Citation
A Preliminary Analysis of the IRS Tax Administration System

Material Information

Title:
A Preliminary Analysis of the IRS Tax Administration System
Creator:
United States. Congress. Office of Technology Assessment.
Publisher:
U.S. Congress. Office of Technology Assessment
Publication Date:
Language:
English
Physical Description:
x, 206 p. ; 28 cm.

Subjects

Subjects / Keywords:
Privacy, Right of ( lcsh )
Computer systems ( lcsh )
Legislative oversight ( lcsh )
Internal Revenue Service ( kwd )
Tax Administration System ( kwd )
Genre:
federal government publication ( marcgt )

Notes

General Note:
A review by the Office of Technology Assessment (OTA) of a proposal by the Internal Revenue Service for new computerized tax administration systems. The proposal is reviewed and investigated, with suggestions and proposals given by the OTA.
General Note:
Original is missing pages i, ii, iv, viii, 7, 22, 24, 108, 110, 128, 132, 140, 146, 150, 158, 162, 172, 178, 180, 182, 186, 188.

Record Information

Source Institution:
University of North Texas
Holding Location:
University of North Texas
Rights Management:
This item is a work of the U.S. federal government and not subject to copyright pursuant to 17 U.S.C. §105.

Aggregation Information

IUF:
University of Florida
OTA:
Office of Technology Assessment

Downloads

This item is only available as the following downloads:


Full Text

PAGE 1

A Preliminary Analysis of the IRS Tax Administration System March 1977 NTIS order #PB-273143

PAGE 2

TEchNOLOGiY ASSESSMENT BoARD Congress of the United States EMILIO 0. DADOARIO EDWARD M. KENNEDY, MASS., CHAIRMAN D I R E C TO R MARJORIE S. HOLT. MD.. VICE CHAIRMAN OFFICE OF T ECHNOLOGY A SSESSMENT DANIEL V. DE SIMONE ERNEST F. HOUINGS, S.C. OLIN E. TEAGUE. TEX. HubERT H. HUMPHREY. MN, MORRIS K. UDAll. ARIZ. W ASHINGTON D.C. 20510 CLIFFORD P. CASE, N.J. GEORGE E. BROWN, JR., CALIF. RICHARD S. SCHWEIKER, PA. CURENCE E. MILLER, OHIO TED STEVENS, ALASKA LARRY WINN, JR., KANS. FEE 2 /3 1977 EMILIO Q. DADDARIO Honorable Al Unman Chairman Committee on Ways and Means U. S. House of Representatives Washington, D. C. 20515 Dear Mr. Chairman: On behalf of the Office of Technology Assessment, we are please d to forward the analysis of issues : A Preliminary Analysis o f the IRS Tax Administration Svstem. This preliminary analysis identifies issues and poses question s regarding the opportunities for oversight of the system as i t affects due process, privacy confidentiality and security as yo u requested p Sincerely Edward M. Kennedy Chairman DE P UTY DIRECTOR Enclosur e

PAGE 3

T ECHNOLOGY A SSESSMENT B OAR D Congres of the United State s EMILIO Q. DADDAI?Io OLIN E. TEAGUE, TEXAS, CHAIRMAN DI REC T OR CLIFFORD P. CASE, N. J., VICE CHAIRMAN O FFICE OF T ECHNOLOGY A SSESSMEN T DA N IEL v. D E S IMON E EDWARD M. KENNEDY, MASS. MORRIS K. UDALL, ARIZ. ERNEST F. HOLLINGS. S.C. C$EORGE E. BROWN, JR., CALIF. W ASHINGTON D.C. 20510 D EP U T Y D IRECTOR HUBERT H. HUMPHREY, MINN. CHARLES A. MOSHER, OHIO RICHARD S. SCHWEIKER, PA. MARVIN L. ESCH, MICH. TED STEVENS, ALASKA M ARJ O RI Es. HOLT, M D EMILIO Q. DADDARIO Honorable Edward M. Kennedy Chairman of the Board Office of Technology Assessment Congress of the United States Washington, D. C. 20510 Dear Mr. Chairman: The Off ice of Technology Assessment has been asked by the Chairman of the House Ways and Means Committee and the Chairman of the Subcommittee on Oversight to review the Internal Revenue Service proposal for a ne w computerized Tax Administration System (TAS) to assure that the safeguards are sufficient to prevent the TAS from becoming a system of harassment surveillance and political manipulation. Under the TAS proposal, the present centralized IRS computer system whos e master tapes are updated and queried on a weekly basis would be replace d by a network of ten regional systems each with Master Files that coul d be accessed instantaneously from terminals in local Internal Revenu e Offices throughout the regions Computerization of some manual files an d new applications of the technology are anticipated To assist in making a determination as to how best to proceed with th e Committee request, OTA convened a panel of expert consultants from th e fields of computer science sociology, public law, management science civil liberties and taxation Discussions were also held with a numbe r of other knowledgeable people concerned with these issues Documents, reports, and other relevant materials were reviewed pertaining to th e proposed TAS technology, to the current issues bearing On the effectiv e administration of the tax laws, and to principal current concerns abou t adequate protection for the privacy due process, property and othe r constitutional rights of taxpayers as citizens v

PAGE 4

-2 The charge of the panel was to advise OTA on how to proceed with developing a response to the Committees request in light o f questions which might be raised about possible need for additional safeguards when the system is implemented The panel discussed issues which might be raised by the establishment of TAS on the basis of the available information They met with Internal Revenue Service officials in charge of developing TAS Subsequently, a questionnaire was addressed to the IRS to acquir e additional information and clarification of factual points deeme d necessary for making judgments as to what, if any, major issues might be presented by the system OTA reviewed the TAS proposal in light of (1) recent heightened publi c concern for the privacy and confidentiality afforded personal financia l activities, (2) perceived threats from past and present problems in th e operations and management of similar large computerized systems (3) perceived threats from past abuses in IRS information practices an d due process guarantees and (4) the current debates over the prope r statutory, administrative and technical means of revealing misuse an d abuses of information in the future and of lessening the chances of thei r reoccurrence The panel has identified a number of important questions that may b e raised about the scope and application of the proposed Tax Administratio n System, as described to Congress and about the opportunities for over sight of the system as it affects due process, privacy, confidentialit y and security The questions are of such a nature that answers to them when related to other facts and trends would provide a basis for judgments about principal advantages or disadvantages of the system and its propose d safeguards These questions are discussed in this report to the Board Our preliminary investigation of this request suggests that before OT A proceeds further, hearings addressing these questions be held before th e Ways and Means Committee Subcommittee on Oversight at an early date to consider the potential impact of the interrelationship of the technology law and public policy in this major governmental information system Continued OTA participation will be evaluated as the Committee proceeds with its deliberations EMILIO Q. DADDARIO Directo r Enclosur e vi

PAGE 5

OTA TAS ADVISORY PANEL Professor Robert Boguslaw Department of Sociology Washington University Dr. Alan F. Westin, LLB, Chairman, TAS Advisory Panel Professor of Public Law and Government Graduate Faculty of Political Science Columbia University Dr. Ruth Davis, Director Institute for Computer Sciences and Technology National Bureau of Standards Department of Commerce Mr. Mark Gitenstein American Civil Liberties Union Former Counsel, Senate Select Committee on Intelligence Activities Former Chief Counsel, Senate Constitutional Rights Subconnnittee Professor Jeffrey A. Meldman, LLB Sloan School of Management Massachusetts Institute of Technology Member, Massachusetts Security and Privacy Council Mr. Don B. Parker, Senior Research Analyst Stanford Research Institute Mr. William H. Smith, General Counsel American Bankers Association Former Assistant Commissioner Internal Revenue Service Dean David T. Link The Law School, Notre Dame University Member, Governors Commission on Privacy Former Trial Attorney, Chief Counsels Office, Internal Revenue Service OTA TAS PROJECT STAFF Project-Director: Marcia J. MacNaughton Staff: Helen H. Savage, Ogechee L. Koffler OTA Coordinator: Robert F. Daly vii

PAGE 6

TABLE OF CONTENTS 1. 2. 3 t 4. SUMMARY . ISSUES LIST: Areas INTRODUCTION in . Which Further . . . . Information is Required Committee Request . Proposed IRS Tax Administration IRS Arguments for the TAS Background for Considering Issues in TAS ISSUES 4.1 4.2 4.3 4.4 4.5 4,6 System . . . . Information in the System a. Contents and Scope . b. Retention of Tax Information . . . . . . . . . . c. Consolidation and Linkage of Information d. Derived Data . . Uses . . . . a. TAS Users . . . b. Boundaries and Interface . c. Federalism . . . Operations . . . a. Surveillance Capacities . . . . . . b. Equity and Equal Treatment Under the Laws c. TAS and the Courts . . Processes and Structure . . a. Decentralization. . . b. Administrative Centralization . c. Organizational Change . ~. d. Accelerated Processes . . Accountability. . . . a. Oversight . . . b. Citizen Participation . . c. TAS, Advancing and Emerging Technologies Security . . . . . . . . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . l . . . . . . . . . . 1 3 7 7 9 10 14 23 25 25 33 41 43 45 45 48 60 64 64 70 76 83 83 85 88 91 97 97 99 102 105

PAGE 7

TABLE OF CONTENTS (centd.) APPENDIXES . . . . . . . 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. OTA Questionnaire on TAS and Internal Revenue Service Response . . IRS Summary of Major TAS Features Present and Proposed Security and Privacy Safeguards . . . . . . IRS Chronology of Events in TAS Approval Process . . . Comments by Panel Members Regarding System Data and IRS Responses . OTA Memorandum: Review of IRS Proposal for Computerized Tax Administration System (5/18/76) . . . . . Considerations Regarding OTAs Response to Congressional Committee Request to Review Proposed Computerized Tax Administration System (TAS) (6/8/76) . . . Comments by TAS Panel Members a. Dr. Alan Westin, Panel Chairman b. Dr. Robert Boguslaw (working paper) Mark Gitenstein . . ; : Dorm B. Parker . . Hope Eastman . . ; William Smith . . Dr. Ruth Davis . . Correspondence of Ways and Means Committee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a. Rep. Al Unman, Chairman, House Committee on Ways and Means, to Emilio Q. Daddario, Director, Office of Technology Assessment, Feb. 11, 1976 . . . . . b. Rep. Charles A. Vanik, Chairman, Subcommittee on Oversight, to Chairman Unman, Feb. 3,1976 . . . c. Rep. Vanik to Senator Edward M. Kennedy, Chairman, Technology Assessment Board, Feb. 4, 1977 . . . d. Chairman Unman to Director of OTA, Feb. 16,1977. . Statement by Dr. Jerome Weisner, President, Massachusetts Institute of Technology; Chairman, Advisory Council, Office of Technology Assessment, before the U.S. Senate Judiciary Subcommittee on Constitutional Rights and the U.S. Senate Commerce Special Subcommittee on Science, Technology, and Commerce, on Surveillance Technology, 94th Cong., 1st Sess., Sept. 10, 1975. . . . . . . Comments by Dr. Christopher H. Pyle, Mount Holyoke College . Reviewers Comments . . . . . Comments by Dr. Kenneth Lauden, John Jay College of Criminal Justice, CUNY . . . . . . 109 111 123 127 129 133 141 147 151 159 163 165 167 173 181 183 185 187 189 195 198 199 v A

PAGE 8

1. SUMMARY The Internal Revenue Service request for funds for anew computerized Sy*m for tax processing is a major response to the challenges and duties given the agency by Congress and the public in recent years. Specifically, it is a response to the problems of overworked and outdated equipment and to the possibilities of reaping for the agency the administrative benefits of new technological developments in automatic data processing and electronic communications. As it is intended to be operated and used to administer and enforce the revenue laws, the proposed Tax Administration SyStern (!IAS), will determine or affect the collection, use, maintenance, and dissemination of large amounts of information about citizens. It will play a pivotal role in governmental and private data banks and information Systims which contain the details of the personal, organizational, and business lives of Americans at home and abroad. Since TAS is proposed at a time of intense public concern over the potential for abuses of the information resources of government and the private Sector, the System could be perceived as posing a threat to civil liberties, privacy and due process rights of taxpayers. These effects might include a potential for surveillance, harassment, or political manipulation of files for which Specific controls and safeguards are of concern to Congress. Although IRS officials testified before the Appropriations Committees, filed a report on TAS pursuant to the Privacy Act, and briefed staff members on several Committees, they have not provided enough specific and substantive information on the public record to support judgments on these essential aspects of the proposed system which are the proper concerns of Congress and the public. In descriptions of thb propos~, the line is frequently blured between the ruIes and operations of the present system and those planned for the new one. In some instances, the information supplied is vague and subject to several interpretations. In other instances, no information hm been supplied which would indicate any significant treatment of important issues. Among those features and attributes of TAS whose effects may need examination are: the geographic decentralization of taxpayer files and their instant availability at computer terminals to those who use and share Federal tax information; acceleration of processes; creation of a national 1

PAGE 9

network for quickly transferring histories of taxpayers; an expandable data base with capacity for acquiring and keeping longer and more detailed histories of taxpayer accounts; consolidation of categories of files previously separated; automation of manual records and clerical processes; increased capacity to associate data; and opportunities for creating new kinds of information. In an information system like TAS, such features and attributes may present issues involving improper surveillance, equity and tax reform, equal treatment, privacy, due process, confidentiality, accountability, oversight, organizational change, and public participation in developing the system and monitoring its operations. Evaluation of the seriousness of these and other issues in the light of the safeguards planned for TAS will require additional information about the characteristics of the system, how it will operate, who will use it, what will be done with it programmatically, and how it will relate to other domestic and international data systems. Technical descriptions of important features of the TAS proposal need to be explained in terms which will be meaningful for purposes of public understanding, Congressional oversight, and Executive Branch management. Only with this information as a base for the definition of specific issues can an assessment be made of the possible impacts of changes which would be brought about by the new system. 2

PAGE 10

2. ISSUES LIST Answers to the following major questions are needed in order to identify issues which should properly be raised by the development. and operation of a nationwide system for accessing and using personal information about taxpayers. INFORMATION IN THE SYSTEM 1. 2. 3. 4. Contents and Scope: Do descriptions of the TAS proposal identify the information to be stored in the system as well as the scope of taxpayer files sufficiently to permit consideration of the possible effects of the TAS on privacy and other rights? Retention of Tax Information: Do the TAS documents describe retention time policies sufficiently to permit a determination of their consistency with souna social policy, fairness to taxpayers, and with statutory requirements? Consolidation and Linkage of Information: what consolidation and what linkage of tax data is planned and what unintended effects from these should be guarded agtinst in the development and operation of TAS? Derived Data: Could the TAS, within the processes it serves raise problems of derived data, that is, of creation of new data out of several pieces of pre-existing information, which may require special safeguards to prevent threats to privacy or other rights? USES 1. TAS Users: Have the actual and potential users of TAS been identified? 2. Boundaries and Interface: Does the report On TAS sufficiently identify the proposed and potential boundaries of the system, its interface capacity its relationship to other public md private data systems, so that a judgment could be made concerning its possible impact on civil liberties, on effective Congressional oversight, on the opportunity of the taxpayer to exercise information rights and to determine status within data systems of IRS and other agencies?

PAGE 11

3. Federalism: What impact might the TAS have on information policies, practices and technologies of State and local governments which use or feed the TAS data base for revenue and other governmental purposes? OPERATIONS 1. Surveillance Capacities: Is there a need for defining the extent to which TAS may afford government a more efficient instrument for surveillance of taxpayers and citizens at home and abroad? 2. Equity and Equal Protection: To what extent, if any, does the TAS proposal rake considerations of equity and of equal treatment for all taxpayers? 3. TAS and the Courts: What problems may the TAS technology pose in the judicial process for the protection of individual rights? PROCESSES AND STRUCTURE 1. 2. 3. 4. Decentralization: What processes and functions would be decentralized in the new system and what effect, if any, could decentralization have on privacy and other rights, on confidentiality of information and security of the system? Administrative Centralization: What processes and functions affecting information policy and individual rights would be centralized under the new system? How might centralizing forces affect the oversight of such previously separated activities? Organizational Change: Could the new system bring about organizational changes to the IRS which might affect its ability to carry out responsibilities for respecting the rights of taxpayers? Accelerated Processes: Could the TAS produce an acceleration in information processing and decisionmaking to a degree which might have adverse impacts on civil rights and liberties of taxpayers in the administration and enforcement of internal revenue and other laws? ACCOUNTABILITY 1. Oversight: How should effective oversight of TAS be conducted? 2. Citizen Participation: To what extent has the public been involved in planning TAS? Should there be a new special process for inviting public input during the formulation stage? 4

PAGE 12

3. TAS and Advancing and Emerging Technologies: Are controls needed to regulate TASS interface with advancing and emerging technologies which might alter its vulnerability to political manipulation or to use as an instrument for surveillance or harassment? SECURITY Security: What additional Safeguards might be needed to guarantee the physical and technical security of the system?

PAGE 13

3. INTRODUCTION COMMITTEE REQUEST The Internal Revenue Service Seeking authorization from congress to procure a new automated data processing system to replace all of its existing data Processing equipment used in the administration and collection of Internal Revenue taxes, with the exception of one system, which would be replaced later. The Chairman of the House Ways and Means Committee and the chairman of the Subcommittee on Oversight of that Committee have requested the office of Technology Assessment to make a review of the new Tax Administration System and its proposed regulations regarding its use and implications as it may relative to privacy of individuals and nondisclosure and possible improper use of income tax returns. The Chairman of the oversight Subcommittee expressed concern that without safeguards, t0e new TAS System could become a system of harassment, surveillance and political manipulation. He stated: I believe that the publics concern about government agencies, such as the IRS, requires that we take every step to ensue that in the future its files can never be used for political or unconstitutional purposes . Once installed in 1981 it will probably be the worlds largest and most sophisticated computer System. Authorized IRS employees will be able to scan the tax return of a taxpayer in a region within Seconds. In addition, other authorized employees will be able to receive tax returns of citizens from throughout the country within seconds. He indicated the possible need for legislation on the system. A number of other committees and Subcommittees have info~ally indicated through staff members an interest in also receiving information developed about issues which may be raised by the new system. These include Staffs Of the House Government operations Committee Subcommittee on Government Information and Individual Rights (Whose cha.i~an also sent OTA an official request), the Senate committee On Governmental Affairs the Senate Appropriations Subcommittee, the Senate Judiciary Committee Subcommittee on Administrative Practice and Procedure, the Senate Constitutional Rights Subcommittee, and several individual members of Congress.

PAGE 14

To determine how best to proceed with the Committees request, the Office of Technology Assessment decided to convene a panel of experts in law, sociology, computer science, management, civil liberties, and other areas. They included people with experience in evaluating information systems for concerns expressed by the committee on Ways and Means. They also included former officials of the Internal Revenue Service and former staff members of two Senate Committees who had responsibility for investigations and legislation of privacy, security, information practices, and government computers. The panel met in Washington to discuss possible issues which might be raised by the proposed new Tax Administration System in light of the public documents, Congressional testimony and available information on TAS. Panel members were invited to submit their further observations in either written or oral form. Background information for reaching a decision for action on the Committees request was also sought from the Internal Revenue Service, public interest groups, and others knowledgeable or concerned with questions which TAS might raise. Documents, reports, and other relevant materials were reviewed pertaining to the proposed TAS technology, to the current issues bearing on the effective administration of the tax laws, and to principal current concerns about adequati protection for the privacy, due process, property and other constitutional rights of taxpayers as citizens. OTA reviewed the TAS proposal in light of (1) recent heightened public concern for the privacy and confidentiality afforded personal financial activities, (2) perceived threats from past and present problems in the operations and management of similar large computerized systems, (3) perceived threats from past abuses in IRS information practices and due process guarantees, and (4) the current debates over the proper statutory, administrative and technical means of revealing misuse and abuses of information in the future and of lessening the chances of their reoccurrence. It was concluded that some serious questions may be raised about the scope and application of the proposed Tax Administration System, as described to Congress, and about the opportunities for oversight of the system as it affects due process, privacy, confidentiality and security. The questions are of such a nature that answers to them, when related to other facts and trends, would provide a basis for judgments about principal advantages or disadvantages of the system and its proposed safeguards. These questions are discussed in this report to the Board. 8

PAGE 15

The information supplied to Congress in public documents and testimony about TAS is often vague or technical, or is simply inadequate on matters which may be of vital importance to the taxpayer, the Congress, and to IRS management. The dearth of information prevents the full and careful public identification of any policy issues which might be raised if the new Tax Adminktration System is installed. OTA therefore recommends that hearings be conducted before the Subcommittee on Oversight of the Ways and Means Committee in order to acquire the background information needed for defining issues. This report, which is an OTA report, and not the responsibility of the advisory panel members, therefore identifies some pertinent questions in a range of issue areas which may be important in considering the potential impact of the interrelationship of the technology, law and public policy in this major governmental information system. PROPOSED IRS TAX ADMINISTRATION SYSTEM The proposed Tax Administration System (TAS) which OTA has been asked to review represents a redesign of the basic data processing system of the Internal Revenue Service used to administer the Internal Revenue Laws and to collect taxes. A S described by IRS, the main features of the TAS are as follows: The TAS involves the integration of collection, processing, storage, communications of data, and terminal facilities. The new System will relocate centralized tape tax account master files for the nation from their present centralized location in the National Computer Center in Martinsburg, West Virginia. They will be decentralized to the ten existing IRS service centers across the country, which will accord with the present decentralized administrative structure Of the agency. Taxpayer information in each centers tax account files for its geographical area will be accessible by terminals in the IRS offices in that region. The present sequential system will be replaced by random access to the files. The National Computer Center till be converted to a centralized account directory and control point for intercenter activity as the National Communications Center (NCC). It will control exchange of taxpayer accounts. Information will be exchanged between centers and NCC by transmission from magnetic tape to magnetic tape on a batch basis by encrypted channels in scrambled form. Processing of tax returns, correspondence and related activities will continue to be 9

PAGE 16

carried out at the ten service centers. Service Centers will communicate with field offices by means of a Data Communication Subsystem with dedicated, leased data transmission lines; local offices will communicate only with their servicing center and direct terminal to terminal or center to center communications are not to be allowed. The subsystem will also feature data communications processors located in each service center and the NCC; programmable data concentrators in the largest offices, testing and encrypting equipment; and modems to interface with terminals remote from the service centers. The Plan projects that 8300 terminals will be in place by 1985; 5400 of these will be in the ten centers for case inquiry and input; about 2900 will be in other major field offices for inquiry and update purposes; 750 line printers will be in field offices for printing forms and for terminal screen images. The Plan will permit five years of data for a taxpayers history to be retained as a general rule instead of the present limit of three years. Data for additional years can be kept for problem tax accounts as needed. The existing practice, by means of a separate system, allows for decentralized computerized retention of such data for only ten percent of taxpayers. For purposes of comparing the present system with the redesigned TAS, the following illustrations (see figures 1 and 2) were made available in public documents on TAS. They were published in the House Appropriations Committee hearings on the IRS TAS budget request in 1976. IRS ARGUMENTS FOR THE TAS Officials of the Internal Revenue Service described the need for the redesigned system in testimony before Subcommittees of the House and Senate Appropriations Committees in 1976. According to this testimony, the expanded capabilities would allow for improved taxpayer services by providing faster returns processing, increased responsiveness to inquiries, and consolidated/linked tax accounts and Master Files. The system is expected to allow new applications of computer technology for a consolidated collection program, for a scoring formula for collection case assignment, and for the automation of revenue accounting. Additional privacy and security safeguards will be afforded with the TAS, according to IRS testimony. In addition, the system will allow expansion for future needs. 10

PAGE 17

These major improvements me explained further in the following excerpts from the IRS testimony: 1 The basic ADP system now in place is conceptually the system which began operations in January 1962. Although we have made a number of significant incremental improvements to the system, we have reached the point where the opportunity for further improvements has diminished. In addition, we are having problems meeting ever growing, complex workloads with O U r present equipment. Simply put, todays system with its basic design constraints has become inefficient and does not permit us to be as responsive as we should be to taxpayers and IRS program needs. In view of these factors and considering the potential benefits of current and new technology, it was concluded that fundamental systems changes are necessary Today in our processing system, with the cycle which we must go through posting the master file once each week, the very best that can be accomplished is a turnaround time from four to five weeks. That means, then, that our IDRS data base is loaded in five weeks or six weeks, and by the time we produce microfilm records for the district offices, where some 90 percent of the accounts are not in data base, another three to four weeks has elapsed. We find a considerable number of differences between taxpayers figures and our calculations in our first processing loop. The correction of these errors will be expedited because we expect to put them in a real-time processing situation. We have a second category which we call unpostables. There are some seven million returns that we bring to the master file annually today that fail to post for one reason or another. For example, the Social Security number will not match the one already in the account. So we must return that item to the service center for research purposes, and we start the cycle all over again. So instead of four to five weeks, we are talking now in terms of six, seven, eight weeks. With an on line data base and with terminals, working these kinds of errors simultaneously with our posting efforts, they should be cleaned Up relatively quickly, perhaps within the same day, so they can be posted that night. Obviously then we have increased responsiveness to inquiry. We can consolidate and link the taxpayer accounts in ou master files, cross-relating one to the other. This can be accomplished in a data base system of this kind much easier and more efficiently than it can in a serial ordered tape system. Some of the new applications which we are talking about are in a consolidated collection program. By this I mean if we have a delinquent account or notices to issue for more than one return for the same taxpayer, we will issue a consolidated profile to the revenue officer one time, instead of several pieces of paper as we must today. We alsoo want to score the Collection cases in much the same way as we do the Audit program today in the program called the Discriminant Function. This should 1. House Appropriations Hearings, 1976. 11

PAGE 18

Figure 1 Present System SERVICE CENTER INQUIRY/ RETURNS PAYMENTS CORRESPONDENCE \ District & Loca l Office s 1 A & Validity Chec k All Othe r Service Centers (9) National \ NOTICES, BILLS, & ETC. 1 Computer Center Disbursing Master File ~ i Office Operations 12

PAGE 19

Figure 2 Redesigned System /, // / SERVICE CENTER l l l l l Tax Accounts On-Line Transcript ion Math Verification Validity Checking Return Posting and Account Settlement Refunds Settlemts Notices BIIIs k F / $ Inqulrles Inputs 1 / A I IRS OFFICES 1) NATIONAL COMMUNICATIONS CENTER Switching Function Taxpayer Director y National Reports l security Master File InfOrrnatiOn Returns Matchin g I ALL OTHER SERVICE CENTERS IJ 13

PAGE 20

enhance the collection program considerably. We want to automate our revenue accounting system and bring about considerable savings. We will have expanded case controlthis applies particularly in the compliance effortover that which we have today. We will have more data for the agent to use in connection with his audits. We can keep prior history to a greater degree than we can today and thereby the same case will not be audited year after year as we do sometimes today because we dont know the difference. We also expect to maintain five years of data in our accounts rather than three years, which is the maximum we can handle in our tape system. This, too, will permit us to give additional service to the taxpayer. It will also permit us to income average if required. Some 2 million-plus taxpayers today are averaging their income. We dont know, unfortunately, how many are not but could; in a five-year data base we can determine this. And of course we will have expansion capability for future needs, which is something we simply do not have today. Our system is 20 years old at this point and it was constructed using the technology which was in existence at the time. We have reached the point where we have several different types of computers working with each other. We are using a tape system and our expandability is just about gone. Also, we believe that the technology exists which will permit us to acquire the equipment as needed and build and continue to expand as workloads and growth expand. In fact, we expect that these systems will be in place through this century. BACKGROUND FOR CONSIDERING ISSUES IN TAS Certain assumptions underlay the OTA preliminary review of the committee request to examine TAS. In order to define issues which may be raised by TAS, it is important to establish why this particular Executive Branch request for a new computer system may prompt more legislative attention to the specificity of the laws, rules and policies which will govern it than have previous requests. TAS is being proposed by the IRS in response to an expanding population and growing demands for new and better services. The plan embodies advances in automated data processing and telecommunications technology to aid administrators facing political, economic, and social conditions far different from conditions surrounding earlier requests for automation and the government programs they served. Thus, reasons supporting requests for this new system may differ from reasons supporting earlier requests. 14

PAGE 21

Transition between generations of technology is difficult for Congress, for the public, and for Executive Branch managers. Officials frequently couch requests for ADP systems in the old terminology of management needs and programs of years past. This may seem to preclude the need for full-dress consideration of the impact of the technology and its significance for change. Alternatively, they may make extravagant claims, couched in scientific terminology for computer experts, for the attributes of the new or altered systems, in hopes of impressing reviewing officers of the Executive Branch of Congress with the worth of their case for new procurements. Decisions to apply or extend ADP technology to governmental functions are no longer strictly in-house decisions to be made by agency computer scientists and management experts and then channeled through the appropriations process subject only to cost-benefit tests. Out of the new computerized information systems have grown nationwide information networks which are provoking the sharing of personal data among governments at all levels and among private organizations. While computerized handling of data prima facie offers opportunity for superior security, the growth in the scope and applications of information technology has meant that the consequences of misuse of records are more serious, the potential for abuse is greater, and the impact of computer error is more profound when they do occur. In recent years, therefore, as computer-assisted programs have been applied to many social, political and economic purposes of government and the private sector, public concern for the adverse side effects has increased. This public interest in the beneficial as well as adverse side-effects of computerization has been reflected in activities of Congress, state legislatures, the courts, private organizations, interest groups and the computer industry. A S a result, management issues which were previously confined to the Executive Branch have, with the advent of new generations of equipment, surfaced as key public policy issues of potential concern to Congress and numerous interest groups. TAS provides an example of the intertwining of many Of the old assumptions and new concerns. Many heads of executive departments and agencies explaining their Plans to computerize files stress that all they are doing is transferring the existing forms and rules of their manual operations into machine-readable files and automated procedures. They are frequently supported by commentators and observers of computerization. While this assertion is true in one perspective, there is another dimension to their planning which is of interest to Congress and the public. When plans for 15

PAGE 22

large-scale automation and electronic communications are considered, or redesign of existing systems is undertaken, managers and policy makers have an unprecedented opportunity to rethink organizational forms and procedures. When their programs are considered from the viewpoint of cost and rationality, this becomes a duty to the organization and to the public. As a result of the automation and telecommunications advances in recent years, managers in government and business have been reconsidering questions such as these: l l l l l l One Just what data do they really need to perform their various functions most effectively? How should these data be recorded, processed, analyzed and displayed? What arrangement of local, regional and central offices, and what location of files and communication links fit best with the technological opportunities now presented through computer and communication systems? Who within the organization needs to use particular sets of data and in what form at a given time? Which data should be exchanged with other automated organizations to achieve common goals? What data needs to be protected, to what level and at what costs? commentator on the need for effective Congressional oversight of these governmental systems described the importance of this kind of review: Large-scale computerization by the federal executive presents Congress, particularly the subject matter committees, with a vital occasion to exert Congressional influence and place a Congressional imprimatur on the reshaping of agency forms and procedures involved in new systems planning. Of course, any fundamental reconsideration of agency goals and procedures could become an occasion for refighting old battles and forcing yet another proof of sound agency approaches. Yet reconsideration of such old questions in the light of major new technological opportunities and choices is not too great a price to pay for the benefit of such assessments. Government agencies can bask in the freshness of mandate and future support that would come from a judgment by the Congressional committees that a new data system embodies the correct assumptions, procedures and safeguards for that agency to carry on its mission effectively. 2. Address by Alan F. Westin, Dickinson College, Carlisle, Pa., 1971. 16

PAGE 23

Thus both agency managers and Congressional committees should approach the review of major data systems as an occasion for reconsidering organization fundamentals, not just looking at specific manual-to-computer data relationships or comparing cost effectiveness of computer equip merit. Among government information systems, the TAS is signficant for its scope, its large data base of extensive personal information on people which it acquires partly through the sanctions of the civil and criminal-laws, its importance to IRS decisions affecting the rights and property of millions of taxpayers, and its complex management needs. IRS officials have indicated that the system is designed to carry the IRS through this century. Therefore, a review of its implications and safeguards should necessarily be addressed not just to immediate problems but to the future. In its design concepts, TAS is on the leading edge of the state of computer fit. The proposed procurement has been described in the 1976 Senate Appropriations Committee Report as the largest data processing project ever undertaken by the Federal Government. 3 The total cost of the system was then estimated to be between $750 million and one billion dollars. Potential vendors of the computer equipment told Congressional committees that to respond to the requests for proposals would cost around 2 million dollars per proposal. 4 The TAS proposal has a potential for vast cost and impact on the information technology and on the rights and duties of many users of the system. ~ view of the long planning time required and TAS intractability to change if safeguards prove faulty, there is a need to assure at the outset that the policy and technical dimensions are joined. T O achieve this union of policy and technology in an information system of the size and significance of TAS, the following basic questions should be asked when considering the various issues which may be raised by the TAS proposal. l Should there be a different level Of management specificity for the technology of this system than there has been in the past? l Ought Congress spell out in greater detail what would be ProPer USeS of the system and how they should be enforced? 3. U.S. Senate, Committee on Appropriations, S. Rept. 94-953, 94th Cong., 2d Sess. 1976, p. 13. 4. U.S. House of Representatives, Committee on Appropriations. H l?ept. No. 94-1229, 94th Cong. 2d Sess. 1976. 17

PAGE 24

l Is there a need to consider whether some of the changes in information practices which will be effected under TAS technology may be of such a nature and degree that they represent a change in kind in the processes by which the tax laws are administered and enforced and, therefore, perhaps, a change in kind in the IRS as an organization relating to citizens and to Congress? TAS and Identified or Perceived Threats TAS might be reviewed in light of judicial standards which may govern its use and operations. For instance, courts have developed a body of case law which establishes and defines due process requirements in the field of taxation, including taxpayers rights to certain information. Rules for TAS ought to reflect these concerns. Most important, however, may be the need to place the TAS and its potential impact against the backdrop of recent trends in U.S. Supreme Court decisions which tend to retreat from or halt the judicial implementation of a constitutional right to privacy. This trend has in effect reinforced Congressional responsibility for assuring safeguards for protecting the citizens privacy and assuring that government data programs do not result in harassment or improper surveillance. When this trend is reviewed in the context of public concern for privacy protections and safeguards in the gathering, using and sharing of financial information, the TAS proposal assumes increased significance. Since they will affect public acceptance of TAS, any review of the TAS proposal should set it against IRS experiences with its other computerized data systems and with its management of information policies affecting rights of taxpayers and other citizens. Reference might be made to findings from several Congressional and independent investigations into IRS investigations and audit policies and to its data sharing policies. Recent findings by the Watergate Committee and the Senate Select Committee on Intelligence resulted in recommendations for tight legal prohibitions on access to certain kinds of tax data and on investigations of the returns of unpopular or controversial people or business, beyond the needs of the tax laws. The IRS experiences with some of its computerized systems used for intelligence purposes are described at length in Book III of the Final Report of the Select Committee to Study Governmental Operations with Respect to Intelligence Activities. It points out the problems of the Information Gathering and Retrieval System (IGRS), which was a new approach to intelligence gathering, and to the storage and retrieval of so-called general intelligence as contrasted with intelligence developed in the course of an investigation 18

PAGE 25

of a specific tax case. The report states: A crucial element in the system was computerization of the storage and retrieval of general intelligence. The computer, it was thought, would make it possible to retrieve masses of data by categorye.g. by subject name, by illegal activity category and would thus make gathering vast quantities of general intelligence fruitful. Within a year of the forma] establishment of IGRS, the system came under fire in the press as an alleged secret IRS hit list and an index of dossiers on the personal lives of Americans containing data unrelated to tax law enforcement. Other allegations were described and investigated. The staff report states that IGRS fell short of its goals of enhanced case development and improved intelligence retrievability. In general, more intelligence, most of it of little or no value, was input into IGRS than the computer could effectively retrieve. In a number of districts, IGRS fostered unrestrained, unfocused intelligence gathering and permitted targeting of groups for intelligence collection on bases having little relationship to enforcement of the tax laws. It cites the lack of adequate control on the system and concluded that IRS traditional reliance on agent discretion combined with this new, broad intelligence collection effort to produce a dangerous machine which, had it continued unchecked for a long period, could in some districts have approached the monster some newspaper accounts described. In many phases of IRS programs, TAS implications for the right of taxpayers to due process might be analyzed against the comprehensive 1976 study of IRS processes conducted by the Administrative Conference of the United States. 5 That report examines numerous complaints and practices affecting audit and settlement processes, collection of delinquent taxes, applications of civil penalties, the use of the IRS summons power, taxpayer services and complaints and tax return confidentiality. While it did not focus on computerization as such, the topic comes Up numerous times in the reports discussion of computer proramming, errors, and automated processes in different areas of tax administration. This is particularly true with regard to the operation and management of the Integrated Data Retrieval System which has been compared to the TAS on a smaller scale. 5. Committee Print. U.S. House of Representatives, Committee on Ways and Means, Subcommittee on Oversight, Jan. 20, 1976. Report to the Steering Committee for the Internal Revenue Project, Administrative Conference of the U.S. 19

PAGE 26

The report also notes that the Conference study led to an awareness of other topics that could be profitably examined, one being, the impact of IRSs computers upon the operations of the Service and society at large. Apparently no analysis has been made of the extent if any, to which the new TAS will alleviate some of the public concerns and due process problems described in the Conference report and in several Congressional hearings; nor, at the same time, is it clear how many of these identified problems might, without some new rules, be exacerbated by the new system. A recently published report 6 and continuing hearings and investigations of the Privacy Protection Study Commission have gone far to define certain kinds of threats to IRS information from improper or unwise disclosure and dissemination of information from the files of the Internal Revenue Service. A number of the Commissions recommendations were enacted in the Tax Reform Act of 1976. 7 The TAS proposal might be analyzed for its capacities to enforce these new confidentiality policies and to determine their adequacy within the context of the attributes of TAS design and technology. IRS officials and others concerned with increasing efficiency have maintained that this legislation against improper disclosure is all that is needed by way of Congressional action on the TAS. As an example, they point to the stricter penalty established for illegal disclosure of information, and tighter restrictions against dissemination of IRS data for non-tax uses as well as other prohibitions. No attempt was made during discussion of the TAS to judge the strength or validity of such claims, and that is not the purpose of this report. However, the following argument on this point was made during the panels work on TAS and is worth setting forth here. It is provided by panelist William Smith who is a former Assistant Commissioner of the Internal Revenue Service knowledgeable about the design of the TAS and the operation of the agency. An important safeguard against abuse exists already. Indeed, the Tax Reform Act of 1976 may very well supply all the safeguards necessary to assure the privacy and the confidentiality of data extracted from tax returns today or under the proposed TAS system. It is my opinion that the current files and those that would be created under 6. FederaZ Tax Return Confidentidity, Report by the Privacy Protection Study Commission, 1976. 7. Public Law 94-455. See also discussion in U.S. Senate Rept. 94-938, Report of the U.S. Senate Committee on Finance on H. R. 10612, Tax Reform Act of 1976. 20

