Bloomberg Opinion: Can the IRS Be Trusted With Your Data?, by Stephen L. Carter (Yale):
Like many Americans, I tend to feel generous this time of year — not only because it’s the season for giving, but also for the tax implications. This year, however, my usual concerns about how many deductions I can claim on next year’s return have given way to worries about privacy.
In fiscal 2021, the Internal Revenue Service processed 269 million tax forms, each one rich with information that scammers and thieves would love to have. A scathing new report from the U.S. Treasury Department’s Inspector General for Tax Administration calls into question the ability of the IRS to protect this mass of data. …
Remember the leak of confidential taxpayer information to ProPublica earlier this year? Whatever one’s politics, it’s easy to see it as a reason to worry, given that the IRS evidently either (1) has no way to track down who handled the data in question, or (2) allows access to private data to so many people that it’s impossible to tell who downloaded it. (And if it was an outside hack, well, that’s more worrisome still.) [See also Wall Street Journal editorial, The Internal Revenue Leak Service]
But it’s not surprising. An August report from the Senate Committee on Homeland Security found cyberprotections throughout the federal government to be … well, the only word that comes to mind is atrocious. For example, the Department of Transportation was unable to locate 7,231 mobile devices and — get ready for it — 4,824 servers. Tests at the State Department “revealed 450 critical-risk and 736 high-risk outstanding vulnerabilities” and found thousands of active email accounts for former employees, including on the department’s classified networks. …
If the federal government were a private corporation, trial lawyers would be having a field day. The fact that its agencies are protected by the principle of sovereign immunity is producing exactly the moral hazard problems scholars have long noted.
[I]t is fair to ask whether there might be a point to the widespread skepticism about such new IRS requirements as the one calling for banks to share ever more information about ever-smaller accounts. Maybe a government hungry for more private data should first meet its own standards for security.