another federal agency. Pub. L. No. 100-503, 102 Stat. 2507-14 (codified as amended at 5 U.S.C. 552a (1988 & Supp. V 1993)). Return to text

  5. General Accounting Office (GAO), GAO Audit of IRS Finds "Management Problems," 94 Tax Notes Today 135-36, July 13, 1994, available in LEXIS, Fedtax Library, TNT File. Return to text

  6. Id. Return to text

  7. Id. Return to text

  8. Id. Return to text

  9. Security: New Products Are Making It Easier to Safeguard Computers and Telecommunications Equipment, Gov't Executive, Apr. 1993 (Information Technology Guide supplement), at 19. Return to text

  10. Unofficial Transcript of Senate Governmental Affairs Hearing, 93 Tax Notes Today 171-67, Aug. 17, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  11. Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890). Return to text

  12. 5 U.S.C. 552a (1988 & Supp. V 1993). Return to text

  13. 5 U.S.C. 552a(e)(5) (1988). Return to text

  14. 5 U.S.C. 552a(e)(10) (1988). Return to text

  15. 5 U.S.C. 552a(e)(9) (1988). Return to text

  16. 5 U.S.C. 552a(f) (1988 & Supp. V 1993). Return to text

  17. Civil remedies may consist of: a court order to amend the individual's record, a court order to enjoin an agency from withholding records, a court order to produce records improperly withheld, and attorneys' fees. Where the action has been willful, actual damages and attorney's fees may be awarded. 5 U.S.C. 552a(g), (i) (1988). Return to text

  18. 15 U.S.C. 278g-3(a)(2)-(3) (1988). Return to text

  19. 15 U.S.C. 278g-3(c) (1988). Sensitive information is defined as "any information . . . which could adversely affect . . . the privacy to which individuals are entitled under [the Privacy Act]." 15 U.S.C. 278g-3(d)(4) (1988). Return to text

  20. 15 U.S.C. 278g-3(a)(4) (1988); see 40 U.S.C. 759(d) (1988). Return to text

  21. 15 U.S.C. 278g-4(a) (1988). Return to text

  22. 15 U.S.C. 278g-4(b) (1988). Return to text

  23. I.R.C. 6103 (1988 & Supp. V 1993). Return to text

  24. Id.; R. Tracy Sprouls, Civil Remedies for Abusive Practices by the IRS, 93 Tax Notes Today 240-34, Nov. 24, 1993, available in LEXIS, Fedtax Library, TNT file. Return to text

  25. I.R.C. 7213 (1988 & Supp. V 1993). Return to text

  26. I.R.C. 7431 (1988). Return to text

  27. Michael P. Dolan, IRS Acting Commissioner's Testimony at Ways and Means Oversight Panel Hearing on IRS Modernization, 93 Tax Notes Today 72-49, Mar. 30, 1993, available in LEXIS, Fedtax Library, TNT File (statement of Michael P. Dolan, Acting Commissioner, Internal Revenue Service). Return to text

  28. William A. Klein & Joseph Bankman, Federal Income Taxation 4-15 (1993). Return to text

  29. IRS, Overview Document Explaining IRS Initiatives, 93 Tax Notes Today 31-38, Feb. 9, 1993, available in LEXIS, Fedtax Library, TNT File. In 1993, over 204 million tax returns were processed, generating over $1 trillion in revenue. Margaret Milner Richardson, IRS Commissioner's Testimony on "Reinventing the IRS," 93 Tax Notes Today 236-50, Nov. 18, 1993, available in LEXIS, Fedtax Library, TNT File (testimony of Margaret Milner Richardson, Commissioner, IRS). Return to text

  30. IRS, supra note 29. Return to text

  31. Dolan, supra note 27. Return to text

  32. Robert Gibson, Future of Information Technology in Federal Tax Administration-The IRS Plan, 93 State Tax Notes 203-22, Oct. 21, 1993, available in LEXIS, Taxana Library, Taxtxt File (Companion to FTA Research Report 100 (July 1985)). Return to text