PAGE 27

TAS are covered by the definition of Tax Return Information as this is used in the Tax Reform Act of 1976. Thus disclosure of any information will be seriously dealt with. Indeed, the Ways and Means Committeethe very committee that has asked for an evaluation of the TAS systemhas upgraded the crime of disclosure from misdemeanor to felony and has upgraded the penalties from $1,000 to $5,000 and one year in jail to five years in jail. I believe that the possibility of actionable disclosure has been effectively eliminated by the Congress. However, I suppose one can speculate that in the absence of other safeguards there could be unintended disclosure that OCCU r S simply because of the nature of TAS and the way that system would work. I have thought about this and without reachingindeed perhaps overreaching-I simply have not been able to conceive of unintended breaches of security or privacy or confidentiality that might occur. There is disagreement on this point, however, and a suggestion for further legislation was made by the representative of the American Civil Liberties Union. 8 While there was not total agreement on the sources of threats for TAS, most panelists and many people concerned about privacy, due process and effective tax administration based on voluntary compliance, appear to have an assumption that there is a need to assure that a system this large and sensitive is capable of being perceived as fair, equitable and protective of privacy, due process and confidentiality. Where there is a perceived potential threat which, if actualized, would be detrimental to certain rights and liberties, then it is worth considering as an issue. For this purpose, no aspect of the system, no personnel managing or using it, and no policies affected by the technology, should be automatically excluded from a review. 8. See letter from Hope Eastman, Appendix 7(e). 21

PAGE 28

4. ISSUES 23

PAGE 29

4.1 INFORMATION IN THE SYSTEM a. CONTENTS AND SCOPE ISSUE: DO DESCRIPTIONS OF THE TAS PROPOSAL SUFFICIENTLY IDENTIFY THE INFORMATION TO BE STORED IN THE SYSTEM AND THE SCOPE OF TAXPAYER FILES TO PERMIT CONSIDERATION OF THE POSSIBLE EFFECTS OF THE TAS ON PRIVACY AND OTHER RIGHTS? SUMMARY Until specific scope of files and contents of TAS are spelled out, operations cannot be effectively monitored or dealt with by the Executive Branch, Congress, judges, or parties in data-connected tax law disputes. Without the basic ground rules which include some meaningful specifics about the data contents in advance of installation of the system, in the future it may be impossible to determine the extent of the adherence of TAS and its users to public expectations of government performance, and to the demands of new laws such as the privacy Act of 1974, the Freedom of Information laws, the tax return confidentiality provisions of the New Tax Reform law, and new information requirements of tax programs. Similarly, it will be difficult to evaluate the adequacy of administrative and technical barriers designed to protect the confidentiality and integrity of different types of data. Such information would help provide the basis for considering the possible relationship between TAS and the impact on the individual of future IRS and governmental information collection policies. QUESTIONS 1. Does the TAS proposal contain any criteria for contents of TAS which may need elaboration? 2. Are available descriptions of TAS files sufficient to afford the full knowledge about IRS records to which law and regulations entitle the individual? 25

PAGE 30

3. 4. 5 i 6. 7. 8. 9. 10. 11. 12. Is the type of description in the TAS proposal and the current reporting in the Federal Register of categories of personal information in IRS records systems sufficient to inform Congress and the public about contents of TAS so that decisions can be made about the systems potential impact on privacy and on information policies generally? Are descriptions of TAS and reports filed under the Privacy Act on IRS personal information systems sufficient to cover the rights of corporations, businesses, firms and organizations in the new TAS? Is the available information about TAS contents sufficient to permit judgments about the need, if any, for new rules for partitioning files and for requiring administrative and technical safeguards for categories of data? Is there a need for legislation or regulations establishing the contents of TAS? Is there a need for some kind of specific reporting mechanism on TAS contents to allow Congress to monitor the system? How can an effective audit be made if present rules and statutes governing IRS information are unchanged? What specific privacy considerations governed the resizing of the TAS from the original design? Has a review been made recently of standards for the collection and maintenance of IRS records? If so, by what standards? Was it made in connection with requirements of the TAS design or was it in connection with the administration of the Privacy Act and the Freedom of Information Act, or was it in connection with the concerns of the Federal Paperwork Commission for cutting back and simplifying Federal forms? Do the 1976 and 1977 tax reform laws affect collection and maintenance of IRS information in such a way as to alter any plans for the size of the data base of TAS? Is all of the information proposed for the TAS data base required for purposes of administering the Internal Revenue laws and collecting taxes? What other criteria will govern characteristics of the data base? Does the TAS proposal permit modification of the data base should the Freedom of Information Act or Privacy Act be amended, modified, or changed in interpretation by courts? By what means? With what effect on rights of taxpayers? 26

PAGE 31

13. I S there sufficient information to permit consideration of the extent, if any, to which TAS may have an impact on future governmental programs for collecting information from and about citizens? BACKGROUND According to a 1972 Academy of Sciences report, Data Banks in A Free Society, Privacy is independent of technological safeguards; it involves the social policies of what information should be assembled in one information system. In the Privacy Act of 1974, Congress stated its finding that the privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal information by Federal agencies. 9 Despite the importance of privacy in such a sensitive information system, there appears to be an element of secrecy about important aspects of the TAS which affect privacy. Nowhere in the testimony and materials given Congress did the IRS spell out the contents of the files to be consolidated in the new system; nor did it indicate how much of the specific information supplied by taxpayers on tax returns will be in an account in the new sysem. Unless the rules for such large computerized systems have spelled out sufficiently what will be permitted in the system and how the taxpayer can exercise information rights with respect to specific kinds of information, there may be a lack of public confidence in the entire system. Furthermore, without such specific information, it may also be difficult to assure the enforcement of those statutes which are designed to promote the obsemance of information practices which respect privacy and due process rights. Knowledge, consent to gather, use and shine information, accountability, oversight, Confrontation of records by means of access and right to challenge records, and specific prohibitions against collecting and maintaining certain information are the key elements in considering the contents of TAS. Congress has used a number of principles and techniques in setting controls and limits for sensitive information systems. Among these me the privacy Act of 1974 which states that an agency that maintains a system of records shall maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency 9. Pubic Law 93-579, 93rd Cong. (5 USC 552a). 27

PAGE 32

required to be accomplished by statute or by executive order of the president. In addition, an agency must publish an annual notice, less general in nature, of the existence and character of the system of records, including the categories of individuals on whom records are maintained and the categories of records maintained in the system. Furthermore, the agency must maintain all records which are used by an agency in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in the determination. Other provisions of the Privacy Act allow certain information rights which have been partially applied to IRS files. Additionally, the Freedom of Information Act creates rights to obtain identified information. The public has also demonstrated specific concern for protections against abuses in the governmental collection and maintenance in records systems of information which bears on the exercise of First Amendment rights, that is, on how people speak, write, think, organize and associate for religious, political and civic purposes. As a result, the Congress enacted in the Privacy Act a provision that an agency shall maintain no record describing how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute or by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity. Given the broad IRS mandates for information-gathering under the tax laws, it would be unrealistic to enforce literally this specific provision. Yet past IRS abuses have been identified which involved use of IRS personnel and tax data for non-tax purposes because of First Amendment activities of taxpayers which offended administration politicians.1 0 In view of previous public concerns, the Congress and taxpayers ought to have a way of assuring themselves that the ability of the IRS to observe the spirit of this provision of the Privacy Act will not be adversely affected by the installation of the new system. Most of the information supplied by IRS addressed the purposes of the new system and the new ventures which IRS proposed to launch with it, its general characteristics and attributes, and what the internal IRS user needs were. 10. An IRS Directive of Sept. 29, 1975, Exercise of First Amendment Rights, provides guidelines for agency compliance. 28

PAGE 33

In deference to the Privacy Act requirements, the TAS proposal states that the Service has reviewed and revised its practices and procedures relating to the collection and maintenance of records to assure that only such information that is relevant and necessary is maintained. Policymakers may want to know when and how this review was made, by whom, and under what terms and standards. For instance, were the internal users of TAS allowed to define their own informational needs, and if SO by what standards? was this review made in response to the Privacy Act, to the Freedom of Information Act, or to the concerns Of the Federal paperwork Commission for cutting back on governmental information~ demands and simplifying forms? Was it made in response to the specific needs and environment of the computerized, decentralized TAS? The Service states that it has complied With the privacy Act notice requirements by publishing in the Federal Register the indices and notices of existing person~ information systems. These are general and brief, indicating how people may discover whether a system contains information on them, how they may learn what information rights, if any, they have within a system, and what files are exempt, what routine disclosures are made, and the nature of sources. 11 A question was raised by panelists whether or not the description in public documents and the very general Federal Register reports for records and files on individuals can be substituted for the more detailed inventory needed to evaluate the possible impact of any changes under TAS. Furthermore, these Federal Register reports me designed for the personal information systems of government, and may not be extensive enough in this case to account for the data which may be in the system on corporations, businesses, organizations, and other tax entities. The issue of contents of the TAS is also joined to the issue of the adequacy of whatever safeguards for technical and physical security me proposed to protect the data under various laws and executive branch standards for records management and computerization, including those established by the National Bureau of standards. While this issue is more appropriately raised in a section on security, it bears citing here to show the importance of the issue of establishing precise rules for management of TAS information. The Privacy Act, for instance, requires agencies to establish appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in 11. U.S. Dept. of the Treasury, Internal Revenue Service. Privacy Act of 1974: Resource Material. Document 6372 (11-75). 29

PAGE 34

substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained. Unless criteria for the permissible contents are known and established beforehand, it is hard to tell how the appropriateness or adequacy of these safeguards can be evaluated for different kinds of information. It is helpful to review the degree of specificity already accorded the TAS contents in the public documents sent to Congress. The description in the report filed with several Committees pursuant to the Privacy Act is vague and brief on this point. It does not draw a clear line between what is now gathered and stored and what will be included in the new computerized system. The personal information now received by IRS is characterized in the following ways. It notes the sources of information received, stating that it receives most of its data from tax returns and related documents required by the IR Code and regulations or forms authorized by them; that relevant data is also obtained from records required to be kept, and taxpayers or other sources, as necessary to ascertain the correctness of returns received, or to secure or prepare delinquent returns. The primary source of data is described as the individual income tax return, Forms 1040 and 104OA submitted by the taxpayer and containing personal and financial information. Tax data is also received from third parties via income information documents such as Forms W-2 and 1099 reporting wages, interest, dividends and other taxable income; and from related returns such as partners and beneficiarys income on Forms 1065 and 1041. The report states that information is received from other government agencies, such as the Agriculture Department reports on taxable farm subsidy payments; that it is also obtained from public and other records; from the taxpayers own records, financial and other statements; from correspondence and information furnished by the public. It states that the information the Service receives is prescribed by the IR Code or supporting regulations, and briefly cites 28 different provisions of Title 26 of the United States Code referring to required returns and statements. In a sub-section entitled Types of Data Retained, the report states The Service retains several broad types of data identification, accounting, status, assignment, cross-reference to related accounts, history, statistical, and data and system control and security. After all of the various statutory retention policies are cited, the contents of TAS are summarized as follows: The redesigned system will retain five years data for all tax accounts in a readily accessible file, and additional years for only unpaid and otherwise active accounts. 30

PAGE 35

In another section entitled Information Retained on TAS Files, the report seeks to illustrate some of the reasons the Service retains certain data, and indicates the broad types of data retained, and how long IRS deems it necessary to retain, or believes it is authorized to retain, various types of data because of various statutory references to liabilities, rights and duties. It states that: In accordance with standard accounting practices, the service maintains records and controls on all tax transactions which affect the revenues; that an account is maintained for each taxpayer to which the related tax liabilities, paymentsj credits and other financial transactions are posted, and from which the necessary bilk and refunds and other accounting activities are generated. In addition, the summary (general ledger) data is maintained and used to produce accounting reports such as the reports on gross collections and refunds paid to taxpayers. It wants to verify the correctness of information received and to quickly retrieve the taxpayers figures and the Services computation to satisfy and resolve taxpayers inquiries about bills, refunds and other account settlement matters, and to promptly make corrections and tax adjustments to data in the files. Further, it states, some of the transcribed and retained data is used to select returns having the highest potential for tax change and which may require examination. Retention of data from the tax return reduces the costs to locate, pull, control and refile original documents . Also, by retaining data concerning tax filers, it is possible to identify non-filers through comparisons of present and past data as well as other leads or sources. In addition, the data is used to produce operating and statistical reports for management purposes or as required by law such as the publication of statistics of income. As a result of a number of concerns which were raised about lack of specificity in TAS documents on criteria for the contents of the new system, OTA sent a questionnaire to the Service asking them to indicate as precisely as possible what items of information under the new expanded TAS will be placed in the taxpayers file and thereby linked to the taxpayers name. The response and some comments by individual panelists are included as Part Of the appendix to this report. Change in Contents From the documents supplied on the TAS proposal and discussions about it, it would appear that expense is the major barrier to adding to the contents of the TAS and that even expense may be little deterrent to expansion under certain conditions. TAS officials stated that the estimated 31

PAGE 36

cost for each additional character of data transcribed from all the individual income tax returns and entered into the system is $60,000, and that for this reason, among others, they strive to capture the minimum amount of data consistent with effective tax administration. Furthermore, they stated data requirements created by new legislation are added of necessity. This statement may deserve elaboration in any review of TAS. For instance, one panelist considering TAS observed that few, if any, agency officials or ADP personnel have proven courageous enough in the past to come forward and protest to Congress in the face of a legislative push for new laws which might overload their ADP or telecommunications systems or which might create a data base difficult to manage from a due process or privacy standpoint. In such event, it is not clear what, if any initiatives IRS or Treasury officials could or would take to alert policy makers or Executive Branch managers of potential problems of privacy, due process, confidentiality, or overload of the system. Further inquiries may be appropriate on this issue. It may be, given the attractiveness of the technical capacities of TAS for manipulating data, for programming and for retrieval, that some special attention should be directed to the need for installing an early-warning system so that the attention of IRS and of appropriate committees of Congress may be alerted when there is an effort which would result in altering the size of the TAS data base and, the scope of individual taxpayer files. 32

PAGE 37

b. RETENTION OF TAX INFORMATION ISSUE: DO THE TAS DOCUMENTS DESCRIBE RETENTION TIME POLICIES SUFFICIENTLY TO PERMIT A DETERMINATION OF THEIR CONSISTENCY WITH SOUND SOCIAL POLICY, FAIRNESS TO TAXAYERS, AND WITH STATUTORY REQUIREMENTS? SUMMARY Another major management benefit planned under TAS is availability of a longer tax history through increased storage capacity. In light of what is known or perceived about the threats from other large computerized person~ information systems containing financial data, and in light of recent public concerns about the IRS and other government information practices, it is important to consider to what extent the longer retention time afforded by TAS might contribute to a public view of it as unfairly inhibiting people from starting anew in society. There is a need to assure that, as programmed and operated, TAS will not stigmatize taxpayers long after thek difficulties with IRS have been resolved in a satisfactory fashion. In order to evaluate the potential policy impact of the system, it may be important to define for the public record the retention time policies governing the data to be stored in the system together with whatever administative and technical standards and devices might be planned for enforcing those policies. QUESTIONS 1. h light of what is known or feared about large computerized financial data systems, might there be an undesirable impact on civil liberties and due Process ~terests as a result of the change from the present 3-years storage capacity (and from none at all in some C ase S ) to computerizing 5 years of tax history of a tax account, with potential for storing much more, and making it available to users of IRS tax data? 33

PAGE 38

2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. To what extent might the TAS lead to difficulties similar to those which have been widely discussed in the administration of justice field over outdated computerized rap sheets or in the commercial field over computerized consumer credit files? In light of what is known or feared about large financial data systems, could TAS inadvertently become an instrument for promoting an unsanctioned social policy of stigmatizing taxpayers long after their difficulties with IRS have been resolved in a satisfactory fashion? To what extent can taxpayers be informed under TAS about the full scope of the information potentially available to them? How can they challenge the accuracy or completeness of such information? How might retention and storage policies affect the information rights of the individual taxpayer under IRS rules, under the Privacy Act, the Freedom of Information Act, and other Internal Revenue statutes? What provisions have been made administratively and technically for systematically identifying and purging outdated information in the TAS? For updating it? What provisions should be made by statute? By regulation? What reporting or other accounting method should be installed to assure the taxpayer and Congress that any purging and updating program for TAS is enforced? Should there be further legislation or regulations specifically establishing retention policies for different categories of information? Without specific findings on current and proposed retention policies of user components in IRS and in programs of other users and producers of TAS data, without analysis of the effects on these users of changes in IRS retention policies, is it possible that the technological momentum of the new system may initiate or influence changes in public policy without the input of assigned policy makers? Could IRS retention policies for TAS data affect the vulnerability of taxpayers to unauthorized surveillance and to harassment by IRS or other governmental users of the system? How will the new IRS retention policy affect the information retention policies of other users of income tax return information? Of users of information derived from IRS data? Of taxpayers, employers and corporations who must supply information on Taxpayers under various programs to IRS and to other users of tax data? 34

PAGE 39

13. How do the retention policies comport with the work of the Federal Paperwork Commission to cut back on the amount of information collected and retained by federal agencies, and to simplify income tax returns? 14. How does TAS retention policy comport with the policies of the Treasury Department for retention of records of that Department? 15. Does the Privacy Act of 1974 authorize some retention of data as described by the IRS? 16. Has there been a review of the policies governing retention time for the data to be stored in the system and is it available? 17. What provision has been, or will be made, to assure that data originally collected for one purpose (and the taxpayer so informed) will not be retained for another purpose in another location, longer than permitted by the policy for that kind of data? BACKGROUND There may be a need to consider to what extent the programmatic or operational aspects of TAS may prevent taxpayers from ever redeeming themselves from the adverse effects of previous infractions, misunderstandings of tax rules, investigations, audits, debts, petty transgressions and records of old tax events. Public apprehension about large computerized personal data systems, and this reflects current attitudes toward government decision-making generally, is that they may facilitate the storage and the use of personal information which is irrelevant or outdated for making decisions on the merits of a case. For this reason, a special interest in privacy and due process in recent years has been to prevent certain kinds of sensitive information from ever being collected or stored in a system in the first place. Another important aspect of the privacy issue has been the setting of precise reasonable rules for the length of time information is kept and for assuring that it is eliminated from a data system at the end of that time, unless new judgments are made as to further use. The 1972 report by the National Academy of Science explained the civil liberties issues as follows : 6 Not only should the need for and relevance of specific items of personal data have to be established in positive terms but serious consideration should be given to wlzether some entire record-keeping programs deserve to be continued at all. A further consideration where the need for collecting data is at issue is whether records should be retained beyond their period of likely use for the purposes for which they were originally collected. A related but more complicated question concerns the continued existence in files of information which is no longer supposed to be used for making decisions about 35

PAGE 40

individuals. Many cumulative records about individuals in various sectors of the organizational world are filled with facts and evaluations set down in earlier time, under a different sociopolitical ethos. In this setting, it is not enough to say from now on we will not . Steps need to be taken to remove from historical records in high schools, colleges, commercial reporting agencies, law-enforcement files and other organizations the personal information previously gathered about political, racial, cultural, and sexual matters that would not be put in the files under present rules. Io the extent that evaluators today have such record to consult, especially for decisions that are not visible to the individual, the presence of such information represents a dead (and improper) hand from the past. Thus, a major concern about computer systems in both private industry and government is that the existence of the technological capacity to store data and to have large portions of it available in real time, will lead to searches for additional kinds of data. The costs of computer systems can more easily be justified when they are used to maximum or new maximum capacity. This leads to strong incentives for maintaining and storing data which may be unnecessary, outdated, or even malicious. There has been a concern that information kept too long, whether or not it used as a matter of official policy, will, by its very existence and its potential for misuse, have an intimidating or chilling effect on the taxpayer. On the other hand, in a society in which people are judged on their merits, standards of administrative due process demand that all relevant information be considered in making a fair decision. There has been) therefore) a countering trend of concern to the privacy one that terminal users and other decisionmakers in mp systems may not have enough accessible information on individuals to make fair decisions. For instance, availability of a benign tax record going back some years could obviously be helpful to a taxpayer who suddenly has problems. If extensive information in a case is denied the IRS employee, it may affect his ability to set priorities with which duties are carried out with regard to that case and others as well. It is difficult to separate the policy from the technical considerations on this subject. Issues of retention time and storage capacity are intertwined with issues of contents of the system and the relevancy of the information collected, stored, and used in it. Retention is related to questions of when it becomes outdated, how it is purged, and how these decisions can be enforced administratively and technically. 12. DattJ Banks in a Free Society, h Alan F. WeStin and Michael A. Baker, Report of the project on Computer Databanks of the Computer Science and Engineering Board, National Academy of Science, 1972. 36

PAGE 41

In many agencies, policy on such issues has tended to evolve from a series of management housekeeping decisions made incrementally over many years to meet the administrative and political needs of the moment, the changing capacity of the equipment, or cost/benefit concerns. Consequently, there has been little comprehensive review Of the PU bli C PO li CY implications of retention time of file data. With all of these developments, the chance to start anew is now seen not as a mere concept, but as a right to be respected in the administrative process of government ~d organizations. In recent years, as new or expanded government computerized systems have been proposed, interest g r O U p S and others feeling the pressures of certain policy aspects of Federal data programs have urged the evaluation of retention time of data as a policy issue. This public concern has been expressed in numerous acts of state and federal legislatures for various kinds of records. Many states have adopted policies of sealing old records. Legislation and regulations governing arrest records and other information used in the administration of justice have sought to impose time limits for information kept in the system and to devise detailed administrative and technical methods for challenging and purging irrelevant and outiated information. Courts have also sought to formulate judicial standards for purging information and assuring that outdated information is not communicated to other systems. In the Fair Credit Reporting Act, Congress recognized this right in a modified way by setting time limits on the use of credit information and allowing the consumer to start anew with a clean slate. Again in the Privacy Act of 1974, Congress indicated its concern for obsolete, irrelevant data in government files, including those of the Internal Revenue Service, by requiring all Federal agencies to maintain all records which are used by the agency in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in the determination, and it allows the individual to seek correction or purging of the records. Computer users and managers have examined the retention i SSU e as an economic or a technical problem, but not as a social or political one. In some organizations and agencies acquiring new electronic data processing means, one response to such concern has been not to purge, but to reduce the data for storage still further, and to argue that the economics of the situation make it easier to retain the data than to purge it of irrelevancies and outdated matter. 37

PAGE 42

As a result of all of these trends, decisions on need and retention time of specific data elements can be key public policy issues for new systems. Consequently, one technological attribute being asked by the public, by buyers and users of these systems is the ability to purge outdated information and the requirement to purge it in those systems where there appears to be provable evidence of potential detriment to the individual of outdated or irrelevant information. The TAS Proposal According to IRS sources, the present Master File tapes keep only three years of tax history. After the 4th year, the oldest year is put on a retention register either on tape or microfilm. These records may be kept forever. Additional research for previous years is done by requisitioning stored tax returns or searching microfilm records. In addition, a separate system, the Integrated Data Retrieval System (which will be replaced by TAS) puts on-line, accessible on terminals in the regions, tax history for those taxpayer accounts with problems or where activity is expected. (This generally amounts to about ten percent of taxpayers accounts.) According to one source, this usually may cover as many years as necess~ to deal with the account. According to others, it is usually for one year. The TAS will provide means for retaining 5-years data for all tax accounts. When it is outdated, according to IRS, the information will then be taken off the system and microfilmed or otherwise stored for at least 10 years or, in some cases, possible forever, since there is no destruction period for basic data. The TAS storage approach has three different storage levels according to TAS documents; it permits record migration or movement to less expensive and less responsive on-line storage devices unless subsequent events, such as inquiry or analysis needs, demonstrate a need for extended retention and for frequent access. The first level offers immediate accessibility. Records in the second level would be available immediately, most of the time, but usually overnight. Records in the third level of storage would be on disc or tape and available probably within a week. For instance, if the audit division is auditing all five years, then that would be in the immediately accessible storage level. Thus, several records comprising one taxpayers account may reside on several devices with differing access characteristics and times. 38

PAGE 43

This range of retention time and levels of storage, in the opinion of some people concerned with civil liberties, may affect the ability of the taxpayer to understand the system and to exercise information rights in the programs of the V ari OUS usem of the TAS. Yet, it is exactly the ability to understand the system which leads to a belief in its fairness. In the proposal for any such computerized system, especially since the passage of the Privacy Act, it ought to be very clear whether or not the subjects of the files will be informed about the full scope of the information potentially available to them. If not, the~ ability to challenge the accuracy or completeness of the information will be severely limited with such a range of storage. It ought to be clear how important an item of information has to be before a search of relatively inaccessible storage devices is instituted. Although an essential element of the redesigned systim is reported to be quicker access to more current data by those IRS employees who need the data to resolve a specific inquiry or process a case, the other major function of the system will be to afford them access to older information on the taxpayer. There may be a need to acquire information to determine whether there are, or should be, policy guidelines backed by administrative and technical controls on retention of specific data for each IRS component office to assure that outdated information does not work unfairly to the detriment of taxpayers and businesses or hamper the Service in the effectiveness of its work. Originally, the TAS proposal sent to Congress called for putting five tax years of history on-line, but in the budget review process at the Office of Management and Budget, the system was cut back to three years on-line, with two years history in slower storage for most files except where specific problems existed. There is no guarantee, however, that this policy will not change with a lessening of budget restraints and that the retention time till not be extended pursuant to internal managemenent decisions and without any Congressional review of its possible impact. A cost-benefit analysis made for IRS by a private contractor, an internal document, merely specifies the various offices within the IRS who expect to make me of the data, but does not specify which data they need for what length of time. The public documents on TAS describe in very general terms the type of information now in the IRS manual and other files which might be included in the computerized files. They do not specify how 1ong each type of information is presently maintained.

PAGE 44

The report sent to Congress under the privacy Act refers generally to statutory requirements and discretion to examine records or to carry out IRS duties but does not describe what specific policies will govern retention under the new System. Without such information, it may be difficult to determine to what extent tax programs may be altered by expansion of the retention time for those records and documents to be computerized or for those records already in the Master Files. The report notes that the IRS Code provides the basic retention rules followed by the Service. The period for assessing an additional tax liability is 3 years from due date or date the return is filed, whichever is later. There is a general 3-year rule for taxpayers to file a claim for credit or refund. There is a 6-year statutory period to collect assessed tax liabilities. Income averaging involves the current year plus the past 4 years. Net operating loss carryback and forward claims may pertain to more than 3 years. There is a 6-year statute of limitation where there has been a substantial understatement of gross income. There are exceptions to the general rules, which cause the Service to receive claims and other transactions concerning accounts which have been inactive for more than 3 years; normally 200,000 to 250,000 such items are received each year. According to the IRS, retention of the additional 2 addition~ tax years of data will, it is stated, satisfy almost all research requirements and reduce the need to requisition tax returns or to maintain a microfilm system. 40

PAGE 45

c. CONSOLIDATION AND LINKAGE OF INFORMATION ISSUE: WHAT CONSOLIDATION AND WHAT LINKAGE OF TAX DATA IS PLANNED AND WHAT UNINTENDED EFFECTS FROM THESE SHOULD BE GUARDED AGAINST IN THE DEVELOPMENT AND OPERATION OF TAS? SUMMARY In order to determine if there may be opportunities for accidental or intentional misuse of information and in order to evaluate such issues as privacy and organizational change, a more precise description is needed of the extent of consolidation, or association, of IRS files on data and of the linkage of data. QUESTIONS 1. Exactly what consolidation of records and files is planned under the TAS? 2. Exactly what linkage of data elements is planned? 3. What are the implications of the consolidation of records for threats of surveillance and harassment of the taxpayer? BACKGROUND There may be a need in planning for TAS to identify technical or administrative linkage and consolidation of information, whether intended and unintended to assess possible consequences for decisionmaking when information is disclosed in a new consolidated form, and to determine whether particular linkages or consolidations should be authorized or prohibited. Where linkages and consolidation are approved, there i S a need t O determine whether proposed technology and safeguards permit sufficient social, administrative, and statutory control. If TAS is found to be a more efficient process of consolidation and linkage actually required by statute, there is a need to determine whether changes in efficiency and effectiveness may have 41

PAGE 46

negative impacts to be weighed by IRS and Congress. The public documents and testimony on TAS are not sufficiently informative to permit judgments on these issues. The present inability to associate related returns and increasing paper and storage burdens are major reasons cited in advocacy for the new system. IRS officials testified, We can consolidate and link the taxpayer accounts in our Master Files, cross-relating one to the other. This can be accomplished in a data base system of this kind much easier and more efficiently that it can be in a serial ordered tape system. (IRS testimony before the House Appropriations Committee in 1976.) Linkage of tax accounts to other relevant data was a major requirement listed by all TAS users. Association of individual returns with business-related returns is a major area of changed capability under the new system which the Service believes would enable greater compliance with statutory mandates to enforce the tax code and would encourage increased taxpayer compliance in the face of this capacity. At present, according to the IRS, with the exception of sole-proprietorships, such direct association is not possible; partnership returns, individual controlling shareholdercorporate returns, and the link are available for reconciliation only if the business entity is chosen for scrutiny, and related individual returns are then acquired on request for agent analysis. Other examples of actual and potential linkage of associations could be cited, such as the taxpayer and the names of people and groups related to deductions for charities, subscriptions, or business lunches. Secondary Linkage Beyond its instant on-line capacity, TAS will facilitate a secondary linkage to other files in storage and in other administrative data systems. A code symbol will flag the account, removing it from the routine processes and alerting the decisionmaker that there is other action pending or that another office or agency may want information or be concerned with the case, and guide the person to additional intelligence or other data within IRS and other agencies. This question is closely tied to the proposed contents of the system and access questions raised elsewhere. The actual and potential uses of the TAS for secondary linkages so that any possible negative effects on privacy and due process rights have not been sufficiently identified and evaluated in the IRS documents. 42

PAGE 47

d. DERIVED DATA ISSUE: COULD THE TAS, WITHIN THE PROCESSES IT SERVES, RAISE PROBLEMS OF DERIVED DATA, THAT IS, OF CREATION OF NEW DATA OUT OF SEVERAL PIECES OF PRE-EXISTING INFORMATION, WHICH MAY REQUIRE SPECIAL SAFEGUARDS TO PREVENT THREATS TO PRIVACY OR OTHER RIGHTS? SUMMARY The problem of derived data is an implicit one for any large sanitized personal information system or one where personal data may be derived programmatically. It arises where information from other sources is combined with information from the individual file in order to derive other information. The problem is related to the overall problem of linkage in that both assume a matching of sources of information with the object file. Derived data obtained in this fashion are only inferred to be correct because there is not a direct link, only implicit linking. There could be unknown factors which, if known, could prove the derived data wrong, or prove the derivation. Public documents on TAS do not indicate what safeguards are planned for dealing with this problem. This line of inquiry may be particularly important since the use of the social security number in TAS and other large personal data systems is cited as a means of preserving the anonymity of the individual when the files are used for research, statistical or non-tax purposes. BACKGROUND The area of derived data is one which traditionally has concerned segments of the public in census and other statistical information gathering programs. Lately, with more complex technology and ingenuity in devising programs, particularly in the intelligence area, it has caused increased concern in computerized personal data systems. One Commentator describes the problem as follows: The derived data problem is another technological issue not yet clearly understood nor treated in current legislation. The problem takes at least two forms: First, to 43

PAGE 48

what extent may data not identified with individuals be analytically or statistically associated with them? For example, there may be information in one file about an unidentified individual with a specified salary and other personal details, including the census tract in which he resides. Another file could have information about an identified individual stating his salary and place of residence. By matching the known information common to both of these files, the file of data about the unidentified individual can easily be identified from the name supplied in the other file. This kind of problem often occurs when data about individuals are unique or limited to small numbers of people. The second kind of derived data problem is that there are types of personal data that may be represented programmatically rather than directly in the form of stored data. A file can contain names of individuals and limited amounts of data which can be processed by computer programs that contain generic data to produce significant additional information about the individual. Thus, this type of program must also be treated with the same sensitivity as the data that the program produces. Current legislation does not appear to take into account programmatically derived personal information. 13 in view of the public concerns and perceptions about threats from surveillance and the technical possibilities for deriving data, the regulatory rules or regulations governing any large personal information system and its data banks planned today should apply certain standards not only to personal information in the files but include language covering all additional personal information derived from it. Consideration might be given to how extensive this problem could be in TAS to the detriment of rights to privacy and due process of taxpayers not only in IRS programs but in those of other governmental users of TAS data. 13. Dorm B. Parker, Crime By Computer, Charles Scribners Sons, New York, 1976, p. 250. 44

PAGE 49

a. TAS USERS ISSUE: HAVE THE ACTUAL AND POTENTIAL USERS OF TAS BEEN IDENTIFIED? SUMMARY In any large personal data system which is undergoing computerization or redesign in the climate of current public concerns, it may be important to establish at the outset the actual and potential users of the system in terms broader than the IRS has defined them for TAS. While offices and divisions of IRS have stated their needs as users of such a system, Congress may want to assure that IRS has addressed the uses which may be made of TAS by such users as taxpayers, the press, public interest groups, managers in other Treasury Department agencies, individual employees in the rest of the Federal Government; employees in State governments; managers in businesses corporations, and organizations; and individual employees of IRS. With such specific users established, Congress will be better able to ascertain 1) the extent to which administrative rules for TAS meet needs of the users and 2) the extent to which the technology will reflect and enforce those rules. QUESTIONS 1. Have all of the actual and potential users of TAS been sufficiently identified to permit a review of the adequacy of applicable rules and the extent to which the technology may reflect them? BACKGROUND In the early years of automation of files in the Federal Government, agencies could describe the users of the system in terms of the general uses to be made Of the new equipment and the management goals of economy and efficiency to be achieved with it In recent years, there has been greater public and Congressional concern for accountability in the use of governmental power as it affects individual rights and liberties. This has brought demands that the administration of agencies enable the pinpointing of the activities of those who exercise responsibilities in very narrow decision 45

PAGE 50

areas. The reflection of these trends is most apparent in the field of information policy where the collection, management, and use of information is at stake. The interpretation of a user of a governmental information system has necessarily been expanded as 1 ) more public information rights are granted in data systems, 2) Congress and the public require more devices to assure that information power can be reviewed and audited, and 3) more people are potentially affected by the use of national data banks. While the question of need of the TAS users has been addressed in hearings and reports of Appropriations Committees and in cost benefit studies, the question of actual use as the system is operated may be dealt with as a separate issue involving policy and TAS technology. The IRS has briefly described in public documents and testimony some of its new program goals, and how the TAS will increase the efficiency of the internal offices and divisions which will use the TAS data base and its equipment. It is not at all clear from these descriptions who the users of the system are and the sense in which their needs have been met. Nevertheless, an internal Systems Description Book prepared for the IRS and made available to OTA states that the approach taken to select the TAS design has produced a system that fully meets the expressed user needs. That document provides the following background information: The stated primary users of TAS are personnel in the following divisions and offices of the IRS: Auditing Collection } Data Processing Taxpayer Service Appelate Chief Counsel Intelligence Internal Audit Statistics and Technical 1 Need immediate, on-line access and response capability for large volume work Majority of workload requires immediate or same day response times, except for information document processing and some correspondence Needs immediate access availability to answer Taxpayer Service needs and system availability Need for on-line, immediate capability is minimal. Most of workload items require a five day response time: but small percentage is needed immediately and some within 24 hours. 46

PAGE 51

One panelist defined the difficulty in understanding the user-needs aspects of the proposal as the fact that the perspective used in connection with TAS is one limited to subsystem concerns. It has been pointed out that in the broader sense, users of TAS may well include Members of Congress and the general public, as well as IRS employees. Concerns for individual privacy, surveillance and harassment as well as responsibility for dealing with these extends to these users. There is no indication, however of the details of the methods used to assess user needs not only currently but as they will be expressed in the redesigned system or who has been defined as a user under the new TAS. Without such specific background information, it will be difficult to determine the adequacy of present administrative rules and the extent to which the plans for the technology have allowed for their enforcement. In particular, it will be difficult to determine answers to such questions as (1) who has a need to know various classes of information, (2) how is an invasion of information privacy to be defined? That is, who does not need to know various categories of information, and who does; or (3) the reasons, or value premises, which state that a need is a need and an authorized person is an authorized person. The need for such an analysis may extend in detail within the organization and beyond it, and include such concerns as are raised in the following chapter on Boundaries and Interface. 47

PAGE 52

b. BOUNDARIES AND INTERFACE ISSUE: DOES THE REPORT ON TAS SUFFICIENTLY IDENTIFY THE PROPOSED AND POTENTIAL BOUNDARIES OF THE SYSTEM, ITS INTERFACE CAPACITY AND ITS RELATIONSHIP TO OTHER PUBLIC AND PRIVATE DATA SYSTEMS, SO THAT A JUDGMENT COULD BE MADE CONCERNING ITS POSSIBLE IMPACT ON CIVIL LIBERTIES, ON EFFECTIVE CONGRESSIONAL OVERSIGHT, ON THE OPPORTUNITY OF THE TAXPAYER TO EXERCISE INFORMATION RIGHTS AND TO DETERMINE STATUS WITHIN DATA SYSTEMS OF IRS AND OTHER AGENCIES? SUMMARY If Congress does not know the limits of the information programs served by the mechanics of TAS, it cannot monitor programs, or trace their effects in other data systems to protect civil rights and liberties of people and businesses. Nor can the individual taxpayer know of IRS relationships to other governmental programs or exercise rights within information systems serving those programs. Therefore a need exists for more information about the intended or potential boundaries of TAS and their technical, administative and legal features. QUESTIONS 1. Could the TAS, on its face, constitute the essential segment of a future de facto national or international data bank, evolving without specific Congressional authorization and guidelines? 2. What statutory, administrative and technical safeguards are needed to define the boundaries of the TAS and to assure they can be enforced and monitored? 3. What relationships, for instance, would or could the TAS have with other Treasury Department and IRS computer systems? 4. How does the TAS relate to other federal, state, and local governmental data banks and computerized information systems legally, administratively, and technically? 48

PAGE 53

5 0 6. 7. 8. 9. 10. 11. 12. Could legislative and administrative changes in rules governing formal and informal relationships between the information systems of IRS and those of other departments and agencies and outsiders require at least some measure of reevaluation of software and hardware needs for the proposed decentralized computerized system, and possible new procurement standards governing access, security, transmission, systems linkage, storage capacity, retrieval, and other features? With technological progress under the TAS, what would it take to interface with large private systems or to interconnect for some purposes? For example, how might TAS relate to the trends in promoting use of universal identifiers in encouragng employers to supply withholding information on tapes, and reports that IRS rents private computerized mailing lists in order to check for non-filers? How might the TAS relate to trends in use of electronic funds transfer systems in banks and businesses? What are the possible vulnerabilities of the TAS to illegal access to its files resulting from any relationships with private systems? How does the TAS relate to computerized data banks and information systems abroad which may receive, store, use, or disseminate information on American citizens traveling or living abroad? What is its actual or potential interface or linkage by telecommunications means with information systems of foreign governments? What kinds of consultations have been or will be conducted by IRS or Treasury officials with data processing or management officials of any of those governments with regard to hardware or software features of their respective data systems? T O what extent would or should these include concerns for protecting the due process on privacy rights of American taxpayers and the confidentiality of their financial information? H OW does the TAS relate to international programs underway by IRS to standardize reporting forms to make them machine readable and easily processed by ADP equipment in the U.S. and abroad? W ill the linkage potential be enhanced by the IRS proposal to supply other countries an identifier number (the Social Security number?) to promote ease in reporting on financial transactions of Americans abroad? 49

PAGE 54

BACKGROUND The IRS states in the TAS proposal that none of the proposed changes in the Tax Administration System will affect the existing interagency or intergovernmental information relationships. Those boundaries and relationships however, have recently been under intensive study, challenge, and legislative change. It is not clear from the TAS public documents whether or not the TAS software and hardware can or will reflect those concerns, or respond to those changes. There is not enough information in those documents to determine the need, if any, for redefining the boundaries and relationships in light of the TAS technology. To suggest that there is a paucity of information about TAS boundaries and interface capacities in no way should be interpreted as a value judgment that there would be any detrimental effect on constitutional rights from TAS technology either on the basis of available facts or any acquired in the future. On the contrary, additional investigation might reveal the absence of any threat in this respect. In light of public experience with information systems, and public concerns over abuses in those systems, the creation of a large computerized personal data system like TAS raises the issue of whether the system has legally and technically definable limits, or boundaries. Under the provisions of the Privacy Act, a taxpayer ought to be able to go to an agency or agencies and find out his information rights in the information systems of each agency. The Tax Reform Act of 1976 established stricter confidentiality rules for sharing or disseminating data in IRS files. However, from the public documents it is not clear whether these laws will be sufficient to inform Congress or the public of the boundaries of the new system. For instance, in the proposed TAS, it is not clear how the individual will be able to determine or to exercise his rights when new information is created from incoming sources or when data from an outside source is matched will existing data, thereby generating new data or data which identifies him.1 4 The existence of such new information can tend to blur the established boundaries. Congress in recent years has had some difficulty investigating Executive Branch programs in the face of trends to centralize Presidential management and control and to promote a systems 14. A possible scenario: Information about an individual may exist in two different places. One file might be by geographical area where the individual made purchases, and the other file might be data from a checking account. This information might be combined to derive information from already identified sources about what the individual did in those places. This is a different problem from that where one file is unidentified and the other is not. 50

PAGE 55

approach to decisions affecting several agencies. There has been public and Confessional concern that the information flow prompted by automated data processing and telecommunications technology would tend to break down functional, administrative, and perhaps constitutional barriers which help define responsibilities. Under some circumstances if this occurs it can be more difficult for Congress to conduct oversight of the separate decision-making arenas, and for public interest gr OU p S to monitor an Agencys use of data and its treatment of privacy and information rights. This has been a fear expressed whenever Congress has consider~ Executive Branch proposals for centralization by electronic means or for pooling of automated information resources for dealing with personal records. Whatever the obvious benefits of these PIWM, the possible side effects which might accrue from the ease of management, manipulation, access ad dissemination of personal files have always tended to prompt some public complaints and some fears of invasion of pfivacy, violation of confidentiality and other possible abuses of records. Consequently, there has always been some practical or philosophical concern in Congress that without sufficient congressional consideration, a de facto national data bank, or the network potential for one, would be created, with all that it implies for surveillance of minority and dissident g OUPS or for governmental control of the population for certain programmatic purposes. Serious questions have been raised when the attention of committees or individual members has been called to a new data system with potential for being part of an electronic or telecommunications network or for interfacing with other large data systems such as those for law enforcement or intelligence purposes, or with private systems which might extend beyond the oversight capacities of Congress. Examples are seen in the controversy over creation of an FBI-sponsored network for sharing information on criminals, fugitives, and arrested persons, and the Fed-Net. In addition to its experiences with these new plans, Congress has had recent expedience in attempting to investigate the interconnection of Executive Branch information Programs for investigating and monitoring the political activities and personal lives of members of certain groups. Techniques of information technology and processing were highlighted in the resulting studies reporting the computerization and microfilming Of information for easy storage and analysis, and for the sharing of the tapes or printouts among many Federal and State agencies for use in their own computerized programs. One of several examples of this information-buddy system was the recent 51

PAGE 56

Army program for surveillance of civilians, with a large-scale collection plan assigning responsibility among Federal agencies for gathering personal and political information and then centralizing and aggregating it for dissemination and possible use. The fact that large amounts of Government-acquired information in some of these programs concerned financial resources, transactions, and activities of people makes it reasonable to expect that public and Congressional questions might be raised about the possible interconnection or or interfacing of the 10 sensitive TAS data banks with other governmental computers. Congressional reports attest to the difficulty of oversight investigations into such securityoriented programs, of tracing the lines of responsibility in an ever-changing military or civil service bureaucracy, and of tracking the flow of sensitive personal information into data banks throughout the country, even after the specific Federal programs have been discontinued. There has been the problem of delays and long negotiations with Executive Branch officials to obtain the release of classified memoranda which would identify the interagency relationships and uses of the shared data. With such activities in recent memory, many committees and members of Congress are more aware than ever of the importance of guarding against the Executive Branch creation of a potential for a central data bank through the discretionary case-by-case installation of separate data banks which interface or which could be electronically linked. For this reason there is a consensus forming for the need to define as a matter of public policy the administrative and technical boundaries of new information systems. Legislative proposals have also been considered to prevent the interconnection of any personal data system without specific Congressional approval. It was for these reasons that Congress sought in the Privacy Act of 1974 to strengthen its own oversight capacities for monitoring the boundaries of federal information systems and their interfacing, and to enhance the power of the individual to know and exercise rights within these systems. This statute installed in the management process a reporting system to alert the President, the Congress, and the public to plans for interconnection Of data banks, pooling Of information resources and cooperative ADP efforts among agencies involving records on individuals. It is this report requirement to which the IRS responded in the TAS proposal document given to the House Ways and Means Committees Subcommittee on Oversight and to other interested Committees. 52

PAGE 57

Other Computerized Systems It is not particularly fruitful in reviewing TAS to examine the role of the technology only within the processes it is designed to serve. This view is bound to produce feed-back which merely incorporates the store of knowledge and underlying assumptions on which the TAS was based. In order to examine the potential of an information system like the TAS for use for improper or illegal surveillance or for harassment or political manipulation, it is vital to know (1) what other systems the new one is related to; (2) how firmly the technical and administrative boundaries have been drawn, how easily they can be altered to establish a network or interface with another system; and [3) who in the system, agency, Executive branch or Congress must know, and who must approve technical, administrative or legal changes in those boundaries. For such purposes, the matter of boundaries should not be treated solely as a technical issue where audit trails 15 or other technical devices are seen as the only means of control. Nor should it be treated solely as a public policy issue where a statutory limit on the legal transfer of information is deemed sufficient to guard against over-spill from the system. Rather, a perspective useful to apply in reviewing such a data system as TAS is one which attempts to look at the total environment of the system. Materials supplied on TAS and response to inquiries about boundaries suggest that a closed system approach may be governing the adequacy of TAS information provided by the IRS; that is, the answers may be valid as far as they apply, but they do not extend far enough to respond to Congressional apprehension about the boundaries of computerized government systems and about those of the Internal Revenue Service in particular. Treasury Data Systems and TAS Any TAS relationships with or impact on existing Treasury information systems ought to be fully identified. A particularly hard look should be taken at the features of existing computerized systems within IRS as they related to TAS or as its operations may affect theirs. To the extent that any technical or administrative weaknesses or vulnerabilities me incorporated into the TAS system or affect the TAS operating environment, the protections for tax information and the rights of taxpayers may be threatened. A factual review of the uses of these smaller systems and their role in IRS programs can shed some light on what the possible effects might be on TAS operations when and if their attributes are imported into TAS on a much larger scale. Some examples of these systems are included below. 15. A record of accesses and uses of a file. 53

PAGE 58

DDES As described in the IRS ADP Personnel Training Manual, the Direct Data Entry System (DDES) will be incorproated into the new TAS during the first phase of its installation. The DDES is a new system for taking information from tax returns and documents and preparing it for computer processing. The system was installed in the Southwest Service Center in 1969. This process of original transcription of tax returns afforded by the DDES is maintained under TAS, but the TAS design accommodates the direct integration of this process at a later time. According to the Training Manual, This System enables an operator to transcribe information directly from the documents onto magnetic tape without going through the intermediate step of putting the data onto punch cards. The equipment also performs certain arithmetic and validity checks as the data are transcribed. It can also signal the operator when an error is discovered. The operator can see on a video tube the data transcribed so that if a mistake is made it can be corrected immediately. The system has now been installed in all service centers nationwide. IDRS A private cost-benefit analysis prepared for IRS for in-house use describes this system as follows: The Integrated Data Retrieval System (IDRS), beginning with pilot installation in 1969 and since implemented in all centers, now provides direct access to certain account data of taxpayers (approximately 10 percent) likely to require the greatest Service attention. It is in some ways a preview of TAS, with terminal inquiry support that significantly advanced the Services ability to provide quick response to taxpayer inquiry, as well as to monitor and follow up delinquent accounts and related activities. IDRS is, however, fundamentally incompatible with the tape oriented Master File Processing System, and thus requires considerable redundant operations by the MFPS to support its data base needs. A careful description ought to be obtained of the programmatic uses and operations of IDRS since they will be continued or extended under TAS. According to the IRS Training Manual this system also offers definite advantages to law enforcement efforts. Originally planned as a vehicle for providing immediate availability of information needed to respond to taxpayer requests concerning their accounts or returns status, the system is also used to deter delinquency in several ways: 54

PAGE 59

(1) having IDRS, rather than enforcement personnel, monitor and follow-up delinquent accounts whose collection is in a suspended status for any number of reasons, such as adjustments, court actions and military deferment; (2) entering current information in the files at service centers and district offices, thereby crediting a payment to the taxpayers account the day it is received. This will also conserve enforcement time now spent on following-up an account that has already been satisfied; (3) having immediate, direct accessibility of information on the status of a taxpayers account, thereby reducing differences to be resolved; (4) providing a whole spectrum of management information on the nature and characteristics of delinquent taxpayers never available under manual operations. IGRS The Information Gathering and Retrieval System (IGRS) was discontinued after extensive 16 IGRS had computerized indexes of investigations by a number of Congressional committees. files on 465,442 individuals the IRS established separate and other entities when it was suspended in 1975. Under this system units of Special Agents in its District Offices who collected generalized background information on people relating to organized crime and political corruption. IRS employees then entered references to the material in computers located in 45 of the 58 District Offices. These activities often involved fishing expeditions, and were not necessarily aimed at specific cases nor at directly tax-related cases. Besides organized crime. subversive and radical elements, which, according to a 1969 IRS Task nized crime to break down the basic fibers of society. In June, 1975 the IRS abolished the IGRS Information Gathering IGRS Force Units was a tool to Report, used fight orgawhile retaining the computers. However, information gathering activities have been resumed under new and stricter guidelines. In light of these new rules, an effort might be made to define whatever administrative and technical relationships might exist or should exist between the TAS data base and (1) any remaining IGRS information, or (2) the information systems, manual or computerized, which 16. The management, information technology and invasion of privacy and due process rights involved in this system are described at length in the Final Report of the Select Committee to Study Governmental Operations with respect to Intelligence Activities, Book III, The Internal Revenue Service: An Intelligence Resource and Collector, Senate Report No. 94-755. 55

PAGE 60

succeeded IGRS. For instance, will the existence of intelligence information be coded in the TAS files? What should be the terms for authorizing access to the TAS database for intelligence purposes? What actual or potential opportunity exists for interconnection of the computers? Information Index System Although IGRS was discontinued, a need exists, according to IRS officials, to gather and index tax-related information on taxpayers under criminal investigation. Procedures for such anew system have therefore been stipulated in an IRS guideline of June 23,1975, which states that, The Intelligence Information Gathering and Retrieval System is discontinued. All Districts will utilize the Information Index System, which will be described in a separate Manual Transmittal, to file and index directly tax-related information. Such tax-related information now in the discontinued Information Gathering and Retrieval System may be retained in district files and indexed only if it relates to a taxpayer included in an authorized project or for whom the Chief, Intelligence Division, has authorized information gathering. The regulation stipulates that, All districts must use the computer index for indexing the original authorization for information gathering on individuals or projects. All documents must be indexed, but each district may decide if they want to maintain a computer or manual index. This may depend on whether it is practical to keep data on massive or complex projects in such a computer. If a district initially wants to maintain a manual document index, it may change to the computer index at a later date. Information might be acquired on what physical, technical or administrative relationships will exist in the IRS districts between the data bases, computers, and personnel, of the IIS and those of TAS. TECS The Treasury Enforcement Communications System (TECS) is another computerized system which IRS uses. It links field terminals of various Treasury Department agencies with their national offices. Although some TECS terminals have been located at District and Regional Offices in the past, they were moved last year into the 19 Service terminals in the IRS National Office through which IRS can send information to the FBIs computerized criminal record system (NCIC) and to the National Law Enforcement Telecommunication System which links federal, state and local law enforcement agencies. 56

PAGE 61

At present, IRS allows entries to TECS only at the National Office level, and these entries are limited to information about fugitives. There is nothing to prevent future change in the policy, and the regulations governing TECS are broadly worded as to content, purpose and data exchange. Customs Bureau It is not clear from the TAS documents to what extent the Customs Bureau might have a low volume usage of TAS and under what administrative and technical conditions. Other Governmental Data Systems and TAS It is not clear what legal, administrative and technical relationship TAS might have to other federal, state and local governmental data banks and computerized information systems. Legislative changes may alter existing relationships for information exchange and for actual and potential linkage between IRS systems and those of other Federal departments and agencies and state and local governments. In addition, they may well affect many phases of the management technology involved in information collection, storage, maintenance, retrieval, use and dissemination. They may require at least some measure of reevaluation of the software and hardware needs for the proposed decentralized computerized system, and possible new procurement standards governing features for controlling access, security, transmission, systems linkage, storage capacity, retrieval, and other matters. For example, an IRS official testified that a new wage reporting law contemplates cooperative efforts between IRS and the Social Security Administration in processtig W-2 forms beginning in FY 1979.17 IRS, he said, will be studying the alternative methods of joint document processing with SSA for whatever cost advantages may be found in that regard. The social and political implications of this pooling of resources by the two departments with the most extensive information on the average law-abiding citizen have neither been explored nor have Congress and the public been involved in determining the conditions of the sharing in light of the ADP and telecommunications technology which is involved. 17. P.L. 94-202, Sec. 8. 18. Hearings. U.S. House of Representatives Government Operations Committee Subcommittee on Commerce, Consumer, and Monetary Affairs, Ap. 12, 1976, p. 66, Testimony of the Commissioner of the IRS. 57

PAGE 62

Similar situations exist in other IRS data-sharing relationships which may need reexamining on the basis of the confidentiality provisions of the Tax Reform Act of 1976. For instance, the law authorizes release of tax information on a general basis to HEW, the Railroad Retirement Board, the Department of Labor, the Pension Guaranty Corporation, and the Renegotiation Board when the return information is directly related to agency programs. Private Systems It is important to consider what might be required, with technological progress under TAS, to interface with large private systems or to interconnect for some purposes. Employers are already supplying withholding information to IRS on tapes. There are reports that IRS rents private computerized mailing lists to match against computerized lists of taxpayers to check for non-filers. National and international efforts are being made to encourage the use of standard identifiers to promote interfacing and linkage of systems. It might be a matter for speculation, furthermore, how the TAS might relate to trends in use of electronic funds transfer systems in banks and businesses. Overall, however, technological advances make it imperative to consider the possible vulnerabilities of the TAS to illegal access to its files resulting from any relationships with private systems. International Data Systems TAS is expected to provide IRS means to store, use and analyze documents and information about the financial activities of Americans abroad. This could help meet Congressional and public concerns about such people who do not file or who underfile, and about reports of underutilization by the IRS of documents filed by foreign governments on the financial activities of these people. There is an increasing exchange of data between governments and international organizations for many purposes, with all that trend implies for extended use of a universal identifier and for development of standards of interfacing and compatibility of systems. It may therefore be important to establish the actual and potential linkage or interfacing of TAS with international information systems and data banks. This is particularly true in view of the new tax law provisions affecting Americans abroad which may create the need for new rules under TAS governing the collection, use, maintenance and dissemination of information from and about these people. It may call for 58

PAGE 63

special rules governing such matters as (1) the way TAS relates to international computerized information systems, (2) how it uses information from those systems, (3) what controls it places on information it supplies to those systems, and (4) what cooperative research and statistical programs it might be involved in which may require unique ways of sanitizing the data to prevent derived data problems leading to invasions of privacy. There may, for instance, be a need to define how TAS operations may relate to international programs in which IRS may be cooperating to standardize reporting forms to make them machinereadable and easily processed by ADP equipment in the U.S. and abroad. How, for instance, does TAS policy on using standard identifiers and the social security number relate to an IRS proposal to supply other countries a number to promote ease in reporting on financial transactions of Americans abroad? It may be important to assure that no adverse side effects result from IRS efforts to promote equity in administering the tax laws respecting Americans living, traveling, or working abroad. Further, it is important that the possible impact of the TAS technology and the organizational forces it may set in motion do not have an adverse side effect on the privacy and due process rights of those Americans while they are abroad and after they return home. 59

PAGE 64

c. FEDERALISM ISSUE: WHAT IMPACT MIGHT THE TAS HAVE ON INFORMATION POLICIES, PRACTICES AND TECHNOLOGIES OF STATE AND LOCAL GOVERNMENTS WHICH USE OR FEED THE TAS DATA BASE FOR REVENUE OR OTHER PURPOSES? SUMMARY To determine in full the impact of TAS policies on taxpayers rights, it may be important to consider the systems possible effect on the information policies, practices and technology of State and local governments who would use the TAS data base or contribute data to it for tax or other purposes. QUESTIONS 1. 2. 3. 4. 5. 6. How might the TAS affect State and local data banks and computerized information systems for tax or other purposes? To what extent will the TAS technology and its safeguards interface or be compatible with technology of State computerized systems which receive, maintain, use, or disseminate Federal tax returns and information? To what extent might the threats to TAS or its vulnerabilities be extended into State information systems? To what extent might theirs be extended into TAS operations? To what extent may the TAS be interconnected electronically with those of the States? Under what conditions? What impact might the policies governing TAS on such matters as retention, use, consolidation, and taxpayer identification numbers, including the social security number, have on the information policies of the States? How can the new confidentiality law governing dissemination of IRS data to State and local governments be enforced under TAS? 60

PAGE 65

BACKGROUND More information is needed in order to evaluate whatever formal assessment, if any, IRS has made, of the possible impact of TAS on information technologies of the states. Historically, the Federal Government has shared Federal tax return and tax information by tape or other means with the States and sometimes with Iocal government, in customary, informal or authorized relationships, subject to few, if any, controls by Congress. Numerous Congressional hearings, a comprehensive study with recommendations by the privacy production Study Commission and studies in the IRS and the Domestic Council Committee on privacy all examined these relationships. Growing public concern for privacy and informational due process and the increasing use of ADP and telecommunications technology for records systems is causing reexamination of social policies and rules governing many customary Federal-State relationships for sharing and using personal information in citizens. One indication of Congressional concern for this was the provision in the privacy Act of 1974 requiring agencies to give advance notice to Congress and the Office of Management and Budget of a proposal to establish or alter records systems in order to permit an evaluation of the probable or potential effect on privacy and other personal or property rights of individuals, or the disclosure of information relating to them, and its effect on the preservation of principles of federalism. In response to this provision, the IRS has stated in the report filed under the Privacy Act: None of the proposed changes in the Tax Administration System will affect the existing. .intergovemmental informational relationships, nor are they expected to impact on the observance of the principles of. federalism, including the powers and authority of State and local governments. Some elaboration or documentation of this conclusion and how it was reached, and who participated in it would help to determine the relevance of the intergovernmental issue in TAS. The Senate Finance Committee Report on the Tax Reform Act of 1975 further describes these data sharing programs as follows: By far the largest IRS/State information exchange program, in terms of amounts of information transferred, is the f~nishing of Federal tax information on magnetic tape. In 1975, 48 States (plus the District of Columbia, American Samoa, Guam, and Puerto Rico) participated in this program. Under the 1975 Individual Master File (W!!?) pro~am, information on nearly 66 million taxpayers was provided to the States. (This covers approximately 80 percent of individual taxpayer records.) IMF tax data available to the 61

PAGE 66

States include: name, address, social security number, filing status, tax period, exemptions claimed, wages and salaries, adjusted gross income, interest income, taxable dividends, total tax, and audit adjustment amount. A Business Master File (BMF) program is also available to the States to aid them in establishing their own business master files. Information from the Exempt Organization Master File is also available to the States, as is gift tax data. Under the cooperative audit program, copies of examination reports are furnished the States. In 1974, nearly 700,000 abstracts of these reports were furnished the States. Also, the IRS furnishes the States information on returns that appear to have good audit potential but will not be audited by IRS because of manpower restrictions. In 1974, information was furnished on more than 70,000 returns under this program. Public concern resulted in a provision in the Tax Reform Act of 1976 stating strict conditions by which Federal tax returns and return information may be disclosed to State tax officials for use in administering the States tax laws. The tax information would not be available to the State governor or any other non-tax personnel, or to local governments. Shared computers and other data processing techniques used in the States are described in the Conference Report on the 1976 Act: In order to protect the confidentiality of returns which the states receive from the IRS under the present exchange programs, the returns are, in most States, processed on computers used solely by the State tax authorities. In certain States, however, the requirements of the tax authorties are not sufficient to justify a separate computer, and, accordingly, the tax authorities have the Federal tax returns processed on central computers shared by several State agencies which are operated by State employees who are not in the tax department. In such situations, the IRS requires that tax department personnel be present at all times when the Federal tax returns are being processed. The 1976 tax law would permit those States currently timesharing with other State agencies to continue to do so to the extent authorized and under the conditions specified in Treasury regulations. In reviewing the possible impact of TAS, it would be helpful to compare the standards of these Treasury regulations with the policies and safeguards planned for TAS. Inquiry might be made as to what extent, if any, TAS may be viewed as a model for State tax information systems. Will TAS encourage a tendency toward interfacing of the federal and State systems? Will the expandable data base, integration of data, longer retention policies, capacity for complex tasks, surveillance capacities, and other features of TAS bring related changes in State information management policies, the programming of data, and in the amount of tax-related information which is kept and used by the States? Could they affect the information demands placed on citizens by State governments through income tax return forms and other investigations? There is another dimension to the Federal-State information relationship which may affect the TAS and the kinds of safeguards which may surround it. By statute, the IRS is authorized, upon

PAGE 67

certain conditions and the States request, to collect State taxes. This could, according to one IRS official, mean the assumption of compliance investigations, audits, and law enforcement activities. TAS documents state that TAS was not designed to meet demands of this program. Although there is still reluctance to utilize this Federal service for a number of reasons, conditions for State participation in this program were recently eased by Congress. Under existing statutes, the potential could be easily realized for the placing of new information and technical burdens upon the TAS, and for extending its technical and administrative boundaries when technology and economic opportunity permit. Social Security Number The promotion of the use of the Social Security number as a universal identifier could receive more impetus by the policies governing use of the number in TAS. Use of the number in personal data systems brings to information technology an ease of managing, accessing, retrieving, correlating, and sharing data which can have long-range impact on social policy for gathering and using personal information. Congress expressed concern over the privacy implications of the growing use of the number and limited its use in the Privacy Act of 1974, pending a study of the matter by the Privacy Commission. However, the 1976 Tax Act now allows use of the Social Security number by the States for identifying persons affected by administration of any tax, general public assistance, drivers license, or motor vehicle registration laws. Interest groups have pointed to this new law and to the FederalState relationship for sharing tax data and the ease of retrieval and linkage of data promoted by the use of the number as raising possible civil liberties issues which may need examination under TAS. 63

PAGE 68

4.3 OPERATIONS a. SURVEILLANCE CAPACITIES ISSUE: IS THERE A NEED FOR DEFINING THE EXTENT TO WHICH TAS MAY AFFORD GOVERNMENT A MORE EFFICIENT INSTRUMENT FOR SURVEILLANCE OF TAXPAYERS AT HOME AND ABROAD? SUMMARY A sensitive personal data system with the operational potential and program goals of the TAS proposal may raise surveillance issues which would concern Congress and the public. To determine the relevance of this issue for TAS, a more exact description is needed of the extent to which the system may provide government or private organizations an instrument for monitoring, identifying, or locating people or groups. Information is needed about any safeguards which are planned to prevent unintended uses of TAS resources to monitor personal activities or conduct surveillance over citizens. QUESTIONS 1. How may TAS be operated or programmed to locate, identify or monitor individuals, organizations, and other taxpaying entities? What new files are planned for this purpose? 2. To what extent could the characteristics of individuals or groups within the taxpaying population be retrieved and matched with other data from outside TAS, or outside the agency, and result in creation of data identifying or locating taxpayers or new and different data about people which (a) is not necessary for the administration and enforcement of the tax laws, (b) is not intended by the Internal Revenue Service, or (c) is not intended by the taxpayer? 3. What other uses will or could be made of this capacity? 4. How can Congress satisfy itself that the capacity is being used properly and wisely? What kinds of reports should it receive from IRS? 64

PAGE 69

5. What are the present statutory and administrative safeguards against improper, illegal or unconstitutional use of IRS information for surveillance of individuals? How will they apply within the context of TAS technology? 6. What further statutory and administrative devices might be devised by Congress to guard against overuse or misuse of the surveillance and monitoring capacities of the TAS in compliance and enforcement aspects of tax-related programs within IRS and other agencies of government? 7. In order to control TAS use for non-tin related purposes of the legislative or executive branches, what safeguards should surround the capacity of TAS to locate groups or individuals by zip codes and other geographical areas and to identify certain groups by characteristics. 8. What are the civil liberties and social implications of the We of the social security number as a unique identifier in the application of the TAS technology within government? BACKGROUND The installation of a large integrated personal information system like TAS may raise the social issue of how drastically it may enhance the information and technical resources of government and private organizations for conducting surveillance over citizens, taxpayers as well as non-taxpayers. That is, it may facilitate the location, identification and monitoring of individuals. This problem may take several forms. The concern is usually directed to official surveillance which is unreasonable or unauthorized and which therefore threatens privacy and other due process rights. Such surveillance or monitoring usually implies covert operations, such as wiretapping or maintaining dossiers on people and activities without the knowledge or consent of the subject. Instances of this kind of illegal governmental or private surveillance infringing on privacy and constitutional rights have been and continue to be the subject of investigations by Congressional and other groups. This phase of the problem now carries several general legal and procedural remedies upon which some kind of consensus is developing. one) for instance, is the ability of Congress, the press and the public to find out what data banks Or files are maintained by an agency; another is the ability of the individual to know what is in his file; another is the right to know who received information about him and why. This is enforced by the requirement in the Privacy Act of 1974 of audit trails, that is, creation in the file or elsewhere of a record stating details of access to the 65

PAGE 70

information. Another kind of remedy is requiring the actual or implied consent of the person who is subject to the surveillance. Another kind of legislative remedy is the flat prohibition on conducting surveillance by specific techniques or for certain purposes. IRS has cited 1976 statutory controls on dissemination or sharing of IRS data as barriers against future misuse of data in the system. It is not clear, however, to what extent these provisions were drafted with the proposed TAS in mind, or whether TAS with its complex management needs might, as planned, offer potentials for misuse of data for surveillance purposes which are not yet covered in law or regulation. Two major problems may still be raised in this connection: the illegal internal use of the information, and the legal use. For instance, internal misuse for a purpose not intended under the agency mandate need not involve disclosure. Viewed against the threat to personal and group privacy, and threats to security of data which have plagued other large computerized systems, the TAS may raise considerations of its use for unwarranted surveillance which is arbitrary or unreasonable. Some apparent gaps in the available public information about the TAS raise questions that the primary features of the system and the changes its use may bring to governmental information power the expanded data base, the iricreased linkage capacity, the derived data possibilities, increased retention of personal, financial, domicile, and associational information, the accelerated speed of transmission and decentralized availability of it may combine to create an effective instrument for surveillance for the benefit of present and potential users of the system. It may offer rewards for unauthorized users inside or outside the IRS which outweigh the risks of violation of legal prohibitions or the public opprobrium of discovery. Surveillance through TAS data resources may also however, be for quite legal, authorized purposes now and in the future. TAS may offer resources for surveillance, through identification and location of people, that could prove irresistible, or at least highly tempting, to future Congresses, Presidents and Federal agencies hard-pressed for the promotion of social, law enforcement or national security programs. Although laws may make it illegal to disseminate IRS information for illegal or unconstitutional surveillance purposes, these laws may not be enough. Security in an information system as sensitive as the TAS must be considered in a larger sense, that is, with its political element. In this sense, security against use of the TAS for surveillance which offends civil liberties principles or 66

PAGE 71

which raises serious social policy issues, may rest finally on the changing perceptions of this system held by members of Congress, state legislatures, the Executive Branch, by the public and by judges evaluating the merits of claims for the inviolability of TAS against other needs of government. For example, Congress has already seen the advantages of using income ~ return information to locate runaway fathers and has authorized such a program. Some thought was given to attempting to locate Vietnam War draft offenders through the Internal Revenue Service files in order to inform them of the clemency program. Other uses have been identified in numerous Congressional hearings and reports and in the comprehensive review conducted by the privacy protection Study Commission. If the TAS capacities for intended and unintended surveilance present advantages to future users, with a potential for significant adverse social impact, Congress might want to do more than merely appropriate funds for it; it might want to consider the need for additional safeguards before it is installed. At a minimum, the intended and potential surveillance uses of the TAS resources and capacities by IRS, Treasury or other government agencies, including Congress, might be identified. Then, any social or political threat from such use may be weighed against existing legislative, administrative, and technical safeguards. With this, whenever executive or legislative policy-makers seek to incorporate TAS programs or use TAS surveillance resources in the compliance aspects of other programs, a legislative trip-wire could be made to operate. This might, for instance, be the need for specifically amending a law, or allowing for a Congressional veto power or such intended uses. While the confidentiality provisions of the 1976 Tax Reform Law have made substantial changes, they may not meet the complexity of TAS processes and technology. The first step in guarding against unexpected or unintended use of the resources of TAS as an instrument for surveillance is the awareness of policy-makers and the public of its potential uses. This requires description of its intended and possible uses for that purpose to allow for judgments on privacy and other policy questions. The public documents on TAS do not spell out these uses sufficiently. As background for further study of TAS, the following uses have been noted from those documents. TAS is intended to afford the IRS the benefit of increased technological and administrative capacities for surveillance and monitoring of taxpayers and other citizens in support of the Services missions; that is, it will be better able to keep more efficient track for a longer time of geographical residences, financial transactions and activities through information which is 67

PAGE 72

provided on tax return forms, gathered by IRS investigators or reported from outside sources, or which is developed within IRS as new data from a combination of information sources. The Service expects to be better able to identify individuals for certain administrative and research purposes and a few of these have been described in scattered testimony, public documents, and in some confidential in-house reports prepared for IRS. For instance, testimony and reports on the TAS indicate that with this system IRS hopes to be better able to identify those people with little or no income, and thus return refunds and negative income tax benefits. This capacity may also suggest, however, the means of identification and possibly retrievability of data about the impoverished, the drop-outs, and people living on the margins of society. While this has distinct equitable implications for those concerned with social justice, people stressing civil liberties issues may want to inquire further about a technical and programmatic capacity to locate taxpayers for non-tax purposes. Furthermore, published hearings before several House subcommittees indicate that with better data processing equipment, IRS hopes to be better able to process and match documents sent by foreign governments reporting the finances of Americans working and conducting business or financial transactions abroad, thus bringing into the Treasury a substantial amount of revenue due the government. This capacity may also suggest implications for the capacity to monitor the activities of Americans abroad for economic purposes or to serve the interests of foreign relations, military affairs, law enforcement, intelligence, or the research purposes of IRS, Treasury, or other agencies. In each instance which could be identified of a significant increase in surveillance capacities if TAS is installed, it might be necessary to obtain more information about the administrative standards and the technical safeguards which would govern programming or operation of TAS for the purpose of assuring that use of the surveillance resources is confined, at a minimum, to some judicially ascertainable standard of reasonableness in light of the statutory mission of the IRS and other governmental users of the system. TAS will enable IRS to identify residents of small scale geographical areas as problem taxpayers for collection purposes. It is expected to increase workload control by collection personnel by assigning geographical areas, identified by zip codes, to Revenue officers and producing an inventory of geographical workloads. 68

PAGE 73

TAS is expected to provide surveillance capacity for a more intensive audit effort over smaller geographic areas and over certain economic groups. One of its reported merits is that it will enable audit personnel to identify gaps in regional and district audit programs that are not recognized in the national Discriminant Function system for selecting returns for audit. Its data base of tax account information will, according to reports, permit more detailed analysis and improved criteria for selecting returns in need of audit. For example, it ~ be able to identify compliance problems of questionable deductions or unreported income by geographic area or business activity. In addition to acquiring more information from the IRS, it was suggested that a scenario approach be used to identify further potential for surveillance and uses of TAS for which safeguards are needed. 19 19. See also, Surveillance Technology, 1976: Policy and Implications:An Analysis and Compendium of Materials. Staff Report, Subcommittee on Constitutional Rights of the U.S. Senate Committee on the Judiciary, 94th Cong., 2nd Sess. (Committee Print) 69

PAGE 74

b. EQUITY AND EQUALITY OF TREATMENT UNDER THE LAWS ISSUE: TO WHAT EXTENT, IF ANY, DOES THETAS PROPOSAL RAISECONSIDERATIONS OF EQUITY AND OF EQUALITY OF TREATMENT FOR ALL TAXPAYERS? SUMMARY A concern expressed during the panel discussions was that TAS, like other large personal information systems used tax decisions affecting peoples rights, may raise public fears that the technology in operation may not be neutral but may affect different groups differently. If, in fact, effective administration and enforcement of revenue laws depend on the taxpayers voluntary compliance, then it is important that the IRS design and use an information system that not only is benign but which can be perceived to be benign for all taxpayers and to encourage equitable treatment and equal protection of the laws for all. QUESTIONS 1. 2. 3. 4. 5. Could the TAS, over time, reinforce any existing inequities in the tax system by accelerating and intensifying the exercise of investigative, auditing, collection and law enforcement powers of both federal and state governments over certain categories of taxpayers? To what extent could TAS be viewed as a knob for tuning social policy? To what extent was TAS designed with the assumption of the immutability of the present tax laws? Could its capacities influence reforms in the tax laws? How might the new TAS, as programmed or operated, affect the right to equitable treatment under the laws of (1) taxpayers with a history of collection problems? (2) Taxpayers with serious tax problems? (3) Taxpayers who are audited? What other groups are intended to be affected by the application of the technology? Why? Will the TAS provide more responsive service to all taxpayers or simply better, more responsive service to selected groups in the taxpayer population? 70

PAGE 75

6. Under the TAS, can there be a significant difference among regions or even among districts of a single region, in the quality of administrative protection afforded the privacy of the individual residents by the way information is collected and entered into the TAS, in the use of it, and in the observance of the confidentiality of it within the IRS and outside the agency? 7. T O what extent, for instance, would the TAS, as designed and programmed, permit collection of non-programmed data essential to explain delinquency from the perspective of the taxpayer who may have fallen on hard times, suffered a serious illness, or other problem which might affect consideration of his case? 8. What research would be eliminated under TAS for different gr OUPS of taxpayers? With what effect or result? 9. What criteria will be used for developing computer programs for the new system which will affect specific groups of taxpayers? 10. To what extent might the new system be manipulable intentionally or unintentionally to discriminate against specified groups in the taxpayer population? BACKGROUND The possibility of equity issues in TAS were described by one panelist, Sociology Professor Dr. Robert Boguslaw, in the following terms: It seems legitimate to raise the question as to whether TAS (unwittingly) is a system oriented toward increased surveillance of middle class and working class taxpayers, while having relatively few consequences for corporate and upper-class taxpayers. Does increased computerization of IRS procedures work to the advantage of corporate and other taxpayers who can afford the legal and accounting advice which will enable them to conform, superficially, to acceptable standards (i.e., to remain below the limits of deviation posed by Discriminant Function scores, etc.)? In short, from a social and political perspective, the threat posed by TAS is not simply the possibility of increased scrutiny of all taxpayers, but rather the prospects of more effective scrutiny of some and less de facto scrutiny of others. 20 Responding during the panels discussions to questions Of possible TAS impact on class bias, IRS officials observed that there would be no change, that TAS was essentially a better management tool; they felt that to the extent TAS will assist in such matters as income averaging, it will if anything, promote equity, but it is not going to affect such things as the complexity of the tax code OT 20. Additional comments, Appendix of Report. 71

PAGE 76

tax write-offs. This argument was further developed by a panelist, a former IRS official, who stated that fairness has historically been the concern of tax administrators, tax lawyers and economists. All want to see tax administration bear evenly on taxpayers and have sought to imbed a form of equity in tax laws. The possible relationship of the TAS requirements and cost to future tax reforms may be related to equity issues. Concern was expressed during the panel discussion that the TAS design might reflect a perspective which accepts existing tax legislation as fixed and projects future requirements as reasonable extrapolations from past experience. Congress, however, might wish to review existing tax legislation from the perspective of the additional costs contemplated for TAS. As the question was expressed by a panelist, would more generous standard exemptions lead to increased benefits in the form of reduced costs of administration and equipment to say nothing of eliminating much of the need for privacy among individual taxpayers in the working middle class? If large numbers of people are not reporting details of personal financial activities, there is less of a burden on the organization to provide sophisticated privacy and confidentiality guarantees. According to the IRS, the current ADP posture, with piecemeal improvements made without integrated planning, creates difficulties in complete administration of the tax code and regulations. This is so especially as to the need for flexible, quick response to changes in statutory authority, and increased productivity of revenue agents to ensure compliance by all taxpayers. Reliance on voluntary compliance is tenable only to the extent that revenue activity is perceived by taxpayers as fair, thorough, and responsive to reasonable requests and inquiries. To the extent that there have been complaints of inequitable handling of audit selection policies, such criticism may be associated by the public to whatever software is proposed for applying TAS technology to auditing. There have been public criticisms of the apparent lack of balance in making audit decisions, and of some IRS judgments about where and how to deploy personnel and other resources for conducting audits. The courts have upheld the reasonableness of basic audit criteria, and to the extent that the Internal Revenue Service is attempting to audit people fairly, the computer software would simply embody more rational practices for selecting people for audit. If the application of the TAS in these areas follows reasonable criteria, these then might be reviewed to see that the proper use of computer-sorting capacity simply embodies judicially-acceptable auditing categories and criteria. If so, 72

PAGE 77

then, in the interest of the appearance of equity, and the assurance of fair treatment, perhaps these should be spelled out in the budget justifications for the TAS. If, on the other hand, there will be categories of taxpayer groups selected which would be substantially different from what have been the acceptable target groups, then this issue perhaps should be surfaced and examined. Through its ADP resources, the IRS has developed a uniform standard for selecting returns for audit. This standard is afforded by use of a sophisticated computer selection technique, the discriminant function (DIF) which involves assigning numeric weights to certain characteristics of tax returns according to relative significance of that characteristic as an indicator of error in a return. TAS will enable similar computer programs for other purposes. Equality of Treatment Under Laws and Rules With TAS, there is a new administrative system evolving within the IRS which is intended to affect special groups of taxpayers. Under the existing system, presumably, there were safeguards for these people. An issue for possible inquiry is what new safeguards me needed to assure that these taxpayers will be treated fairly and enjoy rights of due process, privacy and confidentiality equal to those of all other taxpayers? Residents of Different IRS Regions TAS may raise a serious issue of equality of treatment which may have possible constitutional dimensions as an equal protection of the laws problem. This is whether or not residents of different geographic regions will enjoy equality in the administration of the Internal Revenue laws, and in enjoyment of their privacy and other rights which may be affected by IRS and related information programs. Under the new system, there will be 10 different regional information management policies and 10 different sets and myriad subsets Of information relationships among personnel of the IRS components and among those of federal and state users of IRS data. In addition, there will be 10 different security systems, instead of one, for those interested in oversight to watch. A number of Congressional reports have identified lack of central management and oversight in decentralization as causes of certain civil liberties abuses in the collection, storage, use and 73

