https://financialcryptography.com/ Where the crypto rubber meets the Road of Finance... en-us 2008-12-13T14:22:47-05:00 https://financialcryptography.com/mt/archives/001125.html Finance iang 2008-12-13T14:22:47-05:00 https://financialcryptography.com/mt/archives/001121.html Symantec posts an odd report on Phishing. The numbers are very useful: Turner described visiting online private chat rooms, where underground buyers and sellers did business from June 1, 2007, to July 1, 2008. Credit cards, thousands at a time, would sell or be traded in a matter of seconds. They went from 10 cents to $25 per card, depending on credit limit, expiry date, and the security number on the back of the card. Symantec estimates the sale value of credit cards in the underground economy was over $276 million US. But the potential spending spree on these credit cards would be $5.3 billion. ... New attack-tool kits sell for as much as $4,000, he said. "We observed a little more than 69,000 distinct advertisers posting more than 44 million ads selling stolen information," said Turner. "Distinct advertisers" number 69,000? That doesn't make sense, but let's work the numbers. This small country is earning something like $276m over the space of a year, so that makes it $4000 per advertiser, or $333 per month. Hmm, that's possible, but it still seems low for an average monthly salary for a phisher. Can one say "nymous advertisers" ? But that wasn't the weird bit. This was: "It's become a self-sustaining business worldwide," said the report's author, Calgary-based Dean Turner, director of Symantec Security Global Intelligence Network, Technology and Response. "What jumped out for us was how much money is being made in this underground economy." Who are these guys? Where have they been? Well, they may have company sleeping over in Germany, where banks have had the smile wiped off their faces: Identity thieves who claim they stole details of 21 million German bank accounts are offering to sell the data on the black market for €12 million (US$15.3 million), a German magazine reported over the weekend. Ouch. That's possibly half the country's households (El Reg suggests 3 out of 4!). Which adds to: It's Germany's second mega heist of personal information in as many months. In October, T-Mobile admitted losing records belonging to 17 million customers that included their names, addresses, dates of birth, phone numbers, and email addresses. I wonder if this is a wakeup call for the data protection specialists? Which then leads us to recent USA figures posted on Digital Identity: The headline results of this study are as follows: The study discovered 5% of the children had one or more credit reports using their social security number 3% were found to be actual victims of child identity theft, while 2% were victims of file/credit contamination. Among the 5%, the children had on average $12,779 in fraudulent or wrongly assigned debt. While the study found that children were more likely to find problems in their credit histories as they aged, an astonishing 12% of those with problems were age 5 and under. A handful of cases stand out as especially severe: one child had seven identities listed under his SSN, with several thousand dollars in medical bills, apartment rentals, and credit accounts in collections; another child’s SSN was associated with over $325,000 in debt. One in four victims in the study had bills or lines of credit in collections or foreclosure, while almost twothirds of these children had fake or wrong names listed under their SSN. 42% of those children with erroneous credit reports only had credit files at one credit bureau, meaning their fraud could have gone unnoticed without checking all three bureaus. Now, one could optimistically say that the kids won't have to pay out the money, but if the trial & suffering that is common with other identity fraud cases is any guide, I wouldn't be so sanguine. OTOH, it should be a lot easier to get a conviction if the perp can be collared.... Identity Cost iang 2008-12-09T19:38:10-05:00 https://financialcryptography.com/mt/archives/001120.html https://newsblog.wmtransfer.com/asp/active.asp?blogID=6#13545 WebMoney Transfer celebrates 3653 days from launching the first transacation! Our congratulations and gratitude to all WebMoney staff who work hard everyday for 10 years and are making the System live and running! WebMoney is the surprise money system that grew up in Russia, and benefited from their financial crisis by being up and stable at just the time people really needed payments. We saw them at EFCE, and as a lesson in the predictive value of conferences, we didn't think much of them. Well, congratulations, you outlasted us :) WebMoney also put in place an innovative arbitration system to solve stolen money problems; this was a core inspiration for the CAcert arbitration system.... iang 2008-12-08T17:13:13-05:00 https://financialcryptography.com/mt/archives/001119.html Chris told me this one last night: an infinite number of maths students go into a bar, and decide to have some fun with the bartender. The first says "I'll have a pint." The second says "I'll have half a pint." The third: "I'll have a quarter of a pint," and the fourth "and an eighth..." To which the bartender says, "you guys are pathetic, I'll just give you two pints." (No, I've no idea what the TV show is about...)