In the eyes of the law

EU Data Protection Agencies have been vigorously enforcing violations of regional and national data protection law in recent years against U.S. tech companies but few changes have been made to their business model of exchanging free services for personal data. With the Cambridge Analytica debacle revealing how insufficient American privacy law is, we now find ourselves questioning whether the General Data Protection Regulation (GDPR) is not the onerous 99 article regulation to be feared, but rather a creation years ahead of its time. This paper will explain how the differences in U.S. and EU privacy and data protection law and ideology have led to a wide divergence in enforcement actions and what U.S. companies will need to do in order legally process the data of their users in the EU. The failure of U.S. tech companies to fulfill the requirements of the GDPR, which has extraterritorial application and becomes applicable on May 25, 2018, could result in massive fines (up to $4 billion using the example of Google). The GDPR will mandate a completely new business model for these U.S. tech companies that have been operating for well over a decade with very loose restrictions under U.S. law. Will the GDPR be the end of Google and Facebook or will it be embraced as the gold standard of how companies ought to operate?

Working Paper, 25 Rich. J. L. & Tech. 1, forthcoming 2018

Read Full Post »

Since a budget squeeze seven years ago, the Internal Revenue Service increasingly has relied on data analytics to meet its growing responsibilities. Drawing on large datasets and social media, the agency touts its advanced analytics program as helping to recover millions of dollars lost to tax fraud and errors. However, the use of this data is a direct violation of our privacy rights, breaching several federal statutes designed to prevent government intrusion — something the IRS fails to acknowledge and disclose. We need to bring our laws up to speed with our technology, in order increase accountability, transparency and oversight — bringing the IRS in line with American values of privacy and due process.

According to information obtained by the American Civil Liberties Union, the IRS has violated the Electronic Communications Privacy Act and legal precedent by obtaining electronic communications without a warrant. This practice, authorized in the IRS audit manual, contradicts the 2010 U.S. v. Warshak ruling, which reaffirmed citizens have a reasonable expectation of privacy in their emails, and the government needs a warrant to obtain them. The IRS agreed in a Senate hearing to cease reviewing emails but said nothing about texts and social media.

Taxpayers are largely oblivious to the ability of institutions such as the IRS to peer into our lives without our knowledge or permission. Two decades after the internet arrived in force on our desktops, and a decade after the arrival of the smartphone, most people are unaware of the IRS’s activities.

People post on social media sites, enter their credit card information online, and routinely answer questions to get to the page they seek without understanding the terms of use and privacy policies that govern such activities.

What rules we do have clearly are intended to protect our privacy. The Privacy Act of 1974, for example, requires government agencies to comply with fair information practices. At a minimum, the law mandates that citizens be informed when the government collects data on them and that they should be given the chance to review and correct the information.

When he introduced the act, U.S. Sen. Sam Ervin said, “The appetite of government and private organizations for information about individuals threatens to usurp the right to privacy, which I have long felt to be among the most basic of our civil liberties as a free people.” At the time, a five-ton supercomputer had 1/1,000^th the computing power of an iPhone. Even then, Ervin worried that computers facilitated a “thousand-fold increase in the ability of the government to store and disseminate information” on individuals.

The IRS’s computer power is now measured in petabytes — quadrillions of bits of information. Its predictive algorithms can audit, track and analyze the internet lives of most every taxpayer. Like so much mislabeled junk mail, this data easily could be flawed. According to my research, published in the Vanderbilt Journal of Entertainment and Technology Law, the algorithms could be extrapolating from false assumptions to discriminate against entire groups of people.

The service rarely discusses this. Its Analytics Department is buried in the IRS web pages. It safeguards its own privacy by claiming that revealing its analytics program and algorithms will help tax cheats game the system or undermine law enforcement. The agency should be transparent about what types of information it collects, and give taxpayers a chance to review and correct errors — federal law states this.

At a minimum, Congress can do a better job of getting up to speed on technology and its power to undermine our democratic values. Laws that were created prior to the internet and social media need to be updated. We need some sort of independent review body that can investigate, monitor and ensure that the IRS’s analytics program not only complies with the letter but also the spirit of privacy law.

We need a tax agency that operates more in the spirit of government by and for the people, not against them. Surely, we can do better.

