Finance Republicans Raise Privacy Concerns with IRS
WASHINGTON, DC — Senator James Lankford (R-OK), along with Senate Finance Committee Ranking Member Mike Crapo (R-ID) and the rest of the Finance Committee Republicans, is asking the Internal Revenue Service (IRS) for information on a recent collaboration with the non-profit group Code for America (CFA), a partnership aimed at helping Americans file for Democrats’ expanded child tax credits.
In the letter, the Senators raise several concerns around security and privacy protections, especially in light of the massive leak of private taxpayer information from the IRS to ProPublica, and as Democrats seek to nearly double funding for the IRS.
The Senators wrote, “With CFA’s evident increased presence in tax preparation activities and endorsement of CFA by the federal government, it is essential that Congress obtain documentation and knowledge that taxpayer privacy protections are not at risk.
“In light of an ongoing purported leak of IRS data to ProPublica that include personally identifiable information and have been used for politicized articles, and given that taxpayer information is supposed to be protected by federal statute and enforcement, it is of utmost importance that privacy protections are closely scrutinized.”
Lankford has previously raised security concerns with the ProPublica data leak, which disclosed confidential, private, and legally protected taxpayer information. Lankford continues to remain concerned that the IRS and the Biden Administration are showing little regard about the chaotic handling of private taxpayer data.
Finance Committee Republicans signing the letter include Senators Chuck Grassley (R-IA), John Thune (R-SD), Richard Burr (R-NC), Rob Portman (R-OH), Pat Toomey (R-PA), Bill Cassidy (R-LA), Todd Young (R-IN), and John Barrasso (R-WY).
Read the letter HERE and below:
Dear Commissioner Rettig,
On September 1, 2021, the Treasury Department announced a Treasury, White House and Code for America (CFA) “collaboration” on an Internet-based tax tool for individuals who did not file a necessary tax return but seek to receive a child tax credit (CTC). The release included a link to CFA’s website and sign-up portal where individuals may access CFA software to prepare and submit tax filings necessary to receive the CTC and perhaps other stimulus payments.
In conjunction with the Treasury’s announcement, the White House changed its CTC website by replacing the IRS’s “Child Tax Credit Update Portal” with hyperlinks to www.getctc.org. Some view this replacement as a federal government endorsement or preference for CTC eligible individuals to use CFA’s software over the IRS’s software.
CFA also owns www.getyourrefund.org, an Internet-based portal providing “free” tax filing. With CFA’s evident increased presence in tax preparation activities and endorsement of CFA by the federal government, it is essential that Congress obtain documentation and knowledge that taxpayer privacy protections are not at risk. In light of an ongoing purported leak of IRS data to ProPublica that include personally identifiable information and have been used for politicized articles, and given that taxpayer information is supposed to be protected by federal statute and enforcement, it is of utmost importance that privacy protections are closely scrutinized.
Because of the recently established collaboration between the Executive branch and CFA, we are interested in obtaining information about the IRS’s collaboration with CFA, including documentation of adherence to all necessary taxpayer and privacy protections. Toward that end, please respond to the following questions and requests by January 17, 2021.
- Please provide any agreements between the IRS and CFA, including grants.
- Has CFA received Volunteer Income Tax Assistance (VITA) or Tax Counseling for the Elderly (TCE) grants? If so, please provide documentation, including Form 15272, compliance with security procedures, any coordinated corrective actions, and evidence that CFA has fulfilled all grant requirements and necessary documentation to ensure compliance with VITA and TCE’s terms and conditions.
- To the extent CFA has received VITA grants, please identify all CFA tasks, projects, and programs for which such grants are used.
- Has the IRS provided any information technology, including equipment, to CFA?
- Considering the sensitive nature of return information, and the apparent massive leak of a “vast trove” of taxpayer information to ProPublica, please provide a complete description of CFA’s security protocols used in any context of the IRS’s collaboration with CFA to protect tax return information, including any relevant compliance with Publication 4299 and the six security, privacy and business standards detailed in Publication 1345.
- Has CFA reported a security incident, as described in Publication 1345, to the IRS? If yes, please summarize each incident.
- Is CFA authorized by the IRS to be part of the e-File program?
- If CFA is an IRS certified e-File provider, please identify and substantiate with documentation, including substantiation of CFA adherence to the requirements in the IRS document “Become an Authorized e-file Provider”. Also, please identify when CFA applied to become an IRS certified e-File provider and when an approval was granted?
- Prior to September 1, 2021, how much time did the IRS spend developing its own CTC Portal?
- Please provide CFA’s past tax year of reports of potential identity theft refund fraud activity and its compliance, including the number of Form 3949-A’s CFA filed with the IRS. Has CFA missed any reporting deadlines?
- Has the IRS received a Form 14242, 14157, 14157-A or 13909 related to CFA? If yes, please summarize each report, complaint or affidavit.
- Is CFA a participating member of the Security Summit or Identity Theft Tax Refund Fraud Information Sharing and Analysis Center?
- Identify the number of returns that have been submitted through www.getctc.org and, separately, through the IRS CTC Portal and, for each of the two portal inlets, what percentage of returns were rejected?
- To your knowledge, how many refund deposits generated through www.getctc.org were to accounts that were not in the filer’s name, to an account outside of the US or credited to a debit card?