Monday, September 3, 2018
Michael Hatfield (U. Washington) presents Cybersecurity and Tax Reform, 93 Ind. L.J. ___ (2018) (reviewed by Diane Ring (Boston College) here), at the 27th Tax Research Network Conference today at the University of Birmingham, England:
The IRS collects information on more Americans and handles more money than any other agency. The cybersecurity risks are high. This Article takes seriously both the challenges and the agency's limitations in solving those problems through technological advances. This Article describes the cybersecurity problem as a legal problem for Congress to address rather than merely a digital problem for IRS technicians. By legislation, Congress defines what information is tax relevant, and then the IRS digitally collects, stores, and process the information. Over the years, without any regard for information security, Congress has designed a tax system that requires the IRS to collect more information than it can now protect. But there is ample flexibility for Congress to reform tax law to decrease the information held by the IRS and increase the likelihood the IRS can defend it. This Article explores specific ways in which the tax laws and its administration could be changed to simplify the information needs of the IRS, making its information system both a less appealing and a more defensible cyberattack target. In short, if the tax law were simpler in specific ways, the information technology needs at the IRS would be simpler, and adequate cybersecurity for it would be easier.
Section I describes cyberattacks at the IRS and elsewhere, predicting future cyberattacks at the IRS will be similar to cyberattacks elsewhere. Section II offers a history of computer use at the IRS, arguing that this history, as well as a variety of other factors, like inadequate funding and expertise and the technical and human difficulties of cybersecurity, reveals little reason to believe the IRS will achieve appropriate cybersecurity. Section III argues that Congress should consider how potential tax reforms might make the IRS database a less appealing and a more defensible cyberattack target. This Article concludes with reflections on the relationship between law reform and the digital revolution.