  33. Id. Return to text

  34. Dolan, supra note 27. Return to text

  35. Congress, throughout the mid-1970s, refused to provide funding for more than replacement systems, such as the Service Center Replacement System (SCRS), which failed in 1985. IRS, supra note 29. Return to text

  36. Milner Richardson, supra note 29. Return to text

  37. IRS, supra note 29. Return to text

  38. Income tax returns were considered public records subject to inspection on orders of the president and under president-approved Treasury rules. "Return information was also available to congressional committees, the White House staff, the Justice Department, state and local governments and to individuals with a material interest in specific return information." Allan Karnes & Roger Lirely, Striking Back at the IRS: Using Internal Revenue Code Provisions to Redress Unauthorized Disclosures of Tax Returns or Return Information, 23 Seton Hall L. Rev. 924, 926 (1993). Congress limited access to taxpayer information in the Act of Oct. 4, 1976, Pub. L. No. 94-455, 90 Stat. 1667 (current version at I.R.C. 6103(a) (1988 & Supp. V 1993)). Return to text

  39. Gary H. Anthes, IRS Uncovers Bogus Access to Tax Records, Computerworld, Aug. 9, 1993, at 15, 15 (quoting Sen. John Glenn (D-Ohio)). Return to text

  40. Id.; Stephanie Stahl, Internal Revenue Snoops, InformationWeek, Aug. 9, 1993, at 12, 12. Return to text

  41. The National Research Council's (NRC) review from August 1990 through May 1992 identified a lack of integration of privacy principles and techniques in TSM system designs. With regard to security, the NRC further found weaknesses in integration in the TSM's security architecture and a lack of accountability. H.R. Rep. No. 102-1058, 102d Cong., 2d Sess. (1992). In August 1993, the NRC said that the IRS had "shown little progress" in addressing concerns about taxpayer confidentiality. Stephen Barr, IRS Computer Revamp Faulted by Study Panel, Wash. Post, Aug. 20, 1993, at A21. Return to text

  42. Tax Systems Modernization Program Status and Comments on IRS' Portion of President's Request for Fiscal Year 1993 Supplemental Funds: Hearings Before the Subcomm. on Oversight of the House Comm. on Ways and Means, 102d Cong., 2d Sess. 37 (1993) (statement of Howard G. Rhile, Director, General Government Information Systems Information Management and Technology Division). The Design Master Plan provides a road map of project schedules and budgets. Shirley D. Peterson, Testimony Before the Senate Committee on Governmental Affairs, 92 Tax Notes Today 72-32, Apr. 3, 1992, available in LEXIS, Fedtax Library, TNT File (testimony of Shirley D. Peterson, Commissioner, IRS). Return to text

  43. Jennie Stathis, Tax Administration Status of Tax Systems Modernization, Tax Delinquencies, and the Tax Gap, Subcomm. on Treasury, Postal Service, and General Gov't of the House Comm. on Appropriations, 93 Tax Notes Today 26-44, Feb. 4, 1993, avaiable in LEXIS, Fedtax Library, TNT File (statement of Jennie Stathis, Director, Tax Policy and Administration Issues, Gen. Gov't Div., U.S. GAO). Return to text

  44. Id. Return to text

  45. Additional electronic filing service centers have been added to handle current capacity problems. The IRS has asserted that questions of capacity will not exist when the permanent Electronic Management System (EMS) replaces the present system. GAO, GAO Optimistic That Electronic Filing Will Increase, 93 Tax Notes Today 24-26, Feb. 2, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  46. Harriet Hanlon, CAG Discusses IRS's New `TAXLINK' System, 94 Tax Notes Today 181-4, Sept. 14, 1994, available in LEXIS, Fedtax Library, TNT File. Return to text

