IRS wants data on users from Internet firms

Computerworld - The Center for Democracy and Technology (CDT) is sounding an early warning on a proposal in the president's 2008 budget that would require Internet businesses like eBay Inc. and Amazon.com Inc. to collect personal data on their customers and share it with the Internal Revenue Service.

The move is part of an effort by the U.S. Treasury Department to track down unreported small business income generated by the sale of personal property on such sites. Under the proposal, online "brokers" would be required to file income statements for all customers who use their sites to conduct 100 or more separate transactions that generate $5,000 or more per year.

Among the information the brokers would be required to collect would be customers' names, addresses and taxpayer identification numbers or Social Security numbers. The proposal would be effective for sales of property on or after Jan 1, 2008.

"While no lawmaker has yet come out in support of it, the measure could easily find its way into a larger legislative package," the CDT, a Washington-based think-tank, warned in a statement on its Web site.

The biggest concern with the proposed legislation is that it could lead to a vast collection of Social Security numbers and other personal data by a lot of different commercial entities on the Web, said Ari Schwartz, deputy director of the CDT. "The IRS is going after smaller businesses that cheat on their taxes," Schwartz said. In the process, though, millions of other Internet users who use such sites to sell personal property could also be affected.

Though the IRS wants income statements only in cases where businesses or individuals generate more than $5,000 from 100 separate transactions, most online sites are likely to collect personal data from everyone who uses their site, Schwartz said. That's because it's the broker that would be held liable under the proposal. They are therefore likely to require tax-related information in advance from everyone who does business on their sites instead of soliciting the information after the threshold has been reached, he said.

A large number of those buying and selling products online are individuals and small businesses unlikely to have taxpayer identification numbers, Schwartz said. In such cases, the brokers would be forced to collect Social Security numbers to comply with the IRS requirements. "Such data retention proposals would force the creation of massive, privately maintained databases of personally identifiable data that government investigators could tap at their leisure," the CDT warned.

It could also prove burdensome and costly for businesses to acquire, maintain and protect the data, Schwartz said. It is only the latest example of continuing proposals by government to force businesses to store large amounts of customer data, Schwartz said. Another example is a proposal that requires Internet service providers to store information about their customers for years as part of an effort to track down and prosecute online predators. Such data retention mandates come at the same time security analysts are advising businesses to reduce the amount of personal data they collect, Schwartz said.