PAGE 78

sharing of certain kinds of IRS investigative information. Questions might be raised in connection with TAS as to (1) What are the oversight implications of these arrangements?, and (2) Who will be responsible for assuring equal protection of the laws to residents of different geographic regions? Following are examples of groups intended to be affected, according to IRS documents, by the improvements TAS will bring to the Service. They are noted here for background information in considering TAS. Taxpayers with a Hiktory of Collection Problems The TAS Description Book; an internal document prepared for IRS, states that the TAS will aid the collection process by making available information of taxpayers with a history of collection problems. The availability of this data on those taxpayers accounts having a balance or return delinquency problem will, according to this document, eliminate a great deal of research presently carried out by Revenue Officers. To assure that rules for TAS permit fairness for this group, it might be asked to what extent the TAS, as designed and programmed, may permit the collection of nonprogrammed data essential to explain delinquency from the perspective of the taxpayer who may have fallen on hard times, suffered a serious illness, or other problems which might affect consideration of his case. Another area of inquiry for this group, as for other groups intended to be affected by TAS capabilities, would be what research would be eliminated under TAS which is now carried out for the various special categories of taxpayers with which IRS must deal. Taxpayers with Serious Tax Problems The Description Book for TAS states that through TAS improvements, taxpayers with the most serious tax problems will be dealt with before collection manpower is expended on those with less serious problems. Under the present system, employees have considerable administrative discretion to make such determinations and their decisions must necessarily involve value judgments in each case. TAS, according to the IRS internal document, will be used to produce an inventory report of the workload volume available within each specific geographical area. Through a special scoring system, based on the entity concept with weights assigned by pre-established criteria similar to Discriminant Function criteria, the Group Manager will be able to make maximum use of field collection manpower. 74

PAGE 79

To assure that the intended use of TAS capabilities for this group of taxpayers does not raise issues of fair and equitable treatment of equal protection of the laws, information might be sought to determine what a serious problem is for the purposes of the new system, and who will decide this; what criteria will be used for developing computer programs for the new sys~m which will affect these and other groups of taxpayers; how secure are the details; to what ex~nt might this aspect of the new system be intentionally or unintentionly manipulable to discriminate against specified groups in the taxpayer population. Taxpayers Who are Audited by Geographic Area or Business Activity TAS, with its data base of tax account information, is expected by IRS to permit more detailed analysis and improved criteria for selecting returns in need of audit by geographic area or business activity. IRS stated that this refinement will be especially beneficial in treating localized compliance gaps in regional and district audit programs that are not recognized in the National Discriminant Function system for selecting returns. Through data base analysis, it will be possible to identify compliance problems (questionable deductions or unreported income) by geographic area of business activity. Also available in the expandable data base, according to an internal TAS document, would be prior year audit results by issue fort= years open under the statute of limitations, along with references to financial and other tax related transactions that impact future years reporting requirements. The audit history data is expected to permit better selection of returns and fewer successive no-change audits of computer selected returns. Better selection will in turn increase examiner efficiency since less no-change work will allow more thorough examination of returns with high probability of error. References to financial or other activity affecting subsequent year filings will provide examiners with leads, further increasing the quality and efficiency of work effort. An area for possible inquiry for this gr OUP would be to determine the criteria to be programmed for defining computerized selection of returns ad for measuring examiner efficiency. similar questions might be asked concerning guarantees in TAS for fair treatment of American taxpayers living, working, or traveling abroad. 75

PAGE 80

c. TAS AND THE COURTS ISSUE: WHAT PROBLEMS MAY THE TAS TECHNOLOGY POSE IN THE JUDICIAL PROCESS FOR THE PROTECTION OF INDIVIDUAL RIGHTS? SUMMARY Judicial review of the intended or unintended consequences of TAS technology is not only likely but certain, given past and present judicial experiences with IRS earlier ADP system. An analogy might be drawn between TAS and judicial treatment of FBI computerized systems in the 1971 case of Menard v. Mitchell. 21 Questions might be raised as to whether or not policies governing the collection, use, maintenance, and dissemination of IRS information are sufficient to stand up in court when the interest of the taxpayer or the government may be at stake. QUESTIONS 1. What new problems may the Tax Administration System present to the courts? 2. Is there a need to define additional rules and standards by statute or regulation to provide guidelines for judges and parties to civil and criminal actions whose cases may be related to the operations of TAS computers, its hardware, software, or personnel? BACKGROUND Serious consideration may have to be given to the adequacy of rules governing TAS unless the whole TAS system is to be jeopardized in the future by court decisions saying that the taxpayer is put at a disadvantage by the complex system. More and more as courts are being called on to resolve due process issues in governmental programs, it has become cleax that they are not going to sacrifice their constitutional role and traditional functions to bad systems design. As courts begin 21. 430 F 2d 486 (D.C. Cir. 1970) decision upon remand, 328 F. Supp. 718 (D.D.C. 1971). 76

PAGE 81

to look at the effects of automated data systems, they have given notice that they are not going to rely on good intentions. There is needed only the example Judge Gesell provides in his Federal District Court decision in the Menard case concerning the FBIs dissemination of arrest records and the right of expungement. The Judge found that the use of the system raised constitutional issues and that Congress has never authorized sharing of arrest records with state or local agencies for employment of licensing checks. He thus threw back to Congress the whole problem of establishing adequate rules for the system, something the Congress has struggled for years to resolve. A S the Internal Revenue Service has developed more sophisticated computer systems, billings, notices of all kinds, audits, collections and other processes have been automated for speedier, more economical service and compliance. Consequently, many Americans have become aware of unfortunate side effects as well as the beneficial effects of new information systems. As a result, the courts have begun to receive and to attempt to deal with complaints involving taxpayers rights to due process and privacy m they are affected by the IRS computers. Some recent decisions have implications for the new TAS. There is, for example, the reported case of Hattie Neal a taxpayer in New Jersey. Research reveals that as the case progressed, it became apparent that the IRS side of the story may not have been completely available. However, the fact situation as described, presents a possible scenario for testing rules which would govern TAS operations. The reported facts are these: During 1973, income tax W as withheld and paid to IRS on Ms. Neals wages. The final 1973 return, filed in 1974, showed a tax which was $910 less than the amount withheld, and she asked for a refund. Instead, she received an IRS form stating that the refund was applied to adjust her account for the year 1971. Wportedly, no information given to explain how and why this entry was made indicated that she inked three times for a hearing or explanation. In each case, the response was a computer print-out saying that the refund had been applied to the 1971 balance, without saying how the balance arose. Ms. Ned sued for the refund. The IRS, reportedly having withheld the facts from her, inked the court t O dismiss her suit for lack of jurisdiction, on the grounds that-she lacked a sufficient showing On the basis of her claim. The judge found that a strange request since, he said, the government cannot ask the taxpayer to provide details which only the government possesses and which its computers will not disclose. He took note of the fact that enough taxpayers had this happen to them to suggest that what was at work was the GIGO Rule of Computers (Garbage In, Garbage Out). Since the 77

PAGE 82

explanation for the phenomenon was never learned, maybe discovery in this case would provide it. He also noted that if the United States had been a creditor dealing with consumer credit, such as a retail merchant or a credit card company, it would be obliged to provide the details of a claimed bilIing error and to correct the error, within strict time limits. He ordered the IRS to provide the information. The judges comments on the facts as presented to him for decision are relevant to the proposed TAS: The computer is a marvelous device that can perform countless tasks at high speed and low cost, but it must be used with care. This is because it can also make errors at high speed. Those who use computers for record and accounting purposes, including the government, are accordingly obliged to operate them with suitable controls to safeguard the reliability and accuracy of the information. After the decision the taxpayer did not fully respond to IRS requests for information about her deduction claims and the Court dismissed the case, noting: Since both parties failed (at different stages) to provide information to which the other was entitled they are both tarred with the same brush. 2 Impeaching Computer Print-Outs Computerized programs have been involved in several recent cases of criminal prosecutions for failure to file tax returns. Judges have struggled with issues of privacy, due process and the new computer technology in these cases. Defendants have tried to discover IRS computer lists of taxpayers who failed to file so they could contact them and find people who had actually filed and were erroneously listed as non-filers. In one 1974 Pennsylvania case, the IRS fought such an effort as unreasonable and a violation of privacy. The Judge rejected their arguments and ordered IRS to delete Social Security numbers and furnish the defendant taxpayer a list of random selection of names of non-filing taxpayers. In doing so, he commented on the priuacy issue: The right of a citizen to privacy is, of course, an interest that is and should be zealously protected. But so is a citizens right to his good name. It is the latter interest that the defendant here seeks to preserve. When it is considered that the information the defendant seeks is public anyway, the asserted invasion of privacy seems, at best, elusive. Defendants interest, on the other hand, is very real. 22. IVeal u. U.S. 402 F. Supp. 678 (1975) 78

PAGE 83

The Government contended that the lists do not purport to be conclusive lists of persons who have failed to file returns, but serve merely as a starting point in the process of identifying nonfilers; that only after further extensive investigation is the list complete, so the lists were immaterial to the defense. The judge said their conclusion was short-sighted, and that: The defendant seeks to reveal not merely the inacuracy of the computer lists, but rather the unreliability of the entire Internal Revenue Service system of weeding out non-filers. The government suggests that there are many reasons why names will appear on the non-filer list that should not be there-returns in the process of audit, marriage and change of name, death. This is no doubt true. But it may be equally true that some names are on the list simply because the computer makes mistakes. The latter reason could well have a significant bearing on a crucial issue in this case-the reliability of the entire IRS procedure of identifying non-filers. Nothing short of the discovery sought will reveal the truth. The judge noted that the testimony of the government witnesses established that the overall IRS system of processing returns has remained unchanged and that any changes in computer equipment were improvements over the prior art. It comes to this, he stated: Defendant is reduced to seeking to expose inaccuracies in a present overall system unchanged since his alleged delinquencies, but operating with better equipment. His a fortiori argument is that if those shortcomings exist now, with better equipment, they had to exist in 1969 without the improved equipment. Circumstances, and not mere chronology, are the touchstone of relevance. In an elaborate order, the Court gave the taxpayer access to IRS computer processing locations and documentation relating to the electronic dab processing system. This included: systems documentation, programming documentation, operating documentation and instructions, training aids, job descriptions of systems personnel, organization charts, systems and programming changes, figuration detail, forms, systems personnel selection criteria, audit trail reports, exception reports, all logs relating to data processing (including volume log, error log, reject log, unposted log, changes log), attendance statistics for systems personnel, machine use @s, budget and budget requests, reports of systems operations, any studies relating to all aspects of the processing of income tax returns, all reports and evaluation of the income tax processing system or any portion thereof. The Court allowed him to inspect and operate the equipment under certtain conditions, and required the Government to bear the costs of the examination, including the salaries of personnel required to assist the defendants experts, the salaries of personnel prevented from carrying out their normal tasks, and the cost of use of computers or peripheral equipment. The lower court dismissed the charges against the taxpayer when the Government failed to supply the lists. The Court of Appeals reinstated the criminal charge on the grounds that the IRS 79

PAGE 84

had alternative means of getting the information the taxpayer wanted. The Appeals Court weighed the 6th Amendment right of the defendant to confront a major witness in the form of IRS computer print-outs against the right of privacy of individuals on the list and the need to avoid confidentiality problems in managing presentation of the evidence in court. Although the great majority of persons on the lists in fact have filed a return or have legitimate reasons for not doing so, being a suspect under investigation by a government agency is a circumstance which every person except the bizarre would prefer to hold in confidence, the Court stated. Alternatives by which access to IRS documents and experts, and permission to have his own experts run tests on IRS computers would allow the taxpayer to cross-examine the computer testimony confronting him by analyzing the reliability of the computer system in theory and checking the accuracy of the system in fact. Moreover, the alternatives should provide information focusing directly on the credibility of the computer testimony and more likely should develop the facts than the digression sought stated the opinion. The U.S. Supreme Court denied certiorari in this case. 23 Judges have had to deal with the breakdown of administrative barriers by the flow of information in computerized networks of the IRS. In a case this year, defendant taxpayers who were charged by IRS with criminal tax evasion claimed the right to have evidence suppressed which was gathered in violation of their rights under the 5th Amendment against self-incrimination and under the 6th Amendment right to counsel. The Judge in this case ruled that when incriminating evidence had been filed in a generally accessible computerized information bank, and the file was transferred to an audit group whose sole function was limited to investigation of taxpayers believed to have income from illegal sources, the Government was required to give the defendants a Miranda-style warning of their rights. A special agent of the IRS Intelligence Division spotted the taxpayer driving a customized Cadillac automobile in the downtown Milwaukee area, ran a check on the car and found it was registered to one of the defendant taxpayers. Using routine request procedures, the IRS obtained the defendants joint income tax returns from the IRS Service Center in Kansas City, and filed a report, (or information item) with a recommendation that the Intelligence Division, which deals with criminal matters, conduct an investigation of taxpayers. This was rejected. Later, the audit 23. U.S. u. Liebert, 383 F. Supp. 1060 (1974) U. S.C.A. 3rd Ct. No. 74-2294 (June 30, 1975) U.S. (1975) 80

PAGE 85

division began investigating for civil liability, and the Intelligence Division began investigating for narcotics trafficking. All the time, however, incriminating evidence was being fed into the Information Gathering Retrieval Unit (IGRU), where it became available to every division of the Internal Revenue Service. The IRS claimed that since the taxpayers file was not formally transferred to the Intelligence Division until a certain date, the IRS had no responsibility. In his opinion, the judge spelled out the intricate details of the case, referring to it as a computer case. The IRS, he said, could not erect artificial barriers between different Internal Revenue Divisions in order to defeat the taxpayers defense. The proper substantive inquiry is When [does] the investigative machinery of the government [become] directed toward the ultimate conviction of a particular individual? Under all the facts and circumstances of the present case, when defendants file was transferred to Audit Group 1208, whose sole function is limited to investigation of taxpayers believed to have income from illegal sources I find that in substance the adversary process had begun and the Governments investigative machinery began to be directed toward accomplishing the indictment and conviction of these defendants. Incriminating evidence had been filed in a generally accessible computerized information bank. Further proceedings without an admonition of rights allowed the defendants to misapprehend the nature of the continuing inquiry, their obligation to cooperate with the investigation, and the possible consequences of such cooperation. 24 These are only a few of the judicial decisions involving due process and harassment issues arising in the operation and management of IRS computers. The procedures governing collection, use, and exchange of the sensitive information which the IRS acquires in the course of carrying out its statutory mandates affect the lives and well-being of all taxpayers and taxpaying entities, individuals, citizens, businesses, corporations, organizations> wherever they may be, at home or abroad. 1n considering the sufficiency of the policies and practices governing TAS operations, it is well to recall Judge Gesells warning: While conduct against the state may properly subject an individual to limitations upon his future freedom within tolerant limits, accusations not proven, charges made without adequate supporting evidence when tested by the judicial process, ancient or juvenile transgressions long since expiated by responsible conduct, should not be indiscriminately broadcast under governmental auspices. me increasing complexity of our society and technological advances which facilitate massive accumulation and ready regurgitation of far-flung data have presented more problems in this area, certainly 24. U.S. V. Mapp 406 F. SUpp. 817 (1976) 81

PAGE 86

25 These developments problems not contemplated by the framers of the Constitution. emphasize a pressing need to preserve and to redefine aspects of the right of privacy to insure the basic freedoms guaranteed by this democracy. A heavy burden is placed on all branches of Government to maintain a proper equilibrium between the acquisition of information and the necessity to safeguard privacy. Systematic recordation and dissemination of information about individual citizens is a form of surveillance and control which may easily inhibit freedom to speak, to work, and to move about in this land. If information available to Government is misused to publicize past incidents in the lives of its citizens the pressures for conformity will be irresistible. Initiative and individuality can be suffocated and a resulting dullness of mind and conduct will become the norm. We are far from having reached this condition today, but surely history teaches that inroads are most likely to occur during unsettled times like these where fear or the passions of the moment can lead to excesses. The present controversy, limited as it is, must be viewed in this broadest context. In short, the overwhelming power of the Federal Government to expose must be held in proper check. 26 25. See Presidents Commission on Law Enforcement and the Administration of Justice, Task Force Report: Science and Technology, at 74-77 (1967). Dealing specifically with arrest records, the Commission noted three serious problems in their use: The record may contain incomplete or incorrect information. The information may fall into the wrong hands and be used to intimidate or embarrass. The information may be retained long after it has lost its usefulness and serves only to harass ex-offenders, or its mere existence may diminish an offenders belief in the possibility of redemption. 26. 328 Fed. Supp. 279 (1971).

PAGE 87

4.4 PROCESSES AND STRUCTURE a. DECENTRALIZATION ISSUE: WHAT PROCESSES AND FUNCTIONS Would BE DECENTRALralized THE NEW SYSTEM AND WHAT EFFECT, if ANY, COUD DECENTRALIZATION HAVE ON PRIVACY AND OTHER RIGHTS, ON CONFENTIALITY OF INFORMATION AND SECURITY OF THE SYSTEM? SUMMARY By creating ten regional service centers, each with its own data base of records about taxpayers residing within its boundaries, the TAS will be setting UP what are essentially ten data banks each with its own data base, central processing unit, remote terminals, and communications lines. While such decentralization is seen by IRS as offering important administrative and service-to-taxpayer advantages, the ten-bank arrangement raises possible problems with regard to civil liberties that may differ from those involved in one national data center with nationwide terminal access. QUESTIONS 1. How will IRS control set rules of variations among the ten centers in the use they can make of individual data for purposes of audit, collection and levy? 2. In the interest of competition among centers there may be some desire to encourage local innovation, and yet not violate concepts of equity from one center to another. Will it be possible to define the predictable use of partic~m sets of data and to install boundaries so that violations of national rules can be detected and inquiries made as to the justification or lack of justification for such departures? BACKGROUND Despite the issuance of national guides and rules, there have been in the past significant deviations among local IRS offices in the way they use taxpayer return and investigative data. A leading example is the IGRS system, in which local variations involving intelligence operations were sharply 83

PAGE 88

criticized by the Senate Select Committee on Intelligence and other groups for violating individual rights, as well as for failing to accomplish the proper goals that were envisioned by the IGRS system when originally initiated. Therefore, the question as to how the TAS will set national parameters and limits for the operation of its ten regional centers and how it will monitor, test, and supervise local variations becomes an important matter. There may be a need to gather information for assessing whether adequate provisions are being made by IRS for the development of audit software, system-time for this function, supervisory personnel, and test costs to assure that there is proper uniformity among centers and fidelity to national operating rules. Recent disclosure of improper use of the FBI National Crime Information Files by local law enforcement offices to furnish data about insurance claimants improperly to insurance companies seeking data indicates how vital it is to have within data banks a system which will monitor level of use and types of inquiries. 84

PAGE 89

b. ADMINISTRATIVE CENTRALIZATION ISSUE: WHAT PROCESSES AND FUNCTIONS AFFECTING INFORMATION POLICY AND INDIVIDUAL RIGHTS WOULD BE CENTRALIZED UNDER THE NEW SYSTEM? HOW MIGHT CENTRALIZING FORCES AFFECT THE OVERSIGHT OF SUCH PREVIOUSLY SEPARATED ACTIVITIES? SUMMARY The installation of the TAS will bring certain centralizing forces and administrative changes to the IRS organization and might provide such a potential for other changes that, in the interest of public understanding of the system and in the interest of accountability on privacy and due process matters, there may be a need to identify these changes further. While some of these questions have been raised in another context in the section of this report on Consolidation, and Organizational Change they deserve emphasis in the context of a discussion of the internal functions and administrative separation of powers within IRS. QUESTIONS 1. What is being centralized under TAS? What activities are being or may be consolidated? 2. What intended or unintended impack may TAS have on the administrative division of powers? 3. Could TAS have the side-effect of contributing to a breakdown in separation of functions within IRS in a way that adversely affects accountability for protection of privacy, due process, equity and other principles destiable in the administrative process? 4. What safeguards will surround the national directory of files in Matinsburg, West Va.? 5. What are the implications for monitoring TAS programs by IRS, the Treasury Department, the Executive Office of the President, including OMB, by Congressional committees? 85

PAGE 90

BACKGROUND The desirable capacities of the TAS, such as integration of a fragmented data base, and other centralizing forces set in motion by technological changes, may in such a large governmental system, affect the present functional, administrative, and political separation of some activities within the IRS in such a way that, without some new rules or reporting mechanisms, there might be an adverse affect on the exercise of effective accountability and Congressional oversight. While a major feature sought under the new system is the decentralization of the files to meet the needs of regional and local managers, there will also be a centralization process at work involving integration of previously separated programs. A potential naturally exists for expanding such activities beyond those planned uses already identified. In order to assure public and Congressional understanding of the ADP changes when they are installed, and in order to promote and preserve accountability in the system for matters affecting the privacy, due process, equity and other rights of taxpayers, it may be important to elaborate further for the record those changes in technical integration of the files and administrative consolidation which will be departures from previous ways of doing business. This may help to forestall any adverse side-effects on the quality of IRS relationships with taxpayers, with Congress, and with Executive branch personnel charged with monitoring the system. For example, a major need cited by prospective users of TAS and one of the advantages claimed for the system is the ability to consolidate all activity for an individual taxpayer under one account. Taxpayer accounts in the Master File Processing System are now grouped by taxpayer characteristics such as business individuals, exempt organizations and others. They are stored and maintained as large master tape files, essentially separate from each other in handling and processing, with software designed for each file. Under the new concept, according to internal IRS documents, ADP will tie together transactions affecting taxable entities over an extended period, rather than treating each tax return as an individual transaction. This means business tax returns of sole proprietors, presently filed under employer identification numbers, would be consolidated with the taxpayers individual tax return filed by social security number. Another advantage sought under TAS is the ability to consolidate the Delinquent Account, Delinquent Investigation and Returns Compliance Programs. After appropriate notices are issued, the system will provide a profile of the taxpayer, a Taxpayer Compliance Profile (TCP) for field 86

PAGE 91

investigations which will furnish to the Revenue Officer all pertinent information such as previous actions, balance due, return delinquency tax periods for which the taxpayer has a filing or payment responsibility. An updated profile will be issued each time a new delinquent tax period is established on the Master File. Presently, separate investigation notices may be issued for each return delinquency tax period. Among other results of this separation of action is the fact that more than one collection representative will contact the taxpayer and work on different phases of the case instead of having a consolidated record handled by one person.

PAGE 92

c. ORGANIZATIONAL CHANGE ISSUE: COULD THE NEW SYSTEM BRING ABOUT ORGANIZATIONAL CHANGES TO THE IRS WHICH MIGHT AFFECT ITS ABILITY TO CARRY OUT RESPONSIBILITIES FOR RESPECTING THE RIGHTS OF TAXPAYERS? SUMMARY The installation and operation of a large sensitive information system like TAS requires a sophisticated management structure and may require drastic changes in personnel in positions of trust. If there are significant organizational changes in the functions to be performed, and in responsibilities, rights, and duties which may be exercised, there may be a need for assuring that IRS has developed plans in advance and considered the need for new rules to deal with those changes. QUESTIONS 1. What preparations has IRS made to deal with any significant change to be wrought by TAS which might bear on privacy, due process, confidentiality, and security? What regulations are proposed? 2. How might TAS affect information relationships between IRS component offices? 3. How can Congress assure itself that the IRS has identified major organizational changes and is prepared to deal with them? 4. What kinds of decisions are being given to the computer under TAS which in the past have not been made by the computer at all or at least not on such a scale? 5. Is the taxpayer going to be denied a valuable paper trail which, under a slower, less efficient process, at least enabled the tracking of errors and the correction of records and which, with the help of investigative pressures, discovery processes, or Freedom of Information Act provisions helped to establish administrative responsibility for the courts and Congress? If so, how does the IRS propose to deal with this change? 6. What are the specific details of the new staff structure under TAS? 88

PAGE 93

BACKGROUND Management problems under TAS will be quite different from those under the old system. Installation of a system of the size and sensitive nature as TAS involves actual and potential new relationships among internal IRS components who will use it. New stafing patterns are created. New competitive forces among offices and regions can be set in motion. The number of employees in a position of trust may be drastically altered. In authorizing such a system Congress ought t O be able to assure itself that the agency has anticipated problems of organizational change and that policy statements and rules have been drafted to meet them. As one panelist expressed it, the stakes are so important that taxpayers and Congress cannot afford to let the government rest its case on generosities that good things will happen. The agency ought to be able to say here is the way our staff will be organized. Here, for instance, are job positions for security accountability; here are job positions at each administrative level for those controlling what goes into the system, how it is USed, and who gets the information, and what programs are instituted. Concern was expressed that not enough such information WaS supplied about TAS to assure that the steps proposed by IRS for dealing with important changes which could affect privacy, due process, confidentiality, and security are not merely cosmetic but are substantive and are actually implemented. Congress ought to have more information as to how TAS will be staffed as an information system. Questions of organizational change are basic to the issue of the total security of such an information system as TAS. In the opinion of computer experts~ no system today is invulnerable to compromise. Too often discussions of security in new computer systems focus on technical problems and ignore the fact that the real security problems rest in the Prepations of adequate management and personnel policies to deal with perceived threats. For example) where IRS indicates that its employees will be advised of security needs and warned about Penalties for violations, it may be advisable to obtain and evaluate copies of such education~ documents for their adequacy. Other questions relating to organizational changes and Policy implications of the technology for the administrative structure could be identified which did not appear from available TAS documents to have been sufficiently addressed. A number of aspects of management and staffing policies related to security were addressed in a recent report on TAS by the General Accounting Office. It would seem reasonable for Congress to 89

PAGE 94

expect to see plans for significant treatment by IRS of the management considerations identified there before TAS is installed. The TAS documents make a number of references to the automating of clerical duties and to eliminating research and memoranda, but it is difficult to obtain from them a clear picture of how IRS proposes to assess the potential for any adverse side effects for the taxpayer who may be affected by the role of the TAS technology in changing the functions and programs it supports or the processes it may replace. For instance, when the Integrated Data Retrieval System was introduced to put on-line tax histories for only 10 percent of taxpayers, thousands of letters and memoranda are said to have been eliminated. The significance of this kind of organizational change, when all of the files for 132 million taxpayers, businesses, and organizations are put in real time and decentralized for random access storage, may need evaluation to determine a need for (1) statements of major policy changes, (2) new rules defining rights of taxpayers in the operation of the new system, and (3) rules assigning specific personnel responsibilities. A number of operational and management problems affecting taxpayers have been identified in the IDRS in various hearings and reports and difficulties cited in communications between IDRS personnel and taxpayers. If such problems develop when only ten percent of the files are on-line, there may be a real need to consider what similar problems could arise on a grander scale when TAS is installed, and result in harassment of taxpayers through computer-assisted human errors, lack of effective communications, and lack of operational complaint mechanisms. Opinions of public administration specialists might help further define this issue.

PAGE 95

d. ACCELERATED PROCESSES ISSUE: COULD THE TAS PRODUCE AN ACCELERATION IN INFORMATION PROCESSING AND DECISIONMAKING TO A DEGREE WHICH MIGHT HAVE ADVERSE IMPACTS ON CIVIL RIGHTS AND LIBERTIES OF TAXPAYERS IN THE ADMINISTRATION AND ENFORCEMENT OF INTERNAL REVENUE AND OTHER LAWS? SUMMARY One of the chief claims for the merit of the TAS is the greater efficiency to be achieved from increased speed in access to and transmittal of information and in the automatic linkage of information. Processes which previously took five to six weeks can be reduced for a day, and for som days are reduced to microseconds. TAS will speed Up the process of billing, audit, investigation, collection, delinquencies, levies, seizure and prosecution. Major benefits will be greater response capacity for dealing with taxpayer inquiries, faster refunds, earlier notices, and possibly less time between each process and the official determinations affecting the taxpayers property and other rights and obligations. These are all desirable reforms which have been sought by Congress and interest groups, and promoted in various studies of the operations of the IRS. However, without proper planning and possibly more elaborate guidelines, there might be some adverse side effects for the taxpayer not only in IRS and Treasury Department programs but in compliance and enforcement programs of other government users of IRS data. public documents on TAS do not indicate the extent to which such planning has been undertaken and guidelines developed. QUESTIONS 1. Could acceleration of processes create a Potential for computer-assisted errors in billing and isuing notices of all kinds, or for errors in programming and retrieval which might result unintentional harassment of the taxpayer population? 2. Could acceleration of processes have any detrimental effects on the taxpayers enjoyment of previously developed due process guarantees in the administration and enforcement of the tax 91

PAGE 96

laws? Could it create new due process problems for the taxpayer in such matters as investigations, audits, jeopardy assessments, levies, collections, or prosecutions? 3. What could be the unintended side-effects of the stepped-up processes which might affect the quality of service rendered as well as the present relationships between taxpayers and employees of IRS and other governmental units? BACKGROUND Since acceleration in processes and transactions is the obvious purpose of a new system, it is seldom examined, as an independent factor, for possible side effects which may be subtle and complex, or difficult and time-consuming to prove. Although Congress has examined claims of efficiency and feasibility in considering budget requests for new or expanded ADP systems, it has given little, if any attention, to the possible long term impact on organizations and people of the tremendous changes in time involved in performing the functions to be served by the systems. Acceleration of the gathering, storing, processing, using and disseminating data on taxpayers theoretically might work substantial changes in the quality of the services, on information management methods and on the decision processes of users of tax data within the IRS, the Treasury Department and the rest of government. The rate and the effects of acceleration desired might, of course, be tempered by organizational, economic, political, or other factors. An area for further study may be whether the increased efficiency and speedier services will result in a loss of other values and intangible elements affecting civil liberties and relationships between government and citizen for which compensation needs to be made in the new system. The speed of administrative processes in the IRS has been governed by the manual speed and slower computing time with which these jobs were done. The long lead time required to perform functions and carry out programs and the delays inherent in the system of administration and enforcement, have tended to protect the taxpayer from the immediate intense enforcement of tax laws. There can be no reasonable objection to increase in speed which results in the effective administration of justice unless the increase in speed leads to miscarriage of justice. For instance, will the taxpayer have time to find a lawyer and develop a case? Will tax lawyers accept a case if the process is accelerated? While delays and slippages in administration have been the focus of sharp public criticism of IRS management techniques, they might, in certain programs, also provide a desirable temporal 92

PAGE 97

buffer zone between government and taxpayer which encourages voluntary compliance and the good faith of the taxpayer. Given the right conditions, such as setting of quota or local political pressures, acceleration might have just the opposite effect from that which is intended. If all processes of administration and enforcement are accelerated, attention should be given to whether or not this might cause the system to become more rigid, causing taxpayer attitudes to harden in response. To provide a basis for speculation about this possibility, major documentation on the time changes in functions and missions to be served by the TAS might be reviewed to consider their possible impact on individual taxpayers and business. Given quota problems 27 and other organizational pressures to show performance, is it possible that an accelerated rate of production in tax decisions might result in a change in the nature of the IRS as an organization? There may be a need to establish to what extent customary delays heretofore tolerated or expected by the taxpayer would be eliminated by the speed-up afforded by the TAS. The main point, in the opinion of some panelists, is whether or not there could be adverse side effects from reducing the customary response time presently afforded the taxpayer in responding to IRS actions. The taxpayer needs time to put his papers together and acquire information, usually without the aid of a computer. A point for consideration might be if the IRS personnel can work in 12 seconds, will taxpayers be expected to work on a similar scale? If substantial delays are eliminated by the technology, it may be that in the interest of fairness and individual rights, artificial delays may have to be imposed for certain decisions. Privacy Invasions TAS will make large quantities of personal information about people available in the time it takes to snap two fingers. There may be a vastly increased potential afforded by TAS for speedier, more efficient invasion of privacy and breach of confidentiality of information, whether intentional or not, and whether authorized or not. This is true for inquiries and action in individual cases as well as for the initiation and pursuit of entire programs. Speed in obtaining access, retrieving and manipulating data may, without stringent rules, be a lure to repetition of past abuses affecting the privacy 27 See, for example, S. Rept. 93-1028, 93d Cong., 2d Sess., Committee on Appropriations, July 1974, p. 7. 93

PAGE 98

and due process of individuals and to pursuit of even more novel, wide-ranging programs for questionable or non-tax related purposes. It is relevant to this issue that one Congressional committee finding showed that the discredited Special Service Staff, which was organized to conduct selective investigations of taxpayers for political reasons, would have been more effective had it been able to collect and integrate all the tax returns and related pieces of information that were scattered in file cabinets around the IRS and State governments. Given the considerable benefits to be achieved under TAS, the potential for more rapid retrieval for questionable use of data may bean acceptable risk. However, if there is any important trade-off between efficiency and freedom, then compensating features and rules may perhaps need to be built into the system. Legal limits on transfer of data and mechanical techniques for perfunctory audit trails when a file is accessed may not be enough to prevent misuse, particularly when access is authorized. Those intending to misuse information may not hesitate, as investigations have shown with former information programs, to avoid the established structure and controls installed in the system. When information rewards are even more quickly available under the TAS, it perhaps should be considered whether temptations to avoid controls will outweigh the possible consequences of discovery much later during IRS or Congressional oversight or monitoring of TAS processes. Law Enforcement Faster accessibility of tax return information may have an impact on the techniques and vigor with which tax law enforcement is pursued and thus raise some issues similar to those presented by the impact of the FBI National Crime Information Center computerized system upon law enforcement. For example, the telecommunications network and the automation of rap sheets, or arrest records, in the NCIC system allowed immediate access to data through police car radios and made possible the use of the rap sheets for instantaneous decisionmaking, such as in stop-and-frisk situations, where the opportunity for abuse was greater. Prior to automation, manual arrest record systems could only be used in more benign situations, such as setting bail, because of the slow process of access which could involve at least two weeks for FBI rap sheets. The Panel did not have enough facts about details of tax enforcement and about formal and informal access to computerized information which might be available under TAS as now planned 94

PAGE 99

or as it might develop in the future, to speculate about what similar opportunities for changing investigative techniques or for abuses in information usage might be presented by faster accessibility to computerized tax history information. Audits and Investigations There may be a need to consider possible negative effects on public attitudes toward TAS from the faster access to data which would facilitate audits and investigations focused on special groups for certain purposes in programs of so-called unbalanced tax enforcement, and which would allow audits of new groups for which there previously were not sufficient time or resources. Without a very effective flagging procedure or an audit of records regularly reviewed, it might be speculated whether or not the accelerated processes might encourage IRS to run compliance checks on ideological, political, or other g TOU p S where the time lag, cumbersome manual, and mail delivery system now discourage such requests. The potential for abuses in this area and the possible need for new rules and for careful audit and monitoring processes in the new system on a scale more sophisticated and detailed than in the present one, might be considered in light of the findings of several congressional committees. These findings point out the civil liberties problems in special enforcement of IRS programs directed against ideological organizations and other groups and individuals. Furthermore, the use of the IRS computerized Information Gathering Retrieval System to further IRS investigative and intelligence policies may provide useful examples of information abuses which might develop from the speedy access afforded by the TAS. Errors and Due Process Unless the IRS has initiated satisfactory programs to offset such consequences, the human errors which are bound to occur wherever computers assist employee decisions might be increased and their effect magnified on the taxpayer population. The potential for computer errors in billing and issuing notices of all kinds, and for errors in programming and retrieval may result in unintentional harassment of the taxpayer. Speed of change in the TAS may affect the quality of management and employee performance to a degree which results in an adverse impact on taxpayers in compliance and enforcement programs. If the whole process is potentially accelerated, the organizational force will naturally fuel a drive for 95

PAGE 100

increased production in every phase of employee work. Many more cases per employee will have to be handled. Because they can be handled more speedily, audits can be expected to be enlarged and the number of audits increased considerably throughout every community. Errors made automatically and instantaneously will have to be corrected manually and resolved in communications between taxpayers and IRS employees. These and similar questions might be raised to alert the taxpaying public and users of TAS data in the IRS and other government agencies to the possible need for addressing these problems both administratively and legislatively over time as TAS is developed and used. Issues associated with acceleration in IRS data processes are not simple ones to be dealt with on a one-time basis and dismissed for all time. They will be continuing ones which may need careful scrutiny and routine monitoring. Before any conclusion can be drawn, more information may need to be acquired on this issue and study given to ways of institutionalizing concern for these possible side effects in the TAS. The panel addressed a number of questions to the Acting Assistant Commissioner of the Accounts Collection and Taxpayer Service seeking clarification concerning time changes involved in the acceleration in decisionmaking and in the various stages of information processing. It may be that additional questions in this important area must be raised before a judgment can be made about possible effects on taxpayers of the speed-up sought in the TAS. 96

PAGE 101

4.5 ACCOUNTABILITY a. OVERSIGHT ISSUE: HOW SHOULD EFFECTIVE OVERSIGHT OF TAS BE CONDUCTED? SUMMARY For any large computerized personal information system like TAS, given the opportunities which complicated technological processes offer for misuse of data and programs, there should be some mechanism by which an executive agency must report on what processes it went through to assure against misuse of data by those having access to it. The TAS proposal does not contain such a provision. QUESTIONS 1. What new oversight needs might be created by the changes to be effected under the TAS for IRS, for the Treasury Department, for the President, and for Congress? 2. What kind of report should Congress receive about the TAS? 3. What new statutory or regulatory requirements might be established concerning any reports to be provided to Congress? 4. How might any weaknesses in the operation of TAS be identified so that any lack of fidelity to rules governing policy can be corrected and prevented in the future? 5. What actual and potential oversight is there now of operation of the system in order to monitor its effects on due process, privacy, and other rights of taxpayers? What new oversight techniques and processes might need to be instituted? BACKGROUND There are a number of decision points within the Executive Branch and Congress for conducting oversight of the TAS to determine the efficiency and economy with which its procurement, installation, and operation are conducted. There are also a number of agencies and Congressional

PAGE 102

committees concerned with oversight and monitoring of the IRS administration of requirements and prohibitions relating to dissemination of IRS information. It is not clear from available documents and reports on TAS where and how oversight will be conducted or implemented on those aspects of the new TAS which may bear on its fidelity to any rules established to govern information policy and to prevent misuse of data by those having authorized access to the system. A major area of concern in such a system as TAS is that of possible intentional changes in processes in the system which would escape the notice of those in charge. According to computer experts, this is one of the principal ways to misuse a system and does not depend on such techniques as employee identification and devices for physical security. It may be very easy in TAS for instance, to keep the system doing exactly what it is supposed to do and yet make a change in process so it did link together information in a way that was not intended and to feed that out to people who had obtained authorized access in a way that was purposely not intended. In this connection, consideration might be given to whether or not IRS political managers and Congressional committees ought to be able to receive reports stating that the agency had undertaken action to assure that there was no way the processes in the system could be changed without notice or without a way of detecting the change, such as documenting in real time the programs involved. Thought might be given as to whether or not the requirements of reports on TAS should be set up as a specific program, with a legislative mandate, funding, and assigned responsibilities for its monitoring. Should the Internal Revenue Service be asked, for instance, to state in such a report what techniques it used to test the integrity and effectiveness in application of safeguards? Should they be able to state, for example, that they established certain parameters or limits for inquiries and built into the software a way of showing when and how they were breached? Should such reports contain a showing of deliberate periodic efforts by an internal group to breach the system unsuccessfully? In addition, should IRS managers describe the particular fears and threats for which they were monitoring, auditing, and testing the system, and how they went about achieving any balance in weighing threats against risks? Attention addressed to efforts to define any such report requirements would help Congress and the IRS find ways to determine flaws in TAS, in planning, in ability to manage it or in ability to state constitutional rights in the operation of the system. 98

