Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Interim Investigative Workstation Project

 

Privacy Impact Assessment - Interim Investigative Workstation Project (IIWP)

IIWP System Overview 

The development of the Internet and growth of electronic commerce are changing business practices and the compliance behavior of taxpayers. Internet enabled technologies afford businesses of all sizes the opportunity to engage in a variety of global activities.  The E-Commerce functions in LMSB, SBSE and TEGE were created in response to this situation. Their mission is the development and coordination of a service-wide e-commerce strategy.  This includes identification of unique audit risks that may be associated with electronic commerce and the development of new audit tools and techniques for examiners.  An important component of their strategy is leveraging the power of the Internet as an information tool.  The use of the Internet in this regard is consistent with the Service’s overall E-Business Vision, and will support IRS’ initiative.

E-commerce related initiatives by LMSB, SBSE and TEGE e-commerce compliance functions and their customers within the operating divisions are undertaken on IRS computer equipment and accomplished in accordance with the Treasury Internet Use Policy and the IRS Policy on Electronic Communications. However, their ability to accomplish their mission is hampered by limitations to their access to the Internet.   Limitations include: 1) Access to web sites has been denied because of filters at the web site that deny access from queries that originate from an irs.gov and treas.gov domain. 2) Access to web sites has been denied based on perception that the site’s content is deemed inappropriate by the Treasury Department firewall protocols.  3)  The need to remove taxpayer data from the employee’s computer prior to connecting to the Internet is time consuming and, accordingly, inefficient.  This includes information archived or memorialized from prior Internet sessions. 4) There is no “test bed” available for testing advanced Internet search software.  New software tools enable users to conduct more efficient and thorough searches, including database searches that would otherwise be missed suing traditional search engines.

PARAGRAPH REDACTED

Alternatively, the workstation can be used to case-build returns with pertinent background data before a case is sent to the field.  This data may include information on all of the taxpayer’s Internet web sites and business activities, financial data, reports filed with regulatory agencies, press releases, speeches, news coverage, legal reporting, industry news, etc., the enterprise-wide Internet solution will provide compliance staff a tool to develop information for specific tax issues.

The 16 Investigative prototype workstations will be used to assist in trend analysis and in identifying groups of taxpayers in high-risk market segments.  Data will be captured on external storage media (CD-ROM, zip drives and Orb drives) in accordance with approved procedures for storage of case related electronic data such that the authenticity of the data will be preserved; no data will be stored on the workstation. The workstations will connect to a dedicated logon domain controller that will be configured with host Intrusion Detection software.  These workstations will be configured with static IP addresses.  The internet traffic will flow though the Enterprise content filtering environment at the Martinsburg Common Communications Gateway.

Commercially available investigative software that increases the scope and accuracy of investigative research will be used. Software will be used to monitor changes to web sites.  (Examination would like to monitor changes to the web sites so that the information could be gathered and later introduced into a court proceeding, i.e., a website promoting an abusive tax scheme.) The web site and all changes would be key evidence in all such cases. Investigative software will be used to track and determine the identity of the owners of web sites and the identity of Internet Service Providers hosting and/or providing access to a web site. The owner of a web site could be an individual or a business or both.  We will need to test new software that provides us the latitude to conduct more efficient searches based on parameters we define rather than using traditional search engines.

All research and capturing of information will be with respect to compliance activities.

System of Records Number(s)

Treasury/IRS 42.001 Examination Administrative Files
Treasury/IRS 42.021 Compliance Programs and Project Files
Treasury/IRS 34037 IRS Audit Trail and Security Records System.

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer: 
No information will be permanently stored on the system.  The system will be used to access and download (to external media) publicly available information via the Internet that may be useful in an ongoing examination of a taxpayer. In most instances, this will involve capturing the registration information and the taxpayer’s web site with respect to Compliance Initiative Projects (CIPs).  Search engines and industry specific lists may be used to gather information about groups of taxpayers that are the subject of the approved CIP. The system will capture web sites exactly as the public views them using software developed for that purpose.  Information will only be captured regarding taxpayers officially under investigation or those associated with an approved CIP.  The system will be used to assist Revenue Agents and legal counsel in capturing web sites in an accurate manner that can be used for presentation in court. 

Establishing the identity of the owner of a domain registered on the Internet is also needed for a wide range of uses in an examination such as following a money trail, sourcing of funds, leads for third party contacts, etc. to make fair and accurate compliance determinations.

B. Employee:  No employee information will be used.

C. Audit Trail Information   Employees will login with a user name and password.  Content filtering reports will be generated for management review.

D. Other:  N/A

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. No data elements obtained from IRS.

B.  The taxpayer’s web sites.
Some web sites will need to be captured as AVI files while being browsed so that both motion and sound of the web experience can be captured. Also, the HTML and relevant linked web sites may be captured in part or in their entirety.  No tax returns, no information received from the taxpayer, no tax administration records such as agent workpapers, dependent records, account transcripts, related returns.