... Cryptography iang 2008-12-08T15:25:50-05:00 https://financialcryptography.com/mt/archives/001117.html Software Engineering iang 2008-12-07T19:12:12-05:00 https://financialcryptography.com/mt/archives/001112.html The next question on unwinding secrecy is how to actually do it. It isn't as trivial as it sounds. Perhaps this is because the concept of "need-to-know" is so well embedded in the systems and managerial DNA that it takes a long time to root it out. At LISA I was asked how to do this; but I don't have much of an answer. Here's what I have observed: Do a little at a time. Pick a small area and start re-organising it. Choose an area where there is lots of frustration and lots of people to help. Open it up by doing something like a wiki, and work the information. It will take a lot of work and pushing by yourself, mostly because people won't know what you are doing or why (even if you tell them). What is needed is a success. That is, a previously secret area is opened up, and as a result, good work gets done that was otherwise inhibited. People need to see the end-to-end journey in order to appreciate the message. (And, obviously, it should be clear at the end of it that you don't need the secrecy as much as you thought.) Whenever some story comes out about a successful opening of secrecy, spread it around. The story probably isn't relevant to your organisation, but it gets people thinking about the concept. E.g., that which I posted recently was done to get people thinking. Another from Chandler. Whenever there is a success on openness inside your organisation, help to make this a showcase (here are three). Take the story and spread it around; explain how the openness made it possible. When some decision comes up about "and this must be kept secret," discuss it. Challenge it, make it prove itself. Remind people that we are an open organisation and there is benefit in treating all as open as possible. Get a top-level decision that "we are open." Make it broad, make it serious, and incorporate the exceptions. "No, we really are open; all of our processes are open except when a specific exception is argued for, and that must be documented and open!" Once this is done, from top-level, you can remind people in any discussion. This might take years to get, so have a copy of a resolution in your back pocket for a moment when suddenly, the board is faced with it, and minded to pass a broad, sweeping decision. Use phrases like "security-by-obscurity." Normally, I am not a fan of these as they are very often wrongly used; so-called security-by-obscurity often tans the behinds of supposed open standards models. But it is a useful catchphrase if it causes the listener to challenge the obscure security benefits of secrecy. Create an opening protocol. Here's an idea I have seen: when someone comes across a secret document (generally after much discussion ...) that should not have been kept secret, let them engage in the Opening-Up Protocol without any further ado. Instead of grumbling or asking, put the ball in their court. Flip it around, and take the default as to be open: "I can't see why document X is secret, it seems wrong. Therefore, in 1 month, I intend to publish it. If there is any real reason, let me know before then." This protocol avoids the endless discussions as to why and whether. Well, that's what I have thought about so far. I am sure there is more.... Teams and HR iang 2008-12-07T13:24:27-05:00 https://financialcryptography.com/mt/archives/001115.html In a previous entry I suggested creating an AES-style competition for automated voting systems. The idea is to throw the design open to the world's expertise on complex systems, including universities, foundations and corporates, and manage the process in an open fashion to bring out the best result. Several people said "Who would judge a contest for voting machines?" I thought at first blush that this wasn't an issue, but others do. Why is that? I wonder if the AES experience surfaced more good stuff than superficially apparent? If you look at the AES competition, NIST/NSA decided who would be the winner. James points out in comments that the NSA is indeed competent to do this, but we also know that they are biased by their mission. So why did we trust them to judge honestly? In this case, what happened is that NIST decided to start off with an open round which attracted around 30 contributions, and then whittled that down to 5 in a second round. Those 5 then went forward and battled it out under increased scrutiny. Then, on the basis of the open scrutiny, and some other not-so-open scrutiny, the NSA chose Rijndael to be the future AES standard. Let's hypothesize that the NSA team had a solid incentive to choose the worst algorithm, and were minded to do that. What stopped them doing it? Several things. Firstly, there were two rounds, and all the weaker algorithms were cleaned out in the first round. All of the five algorithms in the second round were more or less "good enough," so the NSA didn't have any easy material to work with. Secondly, they were up against the open scrutiny of the community. So any tricky choice was likely to cause muttering, which could spread mistrust in the future, and standards