  47. During the 1993 filing season, 12 million returns were filed electronically, reflecting a 13% increase over 1992. The IRS vision is to increase the number filed to 80 million in 2001. Jennie Stathis, GAO's Testimony, "IRS's New Business Vision," at House Government Panel Hearing on IRS Reorganization, 93 Tax Notes Today 236-52, Nov. 17, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  48. GAO, supra note 45. Return to text

  49. Id. Return to text

  50. Id. Return to text

  51. The median fee for manually preparing a Form 1040 is $70, and the median fee for electronically filing the return is $22. Id. Return to text

  52. The median fee for getting a refund anticipation loan for a Form 1040 is $35. Id. Return to text

  53. Id. Return to text

  54. Id. Additional documents, such as Form 2120 (Multiple Support Declaration) and Form 2848 (Power of Attorney), may also be required. Id. Return to text

  55. According to the IRS, a one-step error correction process was expected to be available in 1994. Id. Return to text

  56. George Guttman, Filing Fraud Prompts Taxwriters to Go Over IRS's Head for Help, 94 Tax Notes Today 74-4, Apr. 18, 1994, available in LEXIS, Fedtax Library, TNT File; Glenn Says IRS Employees "Snoop" on Taxpayers, 94 Tax Notes Today 139-39, July 19, 1994, available in LEXIS, Fedtax Library, TNT File. In the first ten months of 1993, there were 25,633 fraudulent returns, resulting in a net loss of approximately $25 million. This may be compared with 12,488 fraudulent returns for the same period of 1992. Jennie Stathis, GAO's Testimony Includes Recommendations for Stopping Electronic Filing Fraud at W&M Oversight Hearing, 94 Tax Notes Today 29-44, Feb. 11, 1994, available in LEXIS, Fedtax Library, TNT File. Compare this with only 411 electronic returns identified as fraudulent in 1990. GAO, GAO Says IRS Can Improve Electronic Filing Controls, 93 Tax Notes Today 7-71, Jan. 11, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  57. GAO, supra note 56; Glenn Says IRS Employees "Snoop" on Taxpayers, supra note 56. Return to text

  58. GAO, supra note 56. Return to text

  59. IRS, IRS Announces New Procedures to Combat Refund Fraud, 94 Tax Notes Today 140-84, July 20, 1994, available in LEXIS, Fedtax Library, TNT File. Return to text

  60. The FBI maintains the National Crime Information Center database which stores information on federal, state, and local crime convictions. The Assistant Chief Counsel for Criminal Tax determined, through discussion with the FBI, that access to the database by the IRS for suitability checks would require legislative endorsement or an executive order. A legislative proposal draft is thought to be in the works. See Stathis, supra note 56. Return to text

  61. During the first seven months of 1992 alone, the IRS identified but was not able to stop $8.5 million in fraudulent refunds. In 1991, 5% of all identified fraudulent refunds were stopped before issuance; in the first seven months of 1992, 71%, or $21 million, were stopped. (Compare the 96% stoppage rate for paper returns in the first seven months of 1992.) Even so, one IRS district director has said that "between five (5) and ten (10) fictitious [electronic] returns are successfully filed and refunded to perpetrators for every one return detected and stopped." See GAO, supra note 56. Return to text

  62. Id. Return to text

  63. Id. Return to text

  64. H.R. 3419, 103d Cong., 2d Sess. (1994). The recent resolution of a patent dispute over the digital signature algorithm (DSA) has been a relief for many federal agencies interested in using the technology. DSA will serve as the standard for verifying sender identity and message content when information is electronically transmitted. The remaining issue is how federal agencies will facilitate the operability of the Digital Signature Standard (DSS) between the public and private sectors. Kevin Power, With Patent Dispute Finally Over, Feds Can Use Digital Signatures, Gov't Computer News, June 21, 1993, at 1, 1. Return to text

  65. H.R. 11, 102d Cong., 2d Sess. (1992) (passed by Congress in 1992 but vetoed for reasons unrelated to the provision. It has not been resubmitted.). Return to text

