More isn't necessarily better. At CrowdStrike we understand that a holistic cybersecurity approach is the only way to protect your business from active real-time threats. Which is why we created our data-centric platform to have one agent, one console, and one integrated workflow to focus on our one mission. Stop breaches.
When a cyber attack hits, who do you want power in your defense? CrowdStrike. We stop breaches. One of the things that we got to do is when you get something wrong, go back and correct the record. And today I'm gonna do exactly that. Welcome to Radical Personal Finance, a show dedicated to providing you with the knowledge, skills, insight, and encouragement you need to live a rich and meaningful life now, while building a plan for financial freedom in 10 years or less.
My name is Joshua Sheets, I am your host, and if you were to go back to June of 2021 and listen to episodes 794 and 797 of this podcast, you would find my discussion of the ProPublica articles titled "The Secret IRS Files, Trove of Never-Before-Seen Records Reveal How the Wealthiest Avoid Income Tax." This was a famous series of articles at the time, I think it wound up being about a half dozen or at least that's what I read, something like that.
And these articles were all being written based upon publicly available, excuse me, based upon leaked IRS tax returns for the some of the wealthy people in the United States. Now this also was following a period of time in which President Trump's tax returns to the IRS, which he had famously refused to disclose publicly as is or was the custom in the United States for presidential candidates, his tax returns were leaked publicly and that made a big stir in the political space as well.
In those episodes, I myself said, I doubt, I'm skeptical that anyone would ever be brought to justice, anyone would ever be found. It just seemed as though it was just too neat of a political trick, there was too much energy on behalf of the the value of the leaks for the political cause of the moment, and I didn't think anyone would ever be caught, captured, or prosecuted.
I stand corrected. We go now to Justice.gov official press release from the Office of Public Affairs for Justice.gov, date January 29, 2024. Headline, former IRS contractor sentenced for disclosing tax return information to news organizations. A former IRS contractor was sentenced today to five years in prison for disclosing thousands of tax returns without authorization.
Charles Littlejohn abused his position as a consultant at the Internal Revenue Service by disclosing thousands of Americans' federal tax returns and other private financial information to news organizations. He violated his responsibility to safeguard the sensitive information that was entrusted to his care and now he is a convicted felon, said Acting Assistant Attorney General Nicole M.
Argentieri of the Justice Department's Criminal Division. Today's sentence sends a strong message that those who violate laws intended to protect sensitive tax information will face significant punishment. According to court documents, Charles Littlejohn, 38, of Washington, D.C., while working at the IRS as a government contractor, stole tax return information associated with a high-ranking government official, Public Official A.
Littlejohn accessed tax returns associated with Public Official A and related individuals and entities on an IRS database after using broad search parameters designed to conceal the true purpose of his queries. He then uploaded the tax returns to a private website in order to avoid IRS protocols established to detect and prevent large downloads or uploads from IRS devices or systems.
Littlejohn then saved the tax returns to multiple personal storage devices, including an iPod, before contacting News Organization One. Between around August 2019 and October 2019, Littlejohn provided News Organization One with the tax return information associated with Public Official A. Littlejohn subsequently stole additional tax return information related to Public Official A and provided it to News Organization One.
Beginning in September 2020, News Organization One published a series of articles about Public Official A's tax returns using the tax return information obtained from Littlejohn. "This sentence should serve as a warning to anyone who is considering emulating Mr. Littlejohn's actions," said Acting Inspector General Heather Hill of the Treasury, Inspector General for Tax Administration, TIGTA.
TIGTA relentlessly investigates individuals who illicitly access and disclose taxpayer information regardless of their personal motivation. TIGTA appreciates the commitment of the Criminal Division's Public Integrity Section and the U.S. Attorney's Office in ensuring those who abuse their positions of public trust are held accountable for their actions. In July and August 2020, Littlejohn separately stole tax return information for thousands of the nation's wealthiest individuals.