C. Audit trails of employee login and access will be collected.  No employee data (i.e., personnel, payroll, performance evaluations, etc.) No Financial records will be recorded.

D. Other Federal Agencies: May obtain data elements from other federal agencies by way of relevant publicly available web sites and databases these agencies make available on the internet. For FSLG, see A) as these entities are our taxpayers.

E. State and local agencies:  May obtain data elements from other state and local agencies by way of relevant publicly available web sites and databases these agencies make available on the internet.  For FSLG, see A) as these entities are our taxpayers.

F. Other third party sources: Publicly available websites and databases that can be accessed over the Internet without any restrictions as to access or use of the information.

3.  Is each data item required for the business purpose of the system?  Explain.

Strategic Management – the workstation can be used in trend analysis and identification of high-risk market segments. This is an important component of the LMSB, SBSE and TEGE e-commerce compliance mission.

Workload and Case Identification – the enterprise-wide Internet solution can be used to identify high-risk businesses activities and assist in the selection of quality cases by using a top down issue identification approach.  For example information sources can be developed to assist in the identification of corporate tax shelters schemes once certain characteristics have been recognized.  Alternatively, the workstation can be used to case-build returns with pertinent background data before a case is sent to the field.  This data may include information on all of the taxpayer’s Internet web sites and business activities, financial data, reports filed with regulatory agencies, press releases, speeches, news coverage, legal reporting, industry news, etc.  The up-front compilation of this information for a parent corporation and all of its domestic and foreign operations will serve to reduce the number information requests and expedite the audit process.

PARAGRAPH REDACTED

4. How will each data item be verified for accuracy, timeliness, and completeness?

The software utilized will be reviewed for accuracy. Web site information downloaded to storage media will be compared against the viewable site on the Internet.

Searches for information in conjunction with specific approved Compliance Initiative Projects (CIPs) will use software that has been reviewed and tested. The completeness of the searches and the software best suited to gather all relevant information is the primary goal.

The files downloaded will be listed on a separate workpaper, and initialed and dated by the individual performing the download so that they can be authenticated in court should the need arise.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

The user will connect to the internet using advanced internet search software.  The user will store the data on a CD. No data will be stored on the hard drive.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?  No.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

No permanent data will be maintained on the sixteen prototype workstations.  An E-Commerce manager in an IRS office will oversee the use of each workstation.  Only their selected employees will have access. 

Revenue Agents and their managers as well as other individuals that have a direct official interest in the information obtained, such as legal counsel, review staff, and employees involved in the CIP process will have access to the downloaded data.

9. How is access to the data by a user determined and by whom? 

Each of the 16 prototype workstations is assigned to an E-Commerce manager in an IRS office.  These managers have selected a limited number of employees who will use the investigative workstations to capture web sites and internet related CIPs.  Employees will submit an Online 5081 to gain access to the workstation and will logon with a user name and password to use the workstation.  These specialized examiners will receive training in investigatory techniques that have been developed.

As far as documentation is concerned, files downloaded will be listed, initialed, and dated. In the case of web sites downloaded, the process of documenting all files downloaded is necessary as that information may at some point be submitted into evidence in a court proceeding.

The work performed will be documented in the same manner as a Revenue Agent’s workpapers, as required by the IRM so that the date created, examiner, and purpose of the workpaper can be readily ascertained and used as evidence in administrative and judicial proceedings.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.  No.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  N/A

12.  Will other agencies provide, receive, or share data in any form with this system?

The Department of Justice may have access to information obtained from the Internet as part of compliance activities that have been referred to them for civil action, criminal prosecution or injunctive relief.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

N/A No taxpayer information will be saved to the hard drive.  Third party software will be run after each research session to clean up temporary cache files stored on the hard drive.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

The prototype workstation will be used in conjunction with approved CIPs to gather information from the Internet.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

Yes, One purpose is to identify the owners of web site domains and determine the accuracy of that information.  This information is commonly referred to as WHOIS information that is freely available on the Internet.  (WHOIS information is a tool used to look up the registration information for domain names and IP addresses on the Internet.)

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No, the system would be used as an investigative technique and does not treat taxpayers differently.  It will help insure the consistent treatment of taxpayers by shifting investigations to a central source.

The sixteen prototype workstations will provide the highest level of security between the Internet and our Internal LAN by establishing a physical firewall.  The workstations will provide a centralized source for research. Providing a monitored central source for our more complex and detailed Internet investigations will insure that policies to protect taxpayer’s rights are consistently followed. Examiners are currently denied access to cloaked or filtered web sites that they need to perform their jobs. Having a central source to capture the information needed would eliminate this problem.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Information developed through the use of the investigative workstations will provide data that may assist in a determination.  The data will not be the sole reason for a negative action; it would be information to support a determination.  Affected parties will have an opportunity to respond to any proposed determination, including the normal due process and appellate provisions.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

No, it is not web-based.  No, it does not use persistent cookies.
 


Page Last Reviewed or Updated: February 03, 2005