EPIC Comments on IRS Compliance 2000 Proposal

January 18, 1995

Internal Revenue Service 
Office of Disclosure 
1111 Constitution Ave., NW
Washington, DC 20224

Re: Compliance 2000

Dear IRS Official:

	We write to express our opposition to the proposed expansion of
IRS record access under the Compliance 2000 program, 59 Fed. Reg. 65573
(proposed Dec. 20, 1994).  We believe that the proposal violates the
central purpose of the Privacy Act of 1974 which is to limit access to
personal data by government agencies.

	Compliance 2000 calls for the integration of data from such third
party databases as "commercial sources, state and local agencies,
construction contract information, license information form state and
local agencies, Currency and Banking Reports (CBS), data regarding assets
and financial transactions from state and local agencies, and information
on significant financial transactions from reviews of periodicals and
local newspapers, and other media sources."  The program may also provide
on-line access to "any state's Department of Motor Vehicle (DMV), Credit
Bureau information, real estate ownership information, and commercial
databases."

	Our objection is based on the following points:

	First, if the program goes forward IRS agents will be given
access to a wide range of detailed personal information not subject to
the requirements of the Privacy Act. Given the recent incidents involving
"browsing" by hundred of IRS employees, we are not convinced that the
IRS's privacy policies are adequate to prevent the harms that would
result from access to this far more detailed and more personal
information.  We believe that the number of incidents involving improper
disclosure and sale of personal data held by government agencies will
increase and the privacy of taxpayers will necessarily be diminished.
Access to these data sets would require, at a minimum, expanded coverage
of Privacy Act safeguards to records held by third party sources.


	Second, the IRS currently lacks adequate privacy oversight to
ensure that access to this data is not routinely misused by the agency as
a result of agency-wide programs.  There is no independent federal agency
that is competent to assess the IRS's compliance with the Privacy Act nor
to assess whether the proposed program will result in further violations
of individual privacy.  Until such an agency, with sufficient resources
and expertise is established, there could be no assurance that the
Compliance 2000 program will not lead to other unanticipated uses of
third party source data.

	Third, the proposed access to third party records will result in
a dramatic reorientation of IRS compliance programs.  Whereas the current
program relies largely on voluntary compliance and case-by-case
investigation, the proposed changes under Compliance 2000 would lead to
routine investigations into personal financial activities across whole
sectors of the American public, without any indication of wrongdoing or
misfeasance.  Such an approach toward tax compliance is contrary both to
the laws regarding tax collection in the United States and to the central
purpose of the Privacy Act, which is to limit the use and disclosure of
personal data by government officials.

	Fourth, the incorporation of these data sets will likely result
in the increased use of the Social Security number for record
identification.  The growing use of the SSN has already increased the
level of credit fraud and banking fraud in the United States.  Greidinger
v. Davis, 988 F.2d 1344 (4th Cir. 1993).   Further efforts to integrate
record sets based on the SSN will result in higher levels of crime,
increasing theft of personal data, and further intrusions into privacy.
If the IRS goes forward with the proposal, it must also recommend
restrictions on the use of the SSN in the private sector.

	Fifth, we object to the very brief period of time given to the
public to express comments on the Compliance 2000 proposals, particularly
considering the scope of the plan and the potential impact on the privacy
of American taxpayers. The Federal Register notice is dated December 20,
1994 and comments are requested by January 19, 1995. Furthermore, the
notice states that "This revised system of records will be effective
January 30, 1995, unless comments are received which result in a contrary
determination."   Six working days is hardly sufficient time to assess
the public response to this proposal, nor is there any indication in the
Federal Register notice of the need to fast track this plan.

	Finally, we note that the IRS notice provides no opportunity for
individuals to submit comments by electronic mail nor does the IRS plan
to make comments available for inspection and copying electronically.  We
believe that such procedures are now essential for public input into
agency decision-making.  Considering the substantial funds that are being
spent by the IRS to further automate and expand the agency's programs, we
recommend that all future federal notices seeking comments contain
information about how to respond by electronic mail and provide
procedures for inspecting comments electronically.

	We appreciate this opportunity to provide comments to the IRS
regarding Compliance 2000. We urge the agency to develop more
comprehensive privacy safeguards before going forward with proposals to
expand IRS access to personal records held by third parties.

					Sincerely,


					Marc Rotenberg, director
					EPIC

cc: 	Senator William Roth
	Senator John Glenn