I.R.S. C.C.A. AM-2017-004
Internal Revenue Service Memorandum
Number: AM2017-004
Release Date: 8/25/2017
CC:PA:7:JEGerdyZogby DISSP-138861-15
UILC: 6103.00-00
date: July 08, 2016
Division Counsel (Wage & Investment)
Associate Chief Counsel (Procedure & Administration)
subject: Identity Theft - Disclosure Issues under I.R.C. § 6103
Several offices have requested assistance in determining which disclosures are appropriate in the identity theft context. This memorandum consolidates previous legal advice1 with regard to disclosure issues under section 6103 in cases involving identity theft.
Although this memorandum provides a broad overview of identity theft disclosure issues in the context of identity theft, it does not purport to discuss or provide formal legal guidance with respect to all potential identity theft factual scenarios that could exist. The discussion below represents scenarios that have previously been provided and analyzed, but identity theft scenarios are constantly evolving. The legal analysis involved in identity theft disclosure issues can vary significantly based on any number of factual details, such as where the victim’s information appears on a particular filing and the context in which a return was filed with the Service. Thus it is recommended that all novel identity theft disclosure issues be referred to P&A for legal review and advice.
The advice in this memorandum only applies to certain situations in which identity theft is an issue. Applying this advice in non-identity theft contexts could result in an unauthorized disclosure and possible civil and criminal penalties under I.R.C. §§ 7431 and 7213.
1. Is a return filed by an identity thief protected under section 6103?
2. Whose return information is it?
3. Who may receive the disclosure?
4. To what extent may impairment of tax administration be considered in making a disclosure determination?
In recent years identity theft and other refund fraud schemes have proliferated across the country. In response, the Department of Justice created an Identity Theft Task Force ('ITTF'), which is comprised of Federal agencies including the Service, the Postal Service, the Secret Service, and Immigration and Customs Enforcement, as well as state and local law enforcement.
Identity theft can take many forms, but there are some common scenarios that typically confront the Service. The first is refund fraud, in which the perpetrator who has stolen an identity files a tax 'return' early in the filing season using a Form 1040, U.S. Individual Income Tax Return, in the name or with the taxpayer identification number ('TIN'), e.g., Social Security Number ('SSN') or Employer Identification Number ('EIN'), of the victim, who has not yet filed a return for the tax year. For example, the perpetrator will often attach to the Form 1040 one or more false Forms W-2 showing bogus wages and withholding credits that exceed the wages, thereby providing the basis for the purported refund. The Form will also instruct that the refund be directly deposited into a bank account under the perpetrator's control. When the identity theft victim later files a legitimate return for the tax year, the Service will likely flag it because of the significant discrepancies with the prior filed return and, pending resolution, freeze any refund claimed on the second return. Eventually, through investigation, the identity theft and the fraud will become apparent. A variation of this scenario involves filing return forms in the name of a business to claim a fraudulent refund. In other situations, an identity thief uses another taxpayer's information to claim that taxpayer as a dependent in order to create additional deductions.
In another common scenario, an undocumented worker, who does not have the legal status to work in the United States, uses the victim's stolen SSN to appear work-eligible. The undocumented worker provides the SSN to the worker's employer, and the employer in turn files a Form W-2 reporting the worker's wages and tax withholding under the SSN provided. The undocumented worker then files a return, along with Form W-2, that, between the two forms, reflect the identity theft victim's SSN and name along with the actual wages and tax withheld of the undocumented worker. In processing the return, the Service may attribute the wages to the identity theft victim and determine additional tax due. Another variation on this scenario would involve the undocumented worker utilizing the victim's SSN on the Form W-2, but would vary in that the return would contain the Individual Taxpayer Identification Number ('ITIN'), along with the actual wages and tax withheld, of the undocumented worker, and the only information of the victim would be the SSN on the Form W-2 submitted with the return. In this variation, there are no tax consequences to the victim as the wages are not attributed to the victim, but, nonetheless, the victim's account is marked with an indicator of employment-related identity theft.
When the Service confronts identity theft and refund fraud, complex disclosure questions often arise. The determination of whether to release certain information depends on numerous factors, including what kind of return information is involved, whose return information it is, and who would receive the information in a disclosure.
