Will auditors go the way of horses?

In late 2015, MIT Professors Erik Brynjolfsson and Andrew Mcafee penned an article entitled, will "Humans go the way of horse labour?"

The article explores how the mechanization of farm labour serves as a model of exploring the automation of knowledge work citing the work of Nobel Prize-winning economist Wassily Leontief. They state:

"In 1983, the Nobel Prize-winning economist Wassily Leontief brought the debate into sharp relief through a clever comparison of humans and horses. For many decades, horse labor appeared impervious to technological change. Even as the telegraph supplanted the Pony Express and railroads replaced the stagecoach and the Conestoga wagon, the U.S. equine population grew seemingly without end, increasing sixfold between 1840 and 1900 to more than 21 million horses and mules. The animals were vital not only on farms but also in the country’s rapidly growing urban centers.

But then, with the introduction and spread of the internal combustion engine, the trend rapidly reversed. As engines found their way into automobiles in the city and tractors in the countryside, horses became largely irrelevant. By 1960, the U.S. counted just 3 million horses, a decline of nearly 88 percent in just over half a century. If there had been a debate in the early 1900s about the fate of the horse in the face of new industrial technologies, someone might have formulated a “lump of equine labor fallacy,” based on the animal’s resilience up till then. But the fallacy itself would soon be proved false: Once the right technology came along, most horses were doomed as labor."

The MIT Professors are not alone in sounding the alarm when it comes to how automation can impact labour. Others includes Thomas Piketty, Douglas Rushkoff, Martin Ford and Nick Carr. 

If the techno-distopians are right, then there will need to be a fundamental alteration of the way the economic system is structured to address the unemployed masses. Such masses are not likely going to take such things lying down. For example, in response to the Great Depression there were mass demonstrations in Washington DC where thousands protested their plight. In January 1932, Cox's Army of 25,000 assembled in the capital to protest their poverty. Later that year, the Bonus Army of 43,000 marched on Washington in the summer to demand the US government pay the bonus promised early:



Alternatively, if the techno-utopians are right, such as Peter Diamandis and others at Singularity university, then such  protests won't be necessary: the system will make changes proactively to ensure that the gains made from exponential technologies are made available to the majority.

The point is that either way actions must occur at the political level to make the changes necessary to  address the deeply embedded economic architecture.

Consequently, working within the status quo leads to one actionable option: "Race with the Machine".

Prior to penning the article I cited above, MIT Professors Erik Brynjolfsson And Andrew Mcafee proposed that the path forward requires "man and machine" to work together:

This is essentially how IBM's cognitive system, Watson, was positioned when it comes to doctors and medicine: doctors delegate the task treatment research to Watson, while they determine what is the right treatment for their cancer patients. For example, doctors and Watson were able to work together and determine what the correct treatment was for a 60 year old Japanese patient. 

How can this be applied to financial audit? 

Firstly, the scope of the audit is driven by optimizing the cost-benefit curve. Consequently, there is a potential to get greater assurance for the same amount of resources allocated. Keep in mind that if auditors had to audit all transactions,  the organization could go bankrupt just trying pay the audit bill. Consequently, auditors only look at transaction on a test basis.

However, with the increased datafication of an organization's interactions with stakeholders, there is an opportunity - that didn't previously exist - to analyze these interactions for audit insights.

Take for example a Business to Consumer (B2C) company, like Dell, that interacts with its customers via social media. In 2005, there was an infamous spat between a CUNY journalism professor, Jeff Jarvis, and Dell computers (original post here). Jarvis was irate over the customer service and has been an Apple customer since. Such conversations can be mined for potential audit implications. In this particular instance, it could be a means to assess the adequacy of the sales returns allowance - developing a model based on how many other customers have complained via blogs, twitter or other social media about the B2C company and then assessing whether the provision is adequate.

Previously, such an analysis would be cost prohibitive and wouldn't make sense for the auditor to even considering such a thing. For example, the B2C company would need to record all conversations and then have auditor listen to thousands of hours of conversations to see whether such an issue actually exists.

