Public accountability made widely accessible

Our Procedures and Policies in Fulfillment of IRS Requirements
Authentication and Integrity Through Digital Signatures
Determination of Fees

Our Procedures and Policies in Fulfillment of IRS Requirements

IRS regulations prescribe the conditions required to make exempt organization documents "widely available" using the Internet. Those conditions are satisfied by 990online.com as described on this page. Text extracted from the IRS regulations is given below in italics.

From the Code of Federal Regulations § 301.6104(e)-2:

§ 301.6104(e)-2 Making applications and returns widely available.

(a) In general. A tax-exempt organization is not required to comply with a request for a copy of its application for tax exemption or an annual information return pursuant to § 301.6104(e)-1(a) if the organization has made the requested application or return widely available in accordance with paragraph (b) of this section. An organization that makes its application or return widely available must nevertheless make the application or return available for public inspection as required under § 301.6104(d)-1 or § 301.6104(e)-1, as applicable.

(b) Widely available-

(1) In general. A tax-exempt organization makes its application for tax exemption and/or an annual information return widely available if the organization uses a method specified in paragraph (b)(2) of this section or in a revenue procedure or other form of guidance issued by the Commissioner, and if the organization satisfies the requirements of paragraph (b)(3) of this section.

(2) Internet posting. A tax-exempt organization can make its application for tax exemption and/or an annual information return widely available by posting the application or return on a World Wide Web page that the tax-exempt organization establishes and maintains or by having the application or return posted, as part of a database of similar documents of other tax-exempt organizations, on a World Wide Web page established and maintained by another entity.

990online.com specifically maintains a database of tax-exempt organization returns and applications for exemption.

In order for the application or return to be widely available through an Internet posting, the entity maintaining the World Wide Web page must have procedures for ensuring the reliability and accuracy of the application or return that it posts on the page and must take reasonable precautions to prevent alteration, destruction or accidental loss of the application or return posted on its page.

990online.com adheres to the following policies and procedures to comply with this requirement:

Furthermore, the application or return will be considered widely available only if-

(i) It is posted in the same format used by the Internal Revenue Service to post forms and publications on the Internal Revenue Service World Wide Web page;

Submitted materials are published by 990online.com in PDF-format, which is the same format used by the IRS to post forms and publications on its Web site.

(ii) The World Wide Web page through which it is available clearly informs readers that the document is available and provides instructions for downloading it;

Such a notice and instructions are provided.

(iii) When downloaded and printed in hard copy, the application or return is in substantially the same form as the original application or return, and contains the same information provided in the original application or return filed with the Internal Revenue Service (except information withheld pursuant to § 301.6104(e)-1(b)(4)(i) (the names and addresses of contributors listed on the annual information), Schedule A of Form 990-BL and information on the application for tax exemption required to be withheld under section 6104(a)(1)(D) and § 301.6104(e)-1(b)(3) (trade secrets and similar information)); and

Documents in PDF-format preserve the form and contain the same information that is submitted to 990online.com for online publication. The authorized person who submits the document is required to warrant that the submitted documents are true and accurate copies of the materials required by these federal regulations to be publicly disclosed.

(iv) A person can access and download the application or return without payment of a fee to the organization maintaining the World Wide Web page.

Documents in the 990online.com database are available without charge for the public to download at any time.

(3) Notice requirement. If a tax-exempt organization has made its application for tax exemption and/or an annual information return otherwise widely available it must tell any individual requesting a copy where the documents are available (including the address on the World Wide Web, if applicable). If the request is made in person, the organization shall provide such notice to the individual immediately. If the request is made in writing, the notice shall be provided within 7 days of receiving the request.

990online.com provides tax-exempt organizations with an Internet address (URL) for a Web page from which their submitted documents are available (http://990online.com/docs/).

Authentication and Integrity Through Digital Signatures

990online.com uses industry-standard password protection to prevent malicious access to our Web site for purposes of altering the documents published there. However, a mechanism exists that extends this security by making it possible to recognize if such improper changes have been made. Digital signatures allow document integrity to be tested, i.e. they provide verification that the electronic file is unaltered by anyone other than those authorized to do so.

How Do Digital Signatures Work?

