https://financialcryptography.com/ Where the crypto rubber meets the Road of Finance... en-us 2008-09-06T19:29:31-05:00 https://financialcryptography.com/mt/archives/001092.html Not just another two scalps being counted: Fannie Mae and Freddie Mac, the huge USA mortgage lenders, are to be nationalised: The government’s planned takeover of Fannie Mae and Freddie Mac, expected to be announced as early as this weekend, came together hurriedly after advisers poring over the companies’ books for the Treasury Department concluded that Freddie’s accounting methods had overstated its capital cushion, according to regulatory officials briefed on the matter. Well, what else can they do? Think about how huge this is: the two of them hold or back debts of around $5.3 trillion dollars . Failure is almost certain systemic collapse: first the US housing market, then the rest. The theory of central banking has it that the CB is the lender of last resort. And after that last resort, it owns the bank. So the Fed now will own these mortgage lenders, as a consequence of its role. No change here. But, the theory also has it that any lending brings on the most severe punishments. Collapse and rescue by the CB then means: all shareholders are set to zero. All directors are sacked. It is then welcome to see that, in contrast to earlier wimpy efforts by Bernanke's Fed, this: The details of the deal have not fully emerged, but it appears that investors who own the companies’ common stock will be virtually wiped out; preferred shareholders, who have priority over other shareholders, may also wind up with little. Holders of debt, including many foreign central banks, are expected to receive government backing. Top executives of both companies will be pushed out, according to those briefed on the plan. will be pushed out? Pah! In Switzerland, it is apparently a crime to be an officer of a failed bank. Think hard here.... Who are their auditors? Who were the ratings agencies? Who were the regulators? While others ponder the detail of rounding up the guilty, there is the wider question of how to act, systemically, and properly, if one were a CB. What caused this to happen? Clearly, we don't know the full detailed story. We do know the US economy has been out of balance for the last many years, you pick the number. We do know that pay-up time is now. Further, it has been obvious for a long time that FM & FM have been structured on continually rising housing prices. How dumb is that? Still, assuming a free-market, the government is wise not to tell bad investors (or companies) how to act properly. Even if it "knows" what is "right", the theory of free markets is that it knows much less than it would like to, and certainly less than how to run a business. (Otherwise it would be doing it, right?) The mistake then is in allowing the mortgage backers to become too big to fail. That is, assuming a free-market, we must also respect the right to collapse. When there is no right to collapse, there is no free market. All else is subsidies, and the various other isms are just around the corner. Communism, nationalism, socialism, playing-fieldism: Fannie Mae executives are likely to have resisted the proposed takeover because the company's financial condition isn't as dire as its sibling company, said Bert Ely, an Alexandria, Va.-based banking industry consultant. But the government would still have to take over both companies, he said, to allow them to borrow money at the same rates. "In order to level the playing field between the two companies, you've got to take over both of them," said Ely, a longtime critic of the two companies. The backing by the USG for the mortgage lenders' debt is the tactical error. Having got the systemic details off our chest, let's move to the witchhunt. Who started these monstrosities then? How did the shared guarantee from the US taxpayer come into being? Who fell for that old trick? The US taxpayer deserves to know who's stupidity she's paying for this time, no? Fannie Mae was created by the government in 1938, and was turned into a shareholder-owned company 30 years later. Freddie Mac was established in 1970 to provide competition for Fannie. Oops!... Governance iang 2008-09-06T19:29:31-05:00 https://financialcryptography.com/mt/archives/001091.html I have in the past presented the strawman that your CISO needs an MBA. Nobody has yet succeeded in knocking it down, and it is proving surprisingly resilient. Yet more evidence comes from Bruce Schneier's blog post of yesterday: Return on investment, or ROI, is a big deal in business. Any business venture needs to demonstrate a positive return on investment, and a good one at that, in order to be viable. It's become a big deal in IT security, too. Many corporate customers are demanding ROI models to demonstrate that a particular security investment pays off. And in response, vendors are providing ROI models that demonstrate how their particular security solution provides the best return on investment. It's a good idea in theory, but it's mostly bunk in practice. Bunk is wrong. Let's drill down. It works this way: NPV (net present value) and ROI (its lesser cousin) are a mathematical tool for choosing between alternate projects. Keep the notion of comparison tightly in your mind. The tools measure the money going in versus the money going out in a neutral way. They are entirely neutral between projects because NPV is just mathematics, and the same mathematics is used for each project. (See the top part of Richard's post.) Obviously, any