Littlejohn was again able to evade detection by uploading the tax return information to a private website. In November 2020, Littlejohn disclosed this tax return information to News Organization Two, which published nearly 50 articles using the stolen data. I guess it wasn't six. Littlejohn then obstructed the forthcoming investigation into his conduct by deleting and destroying evidence of his disclosures.
Littlejohn pleaded guilty in October 2023 to unauthorized disclosure of tax returns and return information. Now if we go to some of the news articles from the time, from CBS News, one of the things that's interesting is his statement in court. Before sentencing Littlejohn on Monday to the maximum penalty, Federal District Judge Anna Reyes called his attack "an attack on our constitutional democracy.
He targeted the sitting President of the United States of America and that is exceptional by any measure," Judge Reyes said. "It cannot be open season on our elected officials." Littlejohn made a brief statement before the court acknowledging that "I alone am responsible for this crime." He said he was driven by a desire for transparency, but was also aware of the potential consequences of his actions.
"I made my decision with full knowledge that I would likely end up in a courtroom to answer for my serious crime," he said. "I used my skills to systematically violate the privacy of thousands of people." Littlejohn's explanations did not appear to sway the court's sentencing decision. Reyes said courts must be an "unbreakable bulwark for American democracy in the face of increased threats." The court's job, the judge said, was to make sure that others never viewed "this type of conduct as acceptable or justifiable or worth the trade-off.
We are a nation of laws." I don't know about you, it doesn't sound to me like he's particularly repentant of his crime. Sounds to me like he went into it believing that this action that he took was necessary in order to advance his cause, his agenda, and that he accepts the five years in prison as a reasonable sentence.
In a day and age in which people are self-immolating in public places for their political beliefs and political concern in the United States, it seems to me that five years is not a particularly long sentence, but I've never been to prison, maybe five years in the federal prison feels like forever, I don't know.
But it certainly at least is worth acknowledging that the IRS did follow through and did catch this guy, did convict him in a court of law, and he is now in prison. And so we should acknowledge that and appreciate that. It's worth being appreciative of. The challenge is that though we can acknowledge and appreciate them for following through, the deed is done, the events are in the past, they have happened, and that probably is something that will happen in the future.
Now, we should talk for a moment about privacy. For example, do government individuals or do wealthy individuals have a right to privacy? I think they do, but not all countries acknowledge that. And for example, with all of the hullabaloo around President Trump's tax returns, if we want our political candidates to be required to disclose their tax returns, then we should pass a law.
Congress should do its job, pass a law, and require that political candidates make public their tax returns. We should not go about it with this unofficial but pressure thing, and then people going around and stealing the tax returns in order to publicize them. That's not healthy and helpful. If we believe that wealthy individuals should be required to publicly disclose their tax returns, then we should pass a law.
And Congress should pass a law requiring the disclosure of tax returns, and the data can become public. There are some countries around the world, at least one I know, where that is the law, and that could be the law in the United States or whatever country that you are in.
But as always, individuals acting outside of the law is not a healthy and a helpful thing. But it is something that happens, and I was interested to see if there was a history of this. So I went and I tried to find, is there a history of other kinds of instances in which leaked or stolen tax return data has become public?
There is a precedent for this with regard to US President Richard Nixon. And in 1970-1971, somebody stole his tax return information, and that information was leaked. It's my understanding that whoever was involved was never publicly charged or prosecuted for that crime, because the political sentiment was very much focused on, "Hey, these tax returns are so scandalous," and so the person was never brought to justice.
There have been a few other times. There was one guy who tried to extort presidential candidate Mitt Romney, that he tried to extort and sell those documents. As it turned out, it was a hoax, and the individual involved, a man named Michael Mansell Brown, didn't actually have any documents, and he was convicted for his extortion attempt and for his fraud attempt.
But whistleblowers or leaking information is a time-honored tradition of individuals taking private information and going public with it. And in general, what I have found is that my friendliness towards whistleblowers depends much more on whether or not I happen to agree with the whistleblower's politics or position than it does about any kind of strong moral statement about whistleblowing in general.
