Those Facebook posts from your vacation on a white sand beach, or that purchase of a fancy new vehicle, could be attracting views from the federal government.

As its staff shrinks, the Internal Revenue Service has turned to mining social media and large data sets in search of taxpayers to audit, a Washington State University professor says in a recent report in the Vanderbilt Journal of Entertainment and Technology Law.

People should be aware “that what they say and do online” could be used against them by the IRS, said Kimberly Houser, an associate professor of business law in WSU’s Carson College of Business.

Her 55-page report is studded with examples of how the IRS has turned to social media and data analytics for enforcement, including a 2013 fraud case in which a Florida woman was convicted after bragging about being the ‘Queen of Tax Fraud’ on Facebook.

Tax evasion cost the U.S. government an estimated $3 trillion in lost revenue between 2000 and 2009, the report said. With its budgets and staff in decline, the IRS created a new “Office of Compliance Analytics” division in 2011 to make use of big data and predictive algorithms for finding tax scofflaws, Houser said. But some of the practices used by the IRS violate federal laws related to privacy and fair information gathering, she said.

While the burden is on taxpayers to provide supporting documents for their tax returns, the IRS does not have unlimited power to obtain any information it wants, the report said.

In a 2010 case, United States v. Warshak, a federal appeals court affirmed that citizens have a reasonable expectation of privacy in their emails and the government needs a search warrant to read them.

However, “many of these (privacy) statutes were written before the internet was widely used, and certainly before social media,” Houser said. “My instinct is that because the law is not worded as broadly as it could be to cover these situations, the IRS has just taken the stance of ‘Let’s just do what we can until someone tells us we can’t.’ ”

The IRS is mostly mum on how the agency targets taxpayers through analytics, according to Houser, who cites examples culled from outside reports, including other universities’ freedom of information requests.

Houser said the agency uses data analytics to decide which taxpayers to audit, based on “private, highly detailed profiles” of taxpayers created from sources other than tax returns or third-party reports, such as W-2 wage information. Her report says the IRS mines commercial and public data, including social media sites such as Facebook, Instagram and Twitter. The information is added to IRS databases and algorithms are used to identify potential tax evaders, the report said.

“The collection and use of this data without proper oversight and the increasing reliance on machine-generated decisions may result in harm” – such as targeting or discrimination of particular groups, Houser said in the report.

Social media, for instance, is full of errors and exaggerations, she said. The agency should be transparent about what types of information it collects and give taxpayers a chance to review and correct errors, Houser said federal law states.

The IRS’s media office in Washington, D.C., did not respond to an interview request. But Houser’s report is creating a buzz among privacy and data experts.

“It wouldn’t surprise me, that in an effort to save money, the IRS has created an algorithm to verify information on your tax return,” said Angie Raymond, associate professor in the business and ethics department of Indiana University’s Kelley School of Business.

“It’s an almost elegant use of an algorithm,” said Raymond, who wasn’t involved in the research.

But she said there are “significant legal implications” for an agency using information mined from social media or other online activity for government use, such as an IRS audit. The same privacy protections in federal law should apply, regardless of whether the records are paper or electronic, she said.

“People are going to be surprised that it is happening,” Raymond said. “We just feel sort of creepy that we’re monitored in this way.”

Jody Blanke teaches courses on the law and ethics of big data at Mercer University in Atlanta, where he is a law and computer science professor.

“I consider myself a privacy advocate,” Blanke said. “Quite frankly, whenever you read a law journal article like this about big data and privacy, they are often quite terrifying. …You read these papers and say, ‘Wow, I didn’t know you could do that.’ ”

In his classes, Blanke asks students whether they’re more concerned about businesses gathering information about them or government agencies. The class is usually split, he said.

“The federal government is among the leaders in trying to have better controls and safeguards for personal information,” Blanke said. “I would imagine the IRS takes security and privacy quite seriously.”

However, Houser’s report points out potential areas for misuse, , said Blanke, who wasn’t involved in the research.

The IRS has a long history of using audits for political purposes, Houser said. One of the more recent examples is when the IRS was accused of targeting conservative organizations affiliated with the tea party. The IRS also has had major data breaches, she said.

“The IRS is not the entity I want maintaining these records,” Houser said.

Hauser said she’d like to see an oversight office “watching what the IRS is doing with data.”

“We have laws in place to prevent the government from doing certain things with our data,” she said, “and it doesn’t seem like the IRS is complying.”

This story was updated to correct the Mercer University campus where Blanke teaches.