are susceptible to mistrust. Thirdly, by running a first round, and fairly whittling the algorithms done on quality, and then leading into the second round, NIST created an expectation. Positively, this encouraged everyone to get involved, including those who would normally dismiss the experiment as just another government fraud, waiting to reveal itself. At a more aggressive extreme, it created a precedent, and this exposed the competition to legal attack later on. These mechanisms worked hand in hand. Probably, either alone was not sufficient to push the NSA into our camp, but together they locked down the choices. Once that was done, the NSA saw its natural incentives to cheat neutered by future costs and open scrutiny. As it no longer could justify the risk of cheating, its best strategy was to do the best job, in return for reputation. The mechanism design of the competition created the incentives for the judge to vote how we wanted -- for the best algorithm -- even if he didn't want to. So, we can turn the original question around. Instead of asking who would judge such a competition, design a mechanism such that we don't care who would judge it. Make it like the AES competition, where even if they had wanted to, the NSA's best strategy was to choose the best. Set yourself a challenge: we get the right result even when it is our worst enemy.... Finance iang 2008-11-25T11:35:08-05:00 https://financialcryptography.com/mt/archives/001113.html Have a read of this. Quick summary: Altimo thinks Telenor may be using espionage tactics to cause problems. Altimo alleges the interception of emails and tapping of telephone calls, surveillance of executives and shareholders, and payments to journalists to write damaging articles. So instead of getting its knickers in a knot (court case or whatever) Altimo simply writes to Telenor and suggests that this is going on, and asks for confirmation that they know nothing about it, do not endorse it, etc. Who ya bluffin? ...Andrei Kosogov, Altimo's chairman, wrote an open letter to Telenor's chairman, Harald Norvik, asking him to explain what Telenor's role has been and "what activity your agents have directed at Altimo". He said that he was "reluctant to believe" that Mr Norvik or his colleagues would have sanctioned any of the activities complained of. .... Mr Kosogov said he first wrote to Telenor in October asking if the company knew of the alleged campaign, but received no reply. In yesterday's letter to Mr Norvik, Mr Kosogov writes: "We would welcome your reassurance that Telenor's future dealings with Altimo will be conducted within a legal and ethical framework." Think about it: This open disclosure locks down Telenor completely. It draws a firm line in time, as also, gives Telenor a face-saving way to back out of any "exuberance" it might have previously "endorsed." If indeed Telenor does not take this chance to stop the activity, it would be negligent. If it is later found out that Telenor's board of directors knew, then it becomes a slam-dunk in court. And, if Telenor is indeed innocent of any action, it engages them in the fight to also chase the perpetrator. The bluff is called, as it were. This is good use of game theory. Note also that the Advisory Board of Altimo includes some high-powered people: Evidence of an alleged campaign was contained in documents sent to each member of Altimo's advisory board some time before October. The board is chaired by ex-GCHQ director Sir Francis Richards, and includes Lord Hurd, a former UK Foreign Secretary, and Sir Julian Horn-Smith, a founder of Vodafone. We could speculate that those players -- the spooks and mandarins -- know how powerful open disclosure is in locking down the options of nefarious players. A salutory lesson!... Risks & Security iang 2008-11-20T18:25:20-05:00 https://financialcryptography.com/mt/archives/001111.html One of the things that I've gradually come to believe in is that secrecy in anything is more likely to be a danger to you and yours than a help. The reasons for this are many, but include: hard to get anything done your attacker laughs! ideal cover for laziness, a mess or incompetence There are no good reasons for secrecy, only less bad ones. If we accept that proposition, and start unwinding the secrecy so common in organisations today, there appear to be two questions: how far to open up, and how do we do it? How far to open up appears to be a personal-organisational issue, and perhaps the easiest thing to do is to look at some examples. I've seen three in recent days which I'd like to share. First the Intelligence agencies: in the USA, they are now winding back the concept of "need-to-know" and replacing it with "responsibility-to-share". Implementing Intellipedia Within a "Need to Know" Culture Sean Dennehy, Chief of Intellipedia Development, Directorate of Intelligence, U.S. Central Intelligence Agency Sean will share the technical and cultural changes underway at the CIA involving the adoption of wikis, blogs, and social bookmarking tools. In 2005, Dr. Calvin Andrus published The Wiki and The Blog: Toward a Complex Adaptive Intelligence Community. Three years later, a vibrant and rapidly growing community has transformed how the CIA aggregates, communicates, and organizes intelligence information. These tools are