Crapo: IRS Has “Not provided any substantive response” Regarding Stolen Taxpayer Files

In a news conference on the Democrats’ proposal to increase IRS funding by $80 billion, Senate Finance Committee Ranking Member Mike Crapo (R-Idaho) said the IRS has still “not provided any substantive response” regarding stolen taxpayer files which were given to the progressive group, ProPublica.

A reporter asked Crapo:

(23:10) “Have you heard back from the IRS about your letter on December 3rd asking about the issues with the ProPublica leak and your concerns there?”

Crapo replied:

(23:21) “No. We have been in communication with them, we have asked them multiple times where they are in the investigation and as of now they have not provided any substantive response. 

The full news conference can be viewed here.

On Dec. 1 Crapo and 13 of his Finance Committee colleagues sent a detailed letter to IRS commissioner Charles Rettig urging him to probe the theft of private taxpayer files of thousands of Americans spanning a period of 15 years. The letter, which comes nearly six months after progressive outlet ProPublica published the stolen information, calls out the agency for its foot-dragging in determining the source of the breach.

The letter criticizes Rettig for the agency’s slow response to a serious violation of the privacy of American taxpayers. The Senators wrote:

Despite clear and ongoing evidence of a threat of a data breach, in response to a letter sent to you by Senators Grassley and Crapo, you responded in part that “We do not yet know whether there has been a data breach or a threat of a data breach.” Your letter of September 13, 2021, also notes that “We do not yet have any information concerning the source of the alleged taxpayer information published by ProPublica.”

Earlier this month Treasury Secretary Janet Yellen said — for at least the fifth time — that she still does not know the source of the IRS leaks. 

The Crapo letter points out how the IRS does not have proper safeguards in place to protect confidential taxpayer data. As the letter notes:

Even before ProPublica began publishing articles utilizing taxpayer information, significant issues with IRS IT systems were well documented. In fact, the struggles of the IRS to modernize IT systems is something of an old chestnut in tax policy circles. Aside from a reliance on COBOL which is referred to as “geriatric code,” it is also reported that the “IRS main software “Master File” was developed in 1962 and uses nine-track tape for data storage. None of the IRS programs have ever been that well coordinated.”

Crapo and his colleagues go on to say that IRS contractor relationships introduce additional security vulnerabilities that have not been adequately addressed. The Treasury Inspector General for Tax Administration recently recommended that the IRS implement end-to-end encryption in transferring taxpayer data to Private Collection Agencies to protect taxpayers against unauthorized access and disclosure. Despite the recommendation, the letter notes that “PCA information residing at the IRS had not been encrypted in the production environment.”

The lack of competence on the part of the IRS is especially shocking in light of their request for unprecedented funding. The letter points out that:

the IRS and Treasury are advocating for an unprecedented, nearly $80 billion, amount of mandatory funding from general taxpayer resources. In the funding scheme being advocated, the IRS is to be provided with a mandatory stream of $80 billion, after which the IRS would report to Congress on how it plans to use the funds—that is; fund now, plan later. Such a scheme, in the face of ongoing alleged privacy leaks of what appear to be IRS information, the source(s) of which no federal agency appears to have any knowledge, and in the face of known serious deficiencies in IRS data protections, defines irresponsibility.

The letter concludes with a series of questions about the agency’s response to these leaks, including how many employees have been tasked with this investigation, what is the status of  IRS’s efforts to resolve the 120 open GAO recommendations, how many contractors has the IRS provided taxpayer information to that has not been encrypted over the past year and the past 10 years, and how much of their requested funding would the IRS plan to use on additional digital surveillance of taxpayers. 

Given their failure to protect sensitive taxpayer information, every American should be concerned about the Democrats’ proposal to increase the size and scope of the IRS. 

The PDF of the letter can be found here.

Photo Credit: United States Senate