In 2013 parliament mandated an invoice data annex to the VAT return whereby all firms must report all transactions with other firms exceeding 1000 Euros, with a view to checking that the buying and selling companies were declaring the same amount. Following lobbying by businesses about the accounting overhead and business secrets, the president vetoed the bill.
Sander and colleagues approached the tax and customs board with a proposal to use secure multiparty computation, and built a research prototype using Sharemind. The idea is to break VAT declarations into three shares, on servers run by the tax board, the business association, and another party, and run distributed computations to get risk scores for companies. His tests show that it’s feasible; the Estonian economy’s monthly tax returns could be processed in ten days. The remaining problem is that the tax board currently keeps its algorithms proprietary, and would prefer not to reveal them in case they get gamed; at present we don’t know how to run obscure queries in practical amounts of time. Revised legislation has now been accepted and secure MPC is on the tax board’s roadmap for the next few years. In conclusion, MPC can solve some real problems, although business processes may have to be changed.