And I think that your experience is probably similar to mine, that when a whistleblower is on our side, we're glad to have the person come out and make private information public, and we think, "Yay, go for it, go for you, good job," and when the whistleblower doesn't agree with us, then we're upset about the travesty of justice of an individual making private information public.
It's just human nature, right? What can you do and what can I do? Well, first of all, we can acknowledge and appreciate that the IRS has done its job, or that the Justice Department did its job, tracked somebody down, they prosecuted the individual, and gave him the maximum sentence permitted under federal sentencing guidelines.
But if that rings hollow for you, as it does for me, as pretty insubstantial penalty for pretty challenging, you know, I don't know, how would you even value it? It's hard to say. So maybe I'm being too energized by saying it's an insubstantial penalty. It is what it is.
But if it rings true that, "Hey, you know what, this ought not to happen," then the question is, "What can you do about it?" Because it's up to you what you do about it. And once things have happened, once the information is out there, if the information is harmful to you, you can't get it back.
Once it's been printed on the internet and released, you can't get it back. So first of all, I think you should be aware of the risk. And many of us are living in a world in which we're simply not aware of the risk. I had a funny thing that happened to me at a recent group event.
I went and I was buying some tickets for a little fair, and the person at the desk wanted my name. I'm paying cash for these little tickets for rides and food for my children, and the person wanted my name, and I just gave the person an alias name. And someone standing there, who knows me by another name, turned and looked at me and said, "Huh?
Like, what's going on?" And they said, "You know, what?" And I just explained that anytime you put your name or information into a database, you need to expect that that database is going to be published online and is fully available for someone else to be there. And so it's silly, because what's the actual risk to me of, you know, me going and buying tickets for a fair for my children and my name being disclosed?
Not a big deal. Any more than it's a big deal for you to use your legal name when you go and order your Starbucks latte. It's not a big deal. But it is a big deal, because you need to be aware that any information that you publish is ultimately going to wind up on the Internet.
And once the information is out there, then there's nothing you can do about it. And so at all times, you should be aware of the fact that any list or registry that you enrolled in, any information that you give to another person, that is all going to be publicly available on the Internet in a data dump probably within a few years.
Now, most information is not that big of a deal. Is it a big deal if you know that your name is and your address and something is published online? Well, for some people, it is a big deal. For most of us, though, we can go through our lifetime and it's not really a big deal.
But I recently had an experience in which I was thinking about how big of a deal this actually can be. Many years ago, I had an unfortunate experience with one of my dogs. One of my children had left the door of our house open. One of my dogs had gone out in the neighborhood for a run and, you know, "Hey, I'm free.
I'm gonna escape and run around," had chased and attacked a stray cat in our neighborhood, and the cat ended up dying after being found in the jaws of my dog. My dog is not a vicious dog. I don't think that he intended to kill the cat, but how do you know between dogs and cats?
As it turns out, it was a stray cat, which I was very grateful for because it was my dog. My dog went out and killed another creature. Thus, I'm responsible for it. And it was something that really affected me at the time. There was a lot of lessons and a long story to it that I'm gonna skip here, but it was something that really affected me at the time and has continued in my memory for a very significant, for a long time.
Primarily because of the moral issue. I was so grateful when I was able to ascertain that the cat was a stray cat, and while I was unfortunate for the loss-- I was very sad, of course, for the loss of life of the cat--I was grateful that I didn't have to go to somebody and share that, "Hey, my dog killed your cat," because I've thought a lot about the morality of that.
Like, what can you possibly do about--how could you make that situation right? If my dog were to get out of my house and attack your dog, your family pet, or your cat, your family cat who you all love, or your rabbit, or your hamster, or anything else that you do that you really love, and my dog kills your loved animal, how could you possibly make that right?
