IRS rightly slams misuse of information

In one of those rare instances in which I applaud an action taken by the Internal Revenue Service, the agency fired an employee for misusing its Integrated Data Retrieval System (IDRS) to seek tax-related information on friends and relatives. The Merit Systems Protection Board (MSPB) and the U.S. Court of Appeals for the Federal Circuit recently upheld the dismissal (John M. Thomas v. Department of the Treasury, 97-3252, Aug. 8, 1997).

John Thomas, a former IRS employee, was fired for using the IDRS for other than official business and engaging in unauthorized access of a taxpayer's account.

Thomas appealed the charge of wrongful use of the IDRS and argued that the penalty imposed on him was too harsh. In my opinion, it was too lenient. I think that Thomas not only should have lost his job but that he also should have been fined or jailed to boot— maybe both. IRS tax records are confidential. No one is supposed to see them except agency employees on official business.

Thomas admitted that he used the IDRS for other than official business, but he tried to find a flaw in the formal charges filed against him by the IRS.

For example, the agency charged that Thomas used a specific IDRS command code to research a taxpayer's account, which he later admitted belonged to his wife's parents. He took this action despite the fact that the first rule guiding IDRS security clearly states that users may not attempt to access, research or change their own accounts or those of a spouse, colleague, friend or relative.

Thomas argued that he did not "research" anyone's "account" by using the command code, which he said provides only Social Security numbers. He said obtaining Social Security numbers is not analogous to "researching an account" within the meaning of the IDRS security rules.

Thomas did not dispute that he attempted to access others' accounts by first accessing their Social Security numbers. Instead, he got cute and argued that the formal charges made by the IRS alleged actual research when he was merely guilty of attempted research.

In an apparent attempt to turn the wording of the agency's charges against the agency, Thomas argued that the IRS failed to meet the burden of showing that he had performed "actual research."

The Court Fires Back

The court could see no merit in Thomas' defense. The court noted that each formal charge against Thomas was for a violation of the first IDRS security rule, which prohibits any attempt to access taxpayer account information, including accessing Social Security numbers, for other than official business.

Clearly, he was trying to wiggle out on a technicality, but the court would have none of it. The judges agreed with a previous decision by the MSPB and concluded that the IRS' charges, although implicitly alleging attempted access of taxpayers' files, did not conflict with the charge of using the IDRS for other than official business.

As for Thomas' firing, the court did not think it was too harsh a penalty, especially because the integrity of the entire IRS was called into question. Thomas not only violated IRS rules, he besmirched the already-tarnished image of the agency and did not help the reputation of federal employees in general. The IRS already suffers from a public relations problem, and an employee who pries into other people's records only adds fuel to the fire. No sympathy for Thomas here.

-- Bureaucratus is a retired federal employee who contributes regularly to Federal Computer Week.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.