Home Law Accounting in the age of the surveillance state

Accounting in the age of the surveillance state


It’s astonishing how much of your information is stored in perpetuity by Google and Facebook. Even deleted files and emails are stored, seemingly forever.

As Dylan Curran writes in The Guardian, Google and Facebook probably know more about you than you do.

If your smart phone location tracking is turned on, it knows everywhere you’ve been.

Google knows what apps you use, how often you use them, when and with who you interact. It knows your Youtube history, your political leanings, religion and likely mental state.

It knows your location, gender, age, hobbies, career, interests, relationship status, possibly your income, and uses this information to push ads relevant to your current likely appetites.

In the US, a father of a teen girl still in high school was outraged when Target stores started sending her sales booklets for baby items. She couldn’t possibly be pregnant. She was in high school. It turns out that Target was able to predict that she was in fact pregnant based on her switching from a more fragrant to a less fragrant shampoo. Pregnant women have a stronger olfactory sense, so Target’s AI predicted her pregnancy. Predictive analytics have since become remarkably accurate and an absolute gold mine in the hands of retailers.

All of this is relevant to accountants now that the Protection of Personal Information (POPI) Act is signed into law, allowing businesses one year until July 2021 to become compliant. Accountants routinely gather information on client finances and on clients’ creditors and debtors. The question remains, who owns this financial information? POPI places an obligation on those harvesting this information to protect the data of all South Africans.

“There is a need to establish a Code for the Ethical handling and securing of client information, targeted at the accounting community,” says Nicolaas van Wyk, CEO of the SA Institute of Business Accountants (Saiba). “We need to involve accounting bodies, IT service and software providers, and government. It becomes clear that there are uncertainties in the accounting community as to how to capture and store information, and then whether this information can be shared with others, and under what circumstances.

“It seems advisable to have very clear terms of service with accounting software providers as to what information they can share with third parties, and whether they can actually sell some of this information in much the same way as Google does. We would like absolute transparency around this, and if any revenue is generated from the sale of data, if must have the consent of the client and a portion of that revenue is invested in SMEs to assist in the development of the country.”

Werksmans director Ahmore Burger-Smidt says the need to comply with POPI should not weigh a business down, but should be seen as an opportunity to unlock value and benefit for your business – without falling foul of the law. Werksmans outlines the seven steps necessary to protect your clients’ data.

A data breach such as happened to credit bureau Experian – resulting in the leak of the personal information of 24 million South Africans – could have huge implications for business. This means all accountants will have to ensure their cyber-security policies are in place and operational.

When it comes to using social platforms such as Facebook and search engines such as Google, you have already consented to have your information harvested. How this data ends up being used is often out of your control.

As George Gilder writes in Life After Google, anything which appears free (such as Google searches) actually come at a price. Your data is being harvested every minute of the day and used to build an intricate profile of who you are, your likes and dislikes, and your propensity to spend.

Shoshana Zuboff, author of The Age of Surveillance Capitalism, says this data can be used to predict what food you’re in the mood for right now, and immediately push an appropriate ad in your direction. Not only that, Google will auction that information to companies eager to translate that information into a sale.

Unloading innocent photos to Facebook or Google Drive can have unintended consequences. The facial expressions from those photos are scanned through facial recognition software to better prediction models. Zuboff says that information is then sold to companies keen to sell products, or to military users, perhaps in China.

Facebook planted subliminal cues in its Facebook pages that would influence off-world behaviour. It was found to be remarkably effective in influencing real-world emotion and behaviour. And all this is done without consulting user awareness.

Pokemon Go is an augmented reality game incubated in Google for many years, launched by Niantic Labs, that gets players to walk into a shop or restaurant.

Voices are what everyone is after, so microphones are discreetly placed in all manner of devices, from home security systems to thermostats. That information is fed through to third parties without the knowledge of the user. “This is their business: to obfuscate to misdirect, to engineer our ignorance with mechanisms an methods that are undetectable and indecipherable and if they Confront you deny it, deny it for as long as possible until they habituate it,” says Zuboff.

Modern cars have up to 15 cameras that are capable to feeding live streaming video data of street scenes that can be harvested for profit. It’s conceivable that automobiles will be repurposed as surveillance vehicles, and make Ford and other car companies as valuable as Alphabet and Facebook.

Facebook in Australia told its business customers that they could predict when they feel stressed or anxious, and can tailor ads to those in need of a confidence boost.

Cambridge Analytica used the data of millions of American voters to manipulate their inner demons and then trigger them to join a group, purchase a product or even to swing a vote. Last year a class action suit in California by individuals demanding from Facebook the data it had made available to Cambridge Analytica to see they had been targeted and manipulated by the company. Facebook counsel argued that any user sharing information on that platform have no legitimate expectation of privacy.

Says George Kuhn at Drive Research: “Whether you know it or not, you as a shopper are sharing highly detailed buying patterns with retailers as you shop on a daily basis. You unknowingly (or knowingly if you work in this field) provide this data through customer IDs tied to personally identifiable information (PII) such as credit cards, emails, and loyalty card numbers.

“More recently in the past few years, Facebook got into a lot of trouble for data they were sharing with third-parties in the Cambridge Analytica scandal. Nearly every website you access either gathers cookies on you or asks to gather cookies on you. This information is used for marketing and data analytics to learn more about users.

What this means for accountants is that they need to understand what the POPI Act means for them and their clients. More than that, they will have to ensure there is no possibility of a data breach, which means ensuring cyber-security policies and practices are firmly in place.