This is not to say that it is currently feasible to run such an analysis.  Tools that aggregate, standardize and analyze such unstructured text could be argued to be in their infancy. However, datafication combined with further advances in social analytic tools (see video below for an example) in is the first step to a world where such analysis could be feasible.

The second separate but related issue is the role of the regulators in opening or closing the gate on innovation.

Some may mistakenly believe that this due to the regulated nature of audit. However, audit is not the only arena where innovation is shaped by the “regulator”. In fact, the success or failure of innovation  depends on how the incumbents who govern the landscape make way for the new technology (or not).

Take for example the rise of the iPhone in the corporate environment. What allowed consumerization to take place (i.e. allowing users to connect their favourite smartphone devices to the network instead of the corporate devices) was that Microsoft took an open approach to licensing it Exchange Active Sync. They could have created a walled garden that allowed Windows Phone only to connect to their email server, however, they paved the way for iPhone and Android to connect their devices to the corporate email server. Microsoft as the "regulator" of which mobile device can connect to its mail server enabled the iPhone and Android to displace our beloved BlackBerries from the corporate environment. Had Microsoft saw more profit in walling off the market for its own devices the ability for Apple iDevice to disrupt corporate IT would have been stifled if not suffocated.

On the opposite side, David Sarnoff of RCA squashed FM radio in order to protect his AM Radio technology and pave the way for television. The inventor, Edwin Armstrong, who initially was Sarnoff's friend, had mistakenly shared his technological innovations with him only to be betrayed by him. FM Radio technology had the potential to share data, such as faxes, back in the 1930s. One can only imagine the state of the wireless technology had RCA allowed this technology to flourish. 

Similarly, in 1934, AT&T blocked the answering machine for fear that it would undermine their business because "ability to record voice would cause business people to shun the telephone for fear of having their conversations recorded". So although much innovation came out of AT&T's Bell labs, the point is that it was effectively acting as the "regulator" which determined which innovations were permitted in the telecommunications industry and which ones were not. 

Consequently, the regulators (e.g. SEC, PCAOB, AICPA, etc.) will have a significant role to play on how innovation will unfold with the arena of audit. It is ultimately they who are going to weigh and assess what constitutes reasonable assurance actually is.  

Where are the regulators currently at? 

Well it seems that they are looking to technology to actually improve audit quality. In a May 2017 speech, PCAOB Board Member Jeanette M. Franzel noted in the section "Impact of Technology on Audit" that:

"If managed and implemented properly, these developments have the potential to enhance the value of the audit process and increase audit quality." [emphasis added]

To be sure it's not all rainbows and unicorns. Board Member Franzel did see "potentially disruptive changes will present challenges and threats across the auditing profession". However, at least there is an appetite to explore how such technologies can improve audit quality, expand what more can be done within audits and enable auditors to race with the machine.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.

Did WSJ go too far in exposing Apple employee home purchasing habits?

The WSJ published an article discussing the cost of houses in the Bay Area. As per the title of the article, "Apple Paychecks—One Reason for High Home Prices", the key culprit they highlight are the significant salaries that the Apple employees are allegedly paid.

The the data for the findings were based on the work done by Zillow completed "at the request of The Wall Street Journal" who "used census data to track down where workers in the census tract that is dominated by Apple’s Cupertino, Calif., headquarters live—primarily neighborhoods in the San Jose and San Francisco metropolitan areas". It's not clear if they relied on their own data to complete this analysis. As per the graph below, Zillow tied the rising house prices to iPhone sales.

To be fair, and abide by full disclosure principles, the article does also blame "[z]oning laws and regulatory red tape are key factors as well". However, would it be the WSJ if it didn't lay such a charge?

Where to begin? The article raises a lot of issues in terms of the role of publicly available data - regardless if it is only the census data, data gathered by aggregators such as Zillow or social media sites.