How could you morally solve it? And it's one of those things where there's--all of the answers are very unsatisfying, because--and it's one of those things where, at the end of the day, the potential results are so significant that the only proper course of action is to make sure it never happens by preventing it, because it probably can't be morally solved.
There's not an amount of money that we could figure out that could compensate you for loss of life of your beloved family pet, something like that. So I was sharing this experience with a friend of mine and sharing my moral question and my musing on it, trying to figure out how would you make it right.
And this friend is a very serious cat lover, and the friend had recently lost a beloved cat. And in the interaction, the friend showed me basically the way that he would have responded if it had been his beloved cat whom my dog killed, which was flat-out scary, because there was violence involved and there was harm being threatened towards me and towards my family.
And it was a rather shocking event, because my friend was role-playing, but genuinely was pointing out how serious and emotionally charged his reaction would have been. When I was considering that event, I realized that this is just how fast life can change. Life can change in an instant. And once it's changed, you can't go back and change it.
A number of years ago, somebody that I used to work with was murdered. She and her husband were having a cookout in their garage in a Tony neighborhood in South Florida, and a guy walks up to them and murders them just flat-out in cold blood. And that event really shook me.
It was just a random young guy in his 20s who had evidently a psychotic breakdown, had done some drugs, and for unknown reasons murdered the people that I know. And it was an example of how quickly things can change, how quickly people can snap, how quickly they can go crazy.
He was ultimately found to be criminally insane by the court and sent to a mental institution instead of to prison for his crimes. My point simply is to say that a lot of times privacy doesn't matter until it does. And then when it matters, it really matters really quickly.
And I thought if my dog had gotten out, run out of the house, which is a totally understandable event, and chased down a neighbor's cat, which again is a totally reasonable and understandable event, and killed a cat, and it just so happens to be that this particular neighbor is emotionally charged, to put it mildly or flat-out crazy, to say something that is possible, I would have to disappear immediately, to protect my family, to protect my wife.
I would have to disappear instantly. And it's an example of something that I didn't do anything really wrong. I certainly would bear responsibility for allowing the dog to run out of the front door, but you know what it's like going in and out of the front door with children and strollers and all the rest of the stuff.
It's an understandable event, and yet if it just so happens to be that you're up against a crazy person that day, then things matter. So all data and all information should be viewed not with extreme paranoia perhaps, but just suspicion. And what's crazy is that we're living in a world in which our data is consistently published everywhere, rarely without our even knowing it.
In my state, where I'm from, in Florida, not only do they publicly disclose your data online, for example when you sign up to vote, when you get a driver's license, they publish your voting data, all of it available online, but more importantly they actually sell your data. So here's how the law works.
The government requires you to have a driver's license if you are going to enjoy the privilege of driving. So you have to go and get a driver's license. That driver's license, by law, has to reflect your physical address as well as all of your characteristics, and has to record a current photo of you.
Then what the Florida State Government does is they turn around and they sell that data in order to profit off of the data that they have legally compelled you to disclose to the government. Here's a paragraph or two from Action News Jacksonville. "Action News Jacksonvestigates learned the state of Florida is making hundreds of millions of dollars by selling your DMV information.
This includes your name, address, and date of birth. Action News Jackson investigator Ben Becker looked into why it's allowed and how it potentially could compromise your financial safety. Becker discovered the state of Florida sells your personal DMV information to dozens of private companies, mainly data brokers, who can request it or pay for unlimited electronic access.
Your name, address, date of birth, and even your driver's license number are available for as little as a penny per file to send you junk mail." And it adds up. "From 2021 to 2023 the state made 263 million dollars and you can't opt out. The biggest bulk buyers of your information are data brokers like LexisNexis at more than 90 million dollars, followed by 53 million dollars from Tessera data, and 40 million dollars from safety holdings." It goes on and talks about it.
So actually we'll continue down. "In 2023 a Russian linked cyber attack targeting the Louisiana and Oregon DMVs leaked the sensitive data of nearly 10 million drivers." Goes on and talks about other attacks and the 263 million dollars that the state of Florida made during those couple of years. So this is, I think to me it's pretty shocking, but it's standard operating business, no one seems to care, doesn't seem to be a big deal for a lot of people.