Section 6103(a) provides that “returns” and “return information” are confidential and shall not be disclosed except as authorized in section 6103 or elsewhere in Title 26. Section 6103(b)(1) defines “return” to mean any tax or information return, declaration of estimated tax, or claim for refund required by, or provided for that is filed with the Secretary, on behalf of, or with respect to any person, and any amendment and supplement thereto, including supporting schedules and attachments to the return. The term “return information” is broad and includes any information “received by, recorded by, prepared by, furnished to, or collected by” the Service with regard to a taxpayer’s liability under the Code. See I.R.C. § 6103(b)(2)(A); McQueen v. United States, 264 F.Supp.2d 502, 516 (S.D. Tex. 2003), aff’d, 100 F. App’x 964 (5th Cir. 2004); LaRouche v. Dep’t of Treasury, 112 F.Supp.2d 48, 54 (D.D.D. 2000); Hull v. IRS, 656 F.3d 1174, 1195-96 (10th Cir. 2011).
There is a subset of return information known as “taxpayer return information” that is subject to additional restrictions. Taxpayer return information is “return information . . . which is filed with, or furnished to,” the Service “by or on behalf of the taxpayer to whom such return information relates.” I.R.C. § 6103(b)(3). In other words, taxpayer return information is return information provided by the taxpayer himself. Taxpayer return information enjoys special protections and is particularly relevant when determining whether information may be disclosed to other Federal agencies for nontax crimes, as discussed later in this memorandum.
Taxpayers generally may access their own return information under section 6103(e). See Linsteadt v. IRS, 729 F.2d 998, 1000 (5th Cir. 1984). For example, an individual has a right to view his or her own return under section 6103(e)(1)(A)(i), and section 6103(e)(1)(C) generally2 allows any member of a partnership during the period covered by the return to receive disclosure of the return information of that partnership.3 The Service must withhold return information if disclosing such information would “seriously impair Federal tax administration.” I.R.C. § 6103(e)(7).
Although taxpayers generally may access their own return information, access to the return information of others is strictly limited. The Service may disclose the return or return information for a particular taxpayer to anyone whom the taxpayer may
designate. I.R.C. § 6103(c). In other words, a taxpayer may consent to the release of that taxpayer's own return information to a third party.
The Service may disclose certain information under section 6103(k)(6) when the Service is attempting to gather information that is otherwise not reasonably available in connection with a tax investigation. Treas. Reg. § 301.6103(k)(6)-1(a)(1) allows a Service employee to disclose return information to the extent the disclosure is necessary to obtain information related to official duties. Additional exceptions may also allow for disclosure, e.g., disclosure to state tax officials, state and local law enforcement agencies, and disclosure to certain Federal officers and employees for purposes of tax administration. I.R.C. § 6103(d) and (h).
To determine to whom an item of return information 'belongs,' a critical issue is the identity of the person or entity with respect to whose liability the information was generated or received by the Service. Martin v. IRS, 857 F.2d 722, 724 (10th Cir. 1988). The determining factor is whether the information relates to the Service's investigation or determination of another taxpayer's liability. Id. at 724. In certain circumstances, material can constitute the return information of more than one taxpayer. Solargistic Corp. v. United States, 921 F.2d 729, 731 (7th Cir. 1991). If a taxpayer requests access to a record with return information of more than one taxpayer, the Service must not release any return information that does not 'belong' to that taxpayer unless an exception to section 6103 protection applies.
In the context of identity theft, various factors must be considered before determining whether returns and return information may be disclosed.
To determine whether something filed with the Service by an identity thief is protected from disclosure, the Service must first determine if the record is covered under section 6103. Since most documents filed with the Service by identity thieves are on return forms, the Service must determine if the document filed by an identity thief is a return under section 6103.
If a Form 1040 or other return form is not a valid return, the document itself does not qualify for disclosure protections under section 6103. See 'Identity Theft Returns and Disclosures Under Section 6103,' June 8, 2008, PMTA 2009-024, available at http://www.irs.gov/pub/lanoa/pmta2009-024.pdf; Zellerbach Paper Co. v. Helvering, 293 U.S. 172, 180 (1934). An invalid return is not 'required by, or provided for or permitted under' the Code, as described in section 6103(b)(1), so if a document is not a valid return, it may not be afforded disclosure protection under section 6103.
