What Does the IRS Know About You?

The IRS has more data about you than ever before. What can you do to protect your privacy?

The IRS has more data about you than ever before. What can you do to protect your privacy?
By SHARE

Remember that those "robo-audits" screen for unusual items. Even legitimate tax deductions that don't conform to a "normal" profile can trigger an audit.

A legitimate expense—for example, buying an intern's lunch every day for $6—could appear as a $1,500 expense that might be unusual and give the IRS cause to dig deeper. "They will go after things that pop up in the computer screening," says Smith. He advises keeping detailed explanations and offering them on tax forms "in the hope that a real person might see it and decide it's okay."

Know that IRS "mission creep" into Big Data goes outside its stated mission of informing the public about tax policy.

What the IRS does with all the information it can now access is not clear even to the agency's oversight boards and congressional overseers. The IRS's Information Reporting Program Advisory Committee, made up of tax professionals and advisers, in its annual report, raised "many questions" and numerous concerns over how the agency will use and manage data and said there was "a strong need for guidelines."

The agency's mission statement says it will give "America's taxpayers top-quality service by helping them understand and meet their tax responsibilities and enforce the law with integrity and fairness to all."

But the agency would make no comment for a story by U.S. News & World Report in early April that documented the growing array of new technology the agency has in its arsenal, including a $350 million investment in data mining tools. The agency declined numerous requests to detail any portion of its online policies. It did make a statement later to refute a charge not made in the story, that the IRS targets taxpayers for audit based on their online information.

"Suggestions that the IRS is using social media to target taxpayers for audit are wrong. Audits are based on the information contained on a person's tax return, not a posting on a social media site," said IRS spokesman Anthony Burke in a statement.

But tax court cases record cite numerous cases in which online activity on eBay and Facebook are used in completing audits. The IRS itself says it goes outside of returns "to [verify] amounts reported on individual returns and [identify] individual nonfilers," according to a Frequently Asked Questions posting on its site.

For example, the agency won the power to review and house all credit card and digital payments for use in audits. The IRS won that big concession thanks to a little-noticed item quietly attached the Housing Assistance Tax Act of 2008, passed in the midst of the financial crisis. That provision is now being implemented by IRS but the extent of its use has not been fully explained, as the IRS and even tax lawyers are uncertain of its impact. With budget concerns still paramount, Congress has pushed the agency to do more to collect an estimated $300 billion lost each year due to unreported income. Guidelines to protect individual taxpayers from abuses have been a lesser concern.

[See 10 Golden Parachutes to Make Your Head Spin]

In another disclosure under a Freedom of Information Act action by the ACLU, the IRS audit manuals show that "the IRS Criminal Tax Division has long taken the position that the IRS can read your emails without a warrant." CBIZ's Smith, who once prosecuted tax cases for the government, calls the development "disturbing." In a statement on ACLU's disclosure, the IRS said: "Respecting taxpayer rights and taxpayer privacy are cornerstone principles for the IRS. Our job is to administer the nation's tax laws, and we do so in a way that follows the law and treats taxpayers with respect."

"Contrary to some suggestions, the IRS does not use emails to target taxpayers. Any suggestion to the contrary is wrong," the IRS added in its statement. It did not directly comment on whether email is used for audits and whether warrants are required. "The Justice Department is holding that any data about you that is elsewhere—email on Gmail, Facebook posts, documents stored in Dropbox, etc.—can be gotten without a warrant," says network security specialist Schneier. He says the IRS, which shares data with other law enforcement agencies, has claimed similar powers and "people should be aware of it."