Although the mathematical basis for digital signatures is beyond this discussion, the logic of the system is as follows:

  1. A digital signature is generated for an electronic document through a mathematical procedure that uses both the document and a "private key." The private key is known only to the person who generates the digital signature.
  2. A digital signature is used to verify an electronic document's integrity through a mathematical procedure that uses both the document and a "public key" that corresponds specifically to the private key used to create the digital signature. The public key and electronic signature are made public, so anyone can perform this verification. The verification process proves that the signature was created from this exact document, and that the person who created the digital signature is in possession of the private key. Noone can create a digital signature that matches the public key if they don't also have the private key.
  3. If a malicious hacker succeeded in accessing a Web site and changing the electronic document, they'd also have to create a digital signature to match it, else anyone checking the signature would notice that it no longer matched the document. However, because the hacker doesn't have the private key, any signature created would indicate upon testing that it was created by someone other than an authorized person.

How Can I Test A Digital Signature For One of the Documents Here

In order to test a digital signature, you must first obtain the appropriate software. The 990online.com digital signatures use the Pretty Good Privacy (PGP) method, so you'll need software that can perform PGP testing. We recommend the commercial or freeware PGP software from NAI/McAfee as being particularly easy to use. Specific instructions for using that software is available. However, the general procedure for testing a PGP digital signature is the same no matter which software you use.

    Install the PGP software of your choice on a convenient computer.
    Obtain a copy of our public key and import it into your software's "public keyring." Some software can connect automatically to the keyserver you indicate, search for keys matching the criteria you provide, and store the selected keys in your public keyring. Otherwise, you will probably need to get a plain-text version of the public key, save it as a file, and then add it to your public keyring using your software's "import key" function. For security reasons, no copy of our public key is located at the same Web site as the IRS documents we've published. The 990online.com public key may be obtained from any of these sites:
    1. McAfee/PGP keyserver <ldap://certserver.pgp.com>. The key retrieval method depends on the version of the software you are using, so check your documentation. If you are using the NAI/McAfee software, it will access this site automatically. On the keyserver, search for "990online.com" in the User ID. You can confirm that it is indeed our key by checking the associated verification information, as follows. This additional identifying information is repeated at our offsite digital signature Web page for added security as described below. Our email address is "info@990online.com". Our Key ID is "0xA8E1D182" and its fingerprint is:

      61A4 B7D6 EDB9 52BE FE8C 8A64 3020 FC66 A8E1 D182

    2. McAfee/MIT keyserver <http://pgpkeys.mit.edu:11371>. If you are using the NAI/McAfee software, it will access this site automatically. Otherwise, you can visit the associated Web site and use the form there to search for "990online.com" and then verify the information as in the previous paragraph.
    3. MIT Keyserver <http://pgp.ai.mit.edu/>. At this Web site, go to the "extract a key" page to use the form there for retrieving our public key as an ASCII text. Save that text and import it into your public keyring.
    4. Our Offsite Public Key Page <http://members.home.net/mercere/990online_pgp.html>. We maintain another Web page, that is specifically not located on the regular 990online.com site, from which you can obtain our public key and the associated identifying information for it. If the information there does not exactly match that here or on the keyservers (particularly our public key's "fingerprint" given above), someone has maliciously changed one of them. This is highly unlikely, but these security procedures were implemented to help avoid else quickly reveal even highly unlikely events.
    Download a copy of the document and its associated digital signature file using your Web browser's usual mechanism. The image of a small key key icon next to the name of each document published at this site is a link to its associated digital signature file.
    Your PGP software will have a "verify" function. It will require you to indicate the document and signature files, and may ask you which public key in your keyring to test. If the software indicates that all three items match, you'll have confirmed that the signature file was created from that document by 990online.com and noone else, and that the document exactly matches the signature. Note that if you haven't imported the 990online.com public key, the verification process will invariably report that the signature is unverified.