result from the model depends totally on the inputs, so there is a great deal of care and theory needed supply those proper inputs. And, it is here that security projects have the trouble, in that we don't have a good view as to how to predict attack costs. To be clear, there is no controversy about the inputs being a big problem. But, assuming we have the theory, the process and the inputs, we can, again in principle, measure fairly across all projects. That's how it works. As you can see above, we do not make a distinction between investment, savings, costs, returns or profits. Why not? Because NPV model and the numbers don't, either. What then goes wrong with security people when they say ROI doesn't apply to security? Before I get into the details, there's one point I have to make. "ROI" as used in a security context is inaccurate. Security is not an investment that provides a return, like a new factory or a financial instrument. It's an expense that, hopefully, pays for itself in cost savings. Security is about loss prevention, not about earnings. The term just doesn't make sense in this context. Or, or here: The bottom line is that security saves money; it does not create money. It seems to be that they seize on the words investment and returns, etc, and realise that the words differ from costs and savings. In conceptual or balance sheet terms, they do differ, but here's the catch: to the models of NPV and ROI, it's all the same. In this sense, we could say that the title of ROI is a misnomer, or that there are several meanings to the word "investment" and you've seized on the wrong one. If you are good at maths, consider it as simply a model that deals equally well with negative numbers as well as positive numbers. To a model, savings are just negatives of returns. Now, if your security director had an MBA, she would know that the purpose of NPV is to compare projects, and not anything else, like generating returns. She would also know that the model is neutral, and that the ability to handle negative numbers mean that expenses and savings can be compared as well. She would further know that the problems occur in the inputs and assumptions, not in the model. Finally, she would know how to speak in the language of finance, which is the language that the finance people use. This might sound obvious, but it isn't so clear. As a generalism, it is this last point that is probably most significant about the MBA concept: it teaches you the language of all the other specialities. It doesn't necessarily make you a whizz at finance, or human resources, or marketing. But it at least lets you talk to them in their language. And, it reminds you that the other professions do have some credibility, so if they say something, listen first before teaching them how to suck eggs.... Governance iang 2008-09-03T10:09:13-05:00 https://financialcryptography.com/mt/archives/001090.html Over at the Economist, they sound the alarm of justice being eaten from within by discovery and especially, electronic discovery. On a case worth $1000 per month: Horizon immediately asked to see practically everything the teenagers had said on their Facebook and MySpace profiles, in instant-messaging threads, text messages, e-mails, blog posts and whatever else the girls might have done online. The Beyes’ lawyer, David Mazie at Mazie, Slater, Katz & Freeman, objected on the grounds that Horizon’s demands violated the girls’ privacy. He lost. So hard disks and web pages are being scoured in order for the case to proceed. Gathering and then sifting through all the electronic information that a few teenage girls have generated is excessive and daunting, says Mr Mazie. Something wrong there, but what is the issue? In comments last week, Daniel Perry pointed to this article by William J. McLean: Discovery matters are frequently assigned to retired judges and/or experienced local trial attorneys and typically involve the payment of significant fees to these appointed special masters -- often in excess of $400 per hour. ... The burden and cost of electronic discovery may fall disproportionately on one of the parties in litigation, and this can lead to an unsatisfactory state of affairs in which litigation is determined not on the merits, but instead on rulings that arise out of discovery disputes. Unfortunately, any party with the financial ability to play the e-discovery card may be able to overwhelm its opponent with the discovery process to the point of either driving that opponent out of business or forcing it to forgo a valid claim for damages. Alternatively, it could leave a party without the financial ability to defend a case on the merits. (Yes, as this is a non-legal blog, I elipsed the formal law reference.) So, discovery is a weapon. If you have more money, you can flood the other side with discovery requests. Back to the Economist: And yet almost all information today is electronic, and there is ever more of it. “Things that we would never have put in writing are now in electronic form,” says Rebecca Love Kourlis, formerly a justice on Colorado’s Supreme Court and now the director of an institute at the University of Denver dedicated to rescuing America’s civil-justice system. This system, she says, was already a “sick patient”—with crowded dockets and understaffed courts—but electronic discovery now threatens a lethal “spike in fever”. She has seen ordinary landlord-tenant disputes take three years, and divorce cases that might have been merely bitter, but are now digital wars of attrition. She sees