Requirements for a valid return include that the return be filed as part of an honest and reasonable attempt to comply with the tax laws and that the return be signed by the purported taxpayer under the penalties of perjury. See Beard v. Commissioner, 82 T.C. 766, 777(1984) (listing the requirements for a filing to be a valid tax return). A return form that is filed by an identity thief using a victim's name and TIN and attempts to intercept the victim's refund is generally not a valid return and therefore is not afforded protection under section 6103(b)(1).
The method through which the identity thief obtains stolen information likely will not make a difference in whether the document is a valid return. For example, if an identity thief steals the EIN of a company to file a fraudulent return and take the company's refund, the return is invalid. If, instead, the identity thief steals an SSN and then applies for an EIN under that stolen name, the return form filed using that fake EIN is still invalid because it was not filed as part of an honest and reasonable attempt to comply with the tax laws and is not signed by the person in whose name the purported return is filed. The form of the fraud, at least in this case, does not matter for the determination of whether the return is valid.4
Note that this rule does not apply in the case of an undocumented worker who uses a stolen SSN, but otherwise reports actual wages. This would be a valid return because, under the circumstances, it represents a reasonable effort to comply with the tax laws.
To illustrate this rule, there is a legal difference between a Form 1040 filed by an identity thief and a Form W-2 filed by an employer using a stolen SSN. The employer is filing the W-2 in order to comply with employment tax responsibilities, and although there are penalties for filing information returns with missing or incorrect information under section 6721, this Form W-2 is not a sham return like a fictitious refund return. The form reflects a real employment relationship with associated wage payments and tax withholding and is filed as a good-faith information return. Unlike a Form 1040 from an identity thief reporting a phony set of facts, the Form W-2 in this scenario is not a fiction, and though potentially subject to a penalty, the Form W-2 would still constitute a valid return. As a result it is a return as defined in section 6103 as well.
Although the return of an identity thief seeking a fraudulent refund is a nullity, the return may be legally protected 'return information' under the broad definition of return information in section 6103(b)(2)(A). The document is return information because it is 'received by, recorded by, prepared by, furnished to, or collected by' the Service as part of a determination of liability, or potential liability under the Code. I.R.C. § 6103(b)(2)(A).
Assuming there is some potential liability to be determined under the Code, the document does qualify as return information, and it can only be disclosed as authorized by the Code. I.R.C. § 6103(a). By knowingly filing a false return, the identity thief subjects himself to possible other liabilities (e.g., under section 7207), and any information furnished to and received by the Service with respect to the “determination of the existence, or possible existence of liability of [the identity thief] for an offense under the Code” is return information. See, e.g., O’Connor v. IRS, 698 F. Supp. 204, 206 (D. Nev. 1988), aff’d without op., 935 F.2d 275 (9th Cir. 1991) (a threat against a Service employee is a violation of section 7212 and information collected with respect to that offense is return information). Thus, any information collected by the Service with regard to the identity thief’s potential liability would be the return information of the identity thief.
In the enactment of, and subsequent amendments to section 6103, Congress did not expressly provide for the situation in which one individual files a fraudulent return using the name or TIN of another taxpayer. As noted above, in determining to whom a particular item of return information belongs, the Service considers the identity of the person or entity with respect to whose liability the information was generated or received by the Service. Martin, supra at 724.
In certain circumstances, a particular item may be return information of more than one taxpayer. Solargistic, supra. Return information related to identity theft is often the return information of both the victim and the thief. To determine whether section 6103 allows for disclosure of returns or return information, the Service must determine the “owner” of the return or return information.
1. A fraudulent refund return is the return information of the victim and the thief from the moment it is filed with the Service.