As I had written a couple of years ago, the article actually is the promise of social media to "return us to the village". In the village privacy was limited because people knew each other and any deeds or misdeeds made by the individual were quickly found out by the community. A good example of how social media accomplishes this was role of public in identifying the rioters involved in the post-Stanley cup "celebrations". If such a riot had happened in the village, the rioters would be have been held accountable in a similar manner.

The Zillow-WSJ effort is really along similar lines: if employees of a company or members of a particular guild were buying up houses and driving up prices in particular area; wouldn't people in the village know?

Furthermore, it actually is village business. We need to understand how we will live with one another how we are going to make the most of living together in this shared space called community, which requires an understanding of how the actions of one group within the community will impact others especially when it relates to a basic need like housing.

That being said, it opens up the issue of big data and its ramifications on privacy.  Although the above rationale translates well into issues relating to communal benefit it doesn't translate well into issues relating to how private entities can handle the information they were given for a specific purposes. This of course refers to the concept of "consent" well-established within privacy parlance.

The authors of  Big Data: A Revolution That Will Transform How We Live, Work, and Think raised this issue in there book. As I had noted in a previous post:

"The authors, however, raise a much more interesting point when discussing privacy in the era of big data. They highlight the conflict between privacy and profiting from big data. They note how the value of big data emerges from the secondary uses of big data. However, privacy policies require the user to consent to a specific use of data at the time they sign up ahead. This would prohibit companies from big data. However, corporations in their drive to maximize profits will ultimately make privacy policies so loose (i.e. to cover secondary uses) that the user essentially has to give up all their privacy in order to use the service. What the authors propose is an accountability framework. Similar to how stock issuing companies are accountable to the security regulators, the idea is that organizations would be accountable to a privacy body of sorts that reviews the use of the big data and ensures that companies are accountable for the negative consequences of the data.

For those of use that have been involved in privacy compliance, such an approach would make it real for companies to deal with the privacy issues in proactive manner. We saw how companies attitudes towards controls over financial reporting shifted from mild interest (or indifference) to active concern with the passage of Sarbanes-Oxley. In contrast, no similar fervour could be found the business landscape when addressing privacy issues. Although the solution is not obvious, the reality is that companies will make their privacy notices meaningless in order to reap the ROI from investments made in big data."

Explaining Big Data Technology in under 2 minutes

The class I was teaching this week was looking at Big Data from multiple perspectives, including security. The approach I used with cloud last week was to identify the key differences between ASP and cloud. With Big Data the key difference is between the SQL world of relational databases and the non-relational world of NoSQL technologies, such as Hadoop.

I took a course on Big Data that explained how there is a distributed architecture that enables a "master" to send out the job to vast army of "slaves" to complete the processing. However, how do I explain this in a succinct and effective way to the students? 

In a word, YouTube.

I found this video that gives a pretty good overview of Big Data, but it's real value is how it explains how Hadoop works at a high level (go to 4:10):

Of course, we will be covering  social media later in the term :)

Materially Mistweeted? Tale of the Ticker Symbol

My coworkers informed of a fascinating story of how one letter and an overactive stock rumour mill can provide us a valuable lesson in defining materiality in the world of a 140 character "tweet". As described in this post on Tech Crunch, the stock, "TWTRQ", went from less than a penny to a high of $0.15, which works out to - I am relying on TechCrunch on the math on this one - to be a rise of 1,400%. Wow! Was it the birth of new valuation model that made Wall Street realize the value of TWTRQ? Did the Federal Reserve grant TWTRQ, or  Tweeter Home Entertainment Group, the right to print money out of thin air (as they do with other banks)?

Looks like the free market fundamentalist really got it handed to them on this :) 

Apparently, the collective "wisdom" of the markets that drove investors into a feeding frenzy over TWTRQ. The reason? Well, investors apparently bought the stock of this company, which has been bankrupt since 2007, thinking it was the initial public offering of Twitter (symbol: TWTR). Who would have thought to assess the materiality of a ticker symbol? Could the investors sue the auditors on this one? Now that would be a court case worth watching.  

