Housing bill raises tax, fingerprint privacy concerns

When President Bush quietly signed the housing bill last week, it included some controversial provisions--one to create a national fingerprint registry and another for electronic payment reporting.

Stephanie Condon Staff writer, CBSNews.com
Stephanie Condon is a political reporter for CBSNews.com.
Stephanie Condon
4 min read

The whopping housing bill that President Bush signed into law last week does far more than merely address the nation's real estate woes. Some sections have raised serious privacy concerns.

Tucked in near the end of the Housing and Economic Recovery Act is a requirement that banks and online payment networks annually collect and report to the IRS electronic payments made to online merchants. It takes effect in 2011, and will affect what information companies like PayPal collect from their sellers and could raise privacy and auditing complications.

The housing bill also finalized the SAFE Mortgage Licensing Act. As CNET News.com previously reported, the provision creates a national fingerprint registry of "loan originators"--essentially anyone involved in the mortgage industry. While intended to curb predatory lending, the measure has come under fire for being potentially ineffective and unnecessarily invasive.

A safe electronic payment provision?
The electronic payment provision calls for "payment settlement entities"--banks and online payment networks--to provide the IRS with the name, address, and Tax Identification Number (TIN) of merchants who made more than $20,000 with 200 or more transactions in a year. It does not require each receipt to be accounted for, but the "gross amount of the reportable payment transactions." The provision is expected to raise $9.8 billion over 10 years by collecting taxes that usually don't get paid. (See our coverage from 2007 for more details on the origin of the proposal.)

According to David Sohn, senior policy counsel for the Center for Democracy and Technology, turning in the TIN for small merchants could create a security risk because many small vendors use their Social Security numbers as their TIN. "When banks issue merchants credit card accounts, they may have to get a TIN initially but they don't keep it, which is a sound privacy practice," Sohn said. "Only collect the data you need, and only keep the data as long as you need it.

"We've seen this constant stream of data breaches where various kinds of businesses and institutions suffer some kind of data intrusion or lost files. The Social Security number in particular is found to be the most important piece of information for an identity thief."

An aide to Sen. Max Baucus, chairman of the Finance Committee, said both the banks and the IRS have privacy and security rules they follow to protect confidential information.

Sohn said the federal government has been encouraging its agencies to stop using Social Security numbers as a means of organizing data and that the housing bill provision "goes contrary to the whole effort to limit relying on it."

Michael Oldenburg, a spokesman for PayPal, which is owned by eBay, said, "Our top priority is the safety and security of our customers." He said that since the legislation does not take effect until 2011, PayPal will "work closely with our merchants and figure out a way to make (reporting the necessary data) pretty seamless."

As Ken Swab, senior federal government relations officer at PayPal, noted Tuesday on the PayPal blog, eBay worked closely with Congress to influence the legislation. "We're happy with the way it turned out," Oldenburg said. "Originally legislation was looking like it was going to be targeted at casual sellers" who took in more than $600 in electronic payments per year.

While the legislation may not effect the smallest vendors on sites like eBay, Sohn says it could negatively effect small vendors who share an account for receiving credit card payments. "The aggregate amount of sales reported to the IRS isn't going to match the individual sellers' tax returns," Sohn explained. This could make the vendors more vulnerable to audits or prompt the IRS to request even further information from intermediary companies, he said. "Once we establish this precedent, there could be other governmental purposes where it could be appealing to try and force private intermediaries to track their customers' behavior."

Curbing bad loans with a fingerprint database
The bill also creates the Nationwide Mortgage Licensing System and Registry, which requires "loan originators" to furnish their fingerprints to the FBI. A loan originator is defined in the bill as a person who "takes a residential mortgage loan application."

Sharon Reuss, a spokeswoman for the Center for Responsible Lending, said the measure "reflects that borrowers' loans are significantly more expensive if they go through a broker in the subprime market than if they had gone directly to a lender." She added, "We think addressing the broker issue is very significant."

However, Tyler Belong, founder of the Mortgage Accountability Association, argues that the measure will have little impact. "It is not going to stop borrowers from being duped into signing onto a loan (or loans) that they don't understand," he has said. "These practices will continue, in substantially the same volume, regardless of whether the FBI has fingerprints."

Meanwhile, groups such as the American Conservative Union, the American Civil Liberties Union, the Competitive Enterprise Institute, and the U.S. Bill of Rights Foundation have opposed the measure. "Identity theft involving fingerprints is becoming a major concern among data security professionals," the groups said in a letter to the Senate.

The ramifications of the data collection provisions could be as extensive as the more than 600-page bill itself, privacy advocates speculate. "We wonder really just how much information collection this is going to lead to," Sohn said.