  66. Within the group of first-time filer returns are many returns that simply possess false social security numbers and false amounts indicating a refund due. Refund anticipation loans are no longer available to first-time filers. H.J. Cummins, The Taxman Is Pushing for Automation, Newsday, July 29, 1993, at 41. Return to text

  67. See GAO, supra note 45. Return to text

  68. Robert Clagett, National Research Council Report on TSM, 93 Tax Notes Today 174-26, Aug. 20, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  69. As an alternative to mandating that returns be electronically filed, the IRS has suggested that a small tax credit be granted. Rep. Douglas Barnard (D-Ga.), House Government Operations Committee Report on Tax Systems Modernization, 92 Tax Notes Today 229-72, Nov. 16, 1992, available in LEXIS, Fedtax Library, TNT File. Return to text

  70. IRS, Return Filing Remains Behind 1993 Pace; Record Number of Returns Filed Electronically, 94 Tax Notes Today 67-44, Apr. 7, 1994, available in LEXIS, Fedtax Library, TNT File. As of early April 1994, over one million electronic filings were combined federal and state returns. Id. Return to text

  71. Several states have joined as participants in a new service offered by TaxNet Government Communication Corp., a division of the Federation of Tax Administrators. With the TaxNet service, which uses standard electronic data interchange (EDI) transaction sets approved by the American National Standards Institute X.12 (ANSI X.12) committee and a standardized format, corporate taxpayers can electronically file with participating states, minimizing mailing costs and errors. Lynda Radosevich, States to Plug in EDI, Computerworld, Oct. 18, 1993, at 1, 1. Return to text

  72. H.R. 3419, 103d Cong., 2d Sess. (1994). Return to text

  73. IRS, supra note 29; Milner Richardson, supra note 29. Return to text

  74. Through the first four months of the 1994 filing season there was a 248% increase in returns received using TeleFile as compared to the same period the previous year. IRS, IRS Reports on Filing Season Statistics, 94 Tax Notes Today 84-6, May 2, 1994, available in LEXIS, Fedtax Library, TNT File. Return to text

  75. The Cash Concentration test system requires the taxpayer to provide payment information to a depository which then relays via phone or computer to another depository, the cash concentrator that provides the information to the IRS. On the tax due date, taxpayer funds are transferred to the Treasury's account at a Federal Reserve Bank. The Centralized Processor system allows the taxpayer to contact the cash concentrator directly. The Federal Reserve Bank test allows the taxpayer to contact the Federal Reserve Bank directly so that the Federal Reserve Bank acts as the cash concentrator. GAO, GAO Recommends Improvements in Federal Tax Deposit System, 93 Tax Notes Today 93-57, Apr. 29, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  76. IRS, IRS Explains Rules for Participating in Electronic Deposit Program, 93 Tax Notes Today 116-16, June 2, 1993, available in LEXIS, Fedtax Library, TNT File. One alternative which the IRS has instituted since 1989 is the lockbox. Payments and paper coupon forms are remitted to a commercial bank by taxpayers. The bank deposits the payment to the IRS's general account, and mails payment information to an IRS service center so that the taxpayer's account can be credited. The process still involves the risk of errors associated with manual processing and would still entail inefficient labor. GAO, Critical of IRS's Timeliness in Depositing Tax Receipts, 93 Tax Notes Today 65-40, Mar. 23, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  77. Milner Richardson, supra note 29. Return to text

  78. Id. Return to text

  79. I.R.C. 6311 (1988). Included in H.R. 3419 is a provision for permitting payment of taxes by credit card, which would amend I.R.C. 6311. H.R. 3419, 103d Cong., 2d Sess. (1994). The provision "excludes credit card [and debit card] issuers and processing mechanisms from the resolution of tax liability, but makes IRS subject to the Truth-in-Lending [and Electronic Fund Transfer Act] provisions insofar as those provisions impose obligations and responsibilities with regard to the `billing error' resolution process." Ways and Means Committee Report on H.R. 3419, 93 Tax Notes Today 235-4, Nov. 17, 1993, available in LEXIS, Fedtax Library, TNT File. The intent is not to provide "consumers [using credit or debit cards] with additional ways to dispute the merits of their tax liabilities." Id. Return to text