Of course on a more serious note, it really illustrates how little people do when investing their money in stocks. We are not talking about running the latest financial model pulling XBRL tagged information in real time to determine the value of the company. We're talking about checking financial news sites to see when the stock was released. 

And to finish a lighter a note, we can at least chuckle at Despair.com's take on this. 

"Images can't be verified": The limits of social media?

In previous posts, I have illustrated how information integrity concepts, and assurance more broadly, have played a role in media reporting. In the post, I noted the following as way way to act as a check on the media:

"Another probably more plausible approach is to leverage crowd sourcing and organize it to enable people comment or blow the whistle on information that is produced in a manner that is inaccurate, incomplete or invalid. The Guardian actually did this for the MPs expenses: they built an app that allowed ordinary users to analyze MPs expenses (if interested check out the Google Docs Spreadsheet with this info). As noted in the article, there was another attempt to build such an app (see here for the alternative). This is both good and bad. It's good in the sense that no one organization has the ability to monopolize such initiatives. However, it is bad in the sense that the efforts of the crowd are effectively divided. Regardless, it does illustrate that the potential for "crowd sourced audits"."

However, the events in Egypt, Syria, and the coverage of  the Occupy Wallstreet Movement, illustrate the limits of social media on its ability to act as a check as a means to counter "official sources".  As noted in the following excerpt in the WSJ, there is a significant discrepancy in the death toll in the recent events in Egypt:

"The Associated Press cited the Ministry of Health as saying 525 people were killed across the country, with 3,717 injured. Interior Minister Mohammed Ibrahim said 43 policemen died in the assault, the Associated Press reported.

The Brotherhood placed the number of fatalities far higher—saying 2,200 people had been killed and more than 10,000 wounded."

To put the number of dead into perspective, the number killed (if the Brotherhood numbers are accurate) is the same scale as the number that died in September 11, 2001, which was 2,977.

What is interesting is that the Egyptian military actually targeted camera men to prevent images of the massacre from leaking out. For example, Mick Deane, a cameraman from Sky News was shot and killed by the Egyptian army. Also, as you can see in the video below, Ahmed Asem  (an Egyptian photojournalist) was killed while filming the Egyptian army kills others:


In Syria, even after horrifying images of chemical attacks were available from YouTube (no link was provided due to the gruesome nature of the attacks; however they can easily be found by putting "Syria Chemical Attacks" in YouTube), the mainstream continues to refer to them as "alleged".

With respect to the Occupy Movement, almost 8,000 people have been arrested. However, the mainstream media does not cover this and so a major crackdown on a significant social movement is effectively invisible to the mainstream society.

So what does this have to do with information integrity?

I have been fascinated with the portability of information integrity concepts to any information system, including the mass media system. For example, if one reads Manufacturing Consent, it is essentially a book that evaluates how the media is able to apply concepts, such as decision-usefulness, completeness, validity, etc to the way information is published or broadcast.

And this is the link to the social media.

One may think that with official media being unable to compete with social media, that the it will be replaced by social media. However, this is only from a business perspective. the real question is whether social media does actually alter the ability of the mass media to set the parameters of debate. In other words, can you or I can get on a blog expose the truth about something and create change society, based on the blog post?

As illustrated by the examples above, when the official media does not actually corroborate the social media, it effectively prevents social media from having an impact on society. I had mentioned in this in one of my earlier posts, the official media is still seen as a source of trust and verification, whereas social media is not. This ultimately prevents social media from ever truly supplanting old media, as people in a society ultimate rely on collective institutions to bind them together in a cohesive. So despite social media giving people the ability to contribute to the landscape ideas, it has not fundamentally altered the essence of power structures in society.

In other words, the "information system" that is within the society still remains where it always has.  And when the citizenry make decisions about societal matters, they ultimate rely on this information system for their opinions and beliefs, simply because the other sources can be doctored and faked, i.e. there are no official "information integrity" controls around social media. Consequently,  countries - be they dictatorial or democratic - can crackdown on their citizens and social media will not "materially" affect society's opinions or belief about the plight about that group or their cause.

