The Internal Revenue Service says it will not snoop online to see if you are evading taxes—unless your tax return signals something suspicious.
Once you are flagged, however, the IRS can draw on massive amounts of personal data it routinely compiles on peoples' electronic activities—everything from credit card transactions to Facebook postings. Most recently, the American Civil Liberties Union says it has IRS documents that reveal the IRS believes it has the legal authority even to open private emails without people's knowledge and sometimes without a warrant.
The agency has invested heavily in a new technology now coming online to fully exploit new powers to mine personal data that became law five years ago. But the agency has been quiet about what it has been doing. "They hold their cards pretty close to the vest at the IRS," says Bill Smith, managing director at the accounting firm CBIZ MHM. "It's not clear what they are using and how. But for sure don't brag on Facebook about how you are cheating. The IRS can see that. They are not idiots."
This does not mean everyone is under constant surveillance. But it does signal a new reliance on technology by the IRS to capture, analyze and use much more personal data.
With IRS staff sharply reduced in recent budget cuts, computerized tax processing and "data matching" of third-party networks are becoming the new normal. The IRS is using data to catch tax cheats and identify theft. But taxpayers who document legitimate expenses carefully could also be snarled in the digital dragnet and face time-consuming audits and costly appeals.
How can taxpayers prepare for this era of robo-audits?
File returns truthfully and make sure your online postings don't contradict what you tell the IRS.
Ultimately, truthful filing of allowable credits or deductions will likely win an audit, or the appeal of an audit. But a lot of time and money might be spent before it's over. Check your online postings and emails against your tax filings to make sure they are consistent. It's easy to make a mistake. For example, when you travel somewhere and post about it—on Facebook, for example—those dates become a matter of record. Be consistent.
Know what is public and what is private.
People using anonymous online "cloud" dropboxes, "cloud" storage or anonymous email addresses are not really concealing much. Even former CIA Director David Petraeus slipped up on this, as his attempts to conceal a private romance were exposed from his online storage space.
"Private browsing does work; it instructs the browser not to save data, and the browser doesn't save it," says Bruce Schneier, chief security technology officer at BT, the British telecommunications company. "Anonymous postings depend on what sort of investigation is done. The FBI, and by extension the IRS, could get at the data on a specific person."
Understand that once you are targeted for an audit, everything you do or have done in online and electronic transactions can be used against you.
The online footprints you leave stay with you for a long period of time. The IRS has broad investigatory powers (and now the technology) to go back and look. It is ingesting and storing many kinds of data that could be used for specific audits. As an example, even a college student's careless tweets about never paying back that loan or "going on this scammy free travel junket" could be used later to profile economic behavior.
"A tweet or post with specific information around location or activities is archived and can be potentially called up under a subpoena years later, if needed," says Venkat Viswanathan, chief executive officer of LatentView Analytics, a data analytics company.
[Read: Risking Jail in the Pursuit of Alpha.]
"Taxpayers should pay close attention to this," he says. "In the digital and social media world, the trails tend to stay persistent for long periods of time because of the high-quality data storage and retrieval mechanisms that social networks employ."