As discussed in a story in this morning’s Tax Notes, the IRS intends to begin requesting electronic files as part of taxpayer examinations so that it can analyze the “metadata” contained in those files. Metadata, sometimes referred to as “data about data,” generally shows information about a computer file, such as its editing history. The IRS claims that such information “may be relevant” to taxpayer examinations because the information “may support or undermine the credibility of the records offered to substantiate the accuracy of the [taxpayer’s] return.” See Chief Counsel Advice 201146017.
To obtain taxpayers’ metadata, the IRS would issue a document request or summons for unaltered electronic copies of taxpayers’ data files, such as are used in their financial and accounting software. These files would contain the metadata that the IRS seeks regarding when and by whom entries to the files were made.
But would the IRS be the only group to access the information contained in these files?
Needless to say, many taxpayers are uncomfortable about providing electronic records to the IRS, in part because financial data is often not maintained in discrete files that relate only to one year, but instead contain information related to several different years. As a result, a disclosure of a file related to one year may wind up providing significant amounts of information that are unrelated to the examination.
Taxpayers will no doubt spend significant amounts of time and money arguing the merits of these requests with the IRS. For instance, does a request for metadata satisfy the relevance requirement of Code section 7602(a) and United States v. Powell, 379 U.S. 48 (1964)? The answer to that question requires deeper analysis than is susceptible to a mere blog post.
Nevertheless, another issue is lurking in the background, which taxpayers and their advisors should keep in mind: the strength of security of the IRS’ own computer systems. As reported over the past few years (see, e.g., PC World, CNET, and, most recently, the LA Times; see also this recent report from TIGTA), significant questions remain outstanding about how well the IRS protects the data in its computer network, which contains substantial amounts of taxpayer data. As it is, IRS systems are subject to attacks from so-called “black-hat” computer hackers. If the IRS successfully obtains companies’ general ledger files and other sensitive materials from taxpayers, it will likely find itself the subject of even greater intrusion efforts.
This morning’s Tax Notes article focuses a great deal on whether the IRS is prepared to process the enormous amounts of information that would be collected under its new proposal. Just as importantly, though, is the IRS prepared to protect that information?