  80. Stathis, supra note 47, app. II. Return to text

  81. Id. Return to text

  82. Id. Return to text

  83. Id. Return to text

  84. Id. Return to text

  85. Id. Return to text

  86. 15 U.S.C. 1666 (1988). Return to text

  87. Stathis, supra note 47, app. II. Return to text

  88. 15 U.S.C. 1693f (1988). Return to text

  89. Gore's NPR Panel Recommends Ways to Improve Tax Law Administration, Daily Tax Rep. (BNA) No. 172, at D-12 (Sept. 8, 1993). Return to text

  90. Id. Return to text

  91. See Ways and Means Committee Report on H.R. 3419, supra note 79. Return to text

  92. Stathis, supra note 47, app. II. Return to text

  93. IRS, supra note 1. Return to text

  94. GAO, supra note 45. Return to text

  95. Id. Return to text

  96. The New York City Department of Consumer Affairs conducted a study of RAL marketing practices and found that interest rates being charged were deceptively represented and were probably usurious. Many individuals are unaware that when they receive their refund checks in two or three days they have incurred a loan in the process. Some individuals have reported that some preparation firms require that a loan be taken out in order to file electronically. Id.; see also Margot Saunders & Kathleen Keest, Consumer Law Center Testimony on Problems with Tax Refund Anticipation Loans, 94 Tax Notes Today 73-41, Apr. 15, 1994, available in LEXIS, Fedtax Library, TNT File. Return to text

  97. In June 1992, Syracuse University Maxwell School of Citizenship and Public Affairs completed a study to determine the potential market for home filers of electronic tax returns. The IRS will use this information in determining the feasibility of 1040PC home filing. GAO, supra note 45. Return to text

  98. For the first four months of 1994, use of the 1040PC format by taxpayers declined by 6% as compared to the same period in 1993. IRS, supra note 74. Return to text

  99. GAO, supra note 45. Return to text

  100. Rita L. Zeidner, TSM: Now the IRS Plans to Move Into the 21st Century, 94 Tax Notes Today 108-11, June 6, 1994, available in LEXIS, Fedtax Library, TNT File. Return to text

  101. See Rita L. Zeidner, Tax Industry Prepares for Electronic Filing, 94 Tax Notes Today 34-4, Feb. 18, 1994, available in LEXIS, Fedtax Library, TNT File. Return to text

  102. Id. Return to text

  103. Rita Zeidner, House Government Operations Panel Ponder Return Free Filing, 92 Tax Notes Today 102-7, May 14, 1992, available in LEXIS, Fedtax Library, TNT File. Return to text

  104. Even simpler than Return Free Filing is the Reduce Unnecessary Filings program. Piloted during 1991 and 1992, the IRS now mails letters nationwide to taxpayers who filed unnecessary returns two years in a row advising them not to file. The IRS believes many of these taxpayers are elderly, and have paid to have the unnecessary returns prepared. IRS, The IRS Research Bulletin 1500, 93 Tax Notes Today 92-26, Apr. 28, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  105. Currently, decedent returns, amended and corrected returns, returns for taxpayers residing in a foreign country, returns with other than year-end tax periods, and returns with a power of attorney which require that the refund be mailed to a third party cannot be filed electronically. GAO, supra note 45. Return to text

  106. See Zeidner, supra note 103. Return to text

  107. See Milner Richardson, supra note 29. Return to text

  108. Id. Return to text

  109. See Power, supra note 64. Return to text

  110. Peterson, supra note 42. Return to text

  111. Id. Return to text

  112. Information returns are documents such as Form W-2, Form 1099, and information reports of mortgage interest. Return to text