PAGE 103

b. CITIZEN PARTICIPATION ISSUE: TO WHAT EXTENT HAS THE PUBLIC BEEN INVOLVED IN PLANNING TAS? SHOULD THERE BE A NEW SPECIAL PROCESS FOR INVITING PUBLIC INPUT DURING ITS FORMULATION STAGE? SUMMARY There is a need to clarify the extent, if any, of public Participation in TAS plans, and on the need for any future citizen involvement. Present machinery may not be sufficient for meaningful participation. In view of the possible wide-ranging interrelationships among government information systems which may need addressing if their potential impact and oversight problems are to be identified, it may be desirable to install a special process for involving all of the affected groups who may have some interest in the new Tax Administration System. QUESTIONS 1. Has there been any citizen participation so far in the formulation of TAS? Under what circumstances? What citizen participation is planned for the future? 2. Are existing forums and statutory mechanisms sufficient to encourage or elicit informed public comment about the possible implications of TAS? 3. I S there a need for a new special process for inviting public input during the formulation stage of TAS? If so, what should this process include? Special notices of hearings? News releases of specified number and frequency? Mailed notices? H OW much time would be required to carry out adequately such an effort? BACKGROUND It is not clear from testimony and public documents on TAS to what extent, if any, the public has been involved in planning TAS. Since planning has occurred incrementally over a number of years, it is hard to tell at what stage such participation might have been appropriate, or might be in 99

PAGE 104

the future. Existing machinery may not be sufficient to encourage or elicit informed public comment. Congress recognized in the Privacy Act of 1974 the need for mechanisms for alerting Congress and the public to creation of a new personal information system and to plans for new uses of old systems. That Act requires agencies to publish in the Federal Register notice of any new use or intended use of personal information in the System and provide an opportunity for interested persons to submit written data, views, or arguments to the agency. In addition, each agency is required to provide adequate notice to Congress and the Office of Management and Budget of any proposal to establish or alter any system of records in order to permit evaluation of the probable or potential effect of such proposal on privacy and other personal or property rights of individuals or the disclosure of information relating to such individuals, and its effect on the preservation of the constitutional principles of federalism and separation of powers. There is, however, no formal mechanism for requiring or for soliciting informed public comments on the implications of proposals for significant new systems. The IRS published in the Federal Register of August 26 and September 9, 1975, the indices and notices of its systems of records. Final regulations and exemptions were published in the Register on October 2, 1975. The Service reported in 1975 that since the redesigned TAS will not be implemented prior to 1977 and will be installed in thee phases spread over several years thereafter, the IRS will revise existing published notices and regulations and procedures at the appropriate time (emphasis supplied) prior to implementation of the changes for each phase of the redesigned Tax Administration System. Although this plan may seem to meet the letter of the law, the question arises whether or not this is indeed the appropriate stage to inform the public after the formulation of TAS has taken place. In view of the complex technological issues involved in new data systems and the possible wideranging impact on public policy of some new systems, public interest groups and constituencies of agencies may find it difficult to grasp the issues in a timely and relevant way in order to exert an effective privacy or due process claim and to protect themselves from potentials for abuse. Similarly, the fragmented committee jurisdictions in Congress may make it difficult to review the issues relevant to a proposed new data system. Therefore, when a data system as large, as filled with sensitive data, and as likely to stir public concerns about privacy, confidentiality and due process as TAS, is being devebped, this may well 100

PAGE 105

call for the institution of a general public-notice proceeding beyond the customary reviews of Congressional committees and Executive Branch. This might, for instance, take the form of a notice by some forum that public hearings on the TAS proposal will be held over a certain period of time (30 days, 60 days, etc.); a full and accurate description of the TAS system could be issued; written submissions could be invited from bar associations, public-interest groups, Civil liberties groups, and others. Hearings might be organized at which the issues raised by such advance submissions are fully explored. The idea could be to have a hearing freed from some of the institutional constraints that apply to intra-Executive Branch review or subject-matter-jurisdiction Congressional committees. There is an illustration of this idea at work in the actions of the Federal power Commission. In 1972, the FPC issued a public notice that it proposed to develop a Fully Automated Computer Regulatory Information System. The system plan was described in detail, and interested parties were informed of procedures for written and oral submissions. Detailed submissions were received from various groups subject to FPC jurisdiction, such as power companies, oil firms, etc., as well as State public-service commissions. 28 28. See FPC Docket No. R-438, Development of a Fully Automated Computer Regulatory System Revisions in Title 18, Code of Federal Regulations, Notice of a Proposed Rulemaking and Request for Comments, April 13, 1972; Docket Entries for No. R-428 through April 16, 1973. 101

PAGE 106

c. TAS, ADVANCING AND EMERGING TECHNOLOGIES ISSUE: ARE CONTROLS NEEDED TO REGULATE TASS INTERFACE WITH ADVANCING AND EMERGING TECHNOLOGIES WHICH MIGHT ALTER ITS VULNERABILITY TO POLITICAL MANIPULATION OR TO USE AS AN INSTRUMENT FOR SURVEILLANCE OR HARASSMENT? SUMMARY For a system of the size and significance of TAS, consideration might be given to how it will be affected by advancing and emerging technologies. Questions could be raised to highlight some considerations which might govern the applications of new technologies to TAS in the future other than traditional concerns of competition, economics, technical feasibility, priorities of vendors, or geographic limitations of services. These might, for instance, include privacy of the individual, effects on social and governmental policies and implications for legislative oversight. QUESTIONS 1. Is there a need for more detailed information on how TAS might be affected by advances in various new and emerging technologies in ways that might alter patterns of information use and exchange or alter the potential for using the system for improper surveillance of harassment or for political misuse of the files? 2. Who is monitoring the research and technological advances for possible incorporation in TAS at a future date? BACKGROUND The in-house cost-benefit analysis for TAS and its technical attachment refer to demands of the future, both known and uncertain. They make some general references to the growth potential of TAS and new systems, but there is no specific material describing the administrative or legislative 102

PAGE 107

standards which would or ought to govern such growth and expansion as TAS interfaces with new technologies. Yet these may range from development in microminiaturization, mass storage SyStems, electronic fund transmission, voice prints, fiber optics, satellite transmission and others not yet identified. One TAS document states: Growth of the existing system is limited to specific boundaries determined by the capabilities of the hardware now in Place. Large-scale growth, particularly the ability to support significant expansion, will require computer systems that can offer the advantages of recent developments in this field with respect to hardware~ logic, peripheral versatility, and sheet processor power. It states: History suggests that although specific areas of future rapid advance are uncertain, the advance itself is inevitable. If active competition is the best indicator of where change will occur earliest and most dramatically, the most likely areas are peripheral capacity and performance, particularly for large direct access devices; small scale specialize processors; communications technology generally, both as to transmission facilities and computer handling; and software development, particularly in the areas of communications and transactions processing, language offerings, and data management systems. The report notes wide variations in hardware architecture between different manufacturers and within some manufacturers standard product lines, and the widely differing architectural solutions to processing needs. Implementation techniques in multiprogramming and multiprocessing can differ significantly in their effects on overall performance for specific problem mixes. According to IRS, the result of such constraints in the agency procurement environment leads to use, wherever reasonable, of functional specifications and to RFp materials well suited to change and variation, but requires careful attention during analysis and design phases to ensure that timely performan complex system is indeed feasible. Technological advances were made even during the TAS desgin period in that direct access storage technology precluded find consideration Of a single completely centralized design and later storage subsystems then made this design feasible. When the IRS reconsidered it, however, it was found not advantageous. Future advances in TAS are said to be accommodated in the specifications by permitting vendors to propose upgrade replacement by presently unannounced systems on the conditions that equivalent performance at proposed prices (or less) is assured by contractor liability provisions and annual benchmark performance revalidation. 103

PAGE 108

The internal TAS report states that the private line communications network required for TAS is readily available under the existing tariffs of the Bell system. It is quite likely that Western Union could also meet these requirements. The offerings of several of the new, specialized common carriers are attractive, but it must be recognized that each is geographically limited to its service area. Although the TAS has been planned as a total terrestrial system, changes in the system are geared to the advantages and practicalities of satellite transmission which are being monitored for appropriate applications in the future, according to this document. Looking ahead to an efficient Tax Administration System and an era of electronic funds transfer systems with many financial transactions done by computer, it may be logical in the future to undertake to link the systems according to some experts. Salaries and many other items might be transmitted electronically to ones bank. Its computer may pay ones rent, utilities, insurance, and other bills. The terminal in the grocery store, restaurant, airline, or other establishment may also ring up expenses. It might be considered whether the bank each evening could work out what is owed the IRS, with deductions, and forward it along on a link to the district office, the local office in town, or to the service center. Questions might be raised as to the possible implications for privacy, due process, equity, confidentiality, technical and physical security. Others might relate to the ability of Congressional committees to conduct effective oversight of such transactions. There is no reason to think that IRS has such a supersystem in mind or that any State legislature or State Internal Revenue Office is now considering such a program, but 20 years, the life of TAS, is a long time. The needs of governments and society change. Electronic data processing is a dynamic technology. Such a scenario is technologically possible, and economic arguments for it could be advanced. 104

PAGE 109

4.6 SECURITY ISSUE: WHAT ADDITIONAL SAFEGUARDS MIGHT BE NEEDED TO GUARANTEE THE PHYSICAL AND TECHNICAL SECURITY OF THE SYSTEM? SUMMARY Any computerized information system must be made secure against theft of the information, against accidents, sabotage and the like. The Internal Revenue Service has described a number of administrative steps and computer and systems restrictions addressed to such problems. While they go far toward meeting the systems needs, additional measures might be suggested for consideration as a means to a more effective job. Furthermore, the description provided of TAS raises questions whether or not, once policy has been made for collecting, use, and managing the information, the system contains reasonable guarantees that it does not do what it is not supposed to do. BACKGROUND Public documents and Congressional testimony on TAS on the matter of security arrangements for TAS are vague, technical, and brief. They frequently blur the difference between existing safeguards and what is planned for TAS. The TAS proposal filed under the privacy Act identifies existing programs in pre-employment screening, employee compliance, on-the-job education of employees to make them aware of their responsibilities, and management controls and reviews. It states that the Service intends to continue and strengthen these requirements as a part of the implementation of the proposed redesigned system. It has limitations on terminaI access through terminal profiles which define the functions and restricts the use of a terminal; an, employee profile, and internal file which contains the function each authorized employee can perform, the identification of the specific files, accounts, sections, and access codes which each employee needs to perform official duties; the identification badge, the physical identification of a system user; the employee password; and access codes. 105

PAGE 110

It has audit trails recording how the system is used and by whom; at a minimum, according to the report, the employee identification, time, date, terminal of input, and access code are retained and spot-checked. It has restricted accounts and files which means certain data is considered especially sensitive and is given extra protection. This restricts access to a specific account, to a specific section of an account, or to an entire file. In addition to security measures to be met for file access, an audit trail of successful and unsuccessful accesses will be maintained and followed up. It has computer data checks, validity checks which verify the accuracy of the data, or systematic checks which test for postability to the data base. There is a computerized inventory of tax return charge-outs. There are data and accounting controls. Inter-Service Center activity is controlled by channeling all activity requiring data from other than the originating center through the National Communications Center. An audit trail will be maintained of all inter-service center activity. When accounts are moved between centers, additional accounting records will be maintained at the National Communications Center. The National Center will maintain a central directory of all accounts for all service centers. All data movement between the NCC and a service center will be from tape-to-tape over dedicated lines. There is a centralized system design in the National Office under the direction of one high level manager. Computer programming, procedures, writing, and equipment procurements is under this central direction. System analysts and computer programmers are not permitted to perform any production operations. This approach, it is stated, provides additional protection against unauthorized systems changes and assurance of uniform programs and security checks and controls! The TAS proposal describes briefly plans for data communications safeguards: To minimize the risk of unauthorized access to tax information through the data communications subsystem, the Service will have management and operational control of all devices which: process or are capable of processing tax information; account for the transmission of tax information; or control the transmission of tax information. All data will be communicated over dedicated transmission channels. Field terminals can only communicate with their host service center. Terminal to terminal communication cannot take place. Service center-to-service center communications must take place through the National Communications Center transmitting data from tape-to-tape in concentrated batches over encrypted lines. A number of physical safeguards are spelled out briefly. The General Accounting Office has identified a number of problem areas in these security arrangements as they apply to the present Integrated Data Retrieval System. The Office also has 106

PAGE 111

found no evidence of a present threat that would warrant cost of procuring encryption devices. It found that through proper design and implementation, TAS will be capable of providing high-level protection for taxpayer information. It reported, however, that some technical, administrative and physical safeguards now used in ADP processing had some weaknesses and needed correction within existing security procedures, methods, and controls. 29 The IRS has indicated that they are addressing some of these problems. Opinion on the panel was that the GAO had raised enough problems and revealed enough violations in the present system to suggest that some clear evidence from IRS of dealing with those problems in the new system would help those in Congress concerned about computer safeguards of the system. while it was, of course, not the function of the panel to assess those security features planned for the new system, a number of problem areas in need of possible clarification because of the brief and general descriptions prodded, were pointed out by individtual members during discussions and these will be provided separately for the assistance of the Committee. T O provide a factual basis for the Committee, these and other problem areas might be identified more fully with the assistance of the National Bureau of Standards Institute for Computer Sciences, the General Accounting Office, and other knowledgeable people in the computer industxy. In addition to these security concerns which are standard for such a computerized information system, there is another aspect of the security Problem which i S too frequently overlooked and TAS might be reviewed for this element of security. That is once policy decisions have been made for the collection, use and management of the information, once it has been determined by policymakers in Congress and the Executive Branch what it is that they do and do not want done with the technology, how can it be determined that the system d O e S not do what it is not supposed to do. While this question is an implicit one throughout the report, it bears further consideration in this phase of the consideration of TAS. 29 Report to the Congress by the Comptroller General of the United States. Safeguarding Taxpayer Information An Evaluation of the Proposed Computerized Tax Administration System. (January 1977). 107

PAGE 112

APPENDIXES

PAGE 113

APPENDIX 1 OTA QUESTIONNAIRE ON TAS AND IRS RESPONSE T ECHNO LOGY ASSESSSMENT B OARD Congress Of the United State s EMILI0 Q. DADDAR1O OLIN E. TEAGUE, TEXAS, CHAIRMAN ~Rt.CTOR CLIFFORD P. CAsE. N.J.. vlcE cHAIRMAN N OFFICE OF T ECHN O LO GY AssEsSMENT DANIEL V. D E S! MONE EDWARD M. KENNEDY, MASS. MORRls K. UDALL, ARIZ. W ASHINGTO N, D.C. 2QSI0 D13WIY D: R E C T O R ERNES r F. HOLLINGS, S.c. GEORGE E. BROWN, JR., CALIF. HUBERT H. HUMPHREY. MINN. CHARLES A. MOSHER~ oHIQ RICHARD S. SCHWEIKE% PA. MARVIN L. ESCH, MICH. TED STEVfN=i ALASKA MARJORIE S. HOLT, MD. EMILIO Q. DADDARlo July 13, 1976 Mr. Patrick Ruttl e Acting Assistant Commissioner Accounts Collection and Taxpayer Service internal Revenue Service 1111 Constitution Avenue, N. W. Washington, D. C. 20224 Dear Mr. Ruttle: In your discussion on June 28 with members of the OTA panel to consider a request by the House Ways and Means Committee to evaluate certain aspects of the proposed Tax Administration system YOU indicated yo u Would send a copy of a tax account Which Would illustrate what items of information would be entered on the computer for an individual taxpayer. 1t would be helpful to receive this In addition, several members of the panel find that they need to resolve certain questions of fact either with additional facts or by clarification before they decide what, if any, major value issues are presented by the TAS technology which merit study. We should therefore appreciate your assistance in providing information Which Would respond as far as possible to their concerns about the following matters of fact 1. 2. 3. 4. As precisely as possible under the new expanded TAS, what items of information will be placed in the taxpayers fil e and thereby linked to the taxpayers narne~ beyond the standard identifying items of address and social security number? What data items might the expanded system? What data elements in automated? Will informatio n be automated and possibly be entered in a TAS file under matching or interlocking files will b e on exempt organizations, ir.cludin~ contributors available for audit? 111

PAGE 114

5. 6. 7. 8 9. 10. 11. 12. Will private rulings go on the TAS computers ? what will be the turn-around time on the Master Fil e under the new system (a) in the National Communications Center? (b) in the Service Centers ? what will be the estimated difference between the presen t system and the new one in the time for transfer of, an d accessibility to a taxpayer file from one Service Cente r to another ? For example, from San Francisco, Californi a to Washington, D. C. and from Atlanta, Georgia to Detroit Michigan What will be the anticipated difference in the speed i n making refunds ? In rendering first billings ? In determinin g delinquencies ? In getting an account to the collection stage ? What are the categories of users who are expected to hav e access (read and/or w-rite) to TAS files under the new system ? How many employees is it estimated there will be in eac h category ? What will be the user profile for each user category, specifi cally in terms of the data items accessible ? What will be the purpose of each access granted by each use r profile ? 13. For which groups or classes of taxpayers is access grante d in the user profiles? (e.g. only those taxpayers assigne d to this user or linked directly to such a taxpayer. ) 14. Which access under which routines will be logged, and ho w will the logs be reviewed ? 15. What are the other data files that will be kept by IRS o r that will be accessible by IRS in which personal data wil l exist? What kinds of data will they contain? How will thes e files be used in conjunction with TAS ? 16. What consideration has been given to administrative and technica l security features to guard against improper use of data b y authorized users of the system for purposes other than thos e necessary for their assigned functions ? 17. Precisely which IRS functions will achieve net benefits fro m real-time access and why ? Which function may not? 112

PAGE 115

18. What is the current pattern of access via batch requests ? 19. How many personnel have access to what kinds of data in how many files? Kindly provide what statistics ar e already collected which break down personnel and data 20. What is the volume of inquiries per employee per day ? 21. What are realistic estimates for these same quantitie s in a real time environment ? Your assistance and cooperation in our effort is appreciated Sincerely yours Marcia MacNaughton 113

PAGE 116

Washing-ton, D.C. 20510 TAS. relate d concern s In addition~ you requested a copy of an illustrative ta x accounting transcript and a set of the reports prepared by the P1.iti e Corporation The sample transcript is also enclosed. The Plitr e material was sent to you earlier under separate cover We are glad to have the Adininistration System. to th e can be proticled, we would be Opportunity to explain the OTA panel. If any further pleased to help Tax assistanc ? Sincerely Patrick. $! Ruttl e Acting Deputy Commi ssioner (ACTS) Enclosur e 114

PAGE 117

QUESTION 1: As precisely as possible, under the new expanded TAS, what items of information will be placed in the taxpayers file and thereby linked to the taxpayers name, beyond the standard identifying items of address and social security number? ANSWER 1 : The Tax Administration System will enable the Service to computerize in one system data which presently exists in microfilm records and various other manual files, the Master File System, and the Integrated Data Retrieval System. The vast majority of taxpayers accounts will contain a very small portion of the data elements possible in the TAS file (See sample transcript). For example, only those individual accounts audited (about 2%) would contain audit history data, and those with collection histories would approximate 3% of which almost half would involve business accounts. The following is a listing and brief description of the possible types and elements of data: l Identification Data Account number, spouses social security number and marital status, current name and home address, including county; business address, and prior names and addresses, if any; the type of tax, tax period or accounting year; data account established; date of death (establishes filing date for estate tax returns); business activity code and cross-references to tax related taxpayers (includes spouses, principal officers in a corporation, and partners in a partnership). For exempt organizations, data concerning: date exemption ruling W a S issued, issting office, and applicable IR code section; group exemption number and number of locals; activity code and latest year return filed. l Accounting Data Account balances, transaction codes and document locator numbers; posting dates and amount of assessment, credit, payment, refund or balance due. If balance due: amount of tax, penalty and interest, date bills were issued, issuing office, date next bill should be issued or referred to field collection office if account is not satisfied. l Delinquent Collection Data If installment agreement made: amount and frequency of payments due and paid; phone number of delinquent taxpayer; the name and number of attorney and accountant; occupation of primary taxpayer and spouse, assets from financial statement submitted with agreement; date of Certificate of Non-attachment of Lien; delinquency prevention information (e.g., Federal Tax Deposit Alerts and Mr. Businessmans Kit). If service of levy becomes necessary to enforce collection of unpaid tax: institution or person served (bank, employer, etc.), and date served; how served (in person or by mail); and proceeds of levy. If service of lien becomes necessary: date send date recorded, released, modified, refiled or subordinated; county or office of recordation; lien serial number. If sale of property becomes necessary: date of saJe; type property sold; amount of redemption, proceeds of sale and amount released; minimum bid; and costs of sale. 115

PAGE 118

l Return and Audit Data Line items from tax returns needed to math verify and match entries, and those used in the identification of tax returns having a high probability of omissions or errors; prior year issues examined for tax years open under the statute of limitations; amount of change; type of examination (i.e., field, office, correspondence); level of closing (i.e., agreed, unagreed); transactions or adjustments affecting subsequent year returns (e.g., net operating loss carryover or adjustments to basis of depreciable assets); special situations encountered in audit (e.g., taxpayer records in machine sensible form or inadequate records notice issued); name of examiner, examining district, and taxpayer representative, if any. l Investigation Data Indicators to other IRS functions that an investigation has been initiated; aliases or other names used; business names and addresses; home addresses; financial institution; occupation; industry; tax years of investigation; taxes per original returns; agent assigned, location, and grade; disposition of case; years and statute sections recommended; deficiencies and penalties; reason closed; method of evasions; disposition by Regional Counsel, Justice Department, and U.S. Attorney; trial results; sentence; and judicial district. l Statistical Data The Taxpayer Compliance Measurement Program requires indepth evaluations of a random sample of specific types of returns filed. This section contains line item totals from the sample returns that are not recorded elsewhere. After examination, items adjusted and other compliance characteristics are tabulated and analyzed to determine voluntary compliance levels. The analysis is based on summary data obtained from examinations and it cannot be related to specific taxpayers whose returns were in the sample. Statistics of Income data consists of selected line items from randomly selected tax returns which is required for compilation of Statistics of Income Reports. l Assignment and Control Data Type of assignment; employee making assignment; employee to whom case assigned; date assigned; code to identify action being taken; date correspondence received from taxpayer; status code (i.e., open, closed, in suspense). When data is removed: type of tax, tax period, date data removed from computer processing system, and location of hard copy. l Miscellaneous Data County and state of residence and amount for revenue sharing purposes; and indication that election was made for presidential election campaign fund. QUESTION 2: What data items might possibly be entered in a TAS file under the expanded system? ANSWER 2: The Tax Administration System has been designed to accommodate only the data described above. In order to add data beyond that prescribed, an evaluation of the users need for data must be made; the capacity of the equipment to handle any proposed items of data must be determined; an analysis of overall costs must be considered; and, if the proposal is feasible, the necessary equipment, software and procedural changes instituted. It is estimated that the cost for each additional character of data transcribed from all the individual income 116

PAGE 119

QUESTION 3: ANSWER 3: QUESTION 4: ANSWER 4: QUESTION 5: ANSWER 5: QUESTION 6: ANSWER 6: QUESTION 7: tax returns and entered into the system is $60,000; thus, for this reason among others, we strive to capture the minimum amount of data consistent with effective tax administration. Of course, data requirements created by new legislation are added of necessity. What data elements in matching or interlocking files will be automated? Under the Tax Administration System, we do not anticipate automating matching or interlocking files beyond those existing in the present system. Data elements planned for all the TAS files are described in Answer 1 above. Will information on exempt organizations, including contributors, be automated and available for audit? Exempt Organizations data will be part of the TAS files as described in the answer to Question 1. Information on specific contributors will not be input nor will it be automated in any other way. Will private rulings go on the TAS computers? Although the text of the ruling will not be in the Tax Administration System, the Service may input identifying and control data to monitor the status of cases for management purposes. What will be the turn-around time on the Master File under the new system (a) in the National Communications Center? (b) in the service Centers? Under TAS, posting will be daily to the master file and tax account data will be available to most field offices within 2.5 weeks from receipt of return. All activity requiring data from other than the originating center will be channeled through the National Communications Center (NCC). These inter-center inquiries will be placed on magnetic tape with other data messages for dairy transmission to NCC over dedicated, encrypted lines. The NCC must then transmit the inquiry to the proper center Which will process it and send the response back to NCC for forwarding to the requesting center. Inter-center data transmissions will be a tape-to-tape process requiring five days from inquiry t o availability of the data in the inquiring center. What will be the estimated difference between the present system and the new one in the time for transfer of, and accessibility to a taxpayer file from one service center to another? for example, from San Francisco, California tO Washington, D.C. and from Atlanta, Georgia to Detroit, Michigan. 117

PAGE 120

ANSWER 7: QUESTION 8: ANSWER 8: QUESTION 9: ANSWER 9: QUESTION 10: ANSWER 10: TA S Present System San Francisco, California to 5 days 10-15 days* Washington, D.C. Atlanta, Georgia to 5 days 10-15 days* Detroit, Michigan What will be the anticipated difference in the speed of making refunds? In rendering first billings? In determining delinquencies? In getting an account to the collection stage? The returns processing cycle is five to six weeks under the present system and would be two to three weeks under TAS; thus, first billings take place five to six weeks after receipt of return under the former and would be two to three weeks under the latter. The time difference in determining delinquencies would be similar. The collection process begins with the first billing for a balance due. What are the categories of users who are expected to have access (read and/or write) to TAS files under the new system? Employees with access to TAS tax account data include personnel from the following functions or organizations: Collection, Taxpayer Service, Audit (including Employee Plans and Exempt Organizations), Intelligence, Inspection, and Service Centers. The only users permitted to change, add or delete data are specified service center and district office clerical terminal operators. How many employees is it estimated there will be in each category? Most IRS employees in our service centers and district offices are either involved in processing tax returns or need access to returns or other taxpayer data in order to perform their duties. It is estimated that under full TAS implementation approximately 5,400 terminals will be required in the ten service centers and 2,900 terminals in the major field offices.** Estimates of the approximate numbers of employees to be trained to use the TAS are:*** Data Processing 10,000 Audit 20,000 Collection 10,000 Taxpayer Service 4,000 Intelligence 3,500 Inspection 800 *under the ~rewnt sy5tem, t=payer account information is maintained at the National computer center in a centralized master file. The transfer of data using the Integrated Data Retrieval System (IDRS) requires two to three weeks from date of request to its availability through the IDRS terminal. If a transcript of the account is requested, four to six weeks is required. *Number of termina]s based on volume of transactions. *** Inc]ude5 most of the employees in these functions. 118

PAGE 121

QUESTION 11: ANSWER 11: QUESTION 12: ANSWER 12: QUESTION 13: ANSWER 13: QUESTION 14: ANSWER 14: Approximately the same number of employees in the above functions have been trained in the use of the present systems Integrated Data Retrieval System (IDRS) or have access to needed data via the other available sources in the present system such as microfilm research and hard copy transcripts. What will be the user profile for each user category, specifically in terms of the data items accessible? Details of the user profiles under the TAS have not yet been formulated. However, we anticipate that the profiles will be similar to those used in the Integrated Data Retrieval System of today. Under IDRS, user employees are authorized only those command codes required to perform their specific duties (e.g., only personnel with the responsibility for the refund review function in the service center will have that command code in their profile). Authority to use a command code other than those designated, requires supervisory approval, and such requests are controlled by the Systems Security Administrator. A listing of the command codes and the guidelines for assigning these in the profiles are provided in IRS security manuals which have limited distribution within the Service and are not available outside of the Service for security reasons. What will be the purpose of each access granted by each user profile? The command codes assigned to individual user employees are based solely on the tasks which must be performed in their jobs. For which groups or classes of taxpayers is access granted in the user profiles? (e.g., Only those taxpayers assigned to this user or linked directly to such a taxpayer.) Taxpayer accounts will not be restricted to one user. However, we are studying the feasibility of various controls on user access to taxpayer accounts in geographical areas outside of their own. Which access under which routines will be logged, and how will the logs be reviewed? All accesses will be logged; however, details of the methods of review have not been formulated. At a minimum, employee identification, time, date, terminal of input, and access code will be retained. Each service center area will have a designated Security Administrator who will have the ability to monitor terminal activity and who will be alerted if terminal entry requirements are violated. Under todays IDRS, audit trails are also maintained and daily security reports printed for the Service Center Security Administrator. On the report, circumstances warranting further investigation are indicated. 119

PAGE 122

QUESTION 15: What are the other data files that will be kept by IRS or that will be accessible by IRS in which personal data will exist? What kinds of data will they contain? How will these files be used in conjunction with TAS? ANSWER 15: A comprehensive listing of all IRS files containing personal data is shown in the Federal Register (Vol. 40, No. 166, pp. 37681-37768) as required by the Privacy Act of 1974. The only computerized files contemplated for use under TAS are those which will contain the data described in the answer to Question 1. QUESTION 16: What consideration has been given to administrative and technical security features to guard against improper use of data by authorized users of the system for purposes other than those necessary for their assigned functions? ANSWER 16: A summary of major security and privacy features in the present system and the proposed Tax Administration System (TAS) is attached. QUESTION 17: Precisely which IRS functions will achieve net benefits from real-time access and why? Which function may not? ANSWER 17: By and large, the real-time use of TAS will be an extension of the capabilities provided today by the Integrated Data Retrieval System. The following is a brief description of these benefits: Audit Real-time access through TAS will provide the Revenue Agents with rapid retrieval of information concerning accounts or tax base data related to the cases assigned. Rather than requisitioning returns as under the present system, the Agent can quickly verify data or resolve questions by using the TAS terminal. Examples of questions requiring inquiry are: Have both spouses filing separate returns claimed the same dependents or estimated tax credits? What alimony or partnership losses have been claimed? In addition, the Audit function gains the capability to more readily input information (audit adjustments, history data, and program management data). Such timely inputs are helpful to other functions as well as future audits. For example, information concerning an undisclosed bank account discovered by the Revenue Agent during the course of an audit may provide a levy source for the collection function if, at a later date, the taxpayer fails to pay the deficiency assessment. On the other hand, recordation of the resolution of an unusual item in favor of the taxpayer may avoid future audits concerning the same issue. During an audit, the capability to make complex and repetitive calculations which could take several hours or days (and are subject to high error rates) will produce significant savings in staff time, along with greater accuracy. Collection The Revenue Officer will also have the capability to rapidly retrieve pertinent data on assigned cases. Under the present system, return information concerning income and assets must often be requisitioned (taking five to six weeks) 120

PAGE 123

and much information which could be useful (e.g., data gained by a Revenue Agent during Audit) is not available to Collection personnel. Under TAS, the Revenue Officers query over the terminal will provide most of the needed data in a timely manner, thereby eliminating a great deal of the paper preparation by technical personnel delays, and clerical research which must presently be performed. Intelligence The rapid retrieval of current information will assist Special Agents in their investigations. For example, data from the Audit and Collection histories may provide valuable leads. The capability for complex calculations will also be useful. Taxpayer Service Real-time access through TAS will provide for the rapid retrieval of more information to answer taxpayer inquiries. Currently, account data for less than ten percent of the accounts is available through IDRS (those with bills or recent notices). Inquiries about other accounts require microfilm research at the service centers or transcripts obtained from the NCC. In contrast to todays partially automated processes, more data will be on-line about all accounts under TAS. Thus, the taxpayer will receive information to answer his or her questions in a more timely manner (in most instances during the initial visit to an IRS office). TAS inquiries to accounts maintained in another service center will require directory assistance and control through the NCC (as described in the response to Question 6). Inspection The Internal Audit and Internal Security functions will benefit from the capability to monitor the activities of other terminals in the system. Thus, investigations for security purposes will be facilitated. Data Processing The primary benefits of real-time access to this user will be faster unpostable resolution and error correction. Under the present system, unpostables are only apparent after the tax return or related transaction fails to post to the account maintained on magnetic tape at the National Computer Center. Since the master files are not visible at service centers, determination of the reason for the failure of an account to post requires reference to such sources as the original documents, microfilm, IDRS, and punched card transcripts from the master file. Eight to nine weeks are required to reinput and settle unpostable conditions today. Under TAS, the master file is decentralized to the service centers and the reason for failure to post is more readily available and correctable. The error correction process will also be faster under TAS. After returns are transcribed, math verification will the place stiultaneomly with the process of posting. This permits most errors to be detected and corrected during the initial inputting processes via terminals thereby assuring that most tax accounts are settled within a few hours after mathematical verification. Currently, error registers are printed daily; correcting entries are noted on them; and re-entry of taxpayer identification data and corrections are required. 121

PAGE 124

Other IRS Functions The other IRS functions have minimal or no requirement for real-time access as their applications are not time-sensitive. QUESTION 18: What is the current pattern of access via batch requests? ANSWER 18: Access to tax account information via batch requires manual preparation of a request for the transcript; supervisory review and approval of the request; transmittal of the request by mail to the service center; batch transcription on a cyclical basis (weekly) at the service center through the Direct Data Entry System (DDES); shipment of the resulting magnetic tape to the master file maintained at the National Computer Center; batch processing on a cyclical basis (weekly) at the National Computer Center (NCC); shipment of the resulting NCC tape to the service center; service center printing of the transcript; transmittal of the transcript from the service center to the requestor. At best, the request for tax account information via batch requires five to six weeks. QUESTION 19: How many personnel have access to what kinds of data in how many files? Kindly provide what statistics are already collected which breakdown personnel and data. ANSWER 19: The Federal Register lists the numerous files and kinds of data maintained by the Internal Revenue Service (See Question 15 above). A compilation of the number of personnel using these files has never been made. QUESTION 20: What is the volume of inquiries per employee per day? ANSWER 20: This information is unknown as indicated in the response to the previous question. QUESTION 21: What are realistic estimates for these same quantities in a real-time environment? ANSWER 21: Based on the IRS workload (number of audits, delinquent accounts, current IDRS usage, etc.) and considering normal growth, the Service forecasts on a peak day in one service center under full TAS implementation (1985) that up to 272 thousand requests for information will be made. This estimate approximates the number of inquiries directed to the IDRS and other sources in todays system such as microfilm research and Master File transcripts, plus the normal growth increases which can be expected by 1985. 122

PAGE 125

APPENDIX 2 IRS SUMMARY OF MAJOR TAS FEATURES PRESENT AND PROPOSED SECURITY AND PRIVACY SAFEGUARDS Present System Physical Plant and Equipment Security All computer facilities have complete electronic intrusion detection, silent trouble alarms, and related protection systems monitored at a protection console. Guard services, security lighting, and security fences are other physical safeguards. Color coded photo badges, guards and receptionists are used to control entry to the centers and to restrict the movement of personnel and visitors within an installation. Specific employees designated at each IRS office where terminals are located are responsible for security matters. Systems Security Administrator located in each center directs and coordinates security matters for the area. Pairing Plan provides back-up location for each center in the event of loss of centers computer or entire installation. NCC is backed up by a sister government agency. Copies of master files are maintained in special disaster-proof facilities. Personnel Integrity and Quality Asstiance Pre-employment screening of applicants, personnel investigations and clearances, investigations of complaints of misconduct or irregularities, and development of emp]oyees awareness of standards of conduct and security measures are features of the IRS integrity program. Proposed Tax Administration System Will continue. Will be replaced by magnetic stripe, photo badges which will be used in all offices with terminals or computer equipment. The new badge will be used to activate terminals, record the identifications of terminal users, and restrict access to data. Their use to control entry to the facility as well as to limit access to authorized areas within the facility via electronically controlled gates and automatic recordation of entries and departures is under study. Will continue. Dual purpose badges described above will strengthen security measures in all offices. Revised Plan has been outlined for decentralized TAS proposal. Sister agency back-up will be eliminated. NC will be paired with a SC. Will continue. Will continue. 123

PAGE 126

Present System Proposed Tax Administration System Personnel Integrity and Quality Assurance (continued) Supervisory reviews and approvals are required. Computers will be used to the maximum Manual quality and output reviews are made extent practicable for early detection and corwith limited computer support. rection of errors. Case terminal input operations will be monitored and checked for accuracy and acceptability during processing and prior to output printing. The scope of review will generally be based on a computer subsidiary file containing a profile of the employees experience, training, and proficiency. Independent review and appraisal of operations are made by the Internal Audit Division. Security Administrator is alerted when terminal entry requirements are violated. System design, computer programming, software modifications, procedures writing, and equipment procurements are under central direction in the National Office. This approach provides additional protection against unauthorized systems changes, and assurances of uniform programs, security checks, and controls. For example, systems or computer program changes cannot be made through terminal input. Identification data, passwords (periodically changed) command codes, terminal, account and other restrictions limit employees access to potentially active account data available through IDRS terminals (approximately 10% of the accounts). Title 26 U.S. Code 7213 provides fine or/and imprisonment and also dismissal from employment of Federal employees who unlawfully divulge tax information. (Fine and imprisonment also apply to state employees who receive tax information.) Limited disclosure to public, congressional committees, states and other government agencies required by statutes, regulations and executive orders. Improved computer assisted auditing techniques will provide greater coverage. Also online monitoring of terminal activity by Internal Audit Division (and Security Administrator) will assure better security. In addition, Security Administrator will have new capability to monitor terminal activity. Will continue. Additional employee and terminal security computer files will be provided to insure access to only the specific files and data needed to perform official duties. The new magnetic stripe photo badges, previously described, will also restrict entry to terminals and access to data. Will continue. The Service has drafted legislative changes to provide additional restrictions. TAS will accommodate such changes. 124

PAGE 127

Present System Proposed Tax Administration System Personnel Integrity and Quality Assurance (continued) Detailed procedures issued on disclosures for Additional procedures will be issued as Freedom of Information and other requests. necessary. The Disclosure Staff in the Office of Assistant Commissioner (Compliance) and Chief Counsels Disclosure Division review requests and give advice on disclosure matters. Additional procedures are being drafted for the Privacy Act of 1974. Data Controls Centralized Master File from which manually prepared approved requests produce computer print-out transcripts. Computerized recordation of requests are not made. Manual controls exist mainly for follow-up purposes. Microfilm data of a service centers accounts are available through manually prepared and approved requests and manual research. Accesses are not permanently recorded. Approximately 10% of the tax account data is accessible to authorized personnel via IDRS terminals which have computerized restrictions, controls and temporarily retained audit trails. Requests for tax return paper documents are manually prepared, approved and transmitted to the Federal Records Center or the service center. A copy of the request serves as a charge-out and replaces the return in the block bolder. The new Audit Information Management System (AIMS) and its predecessor (SCRIP) are semi-computerized methods of locating tax returns in the Audit Division. Most of the revenue accounting system controls are automated. However, some journals, reports and the general ledger are manual operations. (The accounting system has been approved by the Comptroller General. ) Numerous validity, error, and postability checks are made of every element of data which enters the system. Computerized data controls insure against loss of data between runs, programs, etc. Decentralized Master Files will be accessible by terminal operators who will input approved requests. There will be computerized restrictions, controls and audit trails. Transfers of data between SCS will be controlled by NCC. Microfilm operations will be eliminated (except for pre-TAS and old inactive accounts). Access to data by authorized personnel will be via terminal operation with computerized restrictions, control and audit trails. Practically all accesses to master file data (five years) will be via terminals which have additional computerized restrictions controls and indefinitely retained audit trails. All approved tax return requests will be input through terminals, thereby enabling the system to maintain a current computerized inventory and control of all requests, a permanent record of charge-outs, and periodic reports of outstanding returns. The AIMS will be integrated into TAS when it becomes operational. The accounting system will be completely automated under computer control, including computer generation of journals, reports and ledgers. Will continue. 125