Published at http://thehill.com/opinion/finance/369792-irs-violating-privacy-laws-must-do-better

Read Full Post »

THE USE OF BIG DATA ANALYTICS BY THE IRS:
EFFICIENT SOLUTION OR THE END OF PRIVACY AS WE KNOW IT

While many express concerns about private industry’s analytics programs which amass browsing and spending information, few seem to be aware of the government’s involvement in big data and predictive analytics. As the government has a lot more control over your rights and obligations, it would seem that this activity should be reviewed and monitored.

In a paper published last year, we examine the privacy issues resulting from the IRS’s big data analytics program as well as the potential violations of federal law. Although historically, the IRS chose tax returns to audit based on internal mathematical mistakes or mismatches with third party reports (such as W-2s), the IRS is now engaging in data mining of public and commercial data pools (including social media) and creating highly detailed profiles of taxpayers upon which to run data analytics. We argue that current IRS practices, mostly unknown to the general public are violating fair information practices. This lack of transparency and accountability not only violates federal law regarding the government’s data collection activities and use of predictive algorithms, but may also result in discrimination. While the potential efficiencies that big data analytics provides may appear to be a panacea for the IRS’s budget woes, unchecked, these activities are a significant threat to privacy. Other concerns regarding the IRS’s entrée into big data are raised including the potential for political targeting, data breaches, and the misuse of such information. This article is intended to bring attention to these privacy concerns and contribute to the academic and policy discussions about the risks presented by the IRS’s data collection, mining and analytics activities.

Houser, Kimberly A. and Sanders, Debra, The Use of Big Data Analytics by the IRS: Efficient Solution or the End of Privacy as We Know it? (March 29, 2017). Vanderbilt Journal of Entertainment & Technology Law, Vol. 19, No. 4, 2017. Available at SSRN: https://ssrn.com/abstract=2943002

Read Full Post »

One of the main issues with federal marijuana policy is that it is completely inconsistent and unpredictable. In my last post I opined that Obama might tackle this issue prior to leaving office. Unfortunately, his failure to act has made the situation worse with our new AG, Jeff Sessions. Sessions has spouted a number of unsubstantiated claims regarding marijuana and has indicated that he could act to repeal the Cole Memo and to influence Congress to halt the extension of the Rohrabacher-Blumenauer (f/k/a Rohrabacher–Farr) amendment which was passed in 2014 and has been renewed annually ever since. This amendment protects medical marijuana patients complying with state law from prosecution by federal authorities. His position is at odds with the 90% of Americans who wish to see, at the very least, medical marijuana legalized. There are many who recognize that the placement of marijuana on Schedule 1 of the Controlled Substances Act (classifying marijuana as a dangerous drug on par with heroin and methamphetamines) is causing more harm than good: significant harm to those serving time for minor drug offenses, for those who wish to research its effects, and certainly making it difficult for patients with a variety of ailments from obtaining it. With respect to businesses engaged in the state-legal sale of marijuana for recreational purposes, it is not widely known that they are unable to deduct their business expenses, unlike most other businesses which are illegal at the federal level. In other words, if you run a prostitution ring or dog-fighting operation, you are permitted to deduct your rent, utilities and employment expenses. If you run a state-legal marijuana shop you must pay federal taxes on your gross income minus only the cost of goods sold due to the language in IRC 280E. This bizarre treatment is discussed in my article Marijuana Business and Sec. 280E: Potential Pitfalls for Clients and Advisers, The Tax Adviser, 46-7, 524-533 (2015) with co-author Jeffrey Gramlich. While state-legal businesses struggle with tax, banking, and the potential for a federal crackdown, states’ rights are being trampled on. In my article What Inconsistent Federal Policy Means for Marijuana Business Owners: Washington’s I-502 and the Federal Controlled Substances Act, GULR (2014/15) 50-3, 305-335, I discuss the myriad of issues that state-legal marijuana businesses face and how the federal regulation of marijuana flies in the face of the intent of our forefather’s stance on state police powers.

Read Full Post »

Yesterday, former Attorney General, Eric Holder, stated on Frontline that it is time to reschedule marijuana. While I would recommend descheduling marijuana, as I mention in several articles that I have written on the topic, this is a really important change from his statements during his tenure as AG. Because Holder may have some influence in the White House, it is possible that this issue could be addressed by the President before the next election.

Read Full Post »