CNET, CES and Crowd-sourced audits: Independence does matter

In a previous post, I looked at how the editorial interference from CBS forced CNET to award the Best in Show category to another contestant because CBS was involved in litigation against the company who actually did win best in show. The perspective that I took was more of a "decision usefulness" perspective: could a reader actually figure out who the real winner is due to the use of disclaimers. 

Others were much more outraged over this lack of objectivity. 

Since my post, Greg Sandoval, a reporter at CNET, has resigned over the controversy (click here to see his tweet).  More importantly, the Consumer Electronics Association (CEA) itselft has taken a firm stand against this move by CBS. As noted in this press release, they have effectively overturned CNET's decision and have awarded the Best in Show to both the Hopper and Razor's Edge (effectively CNET's second choice). They have also are requesting a request for proposal for "a new partner to run the Best of CES awards program". 

Looking at the heart of the issue, the question is how does one maintain independence when reporting on a matter? 

We can take a look at what the Canadian Institute of Chartered Accountants (CICA) and the Canadian Public Accountability Board (CPAB) have written about independence in this publication. On page 7, they cite the International Ethics Standards Board for Accountants (IESBA) and breakdown independence in two categories: 

• "Independence of mind: The state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity and exercise objectivity and professional skepticism.
• "Independence in appearance: The avoidance of facts and circumstances that are so significant that a reasonable and informed  third party would be likely to conclude, weighing all the specific facts and circumstances, that a firm’s, or a member of the audit team’s, integrity, objectivity or professional skepticism has been compromised."

The publication also a number of threats to independence. The two probably most relevant are the "self-interest threat" and the "intimidation threat", which I think are probably most relevant to the CNET-CES controversy. Effectively, CBS's objectivity of the reporters was put aside in favour of the self-interest emanating from their litigation against DISH (who makes the Hopper). 

But the more interesting one to explore is the "intimidation threat". And this is most felt by reporters and editors who are pressured to abandon their view in favour of what the parent company wanted. And it speaks to a fundamental flaw in journalism: the press depends on money from the companies and others that they need to write about. The biggest illustration of this is what went down between Fox News and Jane Akre and Steve Wilson when they were forced to stop reporting about the health effects of drinking milk from cows that had been given Monanto's Bovine Growth Hormone. The reporters were fired when they refused to give into the "intimidation threat". They initially won their case under Florida's whistle blower law, but when Fox appealed they lost. The reason? The media has no obligation to tell the truth.  

So the challenge remains as to how does one remain independent when they need to eat and pay their bills in a free market system? Greg took the principled stance as, Jane Akre and Steve Wilson did, but not everyone can afford to pay the prices. People have to pay rent and take care of their families. The reality is that if society really cares about have access to information that has integrity they need to pay for it.

Is it time to have audited standards for the media, similar to the one used for financial information generated by financial companies? 

Although not perfect by any stretch of the imagination - the accounting scandals, a la Enron, serve as an important reminder of the lack of perfection in the system - the way financial information is subjected to testing serves at least as a starting to point as way to understand what needs to be there to ensure the information has integrity. 

Another probably more plausible approach is to leverage crowd sourcing and organize it to enable people comment or blow the whistle on information that is produced in a manner that is inaccurate, incomplete or invalid. The Guardian actually did this for the MPs expenses: they built an app that allowed ordinary users to analyze MPs expenses (if interested check out the Google Docs Spreadsheet with this info). As noted in the article, there was another attempt to build such an app (see here for the alternative). This is both good and bad. It's good in the sense that no one organization has the ability to monopolize such initiatives. However, it is bad in the sense that the efforts of the crowd are effectively divided. Regardless, it does illustrate that the potential for "crowd sourced audits". 