PAGE 128

Present System Proposed Tax Administration System Data Controls (continued) Extensive library controls, trained production Will continue. schedulers and proper job and personal identification of employees prevent unauthorized access to work files and programs. 126

PAGE 129

Date 8/10/74 9/23/74 11/10/74 5/14/76 6/16/75 9/25/76 10/15/75 10/16/75 10/21/75 12/22/75 11/15/75 2/2/76 2/17/76 3/3/76 6/18/76 8/4/76 8/10/76 APPENDIX 3 IRS CHRONOLOGY OF EVENTS IN TAS APPROVAL PROCESS (Significant meetings, briefings, letters etc.) contact Memo from Commissioner to Secretary of Treasury Presentation to OMB Briefing of GAO Letter to OMB Letter to OMB Memo of Agreement Treasury/OMB Transmittal to Privacy Protection Study Comm., OMB, House of Representatives, Senate Briefing of Staff Members from Several Congressional Committees Letter to GSA Letter from GSA Letter to IRS Unions and Selected Members of Congress (Districts in prototype and alternate center areas) House Budget Hearings Letter to Honorable Charles Vanik Senate Budget Hearings Letter from OMB Meeting with Messrs. Gunnels & Rhodes, Appropriations Subcommittees Meeting with William Vaughn, Oversight Committee Purpose Information regarding TAS plans Regarding TAS plans Regarding TAS Overview Regarding TAS issues; program approval requested Regarding Summary Comparison of major security privacy features of TAS present system Submission of Report of Systems Change as required by privacy Act of 1974 Regarding TAS plans Regarding procurement approval Granted Procurement approval Regarding TAS plans Discussed TAS plans Regarding meeting with OTA Discussed TAS plans Reaffirmation of TAS approval Regarding TAS Working Document Regarding TAS Working Document 127

PAGE 130

APPENDIX 4 COMMENTS BY PANEL MEMBERS REGARDING SYSTEM DATA AND IRS COMMENTS PANEL DISCUSSION Contents Panel members agreed that in order to allay V ari OUS fears, there was a need for an inventory of just what would go into the TAS files. It was noted that in the original ambitious plans for the TAS as developed in the 1960s, it was proposed to gamer in as part of the recording process everything available in the IRS, whether it was audit, intelligence, alcohol and tobacco tax, or any other program. This was found not practical, however, according to IRS officials, and there was a decision to have a file with simple accounting information in it, with the basic data from tax returns. Questions were raised by individual panelists about the reasons underlying this decision whether, for instance, they related to costs, software, legal, or administrative problems. Under this later plan, it was thought that if a person paid taxes and WaS not audited, nothing else would be entered in that file until the next payment. The argument was that it would be only the person who continued to have a tax problem whose record would continue to be flashed on the screen someplace for further attention, and that if it could somehow be recognized that this will be a pure accounting operation, and that there are not agents who are feeding information into or getting information out of the file on a daily basis, there would be no alarm about the TAS. There was an argument that the TAS has been overly dramatized as something with a potential for mischief, but that this was not the case at all. part of the problem, according to this IRS-backed argument, is that people dont know what is in the file. TAS is, according to one IRS official, a matter of tax accounting, of dusty old account records, and not the intelligence information which the Watergate people were talking about. Yet questions arose from the panel as to precisely where intelligence files will be under the TAS. The answer was that this type of information would be in individual district offices primarily in manual form, and that the intelligence files that me presently computerized will not reside in the same computers. However, people doing investigative work would use the TAS. A S a result of these and other concerns raised by individual panelists, a questionnaire was addressed to the IRS. The IRS was asked to indicate as precisely as possible what items of information under the new TAS will be placed in the taxpayers file and thereby linked to the taxpayers name, beyond the standard identifying items of address and social security number. The response stated that the Tax Administration Service will enable the Service to computerize in one system data which presently exists in microfilm records and various other manual files, the Master File System, and the Integrated Data Retrieval System. It then provided the following listing and brief description of the possible types and elements of data: Identification Data Account number, spouses social security number and marital status, current name and home address, including county; business address, and prior names and addresses, if any; the type of tax, tax period or accounting year; date account established; date of death (establishes filing date for estate tax returns); business activity code and cross-references to tax related taxpayers (includes spouses, principal officers in a corporation, and partners in a partnership). For exempt organizations, data concerning: 129

PAGE 131

date exemption ruling was issued, issuing office, and applicable IR code section; group exemption number and number of locals; activity code and latest year return filed. l Accounting Data Account balances, transaction codes and document locator numbers; posting dates and amount of assessment, credit, payment, refund or balance due. If balance due: amount of tax, penalty and interest, date bills were issued, issuing office, date next bill should be issued or referred to field collection office if account is not satisfied. l Delinquent Collection Data If installment agreement made: amount and frequency of payments due and paid; phone number of delinquent taxpayer; the name and number of attorney and accountant; occupation of primary taxpayer and spouse, assets from financial statement submitted with agreement; date of Certificate of Non-attachment of Lien; delinquency prevention information (eg., Federal Tax Deposit Alerts and Mr. Businessmans Kit). If service of levy becomes necessary to enforce collection of unpaid tax: institution or person served (bank, employer, etc.), and date served; how served (in person or by mail); and proceeds of levy. If service of lien becomes necessary: date served; date recorded, released, modified, refiled or subordinated; county or office of recordation; lien serial number. If sale of property becomes necessary: date of sale; type property sold; amount of redemption, proceeds of sale and amount released; minimum bid; and costs of sale. l Return and Audit Data Line items from tax returns needed to math verify and match entries, and those used in the identification of tax returns having a high probability of omissions or errors; prior year issues examined for tax years open under the statute of limitations; amount of change; type of examination (i.e., field, office, correspondence); level of closing (i.e., group, conference, Appellate, etc.); type of closing (i.e., agreed, unagreed); transactions or adjustments affecting subsequent year returns (e.g., net operating loss carryover or adjustments to basis of depreciable assets); special situations encountered in audit (e.g., taxpayer records in machine sensible form or inadequate records notice issued); name of examiner, examin ing district, and taxpayer representative, if any. l Investigation Data Indicators to other IRS functions that an investigation has been initiated; aliases or other names used; business names and addresses; home addresses; financial institution; occupation; industry; tax years of investigation; taxes per original returns; agent assigned, location, and grade; disposition of case; reason closed; method of evasions; disposition by Regional Counsel, Justice Department, and U.S. Attorney; trial results; sentence; and judicial district. l Statistical Data The Taxpayer Compliance Measurexn ent Program requires in-depth evaluations of a random sample of specific types of returns filed. This section contains line item totaIs from the sample returns that are not recorded elsewhere. After examination, items adjusted and other compliance characteristics are tabulated and analyzed to determine voluntary compliance levels. The analysis is based on summary data obtained from examinations and it cannot be related to specific taxpayers whose returns were in the sample. Statistics of Income data consisted of selected line items from randomly selected tax returns which is required for compilation of Statistics of Income Reports. l Assignment and Control Data Type of assignment; employee making assignment; employ= to whom case assigned; date assigned; code to identify action being taken; 130

PAGE 132

date correspondence received from taxpayer; status code (i.e., open, closed, in suspense). When data is removed: type of tax, tax period, date data removed from computer processing system, and location of hard copy. l Miscellaneous Data County and state of residence and amount for revenue sharing purposes; and indication that election was made for presidential election campaign fund. Following are other OTA questions and IRS responses about the contents of TAS, together with comments on the responses. Matching and Interlocking Files: What data elements in matching or interlocking files will be automated? Under the Tax Administration System, we do not anticipate automating matching or interlocking files beyond those existing in the present system. Data elements planned for all the TAS files are described in Answer 1 above. Comment: It was not clear to some panelists whether this meant there can be interlocked files which are not part of another system, inasmuch as the data entry system is defined as a separate system. Exempt Organizations: Will information on exempt Organizations, including Contributors, be automated and available for audit? Exempt organizations data will be part of the TAS files as described in the answer to Question 1. Information on specific contributors will not be input nor will it be automated in any other way. Comment: This response might be clarified. Read one way, it does not seem to allow for entry of such information as a line item from a taxpayer return, or its retrieval for use in an audit. Does it mean this will not be taken from the tax return? Othenvise, it would be a simple matter to go through the files and compile a list of contributors. Does it mean there is actually no list of contributors in the computerized file, or that it is kept elsewhere? Private Rulings: Will private rulings go on the TAS computers? Although the text of the ruling will not be in the Tax Administration System, the Service may input identifying and control data to monitor the status of cases for management purposes. Comment: It is not clear how the new tax privacy legislation may affect the IRS plans on private rulings. 131

PAGE 133

APPENDIX 5 OTA MEMORANDUM: REVIEW OF INTERNAL REVENUE PROPOSAL FOR COMPUTERIZED TAX ADMINISTRATION SYSTEM (TAS) May 18, 1976 The Office of Technology Assessment was asked by the House Ways and Means Committee Chairman to review the IRS Report on its proposed tax administration system (TAS) for its security and confidentiality safeguards, without which, it was feared, the system could become a system of harassment, surveillance, and political manipulation. In particular, the Chairman of the Oversight Subcommittee indicated interest in legislation which would legislate principles about the use of such equipment, including such matters as access, audit trails, and transfer of tax returns between regions. OTA Approach T O respond to this request, OTA proposes to convene an appropriate panel whose charge will be to advise OTA on how to proceed with this assessment. It is planned that such a panel will meet during the week of June 7. This early date is necessary to meet the needs of the hearings planned later in June by the Oversight Subcommittee. Summary of System The Internal Revenue Service has redesigned their basic data processing system to decentralize the taxpayer account files to the ten existing service centers. The former site of the centralized tax account files, the National Computer Center, will be converted to a centralized account directory and control point for intercenter activity. The information in each centers tax account files for taxpayers in its geographical area will be accessible for use by specifically authorized personnel in major IRS offices. The new system (TAS) is a totally integated system involving processing, storage, data communications, and terminal facilities. The Center will control data exchange between centers and maintain a directory of each centers records so that an account is not kept on file at more than one center. Data communications between field locations and host service centers will be provided by a Data Communication Subsystem consisting of dedicated, leased data transmission lines, data communication processors located in each Service center and the NCC; programmable data concentrators; testing and encrypting equipment; and modems to interface with terminals remote from the service centers. This TAS report raises a number of important issues when its possible impact is considered in connection with the following trends and developments: (1) The documented problems of privacy invasions and improper disclosure which have arisen in the administration of the tax laws, and which have been investigated by the Watergate Committee, the Select Intelligence Committee of the Senate, and other Committees. (2) The recent and continuing effort to create national data centers either by aggregating data and providing central storage facilities or by linking compatible systems once they are individually established on a decentralized basis. Examples of recent Congressional concern over such efforts is found in the 1974 controversy over FEDNET, the interagency computer project planned by the General Services Administration without adequate Congressional input on the policy of systems linkage or computer security and software guarantees. (3) The inherent problems of human error in the administration of vast information systems when magnified by computer-assisted programs when they are planned hastily or administered sloppily, with the consequent aggravation to taxpayers and expense t o government. 133

PAGE 134

(4) (5) The current unsatisfied search in government and the private sector for development by the computer industry of standards which will provide maximum guarantees of security and confidentiality for sensitive personal information. Recent GAO reports on computer-relakl crimes need to be evaluated for their relevance to Internal Revenue data systems. The major question, always in delicate balance in negotiations between the computer industry, Congress, the executive branch agencies, and interest groups, as to whether or not the management benefits to government from such an extension of computer technology for information control will outweight its possible negative impact on the individual, on society, and on the state of civil liberties. A subissue of this question involves the current debate in public administration circles over whether, in certain programs, centralized or decentralized administration is desirable. In the case of the Internal Revenue Service, which has the most sensitive data on every taxpayer in the country, there is a question of the internal decentralization of the Agency as well as the debate over the separation of the computerized systems of all of the Departments and agencies. The decision whether or not to computerize, and under what conditions, was a major philosophical and public administration issue in the sixties as government agencies experimented with new computer systems. The Special Subcommittee on Privacy of the House Government Operations Committee, the Senate Judiciary Subcommittee on Administrative Practice and Procedure, and the Constitutional Rights Subcommittee compiled extensive hearing records of social and scientific commentary on the social impact of computer technology. Although the general warnings issued in those years are as significant for those planning and programming new systems today as they were in the early years of computer technology, the issue is frequently lost as government managers and Congress consider later generations of computers and extensions of existing systems. It seems to be assumed that the issue of the beneficial versus adverse impact on society was decided for all time; yet for some purposes, it is a continuing policy issue which is even more important today as the space narrows between the individual and the information technology which government develops to administer the laws affecting peoples personal lives. There needs to be consideration of the extent, if any, to which computer technology is expanding the power of government or promoting a de facto change in the constitutional framework for making decisions about people. Before they are funded, the question, Why go further?, needs to be asked for each major data system, and the technical and administrative conditions surrounding a decision to proceed should be carefully examined. This is particularly applicable to the Internal Revenue Service. This gap in Congressional oversight was recently the subject of a comment by the Administrative Conference of the United States in a major report issued in November of 1975 on certain issues of privacy, confidentiality and due process involved in the administration of the tax laws. The report stated, Our study has led to an awareness of other topics that could profitably be examined by the Administrative Conference or by others. One might examine the impact of IRSs computers upon both the operations of the Service and society at large. The report noted that twelve committees and subcommittees of Congress have devoted investigative and hearing time to the Internal Revenue Service affairs. Despite the oversight by individual members and by committees, I have not yet found a concerted Congressional effort to confront the unique policy problems raised by the combined issues of efficient administration of the tax laws of the country, of civil liberties concerns, of governments records management programs, and computer technology. There is a dearth of technological expertise and resources for such oversight on a continuing basis. The request to OTA by the House Ways and Means Committee appears to represent the first such opportunity in many years for such an evaluation. 134

PAGE 135

Computer Legislation The Chairman of the Oversight Subcommittee of the House ways and Means Committee expressed the hope that the OTA report on TAS could assist in legislating certain principles relating to computer software and hardware, such as security and audit trails and other matters. As they may be aware, in addition to certain general laws on data management and on procurement of computer equipment, Congress has already legislated a useful framework for developing specific guarantees for computerized management of tax information. Privacy Act of 1974 The Privacy Act of 1974 requires each agency to take certain actions with respect to its records systems, and these mandates bear on their plans for new computer technology as well as the politics of their information programs. Included is the requirement to maintain all records used in making determination about any individual With such accuracy, relevance, timeliness, and completeness as is reasonable necessary to assure fairness to the individual. Secondly, each agency must establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained. Third, there are certain access and disclosure guarantees, and the Senate Government Operations Report on the bill discusses the relationship of these for computer technology. They are rather general, for the press of Committee time prevented detailed focus on the procurement needs of specific programs such as that of the Internal Revenue Service. (Law enforcement needs were addressed there as well as in comprehensive legislation and reports in the Senate and House Judiciary Committees.) Fourth, each agency must provide adequate advance notice to Congress and the Office of Management and Budget of any proposal to establish or alter any system of records in order to permit an evaluation of the probable or potential effect of such proposal on the privacy and other personal or property rights of individuals or the d.isclos~e of information relating to such individuals, and its effect on the preservation of the constitution~ participles of federalism and separation of powers. The question is left open as to what safeguards are appropriate for each system or data bank. Similarly, the evaluation of probable or potential effects is undefined by the statute, and is therefore dependent on the concerns of whatever executive or legislative policy-maker is looking at the proposal. It also provides a broad fraework for comments by concerned interest groups on possible effects of automatic data processing proposals. However, while the agencies, including the IRS, are required to make such reports to Congress, there is no effective place which is equipped to question the authority to proceed with the new system on privacy, security, or confidentiality grounds, except at some point in the Appropriations hearing processes, if the issue is raised in a timely manner by a concerned member. In the case of the TAS proposal, the OMB has been said to have given programmatic approval but apparently has not approved the kinds of technological guarantees envisioned. Nor is it indicated in the report what individuals or gr OUPS were consulted in developing the softwme and hardware standards to protect the data. Was there an internal task force? If SO are the reports available on it? Was the Computer Center of the National Bureau of Standdards involved in the development of the standards to be required? The Privacy Act also requires the Privacy Protection Commission to conduct a study to determine whether the Internal Revenue Selvice should be prohibited from transferring individually identifiable data to other agencies and to agencies of state governments. A determination of this question may make a difference in the capacities of the new ADP system of IRS. 135

PAGE 136

Major Unanswered Questions in the TAS Proposal There are a number of questions left unanswered by the IRS TAS report which legislative policy-makers would wish to answer in light of current public and congressional concerns, before such a system is funded. For example: Decentralization, Accountability and Oversight for Privacy and Confidentiality; There is the issue of the effect of the technology on IRS internal administration and agency accountability to the Commissioner of Internal Revenue Service, to the President and to Congress. Congressional hearing records indicate serious problems in accounting and controlling the investigative and data-gathering activities of personnel in field offices under the present system. Yet the new TAS would require a massive decentralization of tax account masterfiles, with 8300 terminals in 10 centers and major field offices, with 750 line printers. This means that more tax return histories will be available all over the country potentially to thousands of employees or others with routine, customary, or unique access to the system. It will require more civil servants keeping more information on more taxpayers for a longer time than ever before in our history. The problem of guaranteeing proper use and security to such sensitive personal information is administratively and technologically difficult in the present system. Securing it on the basis of such a far-flung decentralized administration of the information system, with the aid of an extensive ADP system, raises even more serious questions of administrative control and accountability in the use of the personal information. On the other hand, it can be argued that, under certain administrative and technical conditions, pursuant to specific laws governing disclosure, collection, retention and use of the information, the computerization might well afford even greater guarantees of privacy, confidentiality, and security than would the manual systems. The report states that many of the features of the new system for safeguarding confidentiality and security are already in effect the present system, which, in view of recent reports of abuses, raises the question whether more stringent controls are not called for. Compatibility and Systems Linkage with Other Federal ADP Systems In U.S. and Abroad Surveys have shown that many, many federal departments and agencies utilize tax returns or tax return information in administering the benefits and rights of many Federal programs. Investigations have shown broad indiscriminate sharing of the data in some cases, without proper authority, and individual and group acquisition of tax information for political purposes. Other agencies use it for random cross-checking. Numerous reviews of such sharing and disclosure are now underway. The report on the TAS proposal does not address the subject of specifically what other government agencies will feed the IRS system for enforcement or other purposes, or will access it on a regular basis for cross-checking for compliance purposes. Nor does it discuss in detail the potential for compatibility or linkage envisioned for federal, state, local, or indeed, international data systems to assure total coverage of the financial transactions of Americans at home and abroad. Yet these are issues which have gained new importance recently, and which are very much related to the kind of programming needs and technological capacities of the new ADP systems. The lack of citizen education about guarantees possible under new computer technology and the apprehension about having all tax return information potentially instantly available to people in the taxpayers own community or region therefore need to be considered in connection with the new proposal. Despite the fact that there are many current proposals for limiting this type of data sharing, or, on the other hand, for expanding it in some cases, the report on TAS merely notes that None of the proposed changes in the Tax Administration System will effect the existing interagency or intergovernmental informational relationships, nor are they expected to impact on the observance 136

PAGE 137

of the principles of separation of powers and of federalism, including the powers and authority of state and local governments. Yet these are the very relationships which are under investigation by many in Congress and elsewhere. Despite this statement, the TAS report refers elsewhere to pending reforms and states that the Treasury Department has proposed a comprehensive statutory revision of present law which would substantially restrict access to this information, and would spell out who would have access to this information, for what purposes, and under what circumstance s. Will the new TAS system be designed then, under the old rules, or the new ones? The inconsistency should be resolved here. Problems of disclosure of entire tax returns, or of information from them, have been the subject of extensive hearings by congressional committees and the Privacy Protection Commission and study by the Administrative Conference. Recent findings by the Watergate Committee and the Senate Intelligence Committee this week led to recommendations for tight legal prohibitions on access to certain kinds of tax data and on investigations of the returns of unpopular or controversial people or businesses beyond the needs of the tax laws. To meet the concerns of Congress for protecting this kind of information, it may be necessary to consider the need for machines with extraordinary devices and software used so far only in law enforcement work for data sharing and limited access. Two examples of the potential for linkages and compatibility on the domestic and on an international basis were described by the Commissioner of Internal Revenue service in testimony before the House Government Operations Committee Subcommittee on Commerce, consumer, and Monetary Affairs on April 12, 1976. He described the IRS efforts to process on a nation-wide scale the information documents filed by employers, payers of dividends and interest and to match them with the returns of taxpayers or of non-filers of returns. In the sixties, and even now, the IRS was unable to undertake the large scale processing needed to match returns and documents in the face of budget restrictions and lack of resources and personnel. It gradually extended its automatic data processing capacities until 1967, when it finally had a computerized master file of individual income returns operational for the entire country. It has now perfected the recording of the social security numbers in the individual master file. It expects, when it finally acquires appropriations, to get total matching and to cover 4.8 million taxpayer cases of erroneous reporting and non-filing, thereby collecting additional revenue of over $260 million. Data Sharing With Social Security Administration The Commissioner cited a new wage reporting law as looking to cooperative effort between IRS and the Social Security Administration in processing W-2 forms beginning in FY 1979. IRS will be studying the alternative methods of joint document processing with SSA for whatever cost advantages may be found in that regard. The social and political implications of this pooling of resources by the two departments with the most extensive information on the average law abiding citizen have not been explored; nor have Congress and the public been involved in determining the conditions of the sharing. International Programs Other international programs are underway by IRS to standardbe reporting forms to make them machine readable and easily processed by ADp equipment in the U.S. and abroad. There is an IRS proposal to supply other countries a number (the social security number?) to promote ease in reporting on financial transactions of Americans abroad. 137

PAGE 138

Connection With Other Federal Law Enforcement Computers It is not clear from the IRS report on TAS what, if any, connection there is between the data in TAS computers and other Treasury and Federal computerized data systems maintained for intelligence purposes. The IRS Intelligence Division is linked to the Treasury Enforcement Communications System (TECH) which accesses and is accessed by the FBIs National Crime Information Center, which is linked to state and local law enforcement offices and some state motor vehicle agencies. In 1974, the Intelligence Division began operating over 30 TECH terminals nationwide, which gives them instant access to NCIC files on individuals and businesses of current investigative interest to all Treasury Enforcement agencies. For years, the Justice Department, through the Law Enforcement Assistance Administration, has funded research to find administrative methods and technology to promote efficient management of law enforcement records and data swapping among certain federal departments and agencies and between federal, state and local law enforcement. Model codes and state laws on these matters have been adopted by a number of states and state computer centers have been established with tight physical and administrative controls as a condition for obtaining federal grants and for sharing in the information exchange. Comprehensive legislation on the specifics of data control and exchange and on the details of the computer technology has been the subject of long negotiations between the Justice Department and Congressional Committees. The outcome of this debate may or may not affect certain data elements and retrieval and storage capacities of the TAS plan. The plan should be studied for its relationship to the current efforts to exert controls over the computerization and sharing of intelligence information on people. Summary A number of Congressional committees, members of Congress, Federal agencies, and other groups have demonstrated interest in this subject. I have talked with staff members of most of them, and have examined their hearings, reports and other documentation of their concern about possible links between IRS computers and information systems and such issues as privacy, confidentiality, and civil liberties. To varying degrees, all of them have proposals for reforms in the administration of the tax laws to tighten up the system and protect the privacy of citizens and the confidentiality of tax returns. Depending on which reforms are finally enacted, the changes may alter existing relationships for information exchange and for actual and potential linkage between IRS systems and those of other Federal departments and agencies and state and local governments. In addition, they may well affect many phases of the management technology involved in information collection, storage, maintenance, retrieval, use and dissemination. These changes will require at least some measure of reevaluation of the software and hardware needs for the proposed decentralized computerized system, and possible new procurement standards governing access, confidentiality, security, transmission, systems linkage, storage capacity, retrieval capability, and other features. This analysis of some major concerns suggested by the new plan does not ignore the obvious economic and management benefits of such changes, but rather is meant to focus on some large issues which, on first glance, appear either to have been ignored or not specifically addressed in the official explanation of the TAS. It may be that some of these are matters which can be explained away or resolved easily. The plan should be studied from a philosophical and social theory view, as well as from a privacy and civil liberties perspective. It needs the comments of experts who understand the political and administrative changes being considered in the context of the technology sought to effect them. 138

PAGE 139

In addition, it requires the perspective of public administration, with a concern for organizational theory and the physical and human elements which would be required for a successful operation. Such a perspective would bring also a concern for the problems of span of control and the relative benefits of administration by means of field structure versus centralized structure. The plan then requires some economic analysis to consider anew the cost-benefits ratio when these other factors caused by the possible social and individual impact of the plan have been added to the equation. The following are among sources examined in connection with the proposed Tax Administration System: U.S. Congress, House Committee on Ways and Means. Hearings, Confidentiality of Tax Return Information. 94th Congress, 2d Session, January 28,1976. U.S. Congress, House Committee on Government Operations, Subcommittee on Commerce, Consumer and Monetary Affairs. Hearings, Internal Revenue Service Operations, Income Information Document Matching Program. April 12, 1976. U.S. Congress, House Subcommittee on Government Information Individual privacy. Hearings, 1974,75, 76. U.S. Congress, Senate Committee on Finance, Subcommittee on Administration of the Internal Revenue Code. Hearings, Federal Tax Return Privacy, April 21, 1975 and January 23, 1976, Parts I and H, 94th Congress. U.S. Congress, Senate Appropriations Committee, Subcommittee on Internal Revenue Service, etc. Hearings, 1974, 75. U.S. Congress, Joint Committee on Internal Revenue Taxation, Committee Print, Investigation of the Special Service Staff of the Internal Revenue Service, Prepared for the Joint Committee by its Staff. 94th Congress, 1st Session, June 5, 1976. U.S. Congress, Joint Committee on Internal Revenue Taxation, Staff, Confidentiality of Tax Returns Committee Print, September 25, 1975, Prepared for the use of the Committee on Ways and Means. U.S. Congress, Select Committee to Study Governmental Operations with Respect to Intelligence Activities, Final Report. 94th Congress 2d Session, April 26, 1976. Recommendations, Internal Revenue Service. p. 313. U.S. Congress, Senate Judiciary Committee Subcommittee on Constitutional Rights. Political Intelligence in the Internal Revenue Service, Special Services Staff. Administrative Conference of the United States. Report on Internal Revenue Service Project. (Draft, November 1975) Especially, Ch 6, Tax Return Confidentiality. U.S. Privacy Commission. Hearings, March 1976 Tax Return Privacy; Testimony and proposed disclosure code developed by the Commission. U.S. Advisory Commission on Intergovernmental Relations. Report. American Bar Association Tax Section. (Comments) American Civil Liberties Union. (Comments) Tax Reform Research Group. (Comments) 139

PAGE 140

APPENDIX 6 CONSIDERATIONS REGARDING OTAS RESPONSE TO CONGRESSIONAL COMMITTEE REQUEST TO REVIEW PROPOSED COMPUTERIZED TAX ADMINISTRATION SYSTEM (TAS)* I. SOCIAL AND POLITICAL IMPLICATIONS June 8, 1976 A. B. c. D. E. F. G. Is TAS consistent with a free society? What is new or unique about the capacity or potential of the system as a management support tool, as an operating mechanism, as a law enforcement tool, and as an instrument of surveillance? In those segments of the public and private sectors which are now affected by the IRS information policies, what trends and processes could be accelerated, aggregated, improved, or set in motion by instilling the new compterized Sytem? What new groups will be brought more effectively into the administration of the tax laws who are currently under-audited, overlooked, ignored, under-represented or underserviced? Who benefits and who stands to lose? What relationships among institutions might be established and what current ones affected? What are the political implications, beneficial a S well adverse, of the new system for governmental control over the individual and over the general population? What issues are raised involving use of a unique identifier, or one social security number for every taxpayer which would be required to administer TAS? II. CONTROL AND ACCOUNTABILITY A. How can the Congress satisfy itself that the procedures initially proposed under the TAS are adequate with regard to security and confidentiality? B. How can the Congress monitor the operations of the system in order to satisfy itself that new opportunities to breach security and confidentiality have not developed or been created within the system? What review of the system should be planned, at what stage, and how frequently? c. H OW could the new system affect committee oversight and chances of satisfactory accountability to Congress by the Internal Revenue Service for the equitable administration of the tax laws and proper gathering, use, and management Of taxpayer information? (1) by the rest of the Executive Branch? (2) by governmental contractors and other users? *some of the5e suggested issues, which are by no means inclusive, are standard ones which could be raised for any properly-constructed automated data processing system containing personal information; others might be standard for any governmental or federal system; others reflect possible special concerns of Congress as an institutional guardian of civil rights and liberties; others indicate possible concerns of individual legislative policy-makers with special constituency interests in privacy or fair administration of the tax laws. 141

PAGE 141

III. FEDERALISM A. Howwill TAS affect the present Federal-State relationships indealing with taxpayer information? Can or will TAS be used directly or indirectly to assist state income tax collection and their administration of other programs? Will development of TAS promote initiatives to combine or share state and local systems? IV. PRIVATE SECTOR A. How could TAS, or future generations of TAS computers, affect the relationships between the IRS computerized system and those of private organizations, institutions, and businesses who want to reduce paperwork, provide data to IRS on tapes, or possibly access the system and retrieve from it by electronic funds transfer? v. IMPLICATIONS FOR THE INDIVIDUAL TAXPAYER A. What could the new system mean for the potential of the IRS and the rest of government to investigate the individual? B. What could TAS, and future generations of TAS, mean in terms of the individuals ability to start anew in society? c. How may the new system affect the taxpayers control over what personal and financial information is supplied to government and the persons participation in how it is shared, transferred, manipulated and managed? D. How may the new system affect, for better or worse, the quality of service to the taxpayer? Will increased speed in transactions and transfer of information necessarily mean improvement in protection of privacy, relevance of data maintained, confidentiality, and accuracy and timeliness of records? VI. LEGAL IMPLICATIONS A. If the new system is installed, are existing statutory standards, guarantees, and sanctions governing federal information policy adequate to safeguard: (1) the privacy of the individual? (2) the confidentiality of taxpayer information? (3) the security of the system? B. How could changing concepts of privacy and constitutional rights in the courts and Congress affect the system? VII. ECONOMIC IMPLICATIONS A. Does TAS raise unexamined economic issues? 142

PAGE 142

B. Could intensified regulation mean increased control over the individual taxpayer, resulting in more coercion being applied to the system through comprehensive auditing, followUp techniques, and stepped-up prosecutions, with the possible consequence of reduction in the level of voluntary compliance? c. Is there a need for the application of a cost-benefit analysis involving factors other than those of cost, and efficiency involving the social and political trade-offs? VIII. ADMINISTRATIVE AND MANAGERIAL ISSUES A. B. c. D. E. F. G. H. Does the proposed TAS raise issues of need for administrative and management changes in overall processing methods? Does the proposed TAS raise issues concerning the tolerance of the administrative structure and manpower capacity of the Internal Revenue Servicew to carry the load of technology involved? Can the system get too large, the data bank too unwieldy, for administrative purposes? What kinds of detailed management information does Congress need t O know to evaluate the impact of the extended ADP System on the individual and gr OUPS it should serve? Is there a need, for instance, to address such questions as: (1) How many employees are in each Service Center now? (2) How many more will be added at the: (a) Service level? (b) Supervisory level? (c) Clerical level? (d) ADP level? (3) How many more in national office for each functional area? (4) Where is responsibility for each stage of the system? (5) What is the span of control? Does TAS raise issues of the accountability of the administration of the tax programs as they may bear on the privacy and other rights of taxpayers to: (1) the Commissioner of the Internal Revenue Service? (2) the Secretary of the Treasury? (3) the President? Will they be able to keep track of what IRS and other government agencies are doing with the data, how they are aggregating, manipulating, and sharing it? What issues are raised by the network feature of the system? How will the proposed system relate administratively to other IRS and Treasury data systems and to other governmental data banks and systems? Who could access it, feed it, retrieve from it? Does TAS present issues of controlling abuses of authority by political administrators and management officials? Should these and other issues of administration and management be addressed in legislation as opposed to regulations? 143

PAGE 143

IX. TECHNICAL ISSUES A. Do the size of the proposed system and its network features raise issues of the wisdom of it and its technical feasibility? B. Does the proposed system raise problems of guaranteeing sufficient technical safeguards for maintaining the integrity of taxpayer information and protecting it against unauthorized use? (1) Has sufficient attention been accorded those various components of information management which are necessary for the type of personal and business information contained in the new system including such matters as: (a) partitioning and segmenting of files, (b) data input, storage, handling, (c) record identification, (d) media control, (e) programming techniques for security, (f) software documentation, (g) data elements, (2) Has sufficient attention been accorded the establishment of technical guidelines and administrative regulations to govern computer system and network controls including such matters as: (a) user identification, (b) terminal identification, (c) data access controls, (d) data encryption, (e) security auditing, (3) Has sufficient attention been accorded needed aspects of physical security? x. OTHER ISSUES 144

PAGE 144

APPENDIX 7 COMMENTS BY TAS PANEL MEMBERS 145

PAGE 145

APPENDIX 7a Columbia University in the City of New York New York N.Y. 10027 DEPARl_h4ENT OF POLITICAL SCIENC E 420 West 11 i3th Stree t November 7 1976 Ms. Marcia MacNaughton Office of Technology Assessment Congress of the United States Washington, D.C. 2051 0 Dear Mar i a: I received earlier this week the Draft of the OT A Review of the Proposed Tax Administration System of the Internal Revenue Service, and have read it closely. My detailed comments and queries have been written on the pages of the draft, which I am returning with this letter to facilitate your review of them. Overall, in my capacity as Chairman of the Panel asked to advise OTA on possible review of the TAS system, I am very pleased with the draft you have prepared. 1. First, it is exactly the kind of technologyassessment directed to issues of civil liberties social effect, politica l impact, and intergovernmental relationships that I have lon g believed Congress should conduct when very large-scale computerized information systems such as TAS are proposed by Executive agencies. 2. Second, if OTA follows through on one of the options presented on page 2 of the Draft Summary, that is by having OTA actively assist the Subcommittee on Oversight of the Ways and Means Committee, that would meet one of the most serious deficiencies that I have noticed occurring whe n congressional subject-matter committees review the information system proposals of executive branch agencies: the usual lack o f varied expert advisors covering all the requisite disciplines an d perspectives to help the Congressional staffs and Committe e h!embers hold sufficiently authoritative inquiries. An OT A assessment effort geared, in whatever form, to support directl y the Congressional inquiry i.s what as complex and potentiall y influential a system as TAS merits -by its dollar costs its potential effects on IRS organization and procedures and i-ts potential effects on taxpayers and our national ta x system. 147

PAGE 146

3. Third, were I a top official in the Internal Revenu e Service, I would view such an OTA review as the best possible preparation for the predictable response of the media, public interest groups, civil liberties groups, business groups IRS-law specialists at the bar, and many members of Congress beyond the Ways and Means Committees. The questions proqounded in this Draft Review are tough ones. They assume things can go wrong in even the best-intentioned information systems of the size, complexity, and novelty of TAS, a judgement that the first two decades of computer use in large organizations amply supports. The Draft assumes that a penetrating review now may flag some issues that only Congress can properly deal with in our political system; some that may require explicit rules and procedures set down by IRS; and some that will inevitably be dealt with by the courts. The Review also assumes that projecting forward into the late 1970s and 1980s some of the serious violations of confidentiality and breaches of security that have been disclosed in the handling of IRS data during the past decade is a necessary way to challenge proposed safeguards. In short --without having exhausted the kinds of tough-minded questions that have been assembled in this Draft-this is just the kind of advance probe that should help IRS to anticipate problems. formulate meaningful answers, and reconsider its own assumptions. 4. Fourth, I am pleased that this Draft makes the vital distinctions between matters of privacy and due process on the one hand and security on the other hand. While I have not seen the GAO report on TAS, my conversations with several GAO officials confirms that theirs was and is a report addressing primarily physical security. It cannot be considered a full technological assessment of the entire spectrum of privacy, due process, and system-secmity aspects of TAS. Therefore, I share the Reports judgment that the comprehensive examination it proposes has not yet been done, and needs doing. 5. Fifth, I regret that it was not possible for OTA to convene our full panel for a second meeting, following our receipt of this Draft. Had this been possible, we could have had a useful exchange of views by all panel members about the strategy of this kind of assessment, its component issues, the types of responses of fact and judgment that are required, and many tantalizing matters mentioned in the Draft but postponed for now. This is not in any way a criticism of the excellent, sustained consultation that has been done with me as the Chairman and with the individual panel members. I can recognize many fine contributions of our group in what is presented here. However, in the spirit of Jacqueline Susans novel, once is not enough for a panel of varied experts, who have not worked together previously, to give OTA the measured estimate that I believe 148

PAGE 147

it needs even in a preliminary review. A second meeting not having been possible, however, I regard this Draft as a fine and useful contribution. 6. Finally, I would like my letter to express to OTA my great support for its entrance into the assessment of information systems such as TAS. It is hard to think of any technology more significant, and more likely to become even more significant in the next 25 years, than computer and communications technologies. W e have seen criminal justice information systems unfold without ~ in my judgment Congress having had an early enough and stron g enough role in assessment Ahead lie the likely Systems fo r a national health insurance system, a welfare-reform program and for government reorganizations of the kind that President-elect Carter has firmly promised. I suggest that a sound and searching review of TAS by an appropriate OTA-assisted effort, in conjunction with Congress, would be an excellent first step by OTA into an area that needs its attention. To be sure) there are other important actors in the process, from the General Accounting Office and the National Bureau of Standards to important private and semiofficial bodies, such as the National Academy of Sciences. In my view, though, OTA has the best and broadest mandate to consider every aspect of a technological innovation or application, and I strongly urge it to do so in the case of TAS. I would be happy to help in any further way in the preparation or presentation of this Report. Please dont hesitate to call on me. Alan F. Westin Professor of Public Law and Government Panel Chairman 149

PAGE 148

. 8T. LOU1S. MISSOURI 6813 0 DEPARTMENT O F SOCIOLOGY Box 1113 (314] 863-0100 STA. 4430 July 28, 1976 Congress of the U. S. Office of Technology Assessment Washington DC 20510 Attn : Ms. Marcia MacNaughton Dear Ms. MacNaughton: Enclosed is a draft of some of my comments on TAS. Hope they are helpful. Sincerely /=3 151

PAGE 149

Working Paper July 23, 1976 Robert Boguslaw Comments on the Proposed Computerized Tax Administration System I The System Description Book A. The Selection Method (p. 1-12 ff) In explaining the technical basis for selection of the TAS, it is stated, In any problem-solving endeavor, the fundamental method remains constant: first determine, define, and describe the problem; second, consider and evaluate potential solutions in accordance with criteria established by the nature of the problem and of the problem-solver; third, select the most favored solution in accordance with the evaluation; last, acquire and apply the solution. Comment The very next sentence in this text begins by saying, When this method is employed to reach a large automated solution? that is a computer system... There is nothing at this point to suggest that the problemsolving endeavor must or should lead to a large automated solution. Sound problem-solving practice, on the contrary would presumably insist upon a detailed consideration of the steps stated in the opening paragraph. The mode of reasoning and expression actually used presupposes the solution, i.e the development of a new computer system. It raises the question as to whether we are being confronted with what is essentially a prefabricated solution in search of a problem and a constituency rather than sound problemsolving behavior. I am not suggesting that there has been any deliberate or conscious effort to circumvent appropriate system analysis? design and evaluation techniques. The fact of the matter seems to be that the ground rules under which this analysis was carried out implicitly required the analysts to adopt what is essentially a subsystem or bureaucratic perspective. They assumed as immutable givens --like the rising and setting of the sun or the rotation of the earth-such matters as the corpus of regulation and law whose penultimate creator is the Congress of the United States. But what this creator has wrought, presumably,it can undo or.modify after the fashion of creative creators= With the establishment of the Office of Technology Assessment~ it is possible to regard much of what previously was regarded as unalterable as now being subject to change. A meaningful cost benefit analysis under these conditions would seem to require that Congress be presented with the costs in both money~ time and justice of its tax structure. For example, one might well wish to examine the question about the benefits to be derived from a thoroughgoing simplification of the tax code. At what point would simplification obviate the necessity for TAS? What other benefits could be derived from this? Nothing approaching such an assessment seems to standable reasons) in connection with the work alternatives considered are various computer or selection method specifically did not include tax administration systems. 152 have been done (for underleading to TAS. The only hardware systems. The consideration of alternative

