The request of the watchdog agency followed the release of confidential information leading to a detailed news report of how the mega rich avoid paying taxes.
Senate Finance Committee Ranking Member Mike Crapo, R-Idaho, responded to an investigation revealing tactics the super wealthy use to evade income taxes by asking the Government Accountability Office to report on how the Internal Revenue Service protects filers’ information.
“Recent news reported on tax return information and stated that the news organization had a large amount of IRS tax data on certain types of taxpayers. In light of this, you asked us to review IRS’s policies for protecting tax information,” reads the May 19 watchdog report titled “Characteristics of Employee Unauthorized Access and Disclosure Cases.” GAO identified Crapo as the congressional requester.
The news report referenced in GAO’s footnotes is an expose ProPublica published last summer using tax information from individuals like Elon Musk, Jeff Bezos and Michael Bloomberg to highlight patterns—including a “buy, borrow, die” strategy—that allows those with sufficient means to enjoy an affluent lifestyle while sometimes paying no federal income taxes at all.
ProPublica said it received the confidential information through a channel it set up for whistleblowers to anonymously share information and that the source—who is unknown to them—said they were motivated by reporting the outlet has done on how a lack of resources at the agency is causing the IRS to focus more on auditing the poor than the exceptionally rich.
But “whistleblower” is a loaded term and the statutes offering protection to those who disclose certain information, regardless of the purpose, may not allow such individuals an exception to severe consequences.
“According to the Internal Revenue Manual, IRS officials are only to disclose tax information if there is a statutory basis that allows the disclosure, the proper authorization to disclose this information has been granted, and written procedures for making the disclosure exist,” GAO wrote. “Criminal unauthorized access violations are punishable by a fine not to exceed $1,000 or imprisonment of not more than 1 year, or both, together with the costs of prosecution. Upon conviction, the employee is terminated. The willful unauthorized disclosure of tax return or return information is a felony, punishable by a fine of up to $5,000, up to 5 years in jail, or both, plus costs of prosecution.”
ProPublica was also careful to address the impact of the SolarWinds hack on the federal government and the possibility that the information could have been fed to them by a foreign adversary. However, the news team noted, the Treasury Department said no personal tax information was compromised as a result of that hacking campaign.
The GAO report was signed by Jennifer Franks, director of the center for enhanced cybersecurity, and Jessica Lucas-Judy, director of tax issues. It notes that “all modernized IRS systems containing taxpayer data are required to send their system and program transactions to the Security Audit and Analysis System,” a central data repository that gathers audit logs from various applications.
That allows the IRS and the Treasury Inspector General for Tax Administration to “detect potential unauthorized accesses to IRS systems and data and to reconstruct events for potential criminal investigations,” the report said. “The [IRS] Cybersecurity office subsequently refers any incidents to TIGTA for investigation. According to IRS officials, the Cybersecurity office also becomes aware of incidents from the Department of the Treasury. When Treasury notifies the Cybersecurity office of an incident, the office is to perform analysis and, if appropriate, refer it to TIGTA.”
The report details various processes and bodies for employees to appeal decisions of their managers—typically two to three levels up—regarding cases of unauthorized disclosure.