Statement of Public.Resource.Org

Why We Asked the I.R.S. to Temporarily Turn the Lights Off on Section 527 Data

Public.Resource.Org has discovered that the Internal Revenue Service has posted the Social Security Numbers of tens of thousands of Americans on government web sites. The database in question contains the filings of Section 527 political organizations such as campaign committees. This Section 527 database is an essential tool used by journalists, watchdog groups, congressional staffers, and citizens. While the public posting of this database serves a vital public purpose (and this database must be restored as quickly as possible), the failure to remove individual Social Security Numbers is an extraordinarily reckless act.

On July 2, Public.Resource.Org discovered this systematic violation of Americans' privacy and notified the U.S. Treasury Inspector General for Tax Administration. We documented our findings in an audit document, copies of which were furnished to I.R.S. officials and senior White House officials. On July 3, the administration removed this database from public view.

Public.Resource.Org uncovered this serious violation of federal law in the course of an unrelated audit which was sparked when, on June 18, the I.R.S. notified Public.Resource.Org that it had sent out an improperly-vetted shipment of data on DVD for the January release of the Form 990-T, the Exempt Organization Business Income Tax Return. Because the I.R.S. had publicly released that data in February, and had not notified recipients of the bulk data subscription of this privacy breach for several months, Public.Resource.Org conducted a systematic examination of the breach and how it was handled and delivered that audit to the Inspector General on July 1, 2013.

The tainted political money database run by the government on the Internet is just one symptom of a deeply broken dissemination strategy the I.R.S. has insisted on pursuing. The I.R.S. deliberately dumbs down the e-filed returns of big nonprofits, many of which are able to hide lavish compensation schemes, excessive fund-raising expenses, and other expenditures that have little to do with public benefit.

The I.R.S. distribution mechanism for these returns—which makes it difficult to obtain, search, and analyze the filings—is, as I.R.S. officials have readily admitted to us in meetings, a way of shielding those organizations from more scrutiny. I.R.S. officials have candidly stated that if there is “too much transparency” that the large nonprofit organizations “will complain to us.” Nonprofits represent 10% of U.S. wages and over $1.5 trillion in economic activity. The I.R.S. nonprofit database is exactly analogous to the S.E.C. EDGAR database of public filings of publicly-traded corporations. In both cases, the purpose of these databases is to make our markets function more effectively.

Public.Resource.Org has been working intensively to make nonprofit tax returns more readily accessible. We undertook our initial effort in 2008 at the request of Aaron Swartz. We renewed our efforts in 2012 at the specific request of the White House, which has furnished us with DVDs and hosted numerous meetings. We are sad to conclude that during the course of our work, the I.R.S. has, in our opinion, misled both Public.Resource.Org and White House officials.

It is with greatly conflicted feelings that we requested the administration make the political organization database go dark temporarily. We understand that this is an essential tool for researchers and even temporary unavailability hurts their efforts. We hope and expect that the administration will act promptly to address the privacy violations and get the database back online. Public.Resource.Org spends almost all of our energy making government information available, and only twice in the past have we had to insist that the government remove information.

The first was the discovery of 500,000 Social Security Numbers in the Congressional Record, a situation which the Government Printing Office dealt with very quickly, although the Department of Defense was much slower to react.

The second instance was when we uncovered large numbers of Social Security Numbers in the opinions of the Courts of Appeals and then later in the U.S. District Court PACER system. Although those audits received thanks from the judges and the United States Judicial Conference, they also resulted in a great deal of resistance by the Administrative Office of the U.S. Courts.

The I.R.S. effort to date has been unprofessional and amateur. The I.R.S. has even gone so far as to assert copyright by the government on the political disclosures database in direct violation of the “works of government” clause of the Copyright Act. The I.R.S. has a policy that even in an emergency, their staff are not allowed to use e-mail to communicate with organizations such as ours, a policy that makes it much harder to respond to incidents quickly. The I.R.S. has recklessly violated the privacy of Americans and deliberately tried to keep scrutiny away from our worst charities.

It is time now for the administration to send a tiger team over to the I.R.S. to help fix their information management practices. The I.R.S. has indulged too often in bad Information Technology and this habit has become ingrained in the culture and procedures of the Service. It is time now for the I.R.S. to admit that it needs help. That is the first step towards recovery.

Carl Malamud, July 7, 2013

[Access the Full Communications Docket]