As noted in the Guardian article:
The following video from TheVerge sums up the issue:
Although such allegations have received attention (in my opinion due to the association with Trump's campaign), the reality is that these allegations against Facebook are actually not new and reported in both the Intercept in early 2017 and the Guardian way back in 2015.
There was an ensuing backlash (as noted in the video above and here) that forced Facebook CEO, Mark Zuckerberg to respond. He both had a written response and gave the following interview on CNN:
During the CNN interview, he mentioned the word "audit" 3 times[emphasis added]:
- "So we're going to go now and investigate every app that has access to a large amount of information from before we locked down our platform. And if we detect any suspicious activity, we're going to do a full forensic audit"
- "And we're now not just going to take people's word for it when they give us a legal certification, but if we see anything suspicious, which I think there probably were signs in this case that we could have looked into, we're going to do a full forensic audit."
- "We know how much -- how many people were using those services, and we can look at the patterns of their data requests. And based on that, we think we'll have a pretty clear sense of whether anyone was doing anything abnormal, and we'll be able to do a full audit of anyone who is questionable."
Can CPAs come to Mark's rescue?
Zuckerberg's repetitive use of the word audit should be read in conjunction with his "welcoming" of regulation:
"I actually am not sure we shouldn't be regulated. You know, I think in general, technology is an increasingly important trend in the world, and I actually think the question is more what is the right regulation rather than yes or no, should it be regulated?"
Zuckerberg would not be the first tech giant to opt for regulation as a business strategy.
In Tim Wu's Master Switch, Theodore Veil also advocated for the concept of a regulated monopoly in the arena of telephones:
In Tim Wu's Master Switch, Theodore Veil also advocated for the concept of a regulated monopoly in the arena of telephones:
As Tim points out in his book, the move enabled AT&T didn't always use their monopolistic powers for good. They charged high long distance rates and even stifled innovation suppressing the answering machine due to potential conflict with its main business.
Regardless, it shows that Facebook could be an early advocate for CPAs offering privacy related assurance services around its algorithms.
AlgoTrust: A new service offering for CPAs?
The concept of AlgoTrust is something I have previously discussed in this post.
The idea actually has support from multiple angles not least of which of comes from information security expert, Bruce Schneier:
The idea actually has support from multiple angles not least of which of comes from information security expert, Bruce Schneier:
Big Data versus Privacy: The monetization paradox
Such an algo-audit could leverage the work done by AICPA and CPA Canada in the realm of privacy, specifically the Generally Accepted Privacy Principles. That being said, privacy audits have been a hard sell in the past. But what distinguishes the service here is that it would be auditing the algorithm for compliance with privacy "regulations".The reason regulations need to be put in quotes is that in substance privacy legislation is effectively eliminated if the consumer consents to use the service.
The challenge, therefore, is balancing the drive to monetize big data with the privacy needs of the people who use the service. For example, people who identify with the "left" may not want Steve Bannon or Trump accessing their data. Similarly, people who identify with the "right" may not want Obama accessing their social media data. The end result is that no one can access meaningful data due to privacy restrictions - resulting in a standard so restrictive that it eliminates that ability of companies like Facebook to monetize the treasure trove of data that they have collected.
As noted in an earlier post, there is an inherent highlight the conflict between privacy and profiting from big data. The value of big data emerges from the secondary uses of big data. However, privacy policies require the user to consent to a specific use of data at the time they sign up for the service. This means future big data analytics are essentially limited by what uses the user agreed upon sign-up. However, corporations in their drive to maximize profits will ultimately make privacy policies so loose (i.e. to cover secondary uses) that the user essentially has to give up all their privacy in order to use the service.
There is a lot of potential in attempting to create an assurance service to address Facebook's predicament, but as they say, the devil is in the details.
Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else
Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else