When a fraudulent refund return is first filed with the Service, the Service will assume it is the return information of the victim, since the victim’s identifying information is on the return. Information such as the date the return was filed, the document locator number assigned to it, the liability and payment amounts reported on the return, and the steps taken to process the return (including any refund) will all be posted to the victim’s account for that taxable year. All this information was collected by the Service with respect to the possible tax liability of the victim, making that information the victim’s return information. Section 6103 does not incorporate any temporal limit on the designation or identification of returns and return information of being that of a particular taxpayer, so the return would remain the return information of the victim.5
At the same time, as discussed above, the identity thief, by knowingly filing a false return, subjects himself to other possible liabilities, so the return is the thief's return information as well. See, e.g., O'Connor, supra. As a result, the return filed in an identity theft scenario is often the return information of both the victim and the thief. Even though the Service may not be aware that the return or return information belongs to the thief until the identity theft is discovered, it is still the return information of the identity thief from the moment it is filed with the Service.
2. If a victim is listed as a dependent on a fraudulent return, the return is not the return information of the victim.
In one variation of the identity theft scenarios, the identity thief claims the victim as a dependent for fraudulent refund purposes. Being claimed as a dependent could affect the determination of the victim's liability, specifically with regard to what deductions the victim could take (e.g., I.R.C. § 63(c)(5) (limiting the standard deduction for dependents); I.R.C. § 151(b) (limiting the personal exemption for dependents). The document, however, would not be the return information of the victim listed as a dependent on the fraudulent return because being listed as a dependent on a tax return does not, in and of itself, subject the dependent to any liability under the Code.
It should be noted, however, that the Service could examine a victim's return because the Service noticed that the victim was taking certain deductions. If the Service is determining the allowance or denial of deductions based on the conflicting information contained in the return filed by the identity thief, it is possible that the identity thief's return information could become germane to the determination of the victim's liability. In that case, the portion of the return that would be relevant to the victim's liability could be disclosed under section 6103(h)(4), which allows disclosures related to judicial or tax administration proceedings. The Service should redact any information that the victim is not entitled to or that might seriously harm tax administration, as discussed below, before disclosing that information to the victim.⁶
3. For returns filed by an employer, the return information is generally the employer's, the employee's, and the victim's.
The type of return may also be relevant to determining the "owner" of the return information. For example, when an employer files a Form W-2 with the Service, the information contained in that return is return information both of the employer and the employee. As a result, in the case of an undocumented worker using someone else's SSN, the return information belongs to the employee/undocumented worker, to the employer, and to the victim, based on the analysis above.
the victim's name or TIN would nevertheless constitute the victim's return information just as if it were processed.
⁶ See the discussion below, under "Other Considerations," for information on how a victim can request a copy of a fraudulent return even if he or she is not involved in a judicial or tax administration proceeding.
4. A return filed using a fraudulent EIN, which was obtained using a stolen SSN, is not the return information of the victim.
If an identity thief steals an EIN and files a fraudulent return for a business, that return is the return information of both the identity thief and the business victim. If, however, the identity thief steals an SSN, applies for an EIN using that SSN, and then files a fraudulent return for the EIN, then the return is not the return information of the individual victim because the fraudulent return is not related to the liability of the individual. Simply being listed on the application for an EIN does not in and of itself create a tax liability. As a result, that information may only be disclosed to the victim if otherwise authorized under Title 26.
The Service must determine to whom any return information would be disclosed before releasing that information because the exceptions to section 6103 are often based on who is receiving the disclosure. For example, the Service may disclose to a taxpayer his or her own returns or return information, but the Service is limited in who else may receive disclosures.
1. The Service may disclose a taxpayer's return information to the taxpayer, but an identity thief is not necessarily a taxpayer.
Section 6103(e)(1)(A)(i) and (7) authorize the Service to release returns and return information of any taxpayer to the taxpayer himself. As a result, if information related to an identity theft return is the victim's return information, the Service may disclose that information to the victim. Additionally, an undocumented worker's return or return information may be disclosed to the worker.
There is an argument, however, that a refund fraud identity thief must demonstrate that he is a taxpayer before the Service can disclose return information to him as the taxpayer under section 6103(e)(7). Section 7701(a)(14) defines the term 'taxpayer' as 'any person subject to any internal revenue tax.' An identity thief generally has not filed the fraudulent return because he is subject to some internal revenue tax. Unless the identity thief can demonstrate that he is subject to an internal revenue tax, the identity thief is not entitled to his return information.7
2. A taxpayer can consent to the disclosure of his own return information.
Although a taxpayer may generally have access to his own return information, access to another taxpayer's return information is limited. Section 6103(c) allows for a
taxpayer to consent to the disclosure of returns or return information. A victim of identity theft may wish to have a copy of a fraudulent return sent to state or local authorities or another designee, and if the victim consents to the release of his return information, the Service may disclose that information to the victim's designee.8 Once again, the refund fraud identity thief must demonstrate that he is a taxpayer before he may take advantage of section 6103(c).