PAGE 150

Working Paper JUly 23, 1976 Robert Boguslaw B. Satisfaction of Service Requirements The approach taken to select the TAS design has produced a system that fully meets the expressed user needs. ... (p. 1-13) It-is not at all clear who the users of the system are and the sense in which their needs have been met. Here again the difficulty seems to arise from the fact that the perspective used in connection with TAS is one limited to subsystem concerns. The users of the system may well include members of Congress, the general public, as well as employees of IRS. Certainly the concerns for individual privacy as well as responsibility for insuring it extends to these users. There is no indication, however, of the details of the methods used to assess user needs or who has been defined as a user. Without such a specification ncne of the following considerations are at all clear: 1) What problem TAS is designed to solve. 2) For whom does the problem constitute a problem. 3) Who has a need to know various classes of information. 4) How is invasion of privacy to be defined, i.e. who does not need to know various categories of information. 5) The reasons, i.e. the value premises, which state that a need is a need and an authorized person is an authorized person. For example, does the need of an incumbent president to win an election constitute a legitimate need? Does the need of an administrator to maximize his budget allocation constitute a legitimate need? If not, there seems to be nothing in the TAS proposal to this point which makes clear the basis for these or contrary value judgments. User Requ irements All users desire quick access to taxpayer account data (p. 2-14) It is clear from the discussion under this heading that immediate on-line access is not required for many aspects of IRS administration. What causes the need for immediate access? Is there legislation which could modify or eliminate this need? In cost benefit terms how much is such immediate access worth? i.e. what costs would be incurred by a system providing something less than immediate access? Here again it is apparent that the designers of TAS necessarily used the assumption that the existing structure of tax legislation would remain essentially unchanged or that it would increase in complexity as time went on. No consideration was given to the possibility that previous experience could be reversed --that tax law and associated procedures might be simplified. NO cost benefit analysis was prepared to demonstrate the relative costs and benefits of legislative or administrative items contributing to increased complexity and the need for expensive hardware and software. c. System Analysis and Design Here well-supported requirements. one must dispute the concluding statement that on technical and cost-benefit foundations, and (p. 3-17). As I have previously suggested, the 153 The design is meets all user analysis was

PAGE 151

Working Paper July 23, 197 6 Robert Boguslaw conducted from a perspective that did not contemplate possible serious modifications of recent trends in the direction of an ever-increasing complexit y of tax law and administrative regulations A system analysis of the Federal tax system has not been done. A cost-benefit analysis of significant elements in the existing system versus possible alternatives has not been undertaken This is not to suggest incompetence or worse on the part of those who have undertaken the analysis and design. It is simply to suggest that the groun d rules under which they operated have been changed with the establishment of the Office of Technology Assessment. Hopefully, this instrument of Congress will not feel constrained to the same extent by existing statutes or procedures and will encourage IRS and other agencies to undertake system analyses which are not limit~ to narrow bureaucratic horizons II Privacy Protectio n The Privacy Protection Study Commission has analyzed various disclosures occurring under the present system and recommended those which should be expressly approved by statute...and which should be terminated (Report of privacy protection Study commission, p 35). Comment: The entire discussion of disclosure in this document and elsewhere seems to be predicated upon the existence of a technology providing absolute safeguarding of information Within the framework of such a technology only duly authorized bit-s of information can be released legally. A manual file system seems to be the implicit model of technology upon which the superstructure of law relating to disclosure is based Under a manual system the matter of disclosure versus nondisclosure seems to be fairly clear cut File clerks and secretaries having access to information can b e given more or less specific instructions about disclosure and violations can be punished. But it may well be the case that the concept of disclosure must be modified in important ways under conditions of large scale computer technology. Any computer system will tend to increase the number of persons who must have technical access to all or significant portions of available information. Replacing the access of typists and file clerks are such technicians as computer programmers and their supervisors, hardware maintenance personnel and their supervisors, console operators, etc. Programming errors or inexactitudes, hardware malfunctioning, etc. can result in more extensive system-wide problems requiring additional access by technicians. When requirements for avoiding disclosure are imposed, checkout procedures can be made much more difficult and scrutiny or monitoring by lay persons difficult to exercise. Thus a new range of definitional problems is posed: What is meant by the word allowed? Is it allowed for a computer programmer to discuss a file with his superiors? Is it allowed for a computer engineer or maintenance mechanic to discuss a problem about difficulties in accessing information with his peers or supervisors? How about personnel of a subcontractor who produced some related equipment? It is often difficult to determine whether a specific difficulty is due to a software or a hardware difficulty. Does it require 154

PAGE 152

Working Paper July 23, 1976 Robert Boguslaw an act of Congress to bring in an outsider on these problems? May the programmer or engineer prepare reports about the difficulties they have encountered in the course of their work? May these reports be checked by higher officials or others What is allowed? In connection with all this, experience with safeguarding military information may not be especially relevant. Industrial firms in competition with each other are in some ways analagous to warring military organizations. Industrial espionage, under some variants of TAS, may well make military espionage throughout history look like very small potatoes. One can readily contemplate the prospect of computer firms paying for the privilege of providing technical support to TAS. III Other Social and Political Implications User requirements for TAS are related to the year 1985, chosen because it is the latest year for which the Service has reliable projections from the Statistics Division on tax administration workload. The reliability of these projections is of course~ dependent uPon the reliability of Congress in refraining from engaging in any significant overhaul of the existing tax structure. Beyond this, however, the year 1985 has its own significance in arriving one year after the era immortalized by George Orwell. One of the most interesting features of this era was the virtual non-existence of privacy as defined by Alan Westin, i.e.~ The claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others. About a decade ago, Mr. Westin (in his book Privacy and Freedom) was optimistic about the potentialities of computer technology as the ultimate champion of individual privacy and freedom. For all its problems of control, he said, there is far more possibility of installing and maintaining protection of individual privacy in computer information and intelligence than there is with wiretapping and eavesdropping. To that extent, he said, the advanced technology which produced the physical-surveillance devices may make them expendable by a still greater advance in technology, the computer information system. And I wonder what Orwell would have said about that. In commenting upon this query in a review for the American Sociological Review, I suggested that George might have shook his head sadly, turned and slowly walked away. The point was that all of the controls in which Mr. Westin apparently placed so much faith would have been perfectly acceptable to Big Brother and his henchmen. What were these controls? They were 1) input controls, e.g., limiting those who are allowed to put information into the systems or classi fying all information as it arrives according to a sensitivity code fro m public-record to sensitive 2) storage controls, e.g., physical safeguard s against outsiders tapping in or tampering with stored data This would include background investigations and normal security controls over computer pe=onnell etc., 3) output controls, e.g., locks preventing access to information without 155

PAGE 153

Working Paper July 23, 1976 Roberg Boguslaw an appropriate password for the type or class of information sought; automatic recording of all inquiries for information and immediate verification that they come from the proper source, etc. Control corrupts; absolute control corrupts absolutely. The offices of the Joint Chiefs of Staff, I observed, are scarcely sanctuaries for individual freedom because visitors are screened. The CIA is scarcely a beacon of individual freedom because its files are labeled with varying degrees of security classification. The State Department does not become a stronghold of individual freedom and democracy because its key personnel have had background investigations. And police stations are not fortresses for the defense of individual freedom because only proper sources are given access to police records. I neglected to mention the White House as a specific example, but as. recent events have demonstrated, even that place did not prove to be a sanctuary from the insidious effects of control.. How does one stop the drift toward 1984 in this area? For Mr. Westin, as a lawyer and a civil libertarian, the solution was perhaps inescapably posed in terms of legal and ethical remedies. The right of decision over ones own private personality should be defined as a property right with all the restraints on interference by public and private authorities and dueprocess guarantees that our law of property has been so skillful in devising. Ethical developments would range from educating a socially conscious professional group of information keepers to official licensing with high qualifications, as well as the development of a code of ethics for the computer profession. In a nicer society and a nicer world, I suggested, Mr. Westins concerns could be safely ignored. In the world with which we are familiar, they seem to begin at the wrong level. It is not simply that we have become disillusioned with White House lawyers and Attorney Generals whose observance of ethical standards for public service and law seem to have been more or less predictably corrupt. Or that the due process guarantees of property law did not help reluctant contributors to campaign funds retain their money. Or that, to judge from recent evidence, the publics property has not been brilliantly protected by lawyers in the highest places. Beyond this lie some much more fundamental issues. One of these has to do with the norm of privacy itself. Some serious observers have suggested it may be more important, from a moral perspective, to surrender privacy than to protect it. It is i.nteresti.ng to observe that current preoccupations with the need to protect privacy goes along with public behavior that seems to move i.n the opposite direction. The burgeoning of group psychotherapy and encounter groups, attacks on conventional inhibitions in language, dress and sex behavior can all probably be scored as evidence that what contemporary men and women think they need for mental health and even for freedom is less rather than more privacy. In the political sphere, powerful public cases have been made 156

PAGE 154

Working Paper July 23, 1976 Robert Boguslaw for the thesis that one of the prime sources of aberrant international policy is excessive privacy and secrecy within the federal bureaucracy and within the councils of various economic and political elites. A sociologist will inevitably be led to ponder over the characteristics of a society which privacy safeguards become necessary. What is it about American society that makes privacy invasion such a profitable vocation and fascinating avocation? To what extent can privacy itself be used as a mechanism for political and economic power in contemporary society? To what extent, on the other hand, is its invasion a necessary prerequisite for healthy social change? The technological controls listed above in connection with computers would seem to insure privacy primarily for guardians of the status quo-or for technical, economic or political elites and their sponsors. Is more privacy the solution to our problems--especially as we contemplate the aftermath of Watergate? Or would we rather be more concerned with eliminating the need and payoff for both excessive secrecy and privacy invasion on every level of political, social and personal life? Specifically, with respect to TAS, it seems legitimate to raise the question as to whether TAS (unwittingly) is a system oriented toward increased surveillance of middle class and working class taxpayers~ while having relatively few consequences for corporate and upper class taxpayers. Thus, would more generous standard exemptions lead to increased benefits in the form of reduced costs of administration and equipment--to say nothing of eliminating much of the need for privacy among individual taxpayers in the working and middle class? Does increased computerization of IRS procedures work to the advantage of corporate and other taxpayers who can afford the legal and accounting advice which will enable them to conform~superficially~ to acceptable standards (i.e., to remain below the limits of deviation posed by Discriminant Function scores, etc.)? In short, from a social and political perspective, the threat posed by TAS is not simply the possibility of increased scrutiny of all taxpayers, but rather the prospects for more effective scrutiny of some and less de facto scrutiny of others. 157

PAGE 155

APPENDIX 7 C 410 F I R S T S T R E E T, S E ,, W A S H I N G T ON, D. C. 20003 (202) 544-1681 CHARLES MORGAN, JR Director JAY A MILLER Assoctate Director HOPE EASTMAN Associate D I rector July 8, 1976 Marcia MacNaughto n Office of Technology Assessmen t united States Congres s Washington, D.C 2051 0 Dear Marcia: As per our telephone conversation of last week, I am summarizing my major concerns about the TAS system. First, I must say that I still believe we do not understand precisely what TAS is intended to do. Therefor e as a minimum IRS or OTA must prepare a laymans description of TAS and its intended improvement over existing systems. We learned in the panel that (1) TAS is intende d to expedite (from weeks to micro-seconds) the accessibilit y of Taxpayer Account Information ; and (2) TAS will facilitat e the linking of disparate data files maintained on tax payers in IRS (the related standard forms on the same tax payers) While both of these objectives are laudabl e and obviously worthwhile from a management perspective what impact will these major improvements have upon tax payers rights ? At least with respect to the first improvement, faster accessibility, TAS is quite similar to NCIC. Therefore it may have a quite subtle impact upon tax law enforceme nt, as did the NCIC system upon police law enforcement. For example, NCIC and automating rap sheets made possible the use of rap sheets in instantaneous decision making (e.g. in stop and frisk situations) where the opportunity fo r abuse (as a basis for subsequent arrest or detention) wa s 159

PAGE 156

greater. Prior to automation, manual arrest record systems could only be used in more benign situations (e.g. setting bail), because of the slow process of access (at least two weeks for FBI rap sheets) We dont know enough about tax enforcement to know what similar opportunities for abuse might be presented by faster accessibility to Tax Account Information. For example, the Church Committee pointed up the problem with Special Enforcement Programs (against ideological organizations and individuals as well as against organized crime figures) TAS may facilitate those programs of so-called unbalanced tax enforcement. Perhaps this system might encourage IRS auditors to run so-called compliance checks, either on enemies (ideological, political, organized crime or whoever) where the cumbersome manual system discourages such requests. OTA must talk to experts in tax enforcement (former assistant commissioners for Audit and Compliance and IRS investigators knowledgahle about IRS organized crime programs) to understand the implications of faster accessibility. We should also have a complete understanding of precisely what data elements will be automated, in particular which elements in matching or interlocking files will be automated. For example, will information (even in public files) on exempt organizations, including contributors, be audited? I certainly am not deterred by arguments that tax exempt organization files are public records. After all, so are arrest records. There is a real vacuum in the literature and research on IRS pertaining to all of these questions. For example, the report by the Administrative Conference focuses on the problem of termination and jeopardy assessments and other forms of action taken by IRS against taxpayers after they have been selected out for audit. Other materials that we have looked at have focused on the problems of collection of information in automated data banks like IGRS of information that does not come from tax forms but other sources, e.g. informants. Neither of these problems is the focus of my concern with TAS My primary concern with TAS is that it will facilitate the selectio n out of individuals for compliance checks and audits which may i n the long run result in jeopardy assessments or other forms o f action against taxpayers where tax violations are uncovered Th e problem with TAS then is that it may be used to facilitat e so-calle d unbalanced tax enforcement and greater scrutin y of certain classes of taxpayers This problem was only touche d on by the Church Committee and obviously needs a great deal o f further study The problem of collecting and automating informatio n which does not come from tax forms can easily be dealt with vi a prohibitions on the collection of constitutionally protected infor mation such as information related to political activities, speec h 160

PAGE 157

or petition for redress of grievances. Obviously this is a fertile ground which must be researched by OTA or some organization before the technological and civil liberties impact of TAS can be assessed. These are only a few of my concerns recorded off the top of my head. They are my personal concerns and do not represent the position of the ACLU. Furthermore, I could not even recommend a position to Hope or the ACLU until these questions have been explored at greater depth. I would think that the panel must meet at least one more time to consider issues such as these on its own, perhaps without IRS people. At that time we could consider further a proposal to OTA for technological assessment. Sincerely Mark Gitenstein MG:cb 161

PAGE 158

APPENDIX 7d PROPOSED PRIVACY AND SECURITY REVIEW METHODOLOGY FOR EXAMINING THE IRS PROPOSED TAX ADMINISTRATION SYSTEM DONN B. PARKER STANFORD RESEARCH INSTITUTE JUNE 1976 A scenario analysis approach is suggestid as a means for a small gr OUP of experts with limited resources and time to evaluate a large, proposed computer system regarding privacy and security. The purpose is to determine the adequacy and using it to assure acceptably low levels and safeguards. Anticipated threats include losses. METHOD of a proposed system and the organization developing of risks through establishment of cost effective controls disasters, errors and omissions and intentionally caused 1. 2. 3. 4. 5. 6. Identify assets and victims subject to loss. (See enclosed Figure 1) Identify threats using a taxonomy suggested in Figure 2. Develop threat and loss scenarios in the form of a collection of narratives, each encompassing a broad range of related incidents. (See enclosed Figures 3 and 4) l System life cycles phases covered: Design Development Test/acceptance Implementation Operation/maintenance/update l Use aids such as published checklists, NBS publications and results of computer abuse studies (see Figure 5) including disinters, errors and omissions, information and property fraud and theft, financial fraud and theft and unauthorized use of services. Present the threat scenarios to IRS and request analyses and responses including descriptions of controls and safeguards and resulting risk reductions. Evaluate IRS responses for adequacy and cost and risk effectiveness. A list of principles such as in Figure 6 can be applied to evaluate controls and safeguards. Rank and classify risks and protection in the following categories: a. High risk Inadequate protection b. Low risk Inadequate protection c. High risk Adequate protection d. Low risk Adequate protection Publish recommendations. 163

PAGE 159

JUSTIFICATION AND BENEFITS This method of evaluation minimizes the work effort of a panel of experts and puts the burden on IRS to demonstrate adequacy of the proposed system relative to the panels challenges. (The usual process is the reverse, requiring the panel to study massive amounts of documentation. ) The scenario method creates easily understood descriptions of potential problems in an interesting and dramatic fashion. Although a comprehensive analysis of all weaknesses and probIems is not guaranteed by this method, no other method using limited resources can achieve this goal either. In addition, this method provides a means of establishing a confidence level of the IRS staff capability, awareness and sensitivity in dealing with the total problem of privacy and security. 164

PAGE 160

APPENDIX 7e WASHINGTON OFFICE A MERICAN C IVIL L IBERTIES U NION 410 F I R S T S T R E E T, S E ., W A S H I N G T O N D. C. 20003 (202) 544-1681 CHARLES MORGAN, JR Director JAY A MILLER Associate Director HOPE EASTMAN Associate D I rector November 9, 1976 Ms. Marsha MacNaughton Off ice of Technology Assessment Congress of the United States Washington, D. C. 20510 Dear Ms. MacNaughton: I have reviewed the draft of your report for the Office of Technology Assessment on the proposed Tax Administration System (TAS) of the Internal Revenue Service. While the report raises many important technological and social questions about the system, I do not believe that it recommends strongly enough that no Congressional approval or financing be given to this system without extensive public hearings and debate. The TAS is an enormous and costly system which will computerize highly personal information on the entire citizenry, make it instantly retrievable from thousands of remote terminals? and provide an attractive data base for linkage with other government systems. Inevitably it will be a prototype for future computerization of government records on individuals. The report properly identifies those questions of public importance which are raised by the technology of the system. Both the new Administration and the Congress need to examine them very closely before making any decisions. Without attempting to comment or restate the basic social questions which must be resolved first, I would like to make one observation which I think has not been adequately dealt with in the draft report. If there is a decision to proceed with the system in the face of the increased potential for invasion of privacy by government and others, then a much tougher set of safeguards and 165

PAGE 161

penalties must be required. Special attention must be paid to the problem of official abuse of tax information for political purposes. Decentralization of the records exacerbates this problem It will be much easier for government officials, federal state and local, to develop the cozy relationships on th e local level which will make possible abuse of tax return in formation There is also highly increased potential for im proper private access to this tax return information. I n addition to an expanded group of criminal and civil penalties it needs to be made clear that civil remedies will be avail able to anyone injured by abuse of information The govern ment should be obliged to notify victims when evidence of abus e comes to its attention To enforce that obligation and t o deter those with incentive to seek improper access and use an obligation should be placed on any employee with access t o information to report to an agency outside the IRS imprope r access, or requests therefor~made to an employee or to others I am hopeful that the publication of this report will be the first step in a careful public debate on this issue. I am happy to have had a chance to participate. Associate Directo r HE: meg 166

PAGE 162

APPENDIX 7f AMERICAN 1120 Connecticut Avenue. N.W. BANKERS Washington. D.C. ASSOCIATION 20036 GE N ERAL COUNSEL AND SECR ETARY Witllivn H. Smith 202)467-4240 November 11, 197 6 Marcia MacNaughto n Office of Technological Assessmen t Congress of the United States Washington, D. C. 2051 0 Dear Marcia : In a way I am disappointed that more time is not available to Study and comment on the working COPY of the draft OTA report on the propose d Tax Administration S Y Stern of the Internal Revenue Service. On the othe r hand, I am really not sure that I might productively make use of an y additional time since I doubt that line-for-line ~ page -bypage comments and reactions would be Very helpful to OT A t s analysis of responses an d its obligation to present to the Congressional Boa r~ the substance of this undertaking to date I have been over the material twice. In a first reading I concluded that the report is terribly biased against any reasonably prompt approval and installation of the TAS system as it has been proposed by the Commissioner of Internal Revenue However, 1 recognize that I also have a bias at work and decided that it would not be fair for me to speak from that bias without a second reading. I have now completed that Second reading and I acknowledge that th e report does at least point to most if not all, of the considerations tha t should be taken into account in deciding an important question of this kind At the same time, and I think without reflecting my bias in any way, I believe the report is seriously out of balance in that considerations that favor adoption of a system that will make tax administration more effective are treated almost perfunctorily On the other hand, considerations such as security, privacy, individual rights, confidentiality, equity, equa l protection of the laws, etc. are examined in substantial detail and in a way that suggests that each must be dealt with in a most complete and reassuring way before the Internal Revenue Service might be authorized to arrange for the procurement of the equipment necessary to place the system in use. I 167

PAGE 163

Marcia MacNaughton AMERICAN CONTINUING OUR UTTER OF BANKERS ASSOCIATION November 11, 1976 SHEET NO. 2 appreciate that the tenor, the tone and the direction of the draft OTA report may in substantial measure reflect the charge from the Chairman of the House Ways and Means Committee and the Subcommittee on Oversight; in short, one can interpret that charge to mean that TAS by its very nature calls for safeguards that will prevent it from becoming a system of harrassment, surveillance Y and political manipulation. I think this is regrettable because I sincerely believe that more is being made out of this problem than is really necessary, and because the charg e must be based on apprehension rather than hard past evidence. In that same way, the draft report tends to miror a Vague and unsubstantiated apprehension. Although the draft report does not try to settle the question with an unequivocal recommendation it is pretty clear that a hearing is thought to be the best way to get at all of the issues which have been raised so that they can be disposed of one way or another. I see no need for a hearing and submit that it would be sheer overkill to use such a forum t o get at the problem. First, the system is adequately described and we all know what it is designed to do and how it will be used. Second, safeguards exist today and I have not yet seen any evidence that would suggest that more need to be imposed upon this system. Finally, there ought to be more r e cognition of the enormous responsibility carried by the Commissione r in processing hundreds of millions of tax returns annually, and his need to be allowed to upgrade todays system in the absence of clearcut evidence ,showing a need to slow him down any longer. I appreciate that the report acknowledges the point I am about to make, but perhaps not in the way I intend to make it. I believe -indeed I know -that the Congress and the Office of Technological Assessment would not even be addressing this question but for the state of the technology when the current automated system used by IRS was installed 15 years ago. Parenthetically, let me observe that the report notes that TAS is a mere automation of todays system; nothing could be further from the actual fact. It will be difficult for anyone to point to a more highly automated business /accounting system than that which the Service has been using for the past 15 years. 168

PAGE 164

Marcia MacNaughton AMERICAN CONnNUING OUR IIllTR OF BANKERS ASSOCIATION November 11, 1976 SHEFINO. 3 The basic system was designed in 1958 and it could have accomodated a number of technological and equipment configurations. For a variety of reasons that I will be happy to go into at a later time if it should be necessary, the de signers in 19581960 preferred and could have made out a strong case for the use of a random system. Unfortunately, the state of the technology at that time simply Would not support this approach and it was ne c ess a r y to adopt the ordered s e quentials batch pro c ess ing system that the Service continues use today= This latter system has many inefficienciess and handicaps, but it could continue to serve the needs of the Tax Administrator for an indeterminate period. However, why should one continue to drive a one -horse shay? The answer to this question is obvious. First, the payoff for a more efficient random system is stificiently promising that on a cost effectiveness basis I assume that much of the expense attached to changeover and equipment acquisition will be recovered in time. To the extent that is not the case, this is merely an illustration of capital cos ts that must be incurred to enable tie Commissione r to keep pace with enormous workloads Also, when the IRS proposal for TAS is stripped of all of its bells and whist les, it merely represents a conversion from a batch processin g system to a random system. unfortunately, the Executive Branch is sometimes inclined to dramatize out of all proportion that which will be achieved by new proposals. In a way this is understandable since it is yery difficult otherwise for a proposition with high start-up costs to survive the budgetar y process -particularly when, as in fiis case, we are talking about the expenditure of $750 million. This is unfortunate because if the system is ess entially a mere conversion of todays array of taxpayer records from one storage medium to another with an enhanced capability for retrieval, posting and use of the updated record -and I submit that is the case -then all the issues bound up in privacy confidentiality~ security, etc. etc. are quest ions that should be addressed **out regard to the proposal to adopt the TA S system. And I submit that to the best of my knowledge the evidence is simply not available fiat todays system has been s o abused so as to call for that kind of investigation. I acknowledge that the Internal Revenue Service is frequently in the press. I acknowledge that the agency has been guilty of excesses and abuses, but I am far from convinced that even these have occurred in the magnitude often sugge steal, and unfortunately the resulting impression too often cove rs up the very fine Work done by this agency uncle r the most trying circumstances. However, the important thing is that there does not seem to be any evidence that todays automated system was the source of any breach of privacy, confidentiality, security, or whatever. Does the enhanced capability of TAS en.large the possibility of such abuses in any significant way? I think not. 169

PAGE 165

Marcia MacNaughton AMERICAN BANKERS ASSOCIATION CONllNUINGOUR l.EITER OF November 11, 197 SHEIT NO. 4 why is this? In my opinion it is because the processing system is so set apart from the enforcement operations of the Internal Revenue Service. The people who staff the IRS Service Centers and the Computer Center have a different mind set than those charged with the enforcement of a very complex taxing statute. There is no inclination on the part of processing personnel to play games. These individuals recognize that they are simply char ged with a responsibility to extract data from tax returns; r e co rd it in a machine-readable form so that it is readily convertible to magnetic tape from which a file of taxpayer information may be established, updated, and used to satisfy a variety of what are really very mundane tax administration needs! The simply truth is that this is a mere accounting file and it is the fulfillment of the accounting function that is its principal purpose. Despite any of this, an important safeguard against abuse exists already. Indeed, the Tax Reform Act of 1976 may very well supply all the safeguards necessary to assure the privacy and the confidentiality of data extract ed from tax returns today or uncle r the proposed TAS s y stem. It is my opinion that the current files and those that would be c reatd uncle r TAS are covered by the definition of Tax Return Information as this is used in the Tax Reform Act of 1976. Thus, disclosure of any information will be seriously dealt with. Indeed, the Ways and Means Committee -the very committee that has asked for an evaluation of the TAS system -has upgraded the crime of disclosure from misdemeanor to felony and has upgraded the penalties from $1, 000 to $5, 000 and one year in jail to five years in jail. I believe that the possibility of actionable disclosure has been effectively eliminated by the Congress. However, I suppose one can speculate that in the absence of other safe guards the re could be unintended disclosure that occurs simply because of the nature of TAS and the way that s y stem would work. I have thought about this and without reaching -indeed perhaps over r caching -I simply have not been able to conceive of unintended breaches of security or privacy or confidentiality that might occur. I have no objection to setting other safeguards in place in order to guard against abuses of the kind that obviously are of concern in the draft OTA report. However, I must confess that I do not know what practical safeguards there are, but if there are any, then I hope that they can be set down quickly and imposed in a way that will not overburden the system and render it less effective. 170

PAGE 166

Marcia MacNaughton AMERICAN CONTINUING OUR W7 ER OF BANKERS ASSOCIATION November 11, 1976 SHEET NO. 5 The draft report also makes the point that Oversight l is an important element that deserves attention, and I agree with this. However, I think the machinery is already available. It has been used before by the Joint Committee on Internal Revenue Taxation and its use has been reinforced by some of the provisions of the Tax Reform Act of 1976. The Joint Committee on Internal Revenue Taxation is authorized to use the General Accounting Office for oversight and for investigation of any irregularities or abuses that may come to its attention. Indeed, it may do this without evidence of irregularities or abuses -simply to assure itself that tax administration is functioning in the way intended by the legislative branch of the government. Thus, I think there is an adequate provision for oversight and if properly used it should also put to rest many of the concerns which have been expressed about the issues taken Up in the d r aft report. In closing, I hope that this letter will enable those who have the concerns expressed in the draft report to appreciate that they may be out of all proportion to past evidence and to the prospect of excesses, abuses, violations, accidental occurrences, or whatever in the future. Let me als o note that the Section of Taxation of the American Bar Association is inte re steal in this matter. Indeed, I feel I can safely say that the Section would appreciate the opportunity to be brought into things and to express its views with respect to the issues uncle r con side ration by the Office of Technological Assessment on behalf of the Committee on Ways and Means of the House of Representatives and the Subcommittee on Oversight of that committee. For that reason, I propose to send a copy of this letter to inte re steal officials of the Section of Taxation. I appreciate very much the opportunist y that you have afforded me to comment on OTA f s draft report. Sincerely, l & William H. Smith cc : Messrs. Harris, Pennell, Lefevre, Liles, Asbill, Delaney, Corey 171

PAGE 167

APPENDIX 7g March 8, 1977 Ms. Marcia MacNaughton Office of Technology Assessment Congress of the United States Washington, D.C. 20510 Dear Marcia: Having reviewed the Draft of the OTA Report Investigation of a Request to Assess the IRS Tax Administration System, I would comment that it is a precedent-setting report. I am aware of no other report which has addressed such a conglomerate of issues of societal, public and governmental import associated with a highly complex automated information system as epitomized by the IRS TAS. The typical review or audit report contents itself with the more tangible but less disquieting questions of physical security, size of files, costs of operation and the like. What we fail to recognize is that we have little skill or experience in even asking the appropriate questions to enable an adequate technology assessment to be made of a computerized record-keeping network which is handling information of national significance. Even more importantly, the IRS TAS is handling information of significance to almost every adult U.S. citizen. OTA has made a giant step forward in its willingness to tackle a real technological unknown, even though the Draft Report may seem to be a very tiny step in the race towards government accountability. As a member of the Panel, I was disappointed that OTAS resources only permitted the holding of one meeting. It is not surprising that we were unable to ask but a few of the right questions: certainly, IRS should not be chastized for not providjng all hoped-for responses under such circumstances. This Draft Report which, unfortunately, was able to provide few answers should not exemplify the normal end of a dialogue between Congress and Executive Agencies in determining and assessing government accountability in matters of deep concern to the public as individuals and to the public at large. 173

PAGE 168

The key issue in such questions of accountability involving computer systems of individual records or computer systems for funds disbursing or near real time control functions is the issue of RISK. We need to ask ourselves: What is the level of risk we can tolerate with this system? What kinds of risk are we introducing with this system? How do the risks match the gains? and, Who is having to accept the risks as opposed to benefiting from the gains? When those who must accept the risks are not those who obtain the benefit, then the problems of accountability are certainly exacerbated. The issues raised in the OTA Report highlight some of the more important risks. The open question is who will determine what is an acceptable level of risk. I personally believe that Congress has assigned that responsibility to itself in the Privacy Act and in recent Commiittee actions. The IRS TAS is just one of the many systems for which an acceptable level of risk must be determined. OTA has pointed out to Congress the difficulty of the task Congress has assigned itself. The OTA Report properly alerts Congress and the public to the danger of leaving the issue of acceptable levels of risk unanswered. I was very glad to participate in this important, but unfinished exercise. 1 would like to endorse OTAS entry into this area of technology assessment typified by uncertainties, unknowns and indeterminables. Sincerely, Ruth M. Davis, Ph.D. Director Institute for Computer Sciences and Technology 174

PAGE 169

APPENDIX 7g WORKING PAPER, AUGUST 1976 Dr. RUTH DAVIS, DIRECTOR INSTITUTE FOR COMPUTER SCIENCES AND TECHNOLOGY, NATIONAL BUREAU OF STANDARDS, U.s Owr. OF COMMERCE EsmMw mNamwNG mm MIvmw Cm$mm$rrs AND SUGG OF THE mts P lWK3SEi) TAX ADWNISTUkTIION SYSTEM @iAS) A. Anyone can get lqrwlesdy mddlled in atmessilrg a bmna.hz ed system uuch as TAS for accomplishing prescribed fumctiams dess a clear separation is made ~ ~ the severa l areas of concern, for exarrqikx CONCERNS ABOUT: 1. The legislated or chartered miissicm of the ~ in #hi.dh tlw fmmallbd system is embedded; m this awe, Ithe IRS. Here, one appropriately .agksqu.esticmsztb out: l The appropriateness of the miission mb ~=wessed reeds and feam of the public. The political implications of the miatin=d lkwkmndbg of the miasim. l Means of identifying the scope md.c!imnges tmfie scope of the ni.ki&m. l Means and agents for accountability to ~-e=, the l%seidmrt, A & @lie in mission accornplishwmt. This ticludes IWtilaocountdxii. l Etc. 3. The manner in which the means for carrying att me IRS missinn mmE4B legislated or executive requirements, e.g., b Act of 1974, the %ham&ne Act, etc. 4. The ability of the organization, ~~, to =~ci= ~equate control to mmme that it can meet its legislated or asaigned xeqmnsihility: lldddkmwy, ~ must be kble b maintain continuity of operati~~. H=, one ~~ t@c~#@= that qgciing aiwessments, task g r O U p S established to ~@ IMId -e co~erns, etc., din d the right to undermine or interfere Il#llS managern ent of its assigned functicms until or unless alleged wrongs are wfiti ~~ements for chnge p F y authorized. The American legal truism d A person is innocent until proven guilty presumably is equally applicable to corpmazte pmwams ~mqganizaticms. 5. The formalized system, which is the target of h aa=mmant, in this H, TAS. Here, one appropriately asks questions such as: l Do the prescribed ~ystem functions match directly with pozbicw of the legislated IRS mission? 175

PAGE 170

l Does TAS improve or degrade IRS need to be accountable for its performance to Congress, the President, and the public (including fiscal accountability)? l What are the known threats to and Vulnerabilities of TAS? l Does TAS increase or decrease the means and potential for allaying identifiable fears and abuses of individuals and organizations? l What alternatives or options to TAS exist (and have been assessed) as means for IRS to carry out its responsibility and to ensure continuity of operations? l The specific manner in which the formalized system, e.g., TAS meets specific requirements, e.g., the Privacy Act of 1974. l Where are the points of accountability and responsibility within IRS for the various aspects of TAS performance, propriety and the like? B. I would suggest that OTAS assessment of TAS focus on items 1.A.2 and 5, i.e., Identifiable fears and abuses of individuals and organizations resulting from carrying out the IRS mission, and 6 5. The formalized system TAS as it is embedded in the IRS management structure. In order to permit this focused attention to yield useful results, the context in which the assessment is being made needs to be carefully described and delineated, i.e., I.A.1. The legislated or chartered mission of IRS which TAS serves, and concerns about this mission. 1.A.3. The manner in which IRS meets specific requirements relevant to its mission and to TASS part in carrying out this mission. LA.4. The need for IRS to retain its ability to function properly while assessments are underway. This includes recognition or a decision not to recognize that IRS (and TAS) will be presumed innocent until proven guilty. II. Specific Actions Suggested for OTAS TAS Assessments Activities A. I would suggest that OTA can, as a result of its June 28, 1976 meeting, provide an initial report citing: 1. Identified fears and abuses existing and potential associated with TAS and with the IRS mission. Examples as mentioned at the June 28th meeting include: overlong retention of records, presupposition of the goodness and immutability of tax laws, inability of IRS or TAS to resist questionable requests 2. Identifiable threats to and vulnerabilities of TAS matched against (a) public fears and abuses, and (b) specific requirements such as the Privacy Act. 3. Pros and cons of legislation aimed just at TAS as contrasted to legislation directed to IRS missions and responsibilities. Examples of when legislation would and would not help can be given. 4. The context in which the OTA assessment is being considered, see I.B. above. A clear boundary on OTAS effort should be described emphasizing subjects with which OTA will not deal, e.g., internal IRS administrative matters, generally, the appropriateness of the present legislated IRS mission, etc., and 176

PAGE 171

5. The specific questions which OTA will address within its bounded assessment (it is not clear to me yet that OTA has properly bounded its assessment). B. OTA can (and I understand has done so with an initial set) provide a set of questions to IRS for response which will be necessary for OTAS continuing assessment. These questions should, of course, take into account the information in the draft GAO report on IRS. It appears there are legitimate questions to which only IRS can provide the needed responses. These include: 1. Specific statements regarding procedures for meeting Privacy Act requirements. 2. Procedures for linkage and prevention of linkage between fields in TAS files. 3. Procedures for recording accesses to file information and for refusing access to file information. 4. Vulnerabilities due to decentralization of functions within TAS. 5. A formalized cross-walk between information items in files and the legislated requirements for their collection, access and retention. 177

PAGE 172

APPENDIX 8 CORRESPONDENCE OF THE COMMITTEE ON WAYS AND MEANS 179

PAGE 173

NINETY-FOURTH CONGRES S AL ULLMAI% OR&., CHAIRMAN WILSUR D. MIIAS, ARK. HER!4AN T. SCHNEEBELI, l A. JA~xS A. SURKE. MASS. m ARBER e. CONABLE, J R ., N.y. DAN ROSTENKOWSKI, ILL. JOHN J. DUNCAN, TENN. PHIL M. LANDRUM, GA. DONALD D. CIANC7. OHIO C~ES A. VANIK. O H I O B ILL ARCHER, TCX. OMAR BU$tLESON, TU. GUV VANDER JAGT. MlCM. JAMES C. CORMAN CALIF WILLIAM A. STEIGER, WIS. WILLIAM J. GREE N PA. P HIL IP M. CRANE, ILI-. SAM M. GI-NS, FIA BILL FRENZEL, MlNH. JOE D. WAGGDNNER. JR., LA. JAMES G. MARTIN, N-C. JOSEPH E. KARTH, MINN. l-. A. (SKIP) IIAFAL!S, FIA. OTIS G. PIKE. N.Y. WILLIAM M. K-NUM, CALIF. RICNARD F. VANDER VEEN, MlCl+. J. J. PICKLE, TEX. HENRY HELSTOSKI, N.J. CNARLES B RANGEL N Y WILLIAM R. CDITER, CoNN. FORTNEY H. (PETE) STARK+ -F. JAMES R. JONES, OKI-A. ANOY JACOSS, JR., INIJ. ASNER J. MIKVA, I U. MARTNA KEYS, KANS. JOSEPN L. PISNER. VA. HAROLD FORD, TENN. JOHN M. MARTIN, JR., CNIEP ~SEL J. P. SAKER, ASSISTANT CHIEF @NSEL JONN K. M-HSR, M1-IIW COUNSEL APPENDIX 8a COMMITTEE ON WAYS AND MEANS U.S. HOUSE OF REPRESENTATIVES WASHINGTON, D.C. 20515 TELEPHONE (202) ~ February 11, 197 6 The Honorable Emilio Q. Daddario Director, Office of Technology Assessment Senate Annex, Suites 721-732 119 D Street, N. E. Washington, D. C. 20510 Dear Emilio: Several days ago I received a letter from The Honorabl e Charles A. Vanik Chairman of the Subcommittee on Oversight of the Committee on ways and Means with respect to the new Tax Administration System (TAS) being developed by the Interna l Revenue Service and in which he raised a number of interestin g and serious questions as to the implications of that System a s it may relate to privacy of individuals and nondisclosure an d possible improper use of income tax returns I enclose for your information a copy of Mr. Vanikrs letter to me. The purpose of my letter to YOU is to request that the office of Technology Assessment make a review of the new Tax Administration System (TAS) and the proposed regulations regarding its use and in due course, report back to me and to W Vanik, for use in connection with Oversight subcommittee activities, including any recommendations which you may reach as to the significant issues which he has raised. we will appreciate your cooperation and assi-stance with regard to this exceedingly important matter. JMM:fb Encl. cc: The Honorable Charles A. Vanik 181