But something as simple as your driver's license data is basically public access, because anybody with really any connections whatsoever, do any serious investigative capabilities, can access the information needed or find it and buy it. So this, I think, should be concerning. It's an example of how you're compelled to create data and then that data, by the government, and then the data is often sold out from under you.
So while you may or may not be able to opt out of your driver's license data being sold, you can take steps to to adjust the data that you personally create and put online. And that's something that you should be thoughtful about, as thoughtful as possible. So the first step is limit the data that you create and share to only what's necessary.
Now another thing though, that you can get involved in, is some form of political advocacy. I don't see any particularly fruitful political advocacy opportunity, but you might in the future. For example, if the residents of the state of Florida would rise up, then possibly they could end this abusive practice of the government selling data, and that may be something that you could be involved in in your state.
But I would say that another expression of this is something like the tax system in the United States. The way that the tax system works, is you are legally obligated to disclose to the US government on your tax returns, all of your personal and confidential information. And the penalties for non-disclosure are so significant and severe, that most of us are gonna follow the law and go ahead and disclose.
I don't want to get into a situation where I got a judge saying, you know, you lied on this and so I'm tossing you in prison. The pain of prison is too high, I'm gonna go ahead and disclose. But the disclosures are enormous, enormous. And now as they've expanded to disclosures of cryptocurrency holdings, things like that, it's become so much more significant.
And then what you see is that all it takes is one person, one person with motivation and opportunity, and now the data of thousands of people is compromised. And some of those people are very high-level people. This creates not only moral hazard, this creates not only political risk, not only real risk, but what I mean is that not only a real risk to, say, your reputation or your business or your something like that in the community, but this creates a real physical risk.
One of the things that has not generally been present in the United States is extortion. Crimes of extortion based upon people's personal information and personal data. But this is a feature that has happened in many places around the world, and it's something that I think is likely to happen more in the United States.
And so even something like tax return information is a vector of risk that can be quite significant. I'll tell you just one simple example. A number of years ago I had a friend of mine who was a taxi driver from Tampico, Mexico, and we were chatting about this. And we were discussing, basically, the safety and security of Mexico.
Going back and forth, and I'm pretty, you know, pretty relaxed about dangerous places, but I really want to know what's real and what's true. And so he was explaining to me what's real and what's true on the ground. And he said one of the things that you can never do in, where he was from, he says you can't keep your money in the bank.
And the reason you can't keep your money in the bank is that all of the criminal elements that are there in their society have paid informants in the bank who will let them know if somebody has a certain amount of money in his bank account. And so let's say that you have $15,000 in your bank account.
Well, the agent at the bank who has access to the personal information of how much money you have in your bank account can go and share that information with a local criminal who can then go and kidnap your daughter from her school, or from off the street, or off the playground.
And that person knows exactly how much ransom to require from you this weekend based upon the inside information. So he requests a ransom of $15,000, and you basically have no choice but to pay it. Who among us would say no? If we know we have the money and by paying the money we might be able to save the life of a loved child.
So you create a problem when you have data access, access to data. And you say, well that's only in Mexico. No, it's not. Just imagine for a moment that this guy with the IRS whistleblower, imagine that he had not gone after public figures. Imagine that he instead of going after, you know, President Trump at the time, and Peter Thiel, and whoever all the other billionaires were that were talked about.
Imagine that instead of doing that, he had just taken the information related to high-income earners who have access to things, not mega billionaires who are likely to have security, just guys like you and people that you know. You know, normal people with good amounts of income. He goes through your private tax return data, figures out who's got hundreds of thousands or millions of dollars, and he doesn't go and publish the information to the Internet, doesn't go and take it to a journalist, but instead just simply passes the private information along to a criminal element in your place, in your state, in your city.