cases that are settled only because one party cannot afford the costs of e-discovery: whereas in the past 5% of cases went to trial, now only 2% do. She knows plaintiffs who cannot afford to sue at all, for fear of the e-discovery costs. From 5% to 2% suggests Kourlis is blaming electronic discovery on a halving of justice! How do we -- the victims -- deal with it? What are the defences for that? The Economist suggests that the continental tradition of inquisitional justice is a natural break on the abuse, so do we have to move to Europe? McLean implies there are two defences: traditionally, costs of searching for paper had a natural limit, and the legal code(s) of conduct limits any abuse. As we know, there is now no limit to searching and copying data (remember google, RIAA, etc). The second can go spectacularly wrong: Discovery motions, meanwhile, continued to be filed. Huge amounts of attorneys' fees were being spent month after month as part of this exercise. No controls or limitations were placed on the discovery process. Despite warnings from counsel that he should get control of this case, the special master continued to allow and hear motions to compel and to impose sanctions. As many as six lawyers would attend the hearings, which would continue day after day, week after week, month after month. A pattern was developing. Defendants came to fear that yet another motion for terminating sanctions would be forthcoming if something was not done to try and remedy what the special master seemed to believe were the inadequacies of previously supplied answers to interrogatories. At one point, about $1 million was spent on preparing a fifth set of supplemental answers, with the knowledge that yet another a motion would almost certainly be forthcoming. Ultimately no further motion was filed -- at least as to those specific answers. But, it gets worse. McLean outlines the nuclear option, wherein the Special Master seizes on a lost or deleted document, and strikes the submission. From there, a default on the entire case may be entered. What's with that? For the record, I, and everyone I know, delete documents all the time! Indeed, I have deleted most of article, above, and the article authors themselves have been skimpy themselves for editorial reasons. Caveats and memories of Arthur Anderson aside, it seems clear that discovery is a weapon, and the courts may not defend you against it. Further, in this age of digital documents -- 80% of evidence according to one estimate -- there is no natural upper bound on discovery patience, as there was with boxes of paper. This then makes discovery a threat to your business. In financial cryptography, we search out these threats and work with them, in advance of the lawyers' fees (sorry about that!). Luckily, we can do something about this one: we can use many techniques to organise the documents to be firstly secured and secondly complete. What remains as the open question for you: do we include it in each and every design, in your design, or in no design. This is a question of risk management, of course, but here is the final salutory warning to add some bias: Postscript: Ultimately the dispute between Synopsys and this group of former employees settled, but not before more than 20 additional discovery motions were filed and heard. The defendant corporation no longer exists, following its acquisition by Synopsys in May 2005. The product that Nassda developed is now owned by Synopsys. The case generated some $100 million worth of attorneys fees. Nine law firms were involved in the prosecution and defense of the case. The special master received about $1 million. Pursuant to the terms of the settlement agreement, our client (one of the Nassda employees) paid nothing. Which side of that weapon do you want to be on?... Court Cases iang 2008-09-02T05:09:31-05:00 https://financialcryptography.com/mt/archives/001089.html Graeme points to this entry that posits that security people need a legal background: My own experience and talking to colleagues has prompted me to wonder whether the day has arrived that security professionals will need a legal background. The information security management professional is under increasing pressure to cope with the demands of the organization for access to information, to manage the expectations of the data owner on how and where the information is going to be processed and to adhere to regulatory and legal requirements for the data protection and archiving. In 2008, a number of rogue trader and tax evasion cases in the financial sector have heightened this pressure to manage data. The short, sharp answer is no, but it is a little more nuanced than that. First, let's take the rogue trader issue, being someone who has breached the separation of roles within a trading company, and used it to bad effect. To spot and understand this requires two things: an understanding of how settlement works, and the principle of dual control. It does not require the law, at all. Indeed, the legal position of someone who has breached the separation, and has "followed instructions to make a lot of money" is a very difficult subject. Suffice to say, studying the law here will not help. Secondly, asking security people to study law so as to deal with tax evasion is equally fruitless but for different reasons: it is simply too hard to understand, it is less law than an everlasting pitched battle between the opposing camps. Another way of looking at this is to look at the FC7 thesis, which says that, in order to be an architect in