We have all heard warnings ad nauseum about not sharing passwords. See e.g., Iliya Garakh, The 5 Risks of Sharing your Password, Techopedia (July 5, 2023). (And who can forget that classic Seinfeld episode The Secret Code, aired November 9, 1995.) Well, now, someone else may be seeking to overcome your natural reservations and obtain your password, and they aren’t scammers either. Nowadays, snugly cloaked in authority, the IRS in examining businesses may be asking for the usernames and passwords to accounting software programs, such as QuickBooks, Sage Accounting, Zoho Books, and others on the market. See United States v. Rouse, 2011 U.S. Dist. LEXIS 77025, *4-6 (holding tersely an IRS summons for QuickBooks records enforceable under I.R.C. § 7602).
As explained in the FAQs on the subject, https://www.irs.gov/
At the same time, concerns continue to be raised over the routine insistence on businesses surrendering their usernames and passwords to examining revenue agents. The IRS has sought to assuage these concerns with FAQ 3 of the above-cited FAQs to the effect that taxpayers can solve the problem by simply creating a temporary password with administrator access for any submitted backup file. In this way, the IRS happily explains, the taxpayer will be able to “preserve any favorite password,” as if ensuring that a cherished prom song remained the key to their business records was ever anyone’s genuine concern.
For many practitioners, the genuine concern is that once the programs are accessed, how far afield may the examiner decide to go? Their fears may be summed up by the apocryphal Arab proverb “Beware of the camel’s nose.” (And for parents, also relevant would be the title of the popular children’s book, If You Give a Mouse a Cookie.)
Apparently, the IRS expects that practitioners may rightly feel the hazard in providing such sensitive client information and resist the government’s request. And, in FAQ 9, the IRS hints that a practitioner’s failure to provide this sensitive information would violate the governing rules of practice under Circular 230 and subject the practitioner to discipline.
The IRS has occasionally warned agents to exercise “professional judgment” in requesting records. One executive document explains, “it may not be necessary to request the backup file in a limited scope audit of one expense item on the tax return.” Memorandum for Examination Area Directors, September 1, 2011, SBSE 04-0911-08. Such pronouncements on administrative self-control are laudable but also not self-executing. Practitioners must remain vigilant about audit-scope creep and be prepared to request a meeting with the examiner’s manager should the camel’s nose—or head—appear.
For example, FAQ 2 also indicates that requests for accounting software backup files will be made “early in the examination.” Yet, backup files have been requested in the later stages of an audit and even after substantial records have been provided. The FAQs may be of most value to the examiners.
As a preventive matter, taxpayers should become thoroughly familiar with the features of their particular accounting software program, so that tax years can be kept in separate batches. And, if confronted with an IRS request for accounting software password and username information, how can practitioners respond? First, ensure that you have provided the IRS responsive hard copy documents. Second, in your correspondence with the IRS consider reviewing and citing to cases where courts have declined to require production of log-in and password information as method of fact gathering where responsive information has already been shared. Farley v. Callais & Sons LLC, 2015 U.S. Dist. LEXIS 104533 (E.D. LA 2015); In re Milo’s Kitchen Do Treats Consol. Cases, 2015 U.S. Dist. LEXIS 48808 (WD PA 2015).