Date: Wed, 20 Jul 94 16:12:20 PDT
From: RISKS Forum <risks@csl.sri.com>
Subject: RISKS DIGEST 16.26

RISKS-LIST: RISKS-FORUM Digest  Wednesday 20 July 1994  Volume 16 : Issue 26

----------------------------------------------------------------------

Date: Wed, 20 Jul 1994 15:36:55 -0700
From: Phil Agre <pagre@ucsd.edu>
Subject: IRS

The 19 August 1994 New York Times carries a long article about hundreds of IRS
(Internal Revenue Service, the American tax collection people) employees being
disciplined for peeking at tax returns that they shouldn't have been.  The
IRS's investigations concluded that the employees' suspicious behavior ranged
from out-and-out fraud to simple curiosity.  The discovered the need for
guidelines about which degrees of wrongdoing merited which punishments.  The
full reference is:

  Robert D. Hershey, Jr., IRS staff is cited in snoopings, New York Times,
  19 July 1994, pages C1, C12.

It's one of those stories that can be invoked as evidence for either of two
contradictory positions: that employees' illicit use of personal files is
a serious problem, or that it's not a real problem since the wrongdoers are
getting caught.  It's clear that private businesses have the same problems
with illicit peeking at personal information.  We might ask whether public
or private organizations have a greater incentive to prevent this kind of
thing.  Since information can be copied readily, it's not like pilfering in
a warehouse, where the organization loses capital in a straightforward sense
and thus has a straightforward interest in preventing it.  An exception would
be information that is leaked to customers who would otherwise purchase the
information from the organization, as opposed to being leaked to people whose
status or purposes would not otherwise permit them to buy the information
through the front door.

Instead, the organization's interest is generally more indirect, having
primarily to do with its reputation and the reputations of its leaders.  In
a society without privacy activists or a free press serving a public that is
aware that its privacy is threatened, I think organizations would have little
incentive to do anything about leaks of personal information.  In the society
we have right now, I would suggest that the IRS has a greater incentive to
prevent leaks of personal information than does a credit bureau or other
private information holder, since it is politically much more practical
for the legislature to make the IRS bureaucrats miserable than to make the
officers of private firms miserable.  Others may disagree, but the important
thing is to understand the mechanisms which create, or *could* create,
organizational interests in genuinely protecting private information.  Fear
of legislation is a good one, but others exist as well.

Phil Agre, UCSD

------------------------------

End of RISKS-FORUM Digest 16.26
************************