PAGE 174

8AM M. Gl ~ s. PLA. OTIS O. PIKC. N.Y. RWNAw F. V-CR Vrsm. Mm J. J. l IC%LE. TSX. D4 SNWY 14sLSTOSUI. NA ouat-ss B. ~ N.y roRrNsY H. (PrTc) mAnN, -P. JAMCO R. JoNcq OKLA. ~ D. CLAPuY. Ow o tA (S KIP ) MFALI% JAMc8 a. MARTW6, N.C. JONN J. ~. YE. APPENDIX 8b COMMITTEE ON WAYS AND MEANS U.S. HOUSE OF REPRESENTATIVES WASHINGTON, D.C. 20515 SUBCOMM1lTEE ON OVERSIGHT NIN~+ OURTN CONQRtESS AL ULLMAN, ORE6., CHAl#lMAN COMMllTEC ON WAYS AND MEANs MN M. MAHN. JR.. CNIEP CO UN S CL J. P l AKER, ASSa STANT CNISF cm.mtszL JONN K M SAG N ~ MINORIYT CUJN Dt Orflao! AL ~N. ORS= HERMAN T. ~EsDsLh PA February 3 ? 1976 Honorable Al Unma n Ckairman Ways and Means Committee 2207 Rayburn Building Washington D. C. 20515 Dear Mr Chairman ; During the January 28th hearing on the Confidenticalit y of tax returns I questioned IRS Commissioner Alexande r about the disclosure implications of the new Ta x Administration System (TAS) being developed by th e Internal Revenue Service TAS is a $400 million computer system which wil l soon be let for bids Once installed in 1981, it wil l probably be the worlds largest and most Sophisticate d computer system Authorized IRS employees will be abl e to scan the tax return of a taxpayer in a region withi n seconds In additio n other authorized employees wil l be able to receive tax returns Of citizens from throughou t the country within seconds Obviously, the system wil l greatly increase IRS efficiency and service I believe that the Commissioner has done a fine jo b in ensuring the security of this new system Nevertheless I am concerned that the security and Confidentialit y devices which have been planned exist only in regulationsand these regulations can be Changed by a stroke of the pe n at some future date without safeguards, the new TA S system could become a system of harassrnen t l surveilanc e ~ and political manipulation While it is unprecedented, I believe that the unprecedented powers inherent in the management of the new computer system require that we consider legislating certain principles ab~ut the use of such equipment, i.e., access, audit trail, transfer of tax returns between regions, etc. 183

PAGE 175

Honorable Al Unman February 3, 1976 Page Two To ensure that the IRS has indeed considered all of the possible safeguards for such a massive system and to help in recommending legislation which will not interfer with the systems efficiency, I would like to recommend that the Committee request the Office of Technology Assessment to review TAS and the regulations regarding its use, The Commissioner said that such a study would be quite acceptable to the 1RS. I believe that the publichs concern about government agencies ~ such as the IRS requires that We take every step to ensure that in the future its files can never be used for political or unconstitutional purposes % The Oversight Subcommittee staff would be happy to work with the Office of Technology Assessment on the details of such a report, Thank you for your consideration of this request ~ ely yours fl Charles A % Vanik Chairman Subcommittee on Oversight CAV/Jee 184

PAGE 176

APPENDIX 8 C C}-IARLES A. VAN I I< T V : LN T iS ECOND DlsTRl~. O HI O Us. COURT HC(JS E cLEvuAr;D, OH!O <41 1; (216) 222-4253 2371 RAYEURN BUILDING WASHINGTON, D.C. 20515 (202) 225-6331 ~~MB~R : COM t41TTEE ON \vAYS ANO MEAN S 6U=Oh!MlTTEEs : OVERSIGHT. CHAl RMAN HEALTH S UITE 22 2 5031 M AYFIXD R 3 A 0 L YNDHURST 0,+ ID 4:1 ?.4 (216) 522-:252 February 4, 1977 Honorable Edward M. Kennedy Chairman Office of Technology Assessment Room A 721, Senate Annex 1 Dear Mr. Chairman: On January 24th, I relinquished the Chairmanship of the Ways and Means Oversight Subcommittee and became Chairman of the Subcommittee on Trade. However before leaving Oversight activities, I would like to say that I had an opportunity in the last several days to see a copy of the draft report on the IRS Tax Administration System. I would like to commend you and your staff for an excellent document. It raises precisely the type of questions which were of concern to me and provides an invaluable document for Congressional review of the TAS system. The new Oversight Chairman has not yet had an opportunity to read the report, but I know that he shares many of my same concerns about the rights of privacy, and I am sure that he will make excellent use of your report, Again, congratulations to OTA for an excellent report. arles A. Vani_k mber of Congres s CAv/je e 185

PAGE 177

APPENDIX 8d SAM M. GISSONS, m., CHAIRMAN SUBCOMMITTEE ON OVERSIGHT NINETY-FIFTH CONGR ~ J. J. PICKLE, TEX. CHARLES q RANCJEl_, N.Y. FoR~Ey H ( PET E ) STAR K C A L I F JAMES R. JONES. OK LA. HAROLD FORD, TENN. RICHARD A. GEPHARDT, MO. PHILIP M CRAN E I L L L. A. (SKIP) SAFALIS, FLA. JAMEs Q. MARTIN, N.C. Ex OEFICIO: AL IJLLMAN, ORE(3. SARBER B. CONABLE, JR., N.Y. COMMITTEE ON WAYS AND MEANS U.S. HOUSE OF REPRESENTATIVES WASHINGTON, D.C. 20515 SUBCOMMITTEE ON OVERSIGHT COMMITrEE ON WAYS AND MEANS ~ M. MARTIN, JR., C MIEF c~~ ~ J. P. BAKER. ASSlsr~ C H IEF COUNSE L JONN K. M~ M1-ITY COUNSE L ~Mt17EE srA w LAWn~E J. ROSS, COW@3El February 16, 1977 Hon. Emilio Q. Daddari o Directo r Office of Technology Assessmen t Senate Annex, 119 D Street, N. E Washington, ~. C. 2051 0 Thank you for providing the Committee with a copy of OTA J S report on the Tax Administration System. Although this report was originally requested by the Ways and Means Committee and its Subcommittee on Oversight, during the past year, a number of other Committees have expressed an interest in receiving copies of the study as soon as possible. In order that the issues involved in the interna l Revenue Services new computer system may be full y discussed as soon as possible, I would like to re quest that copies of your report be made availabl e to other Committees and Members who may be inter ested i.n the issue Thank you for your assistance in this matter. Chairman AL:wk v 187

PAGE 178

APPENDIX 9 Statement by Dr. Jerome Weisner, President, Massachusetts Institute of Technology; Chairman, Advisory Council, Office of Technology Assessment, before the U.S. Senate Judiciary Subcommittee on Constitutional Rights and the U.S. Senate Commerce Special Subcommittee on Science, Technology, and Commerce, on Surveillance Technology, 94th Cong., 1st Sess., Sept. 10, 1975 I am pleased to appear before your subcommittee once again to talk about questions of electronic surveillance, communications, data banks and their potential impact on privacy, because I believe that issue is at the center of our efforts to survive as a free, democratic society. It is heartenin g that your subcommittee retains its deep concern about the threats posed to the individual liberties and civil rights by the modern electronic communication and information processing capabilities and continues to seek ways of strengthening the laws that insure those rights. I testified regalding these problems before this same subcommittee in 11171-albeit under different leadership. In preparation for that testimony, I investigated the issues involved rather thoroughly. Though I have not had the opportunity to prepare myself as well for this appearance, I believe that I can make a useful contribution by reviewing my earlier testimon and bringing it Up to date, par! ticularly with regard to possible safeguards. We now know that individuals in this country actuallv experienced abuses of their personal liberties that in 1971 were only theoretical possibilities, or were merely suspected to exist. We also know that these acts of surveillance and of,her violations of rights of individual privacy were not merely an occasional excess, but represented systematic behavior and therein represented a threat to the integrity of the \ery democratic process. In earlier hearings witnesses told about the many possibilities for employing electronic devices, computers, computer networks, and so forth m surveillance activities and the committee assembled this information into a rather frightening prospectus of dangers of the constitutionally-guaranteed freedoms of us Americans. I recall that at the time, there was a certain skepticism about, the likelihood of the more extreme dangers described, a common belief that the committee was alarmist. There existed then a reluctance to create adequate safeguards against the violations of civil rights that, unbelievably, I find still exists to some degree even after the revelations of the extraordinary extent and range of the violations of personal right~ of privacy that even the highest officials of the Government have condoned and, in some cases, apparentl.v initiated. The reluctance to believe that such things could-happen stems partially from an unwllingness of some people to beleive that important persons in the Government and industry would know and systematically violate laws and, I fear, in part from thewidespread belief already alluded to by you that because the primary targets of illegal surveillance were criminals and polltlcal dlssldents, the practice was acceptable. In my earlier testimonv, 1 said tpat the surveillance problem had become a crisis because informahon technology puts vastly more power into the hands of government and private Interests that have the resollrces to use it and ito the degree that the Constitution meant for power to be in the hands of the governed, widespread collection of personal information poses a threat to the Constitution itself. There was. I said at the time, no doubt that technology could be and had been used to assist in the violation of the Bill of Rights. How little 189

PAGE 179

we imagined then. In fact, even today, we-me, youhave no way of knowing whether or not you have unearthed all of the surveillance activities directed against individuals and organizations. The weight of evidence would seem to indicate not. Certainly the recent undenied leaks about surveillance of international commercial traffic exposes another yet unexplored facet of the problem. This latest revelation must have a chilling effect on businessmen, though some may accept it as part of the game because the do not understand what the game really is. They are letting inividuals Y within government change the ru es at will and, unbeknownst to the citizens or the Congress including suspending the Bill of Rights. To accept such a uses just to set the stage for the ultimate elimination of the rights of all. Eternal vigilance indeed the price of liberty. In my previous testimony, I said: I have wondered lately whether I am being watched as a threat, as a dangerous enemy of the realm. How do you now that you and your staff are not under continuous surveillance as you plan and carry out this investigation ? The answer then was you dld not. I went on to say, I doubt that anyone is aware of the full extent of the surveillance and information collecting activities that goon in this Nation. I expect that It is the same way today. Many people, myself included, have long operated on the assumption that our activities are being monitored. I have also operated under the premise that I should not allow myself to be inhibited by such a possibility. I do this because I have great confidence in the basic integrity of the safeguards built into the administrative and judicial system of the country. If I lacked such confidence and did not feel that I could defend myself,. were there to be unjust conclusions or accusations? I would undoubtedly feel much more severely restricted. Since my early testimony, extensive abuses have been uncovered directed against almost every segment of the society. These are now so well known that there IS no need to document those situations for you. Fortunately, there have also been efforts, through investigations and hearings such as this. to bring these abuses into the open and under legal control. Controls have been established on the uses and transmission of information in files and data banks and controlled access has been provided to individuals to their files. Rut in spite of such progress as has occurred, it is not possible to say that the surveillance threat is now fully under control of the law and that individuals or organizations whose actions seriously annoy Government officials or are regarded as threatening are free of illegal ..surveillance. 1 stressed previously, and I want to emphasize even more strongly now, that the violations are made by humans, not by machines. Civil rights can only be protected by menthrough lawsas you are trying to CIO, not by technolobgy. I still believe that additional legal safeguards are necessary. As you attempt to find safeguards against the infringements of privacv that technology has made so much easier, it is lmportant to look ahead and try to visualize how new developments will change 190

PAGE 180

the situation, both in terms of the increase d capabilities for surveillance that will be provided and the safeguards that could be provided if they were sought. 1 believe that the most significant changes will come from further computer developments, both in equipment and in the sophistication of programing designed to carry out complicated information procssmg tasks. Improvements in communication technology should also make a difference. In particular, new transmission systems capable of carrying vast amounts of information at much reduced costs, facilitatin g communication among computers, will make possible much more extensive data exchange, information manipulation, and information search. Three separate computer developments will play a role in the computer field and i@ expansion and extension: 1. The cost of computation continues to fall as new technologies particularly large-scale integrated circuits are developed. There is no obvious ultimate limit to this trend. 2. More effective computers continue to be developed. Machines with-greater speed and capacity continue to emerge. Storage systems also improve in size, speed of access, and cost per unit of reformation stored. 3. Software technology also continues to improve, making the use of larger, more complex machines worthwhile for information processing tasks. These trends, if not counteracted, mean that it will become increasin g ly attractive to use computers and communications networks in complex surveillance systems and to program the network to carry out sophisticated sorting, correlation and other search procedures to ldentifv and keep track of subgroups of the population with special characteristics. With regard to technical safeguards against i misuse of information in files and data banks, the situation remains the sameit depends upon the integrity of the system operator and must remain so. However, with regard to protection against unauthorized entory into computer systems and communication systems, too, the situation has improved dramatically. There are now availab!e agreed+upon encryption algorithm for the rotection of computer informatlon system? which provide a very high degree of security against outside surveillance if the user is willing to accept the slight extra complexity and cost they involve. I suspect that as experience with that program occurs, its use will become quite common. However, I believe that strict controls and tough laws, really en forced,. remam the essential elements of protection against misuses of information technology. In 1971, I questioned ~heth~r the Bill of Rights was adequate to protect people in their relationship to our modern state. Nothing that has transpired since has calmed my concerns. On the contrary, the revelations of the p~ 4 years here and observations of the situation m many other countries has reinforced m-y helief thnt trends in modern states-even democratically governed socletics put too much power in the hands of rulers, even totally honest ones. 191

PAGE 181

In my earlier testimony I said that there was serious danger of Creating an information tyranny in the innocent pursuit of a more efficient society. Man trends in social, technical, and industrial evolution f f have restrictive e ects upon the actual freedom of choice and mobility of individuals. In my view, the most serious problem facing the democratic industrial societies, including our own, is the question of how to manage adequately the complex interdependent world.that is emerging. This Issue ss closely related to the informatlon problems we are discussing. Many practices that e ? pose long-term threats to democratic government and personal fre dom are being, and will continue to be inaugurated because they provide a means of making the society f unction more effectively. The exchange of computerized credit information and the exchange of criminal data are examples of this. The ever increasing scale of industry and matching growth in the size of government are also examples. Many serious students of the social scene question whether it will be possible to preserve our democratic institutions in the difficult time ahead. Robert Heilbroner, for example, in his recent booli, .4n Inquiry Into the Human Prospect, raises many questions about the viability of democratic government, in an era of confrontation politics and resource shortages. Some sociologists believe that the overriding commitment to efficiency implicit in technolo~ical society has meant from the start that the needs of the system, t~e society, would inevitably be given priority over the rights of the individual, and that it was only a matter of time before the democratic processes could not handle the evolving sit uat ion. This is the central question of our times. Incidentally : what evidence one can gather from the experiences of other countries leads me to conclude that overmanagemcnt of a societ,y actuallv reduces its effectiveness; that centralized control works considerably less effectively than our form of industrial democracy for managing a technological society. One can see the effects of overcontrol in our own country. Rwulations, needed or desirable for one purpose or another, have almost always restricted the ability of the regulated industries to innovate and respond to changing conditions and thus in many cases have made further controls necessary that in turn introduce further inhibitions on adaptation, and so on. While this set of problems is perhaps bqvond th~ present interests of the subcommittee, I brin,g them to your attention for I see a major extension of the present set of th r~nts to personal frwdorns in growing controls in the economic and social system. These trends w-ill pose less of a threat if the safeguards ngain+ misuses of information systems that you are considering are solid and functioning well. That is why I have stressed the fact that although new technology was R factor in most of the recent excesses, they omlrrcd bemuse of the nbil ity of individuals to carrv out widespread illegal activities undetected or. at least. unreported. 192

PAGE 182

Safeguards must be provided against violation of constitutional freedoms andthesecanonl be provided through legislation; they 1 cannot be provided by technoogy. In 1971, I suggested some actions that should be considered to provide such safeguards and in the interim new legislation has included some, but not all of them. I know others of these are still very active on the list of things still being considered I made the following proposals: 1. Congress should establish a watchdog authority, perhaps an independent agency, possibly a division of the General Accountin g Office, perhaps the FCC, to review regularly the public and private information gathering and processing activities within the country. The agency should have the authority to examine the nature and extent of such activities and should report its findings to the Congress and the public. 2 Congress should set rigid limitations on permissible surveillance activities and establish much stronger safeguardspenaltiesthan now exist against misuse of data-file inf ormatlon. 3. Action should be taken as quickly as feasible to reestablish public confidence in the sanctity of the boundaries. of an individuals physical and psychological living Space. This will require a number ofi steps. Outlawing some activities Such as the free exchange of private information, which has already been done to some extent, collecting data not needed b y an agency, and so forth,will help a good deal. Acknowledging publicly the exten Of pemisslble surveillance and by whom is also mport~n~. requiring disclosur of nonsecurity type data to the concerned Individual seems possllible in many situations. In the few situations where this will not work, as in national security matters, judicial controls should be strong. 4. The development of technical means Of insuring data security and safeguarding privacy should be stimulated and their use required for systems Storing personal information. Much of this has been done. These remain Sound go~ls ~nd to the degree that they are yet to be realized, they should be pursued vigorously. I have become con~rince~ in tl~~ interiln that the s~feguard ~?wtcm needs another el~rnent. rt rn!~~t ~SSllre a greater degree of individual responsibility and accoun$ablljtj. ~~nfo~tunately, I clo not have a satisfactory proposal to make m this connection. I see two aspe~ts to the Xlla!ter. First, t~~e indi.vidwd responsibilit y not to engage In illegal surve~ll~nee acts Of all k~nds should be firrn] y established. This. does not appear ~0 present chfficult problems. Second, there -1s q nepd to est~h!lsh some degree Of individual accountability for mstltut~onal b~ha~-l~r. Th does appear to POSC serious problems. The first objective,. estab~is~~i?g personal responsibility h:ls bem met to some degree. ~+lred hands In t~~~ ll~atergate C=.e defended their actions on the grouqds that ~h~Y ~~~re just fO~lO~lng orders. The courts, obviously> belleved that they had personal r~spcmsibility for their actions. The law does not extend this responsibility far enough at tile present time. For example, I doubt that employees of a te~ephone company 193

PAGE 183

executives, technicians, and so onwho cooperate in an illegal wiretap are guilty of an illegal act. This obviously is a matter of considerl ab e importance. The second point is much more difficult, for in any obvious form establishing personal accountability for institutional behavior would 1 involve an element of group surveilance which in itself does violence to the meaning of privacy. Perhaps imposing a clear-cut responsibility u on a definition, smalI number of officials in an organization is a way o handling this problem. One needs to be extremely careful to avoid a cure that is worse than the disease. Here is an opportunity for a creative act. I had one final recommendation in 1971 that I want to make again. We should be prepared to accept the cost of considerable inefficiency in our various social and governmental processes to safeguard our privacy and, as I judge it, our freedom, dignity, happiness and self-respect. By costs, I mean both the financial cost and the loss of a degree of control that the state might otherwise have over genuinely threatening individuals such as criminals and violent revolutionaries and even potential foreign agents. Our difficult task is to achieve a proper balance between the ability to cope with individual threats to the society and its capability to abridge the freedom and happiness of its members. In countries where the legal system cannot be counted on, the people are at the mere of the administrators and they must hope that the t bureaucracy wi 1 be benign. Such a situation smothers freedom. We cannot afford to take the continuation of our liberties for granted. Thank you. 194

PAGE 184

APPENDIX 10 Department of Political Science MOUNT HOLYOKE COLLEGE South Hadley, Massachusetts O1O75 Telephone 413538-2132 March 18 } 1977 Ms. Marcia J. MacNaughton } Project Director Investigation of a Request to Assess the IRS Tax Administration System Office of Technology Assessment Congress of the United States Washington, D.C. 20510 Dear Ms. MacNaughton: I have read OTA I S report on the internal Revenue services proposed tax data bank with great interest. The report is excellent--precisely the kind of broad-guaged study of the hum~ consequences of technology that Congress ought to be doing. With this repor t ) the Office of Technology Assessment is off to an auspicious start. Like any citizens I am delighted whenever the seeks to im-its abili~ to collect taxes and better serve the t~ayers. The proposed Tax Administration System seems to make administrative sense and I applaud the idea. However, having spent a good deal of the studying the broder implications of government data banks and having personally been the target of one of the IRSS politic~ audits (because I was questioning the propriety of military data banks on citizen's ad helping Congress to investigate them), I must temper my enthusiasm for this obviously useful idea until it has been more thoroughly examined. If there is one thing I have le=ned from studying government data banks, it is that decisions =$-W their contents md use are normally made in bureaucratic seclusion W a~nistrators Who S = krgely oblivious to, or unconcerned a~t~ l~ger issues of PrivacY) confidenti~itY~ due pmces s $ or equity of administration. I think that was true of the illconsidered proposal for a Natio~ ~ta IB~ in lg~~ the Justice Department and Amy data banks on civili~s in the late l$@s~ the nIs National Crime Information Center in the e=~ lY70s~ the ~D~ p~posal in 1974, and the computerized tax audits of the governments cfitics w~ch have more recerrtly shmedtheIRS. Information is one of the chief sources-of govermnental pmer--power not only to carry out constitutional duties $ mt to h=ass po~tic~ opponents and manipulate the ruutine lives of citizens for good or ill. Ikcisions governing the use of this power belong not in the anonymous ranks of bureaucracy, but in the public halls of Congress. It is there $ and only there> that a democratic socie~ can properly weigh the promised gains of new information systems against 195

PAGE 185

-2the threats they may pose to liberty and privacy. Moreover, these decisions must be made by men and women who understand the institution~ short-sightedness of administrators and recognize the need for checks and balances, administrative and legislative accountability, and public participation, even at the cost Of some efficiency. If this Madisonian view is to be found anywhere in governme nt today, it lies in Congress and not in the executive branch. Although OTAS report is only a preliminary one, it demonstrates quite ckarly that further investigation and analysis is imperative before this new data system is implemented and the cost of reform becomes prohibitive. The questions raised are not easy ones. Reasmable men will differ, but the questions must be addressed. It is regretabk that the IRS, which must reearn the respect of the American people, did not address these questions more thorougly in its initial presentations to Congress. Perhaps the OTA report will stimulate it to do so now. If it does not, Congress should hold the proposed computer hostage until the Service does. Even if the proposed system poses no threats not inherent in the current system ~ Congress should still use this occasion to conduct a full-scale policy review> not just because the handling of tax data affects virtuaUy every citizen in the country, but because a precedent needs to be set for the scrutiny of other data systems now on the political horizon.. This review might profitably begin with informational hearings, followed by a more comprehensive OTA study, IRS studies, and another round of legislative hearings at which the possibility of enacting a charter for the proposed system could be considered. Indeed, the entire inquiry might be constructively focused if the drafting of a charter were made its ultimate objective. It would be premature to anticipate the contents of that charter, but it certainly could include due process rules to govern what information is collected (e.g. from grudge informers), how long it will be kept, who shall have access to it and when citizens may have access t O and may challenge the contents of their records. Special procedures could be established to expedite the correction of errors and provide ner channels of accountability. In sow instances, Congress might want to prohibit the collection or collation of certain kinds of information on the ground that they pose too high a risk of intentional or unintentional abuse. Congress might also want to forbid the interfacing of the IRS data bank with other systems without special legislative permission. For example, it is common knowledge that the IRS works closely with the CIA and military intelligence to provide special tax treatment for companies owned or used as fronts. This special relationship might well be abused, perhaps by giving the agency access to a terminal from which data could be obtained facilitating the theft of trade secrets or the exploitation of the economic vulnerabilities of Americans the CIA might wish to recruit for clandestine operations. Tapping of the IRS computer might also be forbidden } if that practice is not barred by other legislation now pending before Congress. 196

PAGE 186

-3Finally, Congress might wish to S pe C fi Y additional forms of public participation in the policy-making process beyond testimony at its public hearings. For example, the IRS could be directed to hold administrative rule-making hearings as it seekS to implement the charter and a temporary study commission of official and citizen experts might be set up to monitor the implementation and propose further legislation, if necessary, to safeguard non-bureaucratic interests. These are just some thoughts that com to report. I appreciate the opportunity to share of Technology Assessment Please feel free to be of further assistance. mind as I read the them with the Offie call on me if I can Christopher. le Assistant Professor 197

PAGE 187

APPENDIX 11 REVIEWERS COMMENTS The charge of the OTA panel on TM which resulted in this report was to advise OTA how to proceed with the request from the Chairman of the Ways and Means Committee. There was therefore no attempt to raise all of the relevant issues, nor to attempt to develop findings from those which were raised. The boundaries of the OTA preliminary review of the TAS were determined by the terms of the Committee request. The Committee was aware, as was OTA, that the General Accounting Office was already engaged in an evaluation of costs and benefits of the TAS and a study of information privacy and technical and physical aspects of TAS. At the request of OTA, a number of reviewers commented on the draft report, which recommended that more information be obtained by the Committee on questions regarding privacy, due process and civil liberties. In general, they recommended the addition of questions which would obtain information to help determine the need for a full assessment of TAS. This advice is exemplified by the following excerpts from one reviewers comments: I suggest that similar questions should be raised in relation to the existing tax system, so that Congress may be able to determine whether and how the proposed new system would add to (or diminish) existing risks and add to (or diminish) existing safeguards. Since Congress is to be asked by IRS to change an existing system, such a comparative appraisal would appear necessary to evaluate the significance of the proposed changes.) Second, I do not know whether the terms of the letter of request from the Subcommittee on Oversight are intended to limit the proposed assessment to risks and safeguards concerning due process, privacy, confidentiality, and security. These are matters of the utmost importance, too often neglected or treated inadequately in regard to governmental (and private) information systems. Nevertheless, for the purposes of a broad congressional appraisal, would it not also be necessary and appropriate to undertake a cost/benefit analysis of anticipated financial costs and anticipated administrative and tax benefits, again on a basis which would emphasize anticipated changes in costs and benefits to be discerned from a comparison between the proposed new system and the existing system? I therefore suggest the addition of a line of questions directed toward such comparative cost-benefit analysis. Other reviewers recommended that, in view of the complexity of the software, an assessment include the entire question of the technical feasibility of the system. Extrapolation, they felt, could be made from existing systems of comparable size, complexity and sensitivity. The draft report was reviewed by the members of the OTA Advisory Council who recommended that: (1) a cost benefit analysis be undertaken, and (2) that Congress consider the implications of the misuse of the system for other than tax purposes. 198

PAGE 188

APPENDIX 12 COMMENTS ON TAS BY DR. KENNETH LAUDON, JOHN JAY COLLEGE OF CRIMINAL JUSTICE, CITY UNIVERSITY OF NEW YORK I have carefully read the IRS Report of Proposed Changes in the Internal Revenue Services Computerized Data Processing and Accounting System, and the draft of the OTA Investigation of a Request to Assess the IRS Tax Administration System. I am pleased to submit the followin g remarks I. Nature of the Proposed Tax Administration Syste (TAS) It is difficult to tell from the scanty IRS repor t if, as IRS claims, they are simply building a better wheel, or as previous commentators suggest, they are re-building the entire transpiration system. Indeed the IRS report itsel f seems confused on this: great advantages are promised (along with great expenditure) but when objections are raised about its social impact, the report claims very little changes from existing practice will occur. Some facts speak for themselves: the proposed system will cost nearly a billion dollars when complete, will involve the training of 50,000 employees in its use, and will be the largest, most complex, and sophisticated state-of-the-art system of its kind at completion in 1985. These facts alone argue fo r Congress and the public to make a thorough assessment of the system. -Do we want to build a billion dollar system on the basis of an antiquated and unnecessarily complex tax structure? -Will the building of the TAS simply permit the continuation of existing tax practices, obviating the need for simplification and reform? -Could the same resources be better spent towards simplifying the tax laws? 199

PAGE 189

p. 2 II. Impact on the Quality of Life for Citizens Previous commentators have argued that the TAS system may pose a threat to the quality of life for citizens by enfringing upon their privacy, threatening due process of law, and inhibiting exercise of constitutional rights by potential misuse of the system. These are very real threats which careful assessment and monitoring by outside observers may be able to avoid. But there are other aspects to the quality of life than constitutional rights. (A) Degradation of Service Observations by myself and others indicate that in both public and private sector applications there tends to be a decline in the quality and often quantity of services provided clients, supplicants and customers subsequent to the installation of management information systems. It appears that unless systems are specifically developed to deliver more and better service (such as the airline reservation system), they tend to do so only as an incidental by-product. Indeed a distinction ought to be made between service systems and management systems. Most systems development follows rather closely the management information systems design. The purpose of these systems is to make life more convenient for managers by orchestrating the flow of information from point of collection to senior management and to provide for closer surveillance over the client population and lower level workers. While management information systems may lead to laudable advances in efficiency and effectiveness, the gains are often at the expense of service. Examples abound in universities, hospitals, government agencies, and private enterprise which illustrate that the quality of service to clients declines. The proposed TAS system is a management system. IRS claims the average citizen will derive significant benefits in service from the new system (largely by having more immediate access to tax records). But several questions emerge: -Has IRS done a survey of taxpayer needs for service? -How will the TAS assist taxpayers in the preparation of returns? -Will TAS make it easier for local IRS agents to serve the public with tax preparation assistance? The current TAS plan appears to distort the balance between the goals of service to taxpayers and management effectiveness in surveillance and enforcement. One topic for consideration by any future assessment should be how 200

PAGE 190

p. 3 this billion dollar system can be used to deliver more high quality service to the average citizen. (B) Taxpayers as Unpaid Labor The decision by managers to build systems suited to their convenience and the need for organizational efficiency often leads to the seemingly bizarre result that the clientele and lower level workers have to do more work for no pay. The clientele in most cost-benefit studies of modern systems typically appear as unpaid components who need nevertheless to behave in a certain rigid way in order to make the system work efficiently that is, to assure benefits accrue to the organization and the convenience of management. Clients of social agencies are expected to travel further, wait in longer lines, sit in receiving rooms, all without pay so the system can operate efficiently. Similarly in hospitals which have developed hospital information systems, patients are still queued before diagnostic and treatment centers although individual appointments could be simply accomplished without stressing modern computer technology. Likewise with students who in automated registration systems must take class cards back and forth from one instructor to another for signatures which the computer cannot read anyway. It is precisely this redundant labor which modern computer systems were supposed to eliminate and which presumably they could eliminate. The TAS proposal makes little or no mention of taxpayer and lower level employee workloads in the preparation of taxes or in the defense a taxpayer often has to mount when disagreements arise. Under the current accouting system where citizens can count on several weeks or months delay, the work of preparing taxes and defense thereof can be scheduled to accommodate the timing of other responsibilities. Will the new system with much faster response times impose more disruptive scheduling requirements upon taxpayers? other questions along these lines are: -Will the proposed TAS system increase the case load of lower level workers and thus decrease the amount of time they can spend with individual taxpayers in face-to-face interaction? -Is it conceivable that TAS be built in such a fashion that some of the benefit of modern systems would accrue to the citizen, e.g., through less redundant and unpaid labor? -Has the IRS investigated existing workload requirements on taxpayers and considered how the TAS may affect them? 201

PAGE 191

p.4 (c) are Systems Take on a Life of Their Own: Harassment and Svstem Error It is a sanguine thought that computers only do what the y programed to do There at least three reasons why thi s notion is untenable: 1) Dirty Data: The admittedly mundane consideration of how information comes to the computer and how it is put into the machine takes on real significance when dealing with large numbers and when important decisions affecting reputations and government action are involved. Public sector systems are notorious for basing decisions on erroneous input data. Recent studies have found State Criminal Justice Information systems operating with 20% of the files having substantial errors of fact and welfare systems with case errors of 24%. Private systems-from credit data reporting systems to insurance company medical files--may be just as unreliable. In the case of IRS, basic data is supplied by individuals, financial institutions having transactions with individuals, and other government agencies. Even if we assume this information to be correct, actually putting it into the computer requires some keypunching. With the kind of data IRS works from, skilled keypunchers can be expected to make at least one error in a hundred strokes and probably more. With a 1:100 error rate, a reliability check can be used to reduce the probability of error to 1:10,000. If 100 million new returns are filed in a year, this works out to 10,000 cases where business returns, but includes only individual taxpayer returns. If we admit that other institutions which report to IRS also are subject to the same kinds of errors, the actual number of errors is probably a good deal larger than 10,000 returns. Several questions should be asked: -What is the rate of error in the existing system attributable to erroneous input data, and keypuncher error? -What steps have been taken in planning the TAS system to reduce this error rate? -In planning TAS, has the IRS taken steps to increase the reliability of data supplied to them by employers and financial institutions ? 2) Programming Error: The internal reality of a computer is a program, composed of thousands of hierarchically arranged and logically related statements which instruct the machine how to deal with information fed to it from outside. Unfortunately, 202

PAGE 192

p.5 the internal systems reality often does not jibe with the reality most of us inhabit. This occurs for a variety of reasons In translating manual information practices to machine form, important rules of thumb invoked by employees but not part of the official decisionmaking procedure are overlooked by programmers and systems designers. In New York City, for instance, the Traffic Violations Bureau built a traffic scofflaw system to increase compliance from violators. Unfortunately they failed to allow for the situation where a car is stolen, and then driven around town for several weeks by the thief before it is recovered. The computer was programmed to send threatening messages to the legitimate owner. In the most recent publicized case, the legitimate owner had to appear several times in court, and before several hearings where he was advised it would be better to pay up. Moreover, it turns out to be very difficult to modify the Traffic Departments procedure. In the manual tub days it was possible to reach in and pull out a single file and expunge it. Not with computers. In this event th e original programmers had moved on to other jobs or were deceased, and they left very poor documents on how the program worked (not untypical at all). As the Director of the Bureau pointed out, it was impossible to estimate how much it might cost to patch the program. A patch might work, but it might not, in which case the system would crash. In this latter event, an entire new program costing a considerable amount of time and money would have to be developed. To some extent these problems can be avoided by adequate documentation of programs, and the use of modular as opposed to global programming strategies which more readily permit changes (and which are more expensive in terms of machine efficiency). -Has IRS adequately anticipated the inherent difficulties in re-arranging existing automated flows and the creation of new programs to serve entirely different functions that heretofore? What level of resources have been devoted to de-bugging the system? 3) Inter-Dependency of Systems: With the discovery that computers could talk to one another, a new problem arose: it is possible for one system to take incorrect output from another system and treat that output as if it were correct. I was recently asked by the State of New York, for instance, to pay taxes on a capital gains made in a previous year. Soon letters arrived from the City Income Tax Bureau. Several letters to both jurisdictions protesting that I never made a capital gains in that year were to no avail. I was able to obtain copies of my federal returns from the IRS, and 203

PAGE 193

p.6 fortunately was able to show both the State and City at a hearing that there exist no physical records of such a capital gains despite the fact that computer records supplied by the IRS indicated such a gain. The actual source of the error in federal computer tapes will no doubt remain obscure. But this illustrates the kind of organizational ping-pong to which citizens are subject as very complex systems socialize with one another. There seem to be no mechanisms developed to allow one system to check on the reliability of incoming data from another system. No doubt these mechanisms would be expensive. But I am concerned that as the speed of transactions among federal and state systems increases, and as the volume increases, states and cities will devote few if any resources to checking the reliability of incoming data from the IRS It is much more efficient to accept the system reality as the only reality. Most commentators point to the danger that the TAS could be used intentionally to harass groups of citizens. The point of r TW remarks on system errors is to suggest that a good deal of harassment generated by any large system is unintentional. This kind of harassment can be reduced to a minimum, technologically feasible level only with careful planning and the expenditure of resources. (D) Obfuscation of Authority As large systems centralize into larger and larger operations, as dependencies grow among systems, it becomes increasingly difficult to find responsible individuals who can change the action of the systems involved. The computer scientist !1. Minsky has written that major programs of large systems involving millions of transactions can no longer be understood by any single person or by a small team of individuals. Joseph Weizenbaum, another computer scientist, suggests that we are placing great reliance on huge systems in the hope of being able to rationally control and analyze society but which have surpassed the understanding of their users and become indispensable to them. When eminent computer scientists begin raising red flags, suggesting that some large systems may be beyond the control of even those who build them, I think society should pause at least one moment and take stock. These statements are not just idle musings as the following incident in New York illustrates. In 1968 New York State completed conversion of its criminal records (arrests, rap sheets, finger print file) from manual to computer files. Shortly thereafter it began routinely 204

PAGE 194

P. 7 sending all new arrest records to the F.B.I. to check for potential outstanding warrants in other jurisdictions. In establishing the computer programs to govern this exchange, programmers simply forgot about the 1944 Youthful Offender Law which barred government agencies, banks, and other institutions from access to criminal files for persons judged to be youthful offenders. The F.B.I. criminal offender system accepted what was essentially illegal output from New York, and made it available to all agencies which typically have access to its files. And since 196? the F.B.I. has collected over 100,000 computerized youthful offender records. In 1973 the Director of Data Systems for the State Division of Criminal Justice Services informed the FBI it was releasing information which according to State law should be sealed. The F.B.I. responded that it was not its responsibility to verify the accuracy or legality of data submitted by the state, and moreover that the State would have to submit the names on a purge list (and bear the cost of programming.) By 1977 there remained 67,000 illegal files from New York State in the F.B.I. system. It is important to note that the facts in the example became available only after the threat of legal action by a man who had lost two jobs with banks because of improperly sealed files. The above example illustrates how important features of social reality, in this case State laws, can be easily overlooked by programmers. It also illustrates the problem of responsibility; to argue the FBI not responsible for, illegal information in its files supplied by another agency is like arguing a fence is not responsible for selling property he knows is stolen. Who Will Oversee These Systems? The example above also illustrates the problem of oversight with these mammoth systems. I am optimistic that these systems can be effectively monitored if sufficient resources are devoted to the task. The question is will the society actually develop mechanisms for effective oversight and guidance? With respect to TAS: Is there an agency of Congress with sufficient resources and skill to provide effective oversight? What are the costs of an oversight mechanism sufficient to the task? Should these costs be added to the overall TAS system costs? 205

PAGE 195

p.8 The question of whether the TAS system should be built as planned seems ultimately to depend on an assessment of societys ability to guide and monitor this system Without this social assessment we are liable to find the rockets we shoot up coming down on our heads. 206


xml version 1.0 encoding UTF-8
REPORT xmlns http:www.fcla.edudlsmddaitss xmlns:xsi http:www.w3.org2001XMLSchema-instance xsi:schemaLocation http:www.fcla.edudlsmddaitssdaitssReport.xsd
INGEST IEID ENJXKS9HY_289HQ0 INGEST_TIME 2017-05-22T19:34:13Z PACKAGE AA00055185_00001
AGREEMENT_INFO ACCOUNT UF PROJECT UFDC
FILES