3. The Service is not authorized to disclose the identity thief's separate and distinct return information to an identity thief victim.
The Code provides no authority for disclosure of an identity thief's separate and distinct return information to an identity theft victim. The victim is not even entitled to disclosure of the identity thief's identity. Cf. Hodge v. IRS, 2003 WL 22327940 (D.D.C. 2003) (the name and address of a person who used plaintiff's social security number on her tax return was third party return information that could not be disclosed to the plaintiff). However, where the information is the return information of both the victim and the thief, the Service may legally disclose the information to the victim. The Service, however, may conclude as a matter of policy that disclosure of return information of the thief to the victim will impair tax administration and accordingly refuse to make such disclosures. See I.R.C. § 6103(e)(7).
It should be noted, however, that the Service now allows victims to obtain redacted versions of identity thieves' returns. The method for obtaining such a return is discussed below.
4. The Service is authorized to disclose return information to other employees of the Department of the Treasury.
Since more than one Service operating division may be working on either the victim's or the identity thief's case, employees may need to share return information in the performance of tax administration duties. See I.R.C. § 6103(h)(1). Internal sharing of documents does not, however, mean that the shared information becomes return information of another taxpayer. If information from one case is copied and placed in other case files, it should clearly be labeled as third-party return information.
5. The Service is authorized to disclose return information in a Federal or State judicial or administrative tax proceeding.
Section 6103(h)(4) allows the disclosure of a taxpayer's return information to a third party if the disclosure meets one of four tests.9 For example, in the case of a
victim who was claimed as a dependent on a fraudulent refund return, the victim's own liability may be at issue in an examination. Section 6103(h)(4) would authorize disclosing the relevant portion of the fraudulent refund return in order to resolve the examination of the victim's liability. The fraudulent refund return is not the victim's return information, but the Service can disclose it to the victim.
Section 6103(e)(2) provides that if an individual is legally incompetent, the individual's return or return information may be disclosed to the 'committee, trustee, or guardian of his estate.' In this regard, a minor is legally incompetent and this provision allows parents to access the return or return information of a minor if, under state law, the parent is the legal guardian of the minor's estate. See IRM 11.3.2.4.10; IRS Publication 4639, Disclosure & Privacy Law Reference Guide at 2-14 (rev. 10-2012). As a result, the parent may only request the minor's return information if that parent is the legal guardian under state law.
Once it is clear that a parent may request the return information of the minor, the Service must then analyze what portions, if any, of the identity theft return would be considered the return information of the minor. For example, if the minor were listed as a dependent on a fraudulent return, that information would not generally be the minor's return information. If, however, the minor were listed as the primary or secondary taxpayer on the return, then that return would be the return information of the minor because it was collected by the Service as part of a determination of the minor child's liability under the Code. It might also be the return information of the parent since, under section 6201(c), an unpaid assessment against a minor is also considered to be an unpaid assessment against the parent, to the extent the assessment is based on compensation for the minor's services.
There are offenses related to identity theft that are not related to tax administration. Section 6103(h) does not provide the ability to disclose return information to other Federal agencies for nontax crimes.
Section 6103(i)(3)(A), however, does provide limited authority for the Service to make proactive disclosures of return information, other than taxpayer return information,
treatment of an item on the third party's return is directly related to the resolution of an issue in the tax proceeding; (3) if the third party's return or return information directly relates to a transactional relationship between the third party and the taxpayer whose liability is at issue and the third party's return or return information directly affects the resolution of an issue in the tax proceeding; and (4) if certain requirements are met in certain criminal proceedings. For additional information regarding disclosures under section 6103(h)(4), please see the Disclosure and Privacy Law Reference Guide, infra.
that may constitute evidence of the commission of a Federal nontax crime “to the extent necessary to apprise the head of the appropriate Federal agency charged with the responsibility of enforcing such law.” I.R.C. § 6103(i)(3)(A)(i) (emphasis added). Because the statutory text uses the word “apprise,” the scope of return information disclosed under section 6103(i)(3)(A) should be limited so as to only alert the Federal nontax criminal law enforcement agency about the possible existence of a nontax crime.