financial cryptography, you need to be comfortable with cryptography, software engineering, rights, accounting, governance, value and finance. The point is not whether law is in there or not, but that there are an awful lot of important things that architects or security directors need before they need law. Still, an understanding of the law is no bad thing. I've found several circumstances where it has been very useful to me and people I know: Contract law underpins the Ricardian contract. Dispute resolution underpins the arbitration systems used in sensitive communities (such as WebMoney and CAcert). The ICANN dispute system might have an experienced and realises that touching domains registries can do grave harm. In the alternate, a jurist looking at the system will not come to that conclusion at all. In this case, the law knowledge helps a lot. Another area which is becoming more and more an issue is that of electronic evidence. As most evidence is now entering the digital domain (80% was a recent unreferenced claim) there is much to understand here, and much that one can do to save ones company. The problem with this, as lamented at the recent conference, is that any formal course of law includes nothing on electronic evidence. For that, you have to turn to books like those by Stephen Mason on Electronic Evidence. But that you can do yourself.... Risks & Security iang 2008-08-25T15:38:33-05:00 https://financialcryptography.com/mt/archives/001088.html What's wrong with this picture, from an affidavit filed into a random Los Angeles court concerning divorce proceedings (his emphasis): "I personally maintain and control ALL access security codes and passwords. I have been and am the ONLY individual in the company who can physically access the building, its contents AND precious metal vaults simultaneously, twenty-four hours a day. All others have limited access that is monitored and/or time-controlled (clock-based) and recorded in security records. Alarm calls are sent directly to me at all hours. ... ... I personally designed and customized the installation of a complex, ultra-sophisticated DOUBLE REDUNDANT security system that is both physical (in the building and its parameters) and virtual (reporting to his private office network round the clock.) This custom, high security system monitors and controls the safety of the corporate headquarters and all its contents, the safety of its employees, and the active 24/7 implementation of advanced, anti-theft, crime prevention. I oversee and monitor all security issues round the clock through a Virtual Private Network set-up at my home office." Nothing, as long as the above mentioned person is available forever. Unfortunately he is now in jail, charged with much the same situation as the e-gold founders faced over the last two years. Checking the webpage: Dear Customer, 05 August, 2008, 1:00pm PST: The e-Bullion website will be unavailable for a period of approximately four hours while our Tech Dept. performs routine maintenance. We apologize for any inconvenience caused by this interruption to service. e-Bullion Management Is this a coincidence? Maybe, but it is just another reminder that serious and professional operations do not subscribe to superhero status as described above, for any of a hundred routine and boring scenarios. (More details might be found here, written up by Ian Lamont of the Standard. Poking around a bit there is also a complication that the other side of the divorce proceedings, his wife, was murdered, and the LA police allege that there is a connection of some form.)... Governance iang 2008-08-14T16:03:52-05:00 https://financialcryptography.com/mt/archives/001082.html Some things that have been disturbing my desktop for too long. First, a silver bullet spotted: Verisign Aims to Deflate 'Pump and Dump' Scams August 11, 2008 By David Needle. A fraud-detection service warns online brokerages when they're about to make a trade that looks fishy. Verisign is taking a new approach to the battle against so-called "pump and dump" schemes that artificially hype stocks. A new module for the company's VIP Fraud Detection Service, set for release this Friday, features a "self-learning" behavioral engine designed to help brokerages spot and avoid pump and dump activity. The system works by weighing a number of factors, including stock risk, user behaviors, how trading compares to known fraudulent trades and the volume of trading for a particular stock. The notion that a broker has to be told what is a dodgy stock and what is a scam is a bit like telling a mafiosa what is a crime, or the pope what is a heathen. Meanwhile, over in Euro-coin-land: A one euro coin has turned up in Spain bearing the face of cartoon couch potato Homer Simpson instead of that of the country's king, a sweetshop owner told Reuters on Friday. Jose Martinez was counting the cash in his till in the city of Aviles, northern Spain, when he came across the coin where Homer's bald head, big eyes and big nose had replaced the serious features of King Juan Carlos. "The coin must have been done by a professional, the work is impressive," he told Reuters. In the old days, the punishment for forging money was to lose ones head, so we expect Homer to be arrested any day now. I'm guessing that some artist has done this, and only after they did it did they find out how many years of jail they are facing. Question is, does the artist's right override the right of the Seignor to collect his seigniorage? Given the record of central banks lately, the latter's