Sources of PGP Software and General Information

Determination of Fees

Although the 990online.com service is not intended as a profit-making operation, it is intended to cover the actual costs of processing and publishing online the submitted forms. The involved costs are:

  1. Fax machine with direct PC connection. This enables the fax machine and computer to have two separate phone lines, so faxes can be received even while the computer is online. The extra phone line is an additional cost. The fax machine is a 3-year old Hewlett-Packard Office Jet 350, a somewhat out-of-date multifunction printer/fax/copier/scanner that HP isn't supporting anymore. A special and important function is that it can be set to receive faxes and then place them on the computer hard disk through the bidirectional printer cable, keeping the document in electronic format. The received documents are automatically saved in DCX format, which I convert to TIF or PDF for archiving. This hardware will probably need to be replaced early next year, with another fax device that has a direct-to-PC function.
  2. Computer. The computer is a 3-year old Dell Dimension XPS P200s (200 MHz), with 64 MB RAM, and a set of 4.3 GB and 13.0 GB hard disks. It probably has another 2 years of effective usefulness.
  3. Software. I use Adobe Acrobat "Exchange" version 3 to load the DCX file, remove the cover page(s), and save the remainder in PDF format. I use Microsoft Access to maintain a database of orders and past and present document tracking data. I use WS_FTP to upload files to the Web site. I use Norton Antivirus, Norton Utilities, MS Office, Eudora Pro, and several other software applications for routine maintenance and operations. I use NAI/McAfee PGP Personal Privacy to create and verify digital signatures for the published documents. All software is updated annually.
  4. Iomega Zip Drive and Ditto Tape Drive. This is a 3-year old Zip drive, with SCSI interface connected to a very modest SCSI card in the computer. The Zip drive is used to archive both the DCX files and the PDF files (on separate disks). When 600 MB or so of ZIP disks are full (about 6 of them), they are transferred to CD-ROM using a local service that charges $25 per CD-ROM. The CD-ROMs are the stable long-term storage format for the received documents.The Ditto tape drive is used to make periodic backups of the hard disk that also holds the IRS documents locally.
  5. Web Publication Site. The 990online.com Web site and document database are hosted by Interland, which charges the lowest basic rates for Web-site-only services I was able to find. The cost of Web space goes up with increased size (there is no "bulk discount" when it comes to hard disk storage, because bigger disks cost quite a bit more). If the document database started to get very large, then I might contact them about a discount or about buying and having them host a big hard disk or CD-ROM jukebox specifically for 990online.com, since for very large databases those would probably be more cost effective mechanisms. In the meantime, their basic charge is $20 per month for 80 MB of Web server disk space, $40 for 120 MB, $70 for 160 MB, $150 for 200 MB (as of January 1999). The domain names (990online.com and online990.com, the latter because people are likely to make that error) cost $70 per year.
  6. Ongoing Cost of Web Site Publication. A typical PDF file takes up about 43 KB/page. The annual information returns I've examined average 20.3 pages in length, or 0.87 MB each. Exemption applications are usually significantly longer and vary a lot, but I've estimated 40 pages as average. The IRS estimated in its proposed regulations for TBOR2 that around 1000 NPOs could be expected to post their application and returns online. I estimate that 80% of those will do the work entirely themselves, and that no more than 200 organizations would use the 990online.com service. If each of those posts three returns and one exemption application, each will publish 100 pages, 4.3MB online, for a total of 860 MB. Therefore, I assume the $1800/year for 200 MB rate, and get around $0.40 per page per year. I estimate another $0.10 per page for ZIP and CD-ROM archival media and processing. Finally, I increased the per page rate by 50% (to $0.75 per page per year) to account for potential future cost changes (I am committing for up to three years of online publication), and to insure I haven't underestimated the real costs so that I don't end up subsidizing this service out of my own pocket.
  7. Incidental Costs. I will probably not be able to conduct the business entirely by email (the least expensive mechanism), and will end up incurring phone bills to ask for clarifications, and postage costs for sending postcards for notification, or disks to people who can't receive email attachments).
  8. Total Hardware/Software and Labor Costs. The total computer maintenance, hardware and software upgrading, and final replacement cost of hardware and software over a three year period, plus incidental costs, I estimate at $10,000. I estimate it takes me 20-30 minutes per document for processing, including stripping the cover sheet and storing to PDF format, entering the order and the file names into my recordkeeping database, archiving the files to ZIP disk, creating digital signatures, and finally uploading them. For 200 organizations submitting 4 documents each, that comes to 270 hours. Given 200 organizations submitting 4 documents each at $25 flat rate per document, less the estimated costs, that would generate $10,000 over three years as a reasonable buffer against costs that I haven't anticipated (including business and related taxes if there is actually any money left over after expenses and such taxes are due).

It's hardly expected to be a profitable business, but if my estimates are reasonable then at least I shouldn't lose any money personally by operating it, which is the intention.

Go to main 990online.com page

This page last modified 20May99