Social Media & Privacy: The Return of the Village

Some of you with connections to the younger folk may have heard of SnapChat. The promise of the application was that it would allow its users to share images that would be deleted within a few seconds of it being transmitted. Another similar app and function is offered by Facebook called Poke. The hope was that, such an app would protect the privacy of the users by maintaining the confidentiality of the messages sent. However, CNET uncovered (based on the blog, BuzzFeed FWD) that it is quite easy to go around the controls:

"an iPhone user simply has to plug the smartphone into a computer, navigate to the phone's internal storage, and find the folders for Snapchat and Poke where the videos are stored locally. The user can then copy the videos from the phone to the computer to sneak a peek at them. In BuzzFeed's testing, this bug applied only to videos; photos didn't appear to show up."

The workaround, if you will, illustrates something that we know that there is always a way around these controls and therefore they offer limited privacy protection at best. The reality is that once something gets online it's out there forever.

I try to make the next generation of accounting students aware of the risks during the Master's course I teach at the University of Waterloo.  During class, I ask them to pull articles on how posting on Facebook can undermine one's career and professional prospects. (here is a blog that compiles social media faux pas that results in one losing one's job). As the then CEO of Sun Microsystems (now owned by Oracle), Scott McNealy stated (back in 1999), "You have zero privacy anyway.Get over it."

Over the summer, I had some time to think about privacy and social media as I was researching the phenomenon. One of the thoughts that struck me was that social media actually represents the "Return of the Village". Being an urbanite myself. I am used to living in the city or the burbs where people "mind their business". However, that's not how life is in the traditional village. In the village, everybody knows everybody and word gets around quickly about people's affairs. There, just as in the online world, if you don't want anyone to know something don't tell anyone about it. Consequently, privacy has always been limited in a village context. However, as Jeff Jarvis touts in his book Public Parts, there are benefits to living life publicly. In other words, by living in the "online village" we get the benefits of a community that was hard to find living in the more individualistic urban setting. A couple examples that illustrate this concept:

• Vancouver Riots: After the Vancouver riots, "Robert Gorcak created a Facebook page titled “Vancouver Riot Pics: Post Your Photos,” within 10 minutes of game end. He said he created the page to gather photos of the perpetrators in the hopes of bringing them to justice." This is exactly what would happen in a village. If someone was creating problems, he or she would be identified and held responsible by the community
• Mommy Bloggers: This concept of the "online village" is also illustrated by mothers who exchange stories and work with each other online in terms of dealing with the joys and challenges of motherhood. One such blogger is Heather Armstrong, who runs dooce.com. In article posted on abcnews.com, it  states: "Bloggers also helped Armstrong through her own postpartum depression. “I didn’t have a village,” she said. “I would get on my laptop and read other women’s stories online. They changed the way I parent. Without their stories, I honestly don’t think I’d be alive today.” That feeling of helping is what keeps many bloggers going. “You can’t say enough how big a reward that is to express yourself and in the process of expressing yourself, dip into a community and get a response, said Connors, who is also Babble’s director of community and social good. “It’s very free, very liberating, to get to say what you want and….immediately get the gratification of a community coming around you.”"

When developing an internal controls strategy around social it is important to keep the human element at the focus of the strategy. As illustrated by SnapChat, technology-centric controls can be easily circumvented. Furthermore, when considering the risks of employees contributing online it is important to remember that it is hard to segment one's professional world in the corporate cubicle with one's personal life. Consequently, governance and controls need to address the personnel rather than relying solely on technological solutions, such as data loss prevention tools. For example, Microsoft relies essentially on its people to police themselves and in order to post things that are in-line with Microsoft's corporate culture. In other words, the techno-centric solutions can supplement governance controls but they don't supplant them. 

In terms of protecting oneself from privacy breaches it requires vigilance. Some totally avoid being a social network for just the reason. That being said such people are in the minority (I poll students annually as to whether they are on Facebook: a handful give it up because it is a waste of time. I've found 1 or 2 people who've given it up for privacy reasons). Other try to mitigate such risks through "social controls". For example, in the Facebook Effect, the author notes how colleges have no cellphone and no camera parties to avoid illegal activities for finding their way online. It may seem like weak control because anyone can sneak a camera into the party. What this misses is really that the control is social in nature: people won't take pictures because they wanted to be invited to the next party!

Ultimately, the real test of social media will be how it is used against people who do not conform to the norm. For example, what would happen if employers discriminate against people who support the Occupy Wall Street movement? If people go along with such discrimination, social media essentially becomes a way to ensure conformity in society. Conversely, if such discrimination is opposed, then it would lead to a more open society as the threat of social sanction (e.g. unable to finding employment) is effectively removed.  

The other DDoS: Denial of Service by DMCA

In information security, the common definition of DDoS is Distributed Denial of Service attack. However, there is a legally sanctioned form of DDoS: DMCA Denial of Service, where a user acting in good faith is 'denied service' because of an alleged infringement of the DMCA. The DMCA (i.e. the Digital Millennium Copyright Act) provides a means to enforce of copyright protections online and was ultimately responsible for killing Napster (who enabled peer-to-peer sharing of  music and other files). Although the Napster case was cut & dry to some (like the Recording Industry), there are some where users are actually acting in good faith, but are taken down through enforcement of such  an Act.

The case that illustrates this issue is the take down of 1.45 million education blogs in October. James Framer, CEO of EduBlogs, noted that "ServerBeach, to whom we pay $6,954.37 every month to host Edublogs, turned off our webservers, without notice, less than 12 hours after issuing us with a DMCA email." He went on to explain what the actual infringement was: "one of our teachers, in 2007, had shared a copy of Beck’s Hopelessness Scale with his class, a 20 question list, totalling some 279 words, published in 1974, that Pearson would like you to pay $120 for." Reading the blog further it turns out that EduBlogs did actually comply with the DMCA request that they received. However, the issue that Pearson had was (a) it was accessible via Google's cache and (b) it was accessible by its Varnish cache. In other words, James Farmer got legally DDoSed: 1.45 million blogs were made unavailable due to ServerBeach rush to comply with the DMCA instead of "calling any of the 3 numbers for us [ServerBeach] have on file".

Edublogs, however, is not the only company to be DDoSed in this manner. Small companies that publish news reports on YouTube or other content sharing sites also face this danger. Take for example Leo Laporte's This Week in Tech (TWIT) new media network, which publishes tech related podcasts and videocasts. The business model of this network resides on him being able to make the video available soon after its airing. Failure to do so will result in the company losing out on ad revenue because the "eyeballs never made it" to the particular show. Consequently, when one of their episodes gets pulled down by Google's robots, or due to request of the copyright holder (as noted here), it jeopardizes the TWIT business model making him another DDoS victim.

From a risk perspective, the risk of such event should be evaluated, especially for businesses that rely on revenues via the distribution of online content. Specifically, the agreement with the third parties that host their content should include provisions that enable them to at least demonstrate compliance prior to be taken down. However, both James Farmer and Leo Laporte have attempted to work with their respective providers to prevent this type of risk. Farmer complied with the request, while Laporte has attempted to contact Google and explain that he is news organization. So this is easier said then done. Laporte hosts the videos on his own servers, however the popularity of YouTube limits the effectiveness of this "backup strategy" (i.e. users won't go to the site to watch the video instead of YouTube). In the end, it may just be an unavoidable cost of relying on such providers.

From a longer-term perspective, it illustrates clash of legacy laws and the capability of the Internet to "network knowledge". This the concept is taken from David Weinbergers's "Too big To Know", who identified how the ability to share, link and debate information on the Internet transforms knowledge into a more fluid state in contrast to the static nature of books. He explains this concept in the following video:

James Farmer implicitly argued this point in his rant against Pearson when he said: "Here’s another idea Pearson, maybe one that you could take from Edublogs, howabout you let this tiny useful list be freely available, and then you sell your study materials / textbooks and other material around that… maybe use  Creative Commons Non Commercial Attribution license or similar to make sure you get some links and business." In other words, Pearson has failed to understand this new world of networked knowledge, where a link to the "offending" list would link to other resources that has Pearson has - enriching both Pearson and those using its publications.