right is looking increasingly dodgy. Thanks to Ray for spotting both Homers!... Pennies iang 2008-08-13T21:54:11-05:00 https://financialcryptography.com/mt/archives/001086.html Over in San Francisco, we've no doubt all read about the guy who owned the city government's network deciding to ... own the network (1, 2). For the city at least there was a happy ending: The computer network hostage crisis in San Francisco is over, thanks to the city's mayor. Terry Childs, a network administrator for the city of San Francisco, has been in custody since July 13 on four felony charges of taking control of the city's computer network and locking administrators out. Access to much of the city's information was blocked, including law enforcement, payroll, and jail-booking records. Childs had reportedly refused to surrender the codes to his supervisors, but after a little more than a week as a guest of the city, he apparently had a change of heart and invited Mayor Gavin Newsom to meet with him, according to a report on the San Francisco Chronicle Web site Monday night. A secret meeting was arranged at the city jail on Monday afternoon, where Childs gave Newsom the codes to the network. The meeting reportedly was so secret that the police department and district attorney were not informed of the meeting ahead of time. Well, he built it, right? So why can't he tell the users what to do? Right? The serious question here is whether there is in fact a viable case where a systems administrator takes over and decides to lock his managers out: Erin Crane, Childs' defense attorney, is expected to cite his cooperation during a court hearing on Wednesday in a bid to have his $5 million bail reduced. Crane has argued that Childs was merely protecting the network from incompetent city officials who were trying to force him out of his job. "Mr. Childs had good reason to be protective of the password," Crane told the newspaper. "His co-workers and supervisors had in the past maliciously damaged the system themselves, hindered his ability to maintain it...and shown complete indifference to maintaining it themselves...He was the only person in that department capable of running that system." Tough call! It is rather rare, but this is essentially what whistleblowing seeks to exploit: the insider knowledge that a manager is manipulating the system for nefarious purposes. However, for all practical purposes this is an unlikely situation. Firstly, the managers who are doing the nefarious stuff are likely to then bury he who blows the whistle. See above, $5m bail buys a lot of dirt on this guy's coffin. Secondly, there is a huge difference between incompetence and fraud. Incompetence is routine, but also the full and proper legal and moral right of the manager. The system administrator that determines that the world should be protected from the manager's incompetence, is generally as deluded as the manager, and is technically and legally wrong. The way to do that is to write to higher-ups and lay paper evidence. Fraud, while another consideration entirely, is equally difficult: let's start with an easy question. Please define fraud! Now prove it! If you can get that far, the fun is only just starting....... Governance iang 2008-08-13T10:26:36-05:00 https://financialcryptography.com/mt/archives/001085.html cwe points to this new way to improve your passport profile: Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports. A baby boy’s passport chip was altered to contain an image of Osama bin Laden, and the passport of a 36-year-old woman was changed to feature a picture of Hiba Darghmeh, a Palestinian suicide bomber who killed three people in 2003. The unlikely identities were chosen so that there could be no suggestion that either Mr van Beek or The Times was faking viable travel documents. OK, so costs is what we track here at FC-central: we need 60 quid of parts, and let's call it 40 quid for the work. Add to that, a fake or stolen passport, which seems to run to around 100 depending. Call it 200, all-up, for the basic package. The fake may possibly be preferred because you can make it with the right photo inside the jacket, without having to do the professional dicey slicey work. Now that the border people are convinced that the RFID chip is perfectly secure, they won't be looking for that definitively British feel. Folks, if you are going to try this at home, use your own passport, because using fake passports is a bit naughty! There are all sorts of reasons to improve ones image, and cosmetics is a booming industry these days. Let's say, we change the awful compulsory taliban image to a studio photo by a professional photographer. Easy relaxed pose, nice smile, and with your favourite Italian holiday scenes in the background. Add some photoshop work to smooth out the excess lines, lighten up those hungover dark eyes, and shrink those tubby parts off. We'll be a hit with the senior citizens. We can also improve your hard details: For the 40-somethings, we'll take 10 years taken off your age, and for the teenager, we'll boost you up to 18 or 21. For the junior industry leader, we can add a title or two, and some grey at the side. Would you prefer Sir or Lord? Your premium vanity upgrade, with all the trimmings, is likely to set you back around 500, and less if you bring your own base. Think of the savings on gym fees, and all the burgers you can eat! One small wrinkle: there is a hint in the article that the British Government is offering these special personality units only until next year. Rush