Such disclosures are authorized regardless of whether the Service has concurrent jurisdiction over the crime. While the statute does not require that the return information be conclusive, the return information should sufficiently identify the specific criminal act to which it relates.
The Service may not, however, disclose “taxpayer return information” to other Federal agencies for nontax crimes. Taxpayer return information is return information that is “filed with, or furnished to, the Secretary by or on behalf of the taxpayer to whom such return information relates.” I.R.C. § 6103(b)(3). A Form W-2 is entirely taxpayer return information. The employer files it for his own liabilities, so it is his taxpayer return information. The employer files it on behalf of the employee for the employee’s liability, even if that employee is an undocumented worker. The employer also files it on behalf of the victim, and it will likely have an effect on the victim’s liability. As a result, a Form W-2 (or similar document) is almost always taxpayer return information.
Note, however, that if the Federal nontax criminal law enforcement agency decides to investigate the matter, it can seek the disclosure of returns and any additional return information (including any taxpayer return information) pursuant to sections 6103(i)(1) and (2).10
Generally speaking, there is no authority under the Code to disclose information to state and local law enforcement for nontax administration purposes. Cf. I.R.C. § 6103(d). State and local law enforcement personnel, however, may be considered Federal employees for the purposes of section 6103 so long as they are formally appointed as Federal employees (rather than merely detailed), they are assisting in a Federal investigation, and are supervised by a Federal employee.
It should be remembered that a taxpayer may always consent to the disclosure of his or her own return information under section 6103(c). In the case of a victim of
identity theft, the taxpayer could consent to the disclosure of his or her own tax return information to state and local law enforcement. The Service, however, would need to ensure that such a disclosure would not seriously impair Federal tax administration, as discussed below. Additionally, a copy of any consent should be retained for at least a three-year period.
The Service may disclose enough information necessary to determine whether a return is legitimate under section 6103(k)(6). The Service must reasonably believe that the information is not otherwise available or doing so must be necessary to carry out the employee's official duties. Treas. Reg. § 301.6103(k)(6)-1(a)(2). In the identity theft context, when an employer files a document, such as a W-2, that includes a stolen SSN, the Service may contact the employer to inform the employer that the SSN does not match. The Service must be cautious, however, in what exactly is revealed to the employer. The Service may inform the employer that the name and SSN do not match, but the Service may not inform the employer of the identity of the true owner of the SSN.
Additionally, if the Service determines a mismatch between the name and other contact information on a return and the SSN on, for example, a Form W-2, then the Service may contact the employee to investigate the discrepancy. The Service should take care, however, not to disclose information related to the victim, including the victim's identity, to the employee.
Before disclosing any additional information, the Service should also consider the following issues.
The Service must withhold information that would seriously impair tax administration, even if it would otherwise be eligible for disclosure under section 6103, including certain third-party return information. See I.R.C. § 6103(c), (e)(7). Once a potential identity theft has occurred, the Service should consider whether to withhold information, either through redaction or other means, regarding third-party identity theft victims and other third parties if disclosing that information would seriously impair Federal tax administration. It is a business decision what information might need to be withheld based on the damage that might be done to tax administration if such information were disclosed. In determining whether to redact certain third-party information, the Service should consider Hodge, in which the court found that the name and address of a person who used plaintiff's SSN was third-party return information that could not be disclosed to the plaintiff. Hodge, supra.
The Service has determined that a victim of identity theft may request a copy of a return that was filed using his or her own information, though it may be heavily redacted. Redactions will include many of the issues discussed in this memorandum. For example, in some cases, a fraudulent return may list multiple victims' information, and the Service should redact the other victims' return information before disclosing any of the victim's return information. For additional information, the victim should visit https://www.irs.gov/Individuals/Instructions-for-Requesting-Copy-of-Fraudulent-Returns.
Please call Joy Gerdy Zogby at (202)317-4927 if you have any further questions.