  113. These other systems are Issue Detection, Automated Underreporter (AUR), Automated Inventory Control System (AICS), Integrated Collection System (ICS), Totally Integrated Examination System (TIES), and Automated Criminal Investigation (ACI). Id. Return to text

  114. See GAO Says One-Stop Service Could Improve IRS's Service, 94 Tax Notes Today 170-17, Aug. 30, 1994, available in LEXIS, Fedtax Library, TNT File. Return to text

  115. See Milner Richardson, supra note 29. Return to text

  116. The present accuracy rate for telephone inquiries is 89%. IRS, IRS 1992 Annual Report, 93 Tax Notes Today 210-31, Oct. 13, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  117. GAO, GAO Identifies Weak Areas in IRS's Computerized Information Systems, 93 Tax Notes Today 198-18, Sept. 24, 1993, available in LEXIS, Fedtax Library, TNT File; see also Gene L. Dodaro, IRS Fails to Notify JCT of $1 Million Refund Situations, GAO Says, 94 Tax Notes Today 149-28, Aug. 1, 1994, available in LEXIS, Fedtax Library, TNT File. Return to text

  118. Since 1989, more than 1300 employees have been investigated for browsing return files. Glenn Says IRS Employees "Snoop" on Taxpayer, supra note 56. Return to text

  119. See generally GAO, supra note 117. Return to text

  120. Sen. John H. Chaffee (R-R.I.), Senate Passes Amendment to Ensure Its Confidentiality, 93 Tax Notes Today 171-41, Aug. 17, 1993, available in LEXIS, Fedtax Library, TNT File. Return to text

  121. See generally GAO, supra note 56. The IRS also notes that, since most fraudulent returns likely go undetected, the vehicles for these frauds are unknown. Id. Return to text

  122. See Margaret Milner Richardson, IRS Has Made Progress in Protecting Confidentiality of Taxpayer Information, 94 Tax Notes Today 140-18, July 20, 1994, available in LEXIS, Fedtax Library, TNT File (statement before the Senate Committee on Governmental Affairs); see also Clagett, supra note 68. Return to text

  123. GAO, supra note 5. Return to text

  124. Security experts agree that privacy and security cannot depend on technology alone and that management must follow up on reviewing audit trails and enforce security checks. Stahl, supra note 40, at 13. Return to text

  125. 5 U.S.C. 552a(e)(10) (1988). Return to text

  126. Dolan, supra note 27. In a panic during the 1985 filing season, employees dumped many tax forms in the garbage when they could not meet processing demands due to system failure. Craig Webb, IRS More Efficient but Taxpayers Aren't, UPI, Apr. 12, 1987, available in LEXIS, News Library, ARCNEWS File. Return to text

  127. George B. Trubow, Protecting Informational Privacy in the Information Society, 10 N. Ill. U. L. Rev. 521, 530 (1990). Return to text

  128. Computer Matching and Privacy Protection Act of 1988, Pub. L. No. 100-503, 6(a), 7, 8, 102 Stat. 2507-14 (codified as amended at 5 U.S.C. 552a (1988 & Supp. V 1993)). Return to text

  129. Joel R. Reidenberg, Privacy in the Information Economy: A Fortress or Frontier for Individual Rights?, 44 Fed. Comm. L.J. 195, 201 (1992). Return to text

  130. GAO, supra note 5. Return to text

  131. IRS Outlines its Efficiency Reports, 93 Tax Notes Today 192-9, Sept. 15, 1993, available in LEXIS, Fedtax Library, TNT File. This amount does not include the $15 billion to operate the old system in conjunction with the new system until TSM is complete. Return to text

  132. GAO, supra note 5. Return to text

  133. Security experts have commented that "the bad guys are only going to get more sophisticated." Stahl, supra note 40, at 13 (quoting Winn Schwartz, Executive Director of Interpact). Return to text