now...... Identity Cost iang 2008-08-07T06:38:29-05:00 https://financialcryptography.com/mt/archives/001077.html Electronic signatures are now present in legal cases to the extent that while they remain novel, they are not without precedence. Just about every major legal code has formed a view in law on their use, and many industries have at least tried to incorporate them into vertical applications. It is then exceedingly necessary that there be an authoritative tome on the legal issues surrounding the topic. Electronic Signatures in Law is such a book, and I'm now the proud owner of a copy of the recent 2007 second edition, autographed no less by the author, Stephen Mason. Consider this a review, although I'm unaccustomed to such. Like the book, this review is long: intro, stats, a description of the sections, my view of the old digsig dream, and finally 4 challenges I threw at the book to measure its paces. (Shorter reviews here.) First the headlines: This is a book that is decidedly worth it if you are seriously in the narrow market indicated by the title. For those who are writing directives or legislation, architecting software of reliance, involved in the Certificate Authority business of some form, or likely to find themselves in a case or two, this could well be the essential book.... Digital Signing and Evidence iang 2008-08-06T10:44:09-05:00 https://financialcryptography.com/mt/archives/001084.html The Fed roared into action mid July to rescue IndyMac, one of the USA's biggest banks. It's the normal story: toxic loans, payouts by the government, all accompanied by the USG moving to make matters worse. Chart of the week award goes to James Turk of Goldmoney: One of the basic functions of a central bank is to act as the 'lender of last resort'. This facility is used to keep banks liquid during a period of distress. For example, if a bank is experiencing a run on deposits, it will borrow from the central bank instead of trying to liquidate some of its assets to raise the cash it needs to meet its obligations. In other words, the central bank offers a 'helping hand' by providing liquidity to the bank in need. The following chart is from the Economic Research Department of the St. Louis Federal Reserve Bank. Here is the link: http://research.stlouisfed.org/fred2/series/BORROW. This long-term chart illustrates the amount of money banks have borrowed from the Federal Reserve from 1910 to the present. This chart proves there is truth to the adage that a picture is worth a thousand words. It's one thing to say that the present financial crisis is unprecedented, but it is something all together different to provide a picture putting real meaning to the word 'unprecedented'. It is an understatement to say that the U.S. banking system is in uncharted territory. The Federal Reserve is providing more than just a 'helping hand'. Also check the original so you can see the source!... Economics iang 2008-08-05T06:37:00-05:00 https://financialcryptography.com/mt/archives/001083.html A heist provides a price for false identities: The thousands of UK ePassports stolen on Monday are likely to sell for up to £20m on the black market, say privacy experts. A van carrying about 3,000 blank ePassports and visas was hijacked on route to RAF Northolt, near London. The estimate of £20m seems to come from Simon Davies, the man who started the Big Brother awards, but there is no discussion as to where he got it from. Either way, that would suggest a price of £6-7000 which is an order of magnitude higher than previous numbers. Browse here.... Identity Cost iang 2008-08-04T17:51:34-05:00 https://financialcryptography.com/mt/archives/001081.html Lynn picked it up: WASHINGTON, July 21 (UPI) -- An Internet digital currency business, E-Gold Ltd., and three principal directors, admitted to money-laundering charges, U.S. prosecutors said Monday. E-Gold and its corporate affiliate, Gold & Silver Reserve Inc., pleaded guilty to conspiracy to engage in money laundering and conspiracy to operate an unlicensed money transmitting business, U.S. Justice Department officials said. Dr. Douglas Jackson, 51, of Melbourne, Fla., the principal director of E-Gold and chief executive officer of Gold & Silver Reserve Inc., and E-Gold's other two senior directors, Barry Downey, 48, of Baltimore, and Reid Jackson, 45, of Melbourne, pleaded to related charges, the prosecutors said. The companies and three directors were indicted by a federal grand jury April 24, 2007. E-Gold and Gold & Silver Reserve face a maximum fine of $3.7 million. Douglas Jackson faces up to 20 years in prison and a fine of $500,000. Downey and Reid Jackson each face a maximum of five years in prison and a $25,000 fine. As part of the plea, E-Gold and Gold & Silver Reserve also agreed to a pay a judgment of $1.75 million. Sentencing for all defendants has been set for Nov. 20. Here is the DoJ Announcement but no actual ruling is seen as yet. The case against the founders of e-gold went under wraps shortly after starting, possibly due to too much interest on the net. So analysis of the case is not easy, which is a shame: financial cryptographers can do with more clarity in this area. Douglas Jackson posted a blog entry that announced the backing-out of that which was special to e-gold: uncontrolled creation of accounts and unidentified movement of funds: A systemic flaw in the e-gold design, present from the very beginning, made it vexingly difficult for e-gold to expel a User, in a truly effective way, for criminal abuse of the system. e-gold