Wednesday, November 22, 2017
Chris Edwards (Cato Institute), Tax Reform, the IRS, Cybersecurity, and Privacy (reviewing Michael Hatfield (University of Washington), Cybersecurity and Tax Reform, 93 Ind. L.J. ___ (2018)):
The current tax reform debate has focused on economic growth and the value of cuts to different groups of taxpayers. Tax simplification has received less attention, and Republican bills would only make modest gains in that regard.
Yet a major tax code simplification would not only save time on administration, it would increase financial privacy and deter cyberattacks on the Internal Revenue Service. A new study by Michael Hatfield of the University of Washington looks at the risks posed by the IRS’s vast data collection on 290 million Americans. The more micromanagement there is in the tax code, the more information the IRS collects on our finances, lifestyles, and activities. ...
Congress has designed a tax system that requires the IRS to collect information on hundreds of millions of individuals and to routinely issue hundreds of billions in refunds. If the tax law did not require so much information on so many, nor involve refunds to so many, the IRS would be a less appealing and more defensible cyberattack target. In short, if the tax law were simpler in specific ways, the information technology needs at the IRS would be simpler, and adequate cybersecurity for it would be easier.
The tax law need not demand so much information on so many individuals, nor must its administration turn on a system that generates refunds as a rule rather than an exception. Within the limits of the political and financial realities that determine legislation, there is ample flexibility for Congress to reform tax law so that it demands less of both taxpayers and tax administrators and, thereby, provides more information security.
A broader conclusion from Hatfield’s study is that policymakers should put much more emphasis on personal privacy when considering all federal programs. The government has a poor record of guarding its databases, so policymakers should be very skeptical of federal activities that require the gathering of personal data on Americans.