WASHINGTON -- The IRS has earned a reputation of being staffed by humorless agents, merciless auditors, and a perceived commitment to civil liberties that ranks somewhere just south of Ghengis Khan's.
So why is it winning applause as the most privacy-sensitive agency in the United States?
At a National Institute for Government Innovation summit, an IRS official claimed on Monday that the federal agency everyone loves to hate is doing good on privacy.
"The loss of privacy is the No. 1 fear of Americans," said Charlene Thomas, the IRS' deputy privacy advocate. "It outranks nuclear holocaust in surveys."
For example, Thomas said the General Accounting Office selected the Privacy Impact Assessment, which her office developed, as a government best practice.
It's a guideline for designing and operating databases, and states: "Information must be used only for a necessary and lawful purpose.... Any information used must be sufficiently accurate, relevant, timely, and complete to assure fair treatment of the individual."
As proof of its privacy commitment, Thomas said that the IRS will likely move away from its current training system, which requires new agents to be trained using "live" tax data, including the real names and financial data of taxpayers.
And while the IRS wants to encourage more electronic filing of tax returns, Thomas said the agency won't relax its privacy guidelines for companies that want to integrate their tax preparation services.
While all these steps sound responsible enough, government auditors recently found that the IRS' internal security is riddled with as many holes as the tax code has pages.
"Access controls over IRS' electronic filing systems were not effective in adequately reducing the risk of intrusions and misuse of electronically filed taxpayer data," the GAO said in a damning report (PDF file) released last month.
"We demonstrated that unauthorized individuals, both internal and external to IRS, could have viewed and modified electronically filed taxpayer data on IRS computers. For example, we were able to access a key electronic filing system using a common handheld computer."
In addition, Privacy Journal reported last year that the IRS shared names and home addresses of at least 225,000 taxpayers with H&R Block.
The IRS said it has reformed its ways. In a response to the GAO dated February 2001, IRS Commissioner Charles Rossotti claimed: "We have strengthened our systems' security, and we will remain vigilant to keep our e-filing process the safest possible."
So has the IRS truly become a bunch of privacy fanatics?
"I'll try to stop laughing," says Brad Jansen, a policy analyst at the conservative Free Congress Foundation. "First of all, we've already lowered the standard because federal agencies show such little regard for privacy. The fact that they're the most privacy protective is comparing them to a very low standard."
"There have been IRS abuses when agents look up information about celebrities," Jansen says. "We've had the IRS information now collated into the FinCEN database, which is now available to 63 law enforcement bureaucracies with no safeguards. We wouldn't need a federal tax agency if we went back to our constitutional principles."
Also speaking at the conference was Mary Baish, a representative of the American Association of Law Libraries, who argued that any document available at a local courthouse should be available through the Internet.
But John Dooley, a justice on the Vermont Supreme Court, said that making public records readily available on the Internet causes new problems for courts. "People have to be able to see what we do," Dooley said. "But giving out this aggregate data to anyone who wants to sell it is a problem."
Ryan Sager contributed to this report.