investigative staff might detect suspicious activity, block or freeze the offending account, and later discover the same perpetrator had created additional accounts. One element was logic that allowed an e-gold account full privileges from the moment of creation and only revoked those privileges in the event of suspicion that the account holder was seeking to mask their identity or actually engage in illicit activity. Compounding this weakness was an unrestricted ability for Users to create multiple accounts without any obligatory indicator that they were all under the control of one person. The next generation of the e-gold application will undertake to enforce a "one-human being/one e-gold User" rule.... Of course, DJ's blog post would have been approved by the prosecution, and to call it a systemic flaw is a politeness agreed by both parties. Hopefully, this finally brings in sight the close of a long and difficult story for all those involved. Disclosure: I was intimately involved with the story from 1998 through to around 2003, when my own dispute with the founders was ruled upon. Like many of the other cases, the ruling awarded me a complete but pyrrhic victory. We were all losers, and DJ just took a longer path to that result. If there is a lesson to be learnt here for the FC community, it is the unwritten law that you have to make your peace with the regulators one day, and that day is better chosen with an eye to strategic success.... Court Cases iang 2008-07-22T12:13:46-05:00 https://financialcryptography.com/mt/archives/001080.html Hasan recalls: Lewis Carroll had some deep insight on this issue :-) The King turned pale, and shut his note-book hastily. `Consider your verdict,' he said to the jury, in a low, trembling voice. `There's more evidence to come yet, please your Majesty,' said the White Rabbit, jumping up in a great hurry; `this paper has just been picked up.' `What's in it?' said the Queen. `I haven't opened it yet, said the White Rabbit, `but it seems to be a letter, written by the prisoner to--to somebody.' `It must have been that,' said the King, `unless it was written to nobody, which isn't usual, you know.' `Who is it directed to?' said one of the jurymen. `It isn't directed at all,' said the White Rabbit; `in fact, there's nothing written on the outside.' He unfolded the paper as he spoke, and added `It isn't a letter, after all: it's a set of verses.' `Are they in the prisoner's handwriting?' asked another of they jurymen. `No, they're not,' said the White Rabbit, `and that's the queerest thing about it.' (The jury all looked puzzled.) `He must have imitated somebody else's hand,' said the King. (The jury all brightened up again.) `Please your Majesty,' said the Knave, `I didn't write it, and they can't prove I did: there's no name signed at the end.' `If you didn't sign it,' said the King, `that only makes the matter worse. You MUST have meant some mischief, or else you'd have signed your name like an honest man.' There was a general clapping of hands at this: it was the first really clever thing the King had said that day. `That PROVES his guilt,' said the Queen. `It proves nothing of the sort!' said Alice. `Why, you don't even know what they're about!' `Read them,' said the King. The White Rabbit put on his spectacles. `Where shall I begin, please your Majesty?' he asked. `Begin at the beginning,' the King said gravely, `and go on till you come to the end: then stop.... Digital Signing and Evidence iang 2008-07-22T09:30:05-05:00 https://financialcryptography.com/mt/archives/001078.html Whoops: SEC Spares Market Makers From `Naked-Short' Sales Ban July 18 (Bloomberg) -- The U.S. Securities and Exchange Commission exempted market makers in stocks from the emergency rule aimed at preventing manipulation in shares of Fannie Mae, Freddie Mac and 17 Wall Street firms. The SEC granted relief for equity and option traders responsible for pairing off orders from a rule that seeks to bar the use of abusive tactics when betting on a drop in share prices. Exchange officials said limits on ``naked-short'' sales would inhibit the flow of transactions and raise costs for investors. ``The purpose of this accommodation is to permit market makers to facilitate customer orders in a fast-moving market,'' the SEC said in the amendment. A reader writes: "that lasted what, 12 hours ?" I don't know, but it certainly clashes with the dramatic news of earlier in the week from the SEC, as the Economist reports: Desperate to prevent more collapses, the main stockmarket regulator has slapped a ban for up to one month on “naked shorting” of the shares of 17 investment banks, and of Fannie Mae and Freddie Mac, the two mortgage giants. Some argue that such trades, in which investors sell shares they do not yet possess, make it easier to manipulate prices. The SEC has also reportedly issued over 50 subpoenas to banks and hedge funds as part of its investigation into possibly abusive trading of shares of Bear Stearns and Lehman Brothers. Naked selling is technically illegal but unenforceable. The fact that it is illegal is a natural extension of contract laws: you can't sell something you haven't got; the reason it is technically easy is that the markets work on delayed settlement. That is, all orders to sell are technically short sales, as all sales are agreed before you turn up with the shares,. Hence, all orders are based on trust, and if your broker trusts you then you can do it, and do it for as long as your broker trusts you. "Short selling" as manipulation, as opposed to all