And now that same model that works so reliably in Mexico has now been imported to Kansas City, Kansas or wherever you happen to be from. Imagine how chilling that would be. And that's with tax return data. Which is probably much more highly guarded. Now take that information into your local financial institutions, take that information into your local bank, your local insurance office, just imagine all the information that is there.
It's a lot. And there's basically no protection against it. Except you being careful with the information. So be careful with the information, that's step one. If you can advocate for a lighter system, fewer government rules and requirements in some way, then that would be great. To be clear, I don't see any opportunity for this.
It's not there. I could create, meaning it's not politically feasible, I could create a system in which it would be possible. For example, I don't think taxes should be based upon income. Why not just figure out how much tax each person needs to pay in order for us to run the government and give people a bill and you keep everything above it.
There are, around the world, there are governments and countries that offer these kinds of tax programs. They're called lump-sum tax programs. And the most famous of them is from Switzerland, where you individually go to the government and you negotiate your tax rate privately based upon the amount of consumption that you pay.
And so you can be a mega gazillionaire and if you negotiate with the Swiss government that, "Hey, I'll pay you guys 300,000 Swiss francs every year," that's your tax bill. It doesn't matter how many mega gazillions you make on top of that, you just negotiate it with the government.
This is widely available right now in a couple countries in Europe. Famously, Italy has a 100,000 euro tax program. Go to Italy, you pay 100,000 euros, you're done. Everything above it is beyond that. Why shouldn't we have more of that? Why not negotiate with the US government and say, "All right, my number is $300,000 a year and if I pay $300,000 a year, that's it." And we all know why not.
It's not politically feasible, but it could be done. And it could all be done without even required disclosure of individuals' amounts. I'm not here to solve it because it's silly to even spend time thinking about it. It's not something that is in any way politically feasible at the moment.
But you need to be aware that these risks are real. And just because you have been protected from them for much of your life doesn't make them any less real. A lot of Americans see the violence happening around them. They see that that violence could increase. You understand that in most of our cases the local police departments are overtaxed.
And while certainly they are likely to give more priority to somebody who has potentially kidnapped your child or is extorting you, perhaps, but it's pretty severe, the world that is available. And we make it easy based upon the proliferation of data all around the world. Consider it. A couple of practical things.
Remember that if this is something that you're interested in, if this is something that you have not researched before and you don't even know what to do, remember that I teach a course on basically this, how to protect yourself. It's called a hack proof course. Go to hackproofcourse.com. That will allow you to have an up-to-date, cutting-edge, but basic, but comprehensive.
What I mean is that it's a very simple program, but it's not unsophisticated. It's simple but straightforward and really good of how to protect yourself against identity theft for situations like this. And it's the kind of thing that, as with any good insurance policy, you got to do in advance.
So if this is of interest to you, go to hackproofcourse.com. Link in the show notes for today's show. Hackproofcourse.com. Sign up. Buy my course. I think it'd be a great fit for you, be enormously helpful to you to take good actions to protect yourself and to protect your data.
And we can appreciate that the Justice Department did get the guy. I don't think, however, that it's likely to be the last. I think that we'll see more and more of these kinds of crimes because they fit the new world. What I mean is that since there's now much more data collected and available in data breaches, data leaks, we can expect to see more sophisticated extortion attempts imposed on people based upon the data.
And these extortion attempts are not exclusively going to be for public figures. It can be for many other people who are going to be extorted and blackmailed. So good for the Justice Department for doing it. But you need to do everything you can to protect yourself going forward as best you can.
Hackproofcourse.com can be of service to you and I'll be back with you very soon. You've always had what it takes to make it happen, and we know the right tools can make it easier. At Stereo University, we're always thinking about new ways to set you up for success. That's why we give you a brand new laptop when you enroll in a bachelor's program, so you can start off on the right foot and keep striving.
Visit stereo.edu to learn more. Eligibility rules, restrictions, and exclusions apply. Connect with us for details. Stereo University is certified to operate in Virginia by SHEP.