Van Hollen, Wyden, Cortez Masto, Warren, Padilla Seek Watchdog Investigation of Potential Trump Admin. Violations of Taxpayer Privacy Laws

Today, U.S. Senator Chirs Van Hollen (D-Md.) joined Senate Finance Committee Ranking Member Ron Wyden, (D-Ore.), Senator Catherine Cortez Masto (D-Nev.), Senator Elizabeth Warren (D-Mass.), and Senator Alex Padilla (D-Calif.), and 13 of their Senate colleagues in writting to the acting Treasury Inspector General for Tax Administration seeking an investigation into several reports that the Trump administration is potentially violating strict taxpayer privacy laws by providing highly-sensitive and legally-protected taxpayer data to the Department of Homeland Security and personnel affiliated with Elon Musk in various federal agencies. The senators' request comes after Treasury Secretary Bessent signed a memorandum of understanding with the Department of Homeland Security to provide an unprecedented level of access to taxpayer data for open-ended investigations, and several high-ranking IRS officials, including the acting commissioner and chief privacy officer, announced their imminent departures from the agency.

"Taxpayer data held by the IRS is, by design, subject to some of the strongest privacy protections under federal law, the violation of which can trigger civil and criminal sanctions, including up to five years in prison. Congress passed these protections in the 1970s after President Nixon weaponized the IRS against his political enemies. These legal protections for taxpayer data apply to all taxpayers and are an essential foundation for our tax system, which requires the voluntary submission of information to the government. Voluntary tax compliance depends on taxpayers having faith that their confidential information will not be used for anything other than tax administration," the Senators wrote.

"Immediately following Bessent's execution of the [agreement with DHS], several IRS leaders announced their resignations, including Acting IRS Commissioner Melanie Krause and Chief Privacy Officer Kathleen Walters, raising further questions about whether they resigned to avoid being a party to a criminal conspiracy to violate tax privacy law," they continued.

Additionally they noted, "The risks created by these activities cannot be overstated… [IRS] data can be inaccurate because of identity theft, keypunch errors, obsolete address information, and a wide range of other reasons. If DHS relies on the same data to deport millions of people without validating its accuracy, it is likely to end up making grave errors that impact American citizens and immigrants with valid legal status."

Also signing the letter were Senators Dick Durbin (D-Ill.), Bernie Sanders (I-Vt.), Sheldon Whitehouse (D-R.I.), Jeff Merkley (D-Ore.), Richard Blumenthal (D-Conn.), Brian Schatz (D-Hawaii,) Martin Heinrich (D-N.M.), Edward J. Markey (D-Mass.), Cory Booker (D-N.J.), Tammy Duckworth (D-Ill.), Ben Ray Luján (D-N.M.), Peter Welch (D-Vt.), and Andy Kim (D-N.J.).

The full text of the letter is available here and below:

Dear Acting Inspector General Hill:

We write to request an investigation into alarming reports about improper access to tax return information at the Internal Revenue Service (IRS) by the Immigration and Customs Enforcement (ICE) division of the Department of Homeland Security (DHS), Elon Musk's associates at the "Department of Government Efficiency" (DOGE), the Office of Personnel Management (OPM), and others, potentially violating the privacy of every taxpayer. As you know, violations of the tax privacy rules are punishable by civil and criminal penalties, including up to five years in prison.

Following the abrupt departure of the Acting Chief Counsel and Acting IRS Commissioner on April 7, 2025, Treasury Secretary Bessent signed a memorandum of understanding that gives ICE unprecedented access to return information in an apparent attempt to weaponize the tax system against up to seven million people suspected of being undocumented immigrants. The MOU cites Internal Revenue Code section 6103(i)(2), which permits certain limited disclosures for active criminal investigations individually approved by high level officials, but there were only 30,538 disclosures for all such investigations in the U.S. in 2023 and 14,640 in 2022, raising questions about whether it would be possible for ICE to have a valid reason for obtaining information on up to seven million people.

Immediately following Bessent's execution of the MOU, several IRS leaders announced their resignations, including Acting IRS Commissioner Melanie Krause and Chief Privacy Officer Kathleen Walters, raising further questions about whether they resigned to avoid being a party to a criminal conspiracy to violate tax privacy law.

DOGE has also sought access to the IRS's most sensitive systems to create a "mega-API," that insiders have said is an "open door controlled by Musk for all American's [sic] most sensitive information with none of the rules that normally secure that data." This proposed "hackathon" by Musk and third parties could result in the exporting of taxpayer data to private entities and compromise the privacy of millions of Americans. DOGE has also requested an "omnibus" agreement with federal agencies that would allow a broad swath of federal officials to cross-reference benefits rolls with taxpayer data.

