Information exchange dangers
By J. Bradley Jansen
web
posted June 11, 2001
The Internal Revenue Service posted a ruling for comment period that could have serious unintended consequences for the United States. Promulgated in the final days of the Clinton Administration, the IRS proposed a rule on the "Guidance on Reporting of Deposit Interest Paid to Nonresident Aliens." The rule should be withdrawn before it causes negative economic dislocations to the US by triggering massive withdrawals of foreign deposits from U.S. banks and, potentially, contributes to a new source of identity theft and other privacy violations.
Currently, U.S. financial institutions are only required to report the U.S. deposit interest, so called IRS Form 1042-S reporting, only on Canadian nationals. With the Canadians, we have a close working relationship, share a long, peaceful border, and are long-time friends and allies.
To expect the same kind of relationship with less stable countries that do not have a long history of respecting civil rights and civil liberties is a mistake that belies the message of the Statue of Liberty and our identity as a safe haven in the world.
As America's Community Bankers explained in their comment period on the rule, "It is one thing to share such information on the wealth of its citizens with the Canadian government; it is quite another to share that information with countries where the rule of law may be less well established - a group that includes some of our treaty partners. Nonresident aliens from unstable or repressive nations that have tax treaties with the United States could have a well-founded fear regarding IRS information sharing. As a result of IRS sharing of information, their wealth could be expropriated, and they - or their families - could be threatened with criminal prosecution, violence, or kidnapping from their home countries." The rule could impose a severe regulatory burden without identifying any greater, offsetting benefit. The IRS rule would also adversely affect some institutions unfairly at the expense of others.
The risks of information sharing should be obvious: from a privacy and security perspective, the more information is shared, and the more people that have information to that data, the risk-in fact, the likelihood-of the data being abused rises exponentially.
Just recently, an FDIC employee, Theresa A. Hill of Seat Pleasant, MD, was sentenced to five years of probation in connection with an identity fraud scheme. She was also ordered to pay $87,531 in restitution. The scheme's victims included employees of the Federal Deposit Insurance Corporation and the Department of Health and Human Services' (HHS) Office of Inspector General (OIG).
Ms. Hill reportedly conspired with five others to purchase gift certificates, jewelry and electronic equipment among other goods and services in retail stores and order merchandise over the Internet. She and the others reportedly purchased these items on credit by using the names and personal information of unwitting victims. According to the FDIC, Ms. Hill admitted that the conspirators obtained fraudulent identification cards in the victims' names. In furtherance of the conspiracy, Ms. Hill checked the victims' credit status by applying for credit accounts using the victims' names, Social Security numbers and other identifying information.
The FDIC release says that the indictment alleges that the conspirators obtained personal information, including names, birth dates, Social Security numbers and home addresses, about victims who were employed by the FDIC and the HHS OIG. Ms. Hill was employed in the FDIC's finance division, where she allegedly had access to personnel records of FDIC employees.
On another front, the Paris-based Organization for Economic Cooperation and Development is attempting to institute a type of reporting and data exchange requirement on their list of small, developing jurisdictions that have low taxes. This new reporting and data exchange requirement is similar to the IRS rule that many here oppose in this country.
In a related manner, the Financial Action Task Force aims to institute a global Know Your Customer regime that specifically targets the Internet and electronic commerce. The FATF report makes clear that their goal is to effectively deputize accountants, lawyers, notaries and others in the same way that the domestic Bank Secrecy Act regulations effectively deputized bank tellers as law enforcement agents against their customers.
Together, the reporting and data exchange requirements of the OECD and FATF are a blueprint for enabling identity theft and curtailing the benefits of the nascent electronic commerce. The next logical step for the FATF according to their February report would be to deputize Internet Service Providers and others involved in electronic commerce as government snitches. Recognizing the importance of public confidence in financial and electronic commerce must not be lost pursuing policies that are not cost effective - if they work at all.
These proposals for surveillance of bank accounts and information exchange
need further consideration regarding privacy and security issues. What
safeguards would be in place to protect sensitive personal information
from being misused, abused, or compromised from technological security
breaches? The recent sentencing of a former FDIC employee in an identity
fraud scheme illustrates the dangers of identity theft and other potential
problems with government data exchange. The privacy and security of our
personal, private information is only as good as the worst safeguards
of the others with whom it is shared. 
Brad Jansen is the Deputy Director for the Free
Congress Foundation's Center for Center for Technology Policy.
Other related articles: (open in a new window)
- Threat
of "Know Your Customer" still lingers by Lisa S. Dean (May 21, 2001)
It would have been bad enough had the Know Your Customer law passed into law but now an international organization wants to impose the same Big Brother program, says Lisa S. Dean