Gif by BenJammins on Giphy
The IRS may have just broken the law 42,695 times.
I’ve been breaking news on ICE’s attempts to get confidential taxpayer information from the IRS for a year now, and there are two important developments in that case.
First, an appeals court knocked down one of the cases moving forward against the IRS, holding that the agreement between the tax agency and immigration enforcement was not unlawful.
But there’s a catch.
“We do not opine today on the legality of any actions taken by IRS or DHS after they finalized the [memorandum of understanding],” Senior Circuit Judge Harry T. Edwards wrote for the court. “The only issue that we decide is whether, on the sparse record before us, Appellants have met their heavy burden to make a clear showing that they are entitled to the preliminary injunctive relief sought.”
In other words: The agreement itself between the IRS and DHS may be legal, but the implementation may not be.
Now the second item: In a separate case, District Court Judge Colleen Kotellar-Kelly blocked the Trump administration from sending confidential taxpayer information to immigration enforcement officials.
And after I and my WaPo colleagues scooped that the IRS had improperly disclosed tax data for thousands of the “wrong” people, IRS officials were forced to cop to that error in court.
That was a significant disclosure, Kotellar-Kelly wrote in a new opinion Thursday. She wrote:
“The IRS not only failed to ensure that ICE’s request for confidential taxpayer address information met the statutory requirements, but this failure led the IRS to disclose confidential taxpayer addresses to ICE in situations where ICE’s request for that information was patently deficient.”
She took the IRS to task for a slipshod process of identity authentication that relied on wild and inaccurate proxies for address and name verification:
“A zip code is not an address, and a zip code proxy, as the IRS would define it, might as well be a set of random numbers. For instance, ICE could have submitted a request with an ‘address’ like, ‘Don’t Care 12345,’ or, ‘00000,’ and still received a taxpayer’s address.”
Using the IRS’s disclosure (filed after our scoop), Kotellar-Kelly determined the tax agency likely violated the law 42,695 times — once for each of the individuals whose information was shared under the IRS's defective identity verification process.
The Trump administration has appealed her ruling that blocked the data-sharing arrangement. But in her Thursday opinion, Kotellar-Kelly wrote that if the appeals court returned the case to her, she'd consider allowing the plaintiffs to conduct discovery to probe how the IRS and DHS constructed their data-sharing agreement and how it’s been implemented.
I still have many questions that the IRS has not answered:
How specifically did these errors occur?
Who was warned about them, and why did they blow past those warnings?
When did the IRS and DHS learn about this?
Why did they wait until after our report to disclose it?
Will the people whose tax information was shared with DHS be notified that their rights were violated? Those people are entitled by law to sue the U.S. government and recover substantial monetary damages.
When and how will those notifications take place?
Did DHS erase the information that the IRS improperly shared? How can we be sure?
Did anyone at DHS access that information? Again, how can we be sure?
What questions do you have? Email me at [email protected] and contact me securely on Signal at jacobbogage.87. And follow me on Bluesky: @jacobbogage.bsky.social.