selling, works like this: imagine I'm a trusted big player. I get together with a bunch of mates, and agree, next Wednesday, we'll drive the market in Microsoft down. We conspire to each put in a random order for selling large lumps of shares in the morning, followed by lots of buy orders in the afternoon. As long as we buy in the afternoon what we sold in the morning, we're fine. On the morning of the nefarious deed, buyers at the top price are absorbed, then the next lower price, then the next ... and so the price trickles lower. Because we are big, our combined sell orders send signals through the market to say "sell, sell, sell" and others follow suit. Then, at the pre-arranged time, we start buying. By now however the price has moved down. So we sold at a high price and bought back at a lower price. We buy until we've collected the same number we sold in the morning, and hence our end-of-day settlement is zero. Profit is ours, crack open the gin! This trick works because (a) we are big enough to buy/sell large lumps of shares, and (b) settlement is delayed as long as we can convince the brokers, so (c) we don't actually need the shares, just the broker's trust. Generally on a good day, no more than 1% of a company's shares move, so we need something of that size. I'd need to be very big to do that with the biggest fish, but obviously there are some sharks around: The S&P500 companies with the biggest rises in short positions relative to their free floats in recent weeks include Sears, a retailer, and General Motors, a carmaker. Those driven by morality and striven with angst will be quick to spot that (a) this is only available to *some* customers, (b) is therefore discriminatory, (c) that it is pure and simple manipulation, and (d) something must be done! Noting that service of short-selling only works when the insiders let outsiders play that game, the simple-minded will propose that banning the insiders from letting it happen will do the trick nicely. But, this is easier said than done: selling without shares is how the system works, at its core, so letting the insiders do it is essential. From there, it is no distance at all to see that insiders providing short sales as a service to clients is ... not controllable, because fundamentally all activities are provided to a client some time, some way. Any rule will be bypassed *and* it will be bypassed for those clients who can pay more. In the end, any rule probably makes the situation worse than better, because it embeds the discrimination in favour of the big sharks, in contrast to ones regulatory aim of slapping them down. Rules making things worse could well be the stable situation in the USA, and possibly other countries. The root of the problem with the USA is historical: Congress makes the laws, and made most of the foundational laws for stock trading in the aftermath of the crash of 1929. Then, during the Great Depression, Congress didn't have much of a clue as to why the panic happened, and indeed nobody else knew much of what was going on either, but they thought that the SEC should be created to make sure it didn't happen again. Later on, many economists established their fame in studying the Great Depression (for example, Keynes and Friedman). However, whether any parliament in the world can absorb that wisdom remains questionable: Why should they? Lawmakers are generally lawyers,and are neither traders nor economists, so they rely on expert testimony. And, there is no shortage of experts to tell the select committees how to preserve the benefits of the markets for their people. Which puts the lie to a claim I made repeatedly over the last week: haven't we figured out how to do safe and secure financial markets by now? Some of us have, but the problem with making laws relying on that wisdom is that the lawmakers have to sort out those who profit by it from those who know how to make it safe. That's practically impossible when the self-interested trader can outspend the economist or the financial cryptographer 1000 to 1. And, exactly the same logic leads to the wide-spread observation that the regulators are eventually subverted to act on behalf of the largest and richest players: The SEC’s moves deserve scrutiny. Investment banks must have a dizzying influence over the regulator to win special protection from short-selling, particularly as they act as prime brokers for almost all short-sellers... The SEC’s initiatives are asymmetric. It has not investigated whether bullish investors and executives talked bank share prices up in the good times. Application is also inconsistent. ... Like the Treasury and the Federal Reserve, the SEC is improvising in order to try to protect banks. But when the dust settles, the incoherence of taking a wild swing may become clear for all to see. When the sheepdog is owned by the wolves, the shepherd will soon be out of business. Unlike the market for sheep, the shareholder cannot pick up his trusty rifle to equalise the odds. Instead, he is offered a bewildering array of new sheepdogs, each of which appear to surprise the wolves for a day or so with new fashionable colours, sizes and gaits. As long as the shareholder does not seek a seat at the table, does not assert primacy over the canines, and does not defend property rights over the rustlers from the next valley, he is no more than tomorrow's mutton, reared today.... Finance iang 2008-07-20T20:01:06-05:00 https://financialcryptography.com/mt/archives/001079.html Digital Signing and Evidence iang 2008-07-20T19:01:48-05:00