Skip to content
News Alert: Need help with a federal agency? My office can help.
U.S. National Debt:
  1. Newsroom
  2. News Releases

Finance Republicans Raise Privacy Concerns with IRS Collaboration

Request information on security, privacy protections for taxpayers

Washington, D.C.--U.S. Senate Finance Committee Ranking Member Mike Crapo (R-Idaho) and Finance Committee Republicans are asking the Internal Revenue Service (IRS) for information on a recent collaboration with the non-profit group Code for America (CFA), a partnership aimed at helping Americans file for child tax credits. 

In the letter, the members raise several concerns around security and privacy protections, especially in light of the massive leak of private taxpayer information from the IRS to ProPublica, and as Democrats seek to nearly double funding for the IRS. 

From the letter:

“With CFA’s evident increased presence in tax preparation activities and endorsement of CFA by the federal government, it is essential that Congress obtain documentation and knowledge that taxpayer privacy protections are not at risk. 

“In light of an ongoing purported leak of IRS data to ProPublica that include personally identifiable information and have been used for politicized articles, and given that taxpayer information is supposed to be protected by federal statute and enforcement, it is of utmost importance that privacy protections are closely scrutinized.”

Finance Committee Republicans signing the letter:

  • Mike Crapo (R-Idaho, Ranking Member)
  • Chuck Grassley (R-Iowa)
  • John Thune (R-South Dakota)
  • Richard Burr (R-North Carolina)
  • Rob Portman (R-Ohio)
  • Pat Toomey (R-Pennsylvania)
  • Bill Cassidy (R-Louisiana)
  • James Lankford (R-Oklahoma)
  • Todd Young (R-Indiana)
  • John Barrasso (R-Wyoming)

 

Read the letter here or below:

Dear Commissioner Rettig,

On September 1, 2021, the Treasury Department announced a Treasury, White House and Code for America (CFA) “collaboration” on an Internet-based tax tool for individuals who did not file a necessary tax return but seek to receive a child tax credit (CTC).  The release included a link to CFA’s website and sign-up portal where individuals may access CFA software to prepare and submit tax filings necessary to receive the CTC and perhaps other stimulus payments. 

In conjunction with the Treasury’s announcement, the White House changed its CTC website by replacing the IRS’s “Child Tax Credit Update Portal” with hyperlinks to www.getctc.org.  Some view this replacement as a federal government endorsement or preference for CTC eligible individuals to use CFA’s software over the IRS’s software. 

CFA also owns www.getyourrefund.org, an Internet-based portal providing “free” tax filing.  With CFA’s evident increased presence in tax preparation activities and endorsement of CFA by the federal government, it is essential that Congress obtain documentation and knowledge that taxpayer privacy protections are not at risk.  In light of an ongoing purported leak of IRS data to ProPublica that include personally identifiable information and have been used for politicized articles, and given that taxpayer information is supposed to be protected by federal statute and enforcement, it is of utmost importance that privacy protections are closely scrutinized.

Because of the recently established collaboration between the Executive branch and CFA, we are interested in obtaining information about the IRS’s collaboration with CFA, including documentation of adherence to all necessary taxpayer and privacy protections.  Toward that end, please respond to the following questions and requests by January 17, 2021.

  1. Please provide any agreements between the IRS and CFA, including grants.
  2. Has CFA received Volunteer Income Tax Assistance (VITA) or Tax Counseling for the Elderly (TCE) grants?  If so, please provide documentation, including Form 15272, compliance with security procedures, any coordinated corrective actions, and evidence that CFA has fulfilled all grant requirements and necessary documentation to ensure compliance with VITA and TCE’s terms and conditions.
  3. To the extent CFA has received VITA grants, please identify all CFA tasks, projects, and programs for which such grants are used.
  4. Has the IRS provided any information technology, including equipment, to CFA?
  5. Did the IRS perform any due diligence regarding CFA’s business prior to Treasury announcing the federal government’s collaboration?  If yes, please describe the review process and corresponding analysis and conclusions, including analysis of CFA’s privacy policy published on www.getctc.org.
  6. Considering the sensitive nature of return information, and the apparent massive leak of a “vast trove” of taxpayer information to ProPublica, please provide a complete description of CFA’s security protocols used in any context of the IRS’s collaboration with CFA to protect tax return information, including any relevant compliance with Publication 4299 and the six security, privacy and business standards detailed in Publication 1345.
  7. Has CFA reported a security incident, as described in Publication 1345, to the IRS?  If yes, please summarize each incident.
  8. Is CFA authorized by the IRS to be part of the e-File program?
  9. If CFA is an IRS certified e-File provider, please identify and substantiate with documentation, including substantiation of CFA adherence to the requirements in the IRS document “Become an Authorized e-file Provider”.  Also, please identify when CFA applied to become an IRS certified e-File provider and when an approval was granted.
  10. Prior to September 1, 2021, how much time did the IRS spend developing its own CTC Portal? 
  11. Please provide CFA’s past tax year of reports of potential identity theft refund fraud activity and its compliance, including the number of Form 3949-A’s CFA filed with the IRS.  Has CFA missed any reporting deadlines?
  12. Has the IRS received a Form 14242, 14157, 14157-A or 13909 related to CFA?  If yes, please summarize each report, complaint or affidavit.
  13. Is CFA a participating member of the Security Summit or Identity Theft Tax Refund Fraud Information Sharing and Analysis Center?
  14. Identify the number of returns that have been submitted through www.getctc.org and, separately, through the IRS CTC Portal and, for each of the two portal inlets, what percentage of returns were rejected?
  15. To your knowledge, how many refund deposits generated through www.getctc.org were to accounts that were not in the filer’s name, to an account outside of the US or credited to a debit card?

I look forward to receiving the details on collaborations with third-parties regarding the CTC by January 17.  Please, also, arrange for your staff to provide an informational briefing to our staff of the Finance Committee within the next month.

Sincerely,

Previous Article
Next Article