being used to improve information sharing across the U.S. intelligence community by moving information out of traditional channels. The way they are doing this is to run a community-wide suite of social network tools: blogs, wikis, youtube-copies, etc. The access is controlled at the session level by the username/password/TLS and at the person level by sponsoring. That latter means that even contractors can be sponsored in to access the tools, and all sorts of people in the field can contribute directly to the collection of information. The big problem that this switch has is that not only is intelligence information controlled by "need to know" but also it is controlled in horizontal layers. For same of this discussion, there are three: TOP SECRET / SECRET / UNCLASSIFIED-CONTROLLED. The intel community's solution to this is to have 3 separate networks in parallel, one for each, and to control access to each of these. So in effect, contractors might be easily sponsored into the lowest level, but less likely in the others. What happens in practice? The best coverage is found in the network that has the largest number of people, which of course is the lowest, UNCLASSIFIED-CONTROLLED network. So, regardless of the intention, most of the good stuff is found in there, and where higher layer stuff adds value, there are little pointers embedded to how to find it. In a nutshell, the result is that anyone who is "in" can see most everything, and modify everything. Anyone who is "out" cannot. Hence, a spectacular success if the mission was to share; it seems so obvious that one wonders why they didn't do it before. As it turns out, the second example is quite similar: Google. A couple of chaps from there explained to me around the dinner table that the process is basically this: everyone inside google can talk about any project to any other insider. But, one should not talk about projects to outsiders (presumably there are some exceptions). It seems that SEC (Securities and Exchange Commission in USA) provisions for a public corporation lead to some sensitivity, and rather than try and stop the internal discussion, google chose to make it very simple and draw a boundary at the obvious place. The third example is CAcert. In order to deal with various issues, the Board chose to take it totally open last year. This means that all the decisions, all the strategies, all the processes should be published and discussable to all. Some things aren't out there, but they should be; if an exception is needed it must be argued and put into policies. The curious thing is why CAcert did not choose to set a boundary at some point, like google and the intelligence agencies. Unlike google, there is no regulator to say "you must not reveal inside info of financial import." Unlike the CIA, CAcert is not engaging in a war with an enemy where the bad guys might be tipped off to some secret mission. However, CAcert does have other problems, and it has one problem that tips it in the balance of total disclosure: the presence of valuable and tempting privacy assets. These seem to attract a steady stream of interested parties, and some of these parties are after private gain. I have now counted 4 attempts to do this in my time related to CAcert, and although each had their interesting differences, they each in their own way sought to employ CAcert's natural secrecy to own advantage. From a commercial perspective, this was fairly obvious as the interested parties sought to keep their negotiations confidential, and this allowed them to pursue the sales process and sell the insiders without wiser heads putting a stop to it. To the extent that there are incentives for various agencies to insert different agendas into the inner core, then the CA needs a way to manage that process. How to defend against that? Well, one way is to let the enemy of your enemy know who we are talking to. Let's take a benign example which happened (sort of): a USB security stick manufacturer might want to ship extra stuff like CAcert's roots on the stick. Does he want the negotiations to be private because other competitors might deal for equal access, or does he want it private because wiser heads will figure out that he is really after CAcert's customer list? CAcert might care more about one than they other, but they are both threats to someone. As the managers aren't smart enough to see every angle, every time, they need help. One defence is many eyeballs and this is something that CAcert does have available to it. Perhaps if sufficient info of the emerging deal is published, then the rest of the community can figure it out. Perhaps, if the enemy's enemy notices what is going on, he can explain the tactic. A more poignant example might be someone seeking to pervert the systems and get some false certificates issued. In order to deal with those, CAcert's evolving Security Manual says all conflicts of interest have to be declared broadly and in advance, so that we can all mull over them and watch for how these might be a problem. This serves up a dilemma to the secret attacker: either keep private and lie, and risk exposure later on, or tell all upfront and lose the element of surprise. This method, if adopted, would involve sacrifices. It means that any agency that is looking to impact the systems is