Cybersecurity and Tax Reform

59 Pages Posted: 15 Jun 2017

See all articles by Michael Hatfield

Michael Hatfield

University of Washington - School of Law; University of Washington - UW Law

Date Written: May 23, 2017


The IRS collects information on more Americans and handles more money than any other agency. The cybersecurity risks are high. This Article takes seriously both the challenges and the agency's limitations in solving those problems through technological advances. This Article describes the cybersecurity problem as a legal problem for Congress to address rather than merely a digital problem for IRS technicians. By legislation, Congress defines what information is tax relevant, and then the IRS digitally collects, stores, and process the information. Over the years, without any regard for information security, Congress has designed a tax system that requires the IRS to collect more information than it can now protect. But there is ample flexibility for Congress to reform tax law to decrease the information held by the IRS and increase the likelihood the IRS can defend it. This Article explores specific ways in which the tax laws and its administration could be changed to simplify the information needs of the IRS, making its information system both a less appealing and a more defensible cyberattack target. In short, if the tax law were simpler in specific ways, the information technology needs at the IRS would be simpler, and adequate cybersecurity for it would be easier.

Section I describes cyberattacks at the IRS and elsewhere, predicting future cyberattacks at the IRS will be similar to cyberattacks elsewhere. Section II offers a history of computer use at the IRS, arguing that this history, as well as a variety of other factors, like inadequate funding and expertise and the technical and human difficulties of cybersecurity, reveals little reason to believe the IRS will achieve appropriate cybersecurity. Section III argues that Congress should consider how potential tax reforms might make the IRS database a less appealing and a more defensible cyberattack target. This Article concludes with reflections on the relationship between law reform and the digital revolution.

Keywords: Information Technology, Computers, Data Processing, Security, Technology, IRS, Internal Revenue Service, Tax Collection, Taxes, Taxation, Hacking, Tax Reform, Privacy

Suggested Citation

Hatfield, Michael W. and Hatfield, Michael W., Cybersecurity and Tax Reform (May 23, 2017). Indiana Law Journal, Vol. 93, No. 3, Forthcoming, University of Washington School of Law Research Paper No. 2017-15, Available at SSRN:

Michael W. Hatfield (Contact Author)

University of Washington - UW Law ( email )

William H. Gates Hall
Box 353020
Seattle, WA 98195-3020
United States

University of Washington - School of Law ( email )

William H. Gates Hall
Box 353020
Seattle, WA 98105-3020
United States
206-221-1535 (Phone)


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics