With the digital age, identity theft has become one of the biggest threats to our financial and personal lives. Laws, at both the federal and state level, are continually being passed to protect our personal information and punish those who release it without our consent. Yet at least one government agency fails to take such protections seriously.
At the federal level, according to its Rules of Civil Procedure, filings made with courts of law must be redacted including omitting Social Security numbers (SSNs), taxpayer IDs, and birthdates. But when a government agency fails to follow this statute, it suffers no consequences. Meanwhile, private citizens and businesses do not benefit from such immunity and are subject to prosecution and fines.
In the case of Michael Quiel, target of an IRS indictment and later found innocent on most charges as chronicled in his new book, Rigged, he fell victim to this blatant double standard. During Christmas time in 2012, Quiel received a call from a family member saying he had found the Quiel family’s SSNs posted on online. They evidently had been retrieved from the evidence file located on the US District Court’s filing system, PACER—Public Access to Court Electronic Records.
Quiel immediately looked up his case on various internet sites. To his surprise, he found his tax returns posted online, along with the SSNs of each member of his family, including him, his wife, and their three young daughters. The six years of tax returns were part of the five hundred thousand pages of documents submitted by the IRS in its indictment against him.
According to the law, Quiel’s tax returns were allowed to be on the PACER site because of the IRS lawsuit. But by failing to redact all SSNs, the IRS violated federal statutes intended to protect the identity of its taxpayers. Concerned about the consequences of the IRS’s blunder, Quiel phoned his attorney, Michael Minns, who assured his client he would contact the prosecutor handling the case Monica Edlestein. He also said he would address the IRS’s negligence in court. Quiel’s trial with the IRS was set for March 5, 2013.
In the meantime, Quiel took the protective measure of enrolling his entire family on LifeLock, which is an online service that protects customers against identity theft. Through Lifelock, Quiel was notified that his thirteen-year-old daughter had fallen victim to identity fraud—someone had applied for credit using her name shortly after her Social Security number had been posted.
Quiel then used Google to identify sites that had posted his tax returns. Third parties that follow court cases often republish PACER data on their sites. He let each one know that his tax returns contained confidential information that violated federal rules. To Quiel’s relief, every single site he contacted immediately took his tax returns down demonstrating how seriously they took legal compliance.
In contrast, the IRS took a cavalier attitude to protecting citizens’ SSNs. During Quiel’s trial, Minns informed the judge of the IRS’s malfeasance. Monica Edelstein told the court that the Social Security numbers had now been redacted. But, in reality, that had happened only after the IRS first published the unredacted tax returns and left those online for months. Unfortunately, by the time the agency fixed its mistake, his family members’ identities had already been compromised.
“The double standard is clear as day. There simply isn’t any accountability when the government does something wrong,” says Michael Quiel. “If I, as a private individual or business owner, released the Social Security numbers of IRS employees and their family members, I’d likely be on the hook for big fines, lawsuits, and most probably prison.” In the end, the IRS got away with at best its incompetence and at worst negligent intent without any consequence from the legal system. Meanwhile, the SSNs of all five members of Quiel’s family will be forever at risk.