encouraged to open up, and this really puts the finger on them: are they trying to help us or themselves? Also, it means that all people in critical roles might have to sacrifice their privacy. This latter sacrifice, if made, is to preserve the privacy of others, and it is the greater for it.... Risks & Security iang 2008-11-19T17:16:07-05:00 https://financialcryptography.com/mt/archives/001110.html I'm at LISA and just listened to this one: The State of Electronic Voting, 2008David Wagner, University of California, Berkeley As electronic voting has seen a surge in growth in the U.S. in recent years, controversy has swirled. Are these systems trustworthy? Can we rely upon them to count our votes? In this talk, I will discuss what is known and what isn't. I will survey some of the most important developments and analyses of voting systems, including the groundbreaking top-to-bottom review commissioned by California Secretary of State Debra Bowen last year. I will take stock of where we stand today, the outlook for the future, and the role that technologists can play in improving elections. The one-line summary seems to be that voting machines are in a mess, and while there are brave efforts (California's review cited), there are no easy answers. It's a mess. This accords with my own prejudices: it looks like it should be a mess, by architectural requirements. My advice is to keep away, but today I didn't follow that advice, and have a suggestion! One thing that is frequently suggested is that if the Internet community can build an Internet, surely we should be able to build a secure voting system. We can do big secure systems on the net, right? The counter example for this is IPSec or DNSSec or S/MIME: surely we should have been able to get a secure system into widespread use, but we seem to have failed at every turn here. One reason why these things didn't work out is that the IETF committees who put them together got bogged down in details, as different stakeholders fought over different areas. The result is that familiar camel known as a secure but unusable architecture. Committees are at their best when they are retro-standardising an already successful design, such as SSL, because then they cannot dive into their own areas. They are forced to focus on the existing successful design. Another suggestion is to use NIST or the NSA (same thing in this context) to design the system for us. But, this only works when we don't really care so much about the results. With encryption algorithms, for example, we the public get very suspicious about funny S-Boxes and the like, and skepticism dogged the famous DES algorithm as well as Skipjack and the cryptophones. For Hash designs, we are less fussed, because in application space much less much can go wrong if there is a secret way of futzing the hash. Now, in the late 1990s, NIST took these issues seriously and took a novel path. They created a design competition to create a new encryption algorithm, asking anyone and everyone to propose. Any team around the world could submit an algorithm, and the final winner came from Belgium. As well, all the teams were encouraged to review the others' designs, and knock themselves out with criticisms. (By way of disclosure, Raif in my old Cryptix group created the Java framework for the AES proposals. It was that open that they took in help from crazy net hackers like ourselves.) This worked! People mutter about AES as being a bit odd, but everyone admires the open design process, the use of the free and open scrutiny, and the way that the worldwide cryptography community rose to the challenge. Why can't we do that with voting machines? All the elements seem to rhyme: stakeholders who will bog it down, conspiracy theories in abundance, desperate need of the people to see a secure outcome, and lots and lots of students and academics who love a big design challenge. NIST seems to be the ring-in to manage the process, and the result could be a standard design, which avoids the tricky issue of "mandating use". Just a thought! I don't know whether this will work or not, but I can't see why not?... Finance iang 2008-11-14T14:42:55-05:00 https://financialcryptography.com/mt/archives/001107.html I keep having the same discussion in various places, and keep coming back to this eloquent description of where we are: Gunnar's full blog post is here ... it includes some other things, but nothing quite so poignant. Web Security hasn't moved since 1995. Oh well.... Risks & Security iang 2008-10-19T21:19:16-05:00 https://financialcryptography.com/mt/archives/001050.html One of the dilemmas that the browser security UI people have is that they have to deal with two different groups at the same time. One is the people who can work with the browser and the other is those who blindly click when told to. The security system known as secure browsing seems to be designed for both groups at the same time, thus leading to bad results. For example, Dan Kaminsky counted another scalp when finding back in April that ISPs are doing MITMs on their customers: The rub comes when a user is asking for a nonexistent subdomain of a real website, such as http://webmale.google.com, where the subdomain webmale doesn't exist (unlike, say, mail in mail.google.com). In this case, the Earthlink/Barