Sunday, August 28, 2011

Audit Trails: The Corporate Surveillance We Need

Frank Pasquale

What do the following problems have in common?

1) food poisoning
2) systemic risk in the financial system
3) data breaches
4) violations of civil liberties
5) tax evasion
6) insider trading

In each case, we could do a lot more to stop the problem if we better tracked the actions that lead to it. An "audit trail" can enable that tracking. Decades ago, such tracking would be inordinately costly. Nowadays, it is increasingly embedded into any quality logistical system. The technologies of RFID chips, cheap imaging and data storage, and rapid search are ubiquitous. Corporations use them to track customers and products. Now public authorities need to use them to track corporations.

Consider, for instance, this recent story on food safety:

More than 75 percent of seafood and half of the fruit Americans consume is imported. The FDA has registered 254,088 foreign farms and processing facilities that feed into the U.S. food supply. Something as commonplace as a frozen pizza can have upwards of 50 ingredients from 10 or more countries. That includes spices sourced from around the world—most spices are imported—as well as an array of preservatives and additives. . . . “The consumer has absolutely no idea,” says William Kanitz, president of, which sells traceback software to food companies.

The Food Safety Modernization Act, which went into effect this year, gives regulators new powers to order food recalls, access company records, and close food plants. . . . Yet Congress put off perhaps the most useful tool for quickly heading off outbreaks: A rule requiring food companies to keep records about where their ingredients come from was left out of the final bill. . . . So far, the powerful food lobby has been successful at fighting the government’s efforts. The House version of the food bill required manufacturers to keep records that would enable the government to trace food all the way back to the grower within two business days. By the time it was ratified by the Senate, that requirement had been watered down to a pilot program.

So an unscrupulous middleman can engage in "food laundering," just as banks or drug dealers might engage in complex accounting to hide the origins of certain funds. The article quotes the director of food programs at the Pew Health Group on the reasons why the system suits the shady: "It’s less likely you’ll be held liable if folks can’t prove that you’re the source of the contamination." And so long as processors and distributors have no obligation to record all their sourcing, they, too, might opt for a "hear no evil, see no evil" policy of willful blindness. The FDA appears to be even more helpless in the wake of a "tidal wave" of adulterated supplements.

Black Box Finance

So what does this problem have to do with systemic risk in the financial system? Having turned the continent of Europe into a subprime CDO, bankers are now worried that they may be the odd men out in a high stakes game of musical chairs. As John Lanchester explains,

‘Credit events’ . . . are chaotic and unpredictable, and all the more so because the fundamentals of the economic order, as constituted in 2008, are still intact. Who owns [] Greek debt? [M]ainly French and German banks. Yes, but banks insure their debt via the use of complex financial instruments. Insure it with whom? Don’t know: some of it is insured with British banks as counter-parties to the risk, but that risk will be insured in its turn, so that the identity of the person holding the parcel when its last layer of wrapping comes off is a mystery. That mysteriousness was the thing that made Lehman’s collapse turn instantly into a systemic crisis. [link added]

Global banking is a house of cards, not by necessity, but by design. Both Lehman and the EuroCrisis recapitulate a pattern of willful opacity by banks enabled by the willful blindness of regulators. The Financial Crisis Inquiry Commission reported that a former OTS director had “no clue—no idea—what [AIG’s] CDS liability was” as of September, 2008---when the insurer's sudden near-collapse threatened to trigger a financial meltdown. Opacity is at the core of capital market dysfunctionality. As John Gapper has argued:

The behaviour revealed in the JPMorgan and Goldman cases is a product of the conflicts of interest embedded in how integrated Wall Street banks work. As they say in Silicon Valley, it’s not a bug – it’s a feature. That feature is inherent in most of what banks do, but the opacity and complexity of credit derivatives – especially mortgage-related securities such as collateralised debt obligations – let deception, overpricing and ultimately fraud flourish. From this black box came the bulk of revenues and bonuses. [emphasis/link added]

Moreover, the same types of tactics pioneered by tax evaders can be domesticated into not-quite-legal or perfectly legal forms of obscuring an entity's earnings or tax obligations. And as anyone who's followed the "cloak and dagger" of the SEC's notable insider trading cases knows, "white collar wiretaps" have been a game changer, uncovering a "sprawling network" of favors and corruption.

From Food to Finance to Privacy, and Beyond

Hidden harms are also a hallmark of the privacy field, where Kafkaesque databases can mark individuals out for bad treatment in ways they never discover. As I noted earlier, "fourth bureau" entities that blackball consumers actually brag about how impenetrable their data and processes of evaluation are. The three credit bureaus are also frequently opaque, discrediting individuals in ways that are difficult to challenge or understand. The intelligence agencies and contractors that constitute "Top Secret America" are even more secretive, and their work can have dramatic consequences for targeted individuals and groups.

In all of these areas, we face a twofold challenge: a) improving recordation systems in order to better understand what is going on, and b) recording the activities of those who access the systems, to deter abuses of the power such knowledge gives.

Many privacy advocates have tried to limit troubling monitoring. This is often thought of as the whole of a reformist position on government surveillance. But data law needs a larger vision, and an intensification of new kinds of surveillance, including sousveillance.

As corporations gain the same free speech rights as individuals, they also need to be subject to the same level of scrutiny. Purposeful avoidance of tracking may well indicate a corporate plan to destroy evidence of wrongdoing. Justices Kennedy and Scalia have called corporations “the voices that best represent the most significant segments of the economy,” but they also manage to do a great deal of damage. Reallocating surveillance toward corporate actions can repurpose a leviathan state that seems obsessed with spectacular attacks or frightening stereotypes, but perplexed by corporate practices we desperately need to understand. Both the SEC and HHS realize the power of audit trails, and I hope to see them adopted as a tool by more agencies in the future.

X-Posted: Concurring Opinions.

Older Posts
Newer Posts