Finally, Treasury and IRS are requiring IRS employees, including employees in service centers who do not have a government-issued computer, to send emails listing five things they did each week to an external email address at OPM without any pre-screening to ensure no return information is included. Agencies are permitted to opt out of this requirement, but the IRS has not.

The risks created by these activities cannot be overstated. The data in IRS systems cannot necessarily be relied upon for non-tax purposes. The IRS suspends the processing of millions of returns each year and flags millions of others for follow-up because the information in its files does not match what is on the taxpayer's return. The data can be inaccurate because of identity theft, keypunch errors, obsolete address information, and a wide range of other reasons. If DHS relies on the same data to deport millions of people without validating its accuracy, it is likely to end up making grave errors that impact American citizens and immigrants with valid legal status.

Moreover, taxpayer data held by the IRS is, by design, subject to some of the strongest privacy protections under federal law, the violation of which can trigger civil and criminal sanctions, including up to five years in prison. Congress passed these protections in the 1970s after President Nixon weaponized the IRS against his political enemies. These legal protections for taxpayer data apply to all taxpayers and are an essential foundation for our tax system, which requires the voluntary submission of information to the government. Voluntary tax compliance depends on taxpayers having faith that their confidential information will not be used for anything other than tax administration. Otherwise, those who value their privacy are less likely to file and pay what they owe.

There are already projections that taxpayers are paying $500 billion less in taxes this year, which could be explained, in part, by a lack of confidence that their tax return information will be kept confidential. Experts estimate that this MOU could reduce revenue by $25 billion in 2026 and $313 billion over a ten-year period. If that trend continues, it will undermine the finances of Medicare and Social Security, which the Trump Administration is already dismantling and Elon Musk has said is a Ponzi scheme.

While there are procedures by which agencies can gain access to return information, they generally require a determination that the information is required in a specific case for a lawful purpose. IRS employees may not access such information without proper training, and the information cannot be transmitted to another party without proper safeguards. The administration has thus far failed to timely respond to a congressional request on March 14, 2025, for information about the legal basis for the spate of recent requests for access to return data.

1. Concerning DHS's request for return information about ITIN holders, please provide:
2. 1. A complete unredacted copy of the MOU and any related agreements (including the separate implementation agreement referenced in the redacted MOU);
   2. Any documented concerns raised by any senior IRS officials;
   3. Any statements received describing the intended use of the information;
   4. Any parties, officers, or agencies to whom the requester intended to redisclose any or all of the information; and
   5. The legal basis for authorizing disclosures under this MOU; and
   6. The extent to which such disclosures would be unprecedented.
3. Please provide any other requests for access to taxpayer or other sensitive information the IRS received from any agency in the executive branch (including DHS, SSA, DOGE, and the Office of Personnel Management) during this administration for return or other sensitive information or access to IRS systems containing such information, which was not subject to judicial review or routinely granted during the last administration.
4. Please also provide any requests for taxpayer or other protected information received from the President or the Executive Office of the President (EOP) during this administration, including the Office of Management and Budget, DOGE, and Elon Musk.
5. In each instance described in #2 or #3, please explain how the requestor proposed to use the information requested, the IRS's response to the request, and the legal basis for the IRS's response.
6. Every month until the end of this administration, please provide a copy of any new request that would fall into any of these categories and the IRS's response.
7. Please also provide a list of all non-IRS employee(s) currently detailed to, or working with, the IRS as part of DOGE or its affiliates and provide a copy of the Memorandum of Understanding(s) allowing them to do so.
8. Every month until the end of this administration, provide an update on any modifications to any of the agreements referenced above to share return information.
9. Please provide an analysis of the risk that the "5-things" emails IRS employees are required to send to OPM contain information protected by section 6103 or protected by other provisions (e.g., the Privacy Act).
10. Please provide an estimate of the number of 6103 or other statutory violations the management of the IRS and Treasury are allowing to occur by requiring 5-things emails to OPM.
11. Please provide information about the nature and scope of the "mega API" and "hackathon" activity, which was reported in the press, including what sensitive data the vendor has access to, how the contract for services was negotiated, and whether there were any violations of federal contracting regulations.
12. Please provide an estimate of the percentage of individuals who have been given access to return or other sensitive information for the first time during this administration without first completing all of the training that IRS employees are required to take before having such access. Please provide a list of their titles.
13. To the extent new individuals or agencies have been granted access to return or other sensitive information during this administration, please estimate the percentage who did not properly secure and safeguard such information as required. Please provide a list of any agencies and the titles of any individuals.
14. To the extent that improper access or disclosures of return or other sensitive information have occurred during this administration, please describe the circumstances of the disclosure, provide an estimate of the number of taxpayers affected, and whether they have been notified that their information has been improperly accessed or disclosed.

Please provide us with this information as soon as it is available, provide us with a briefing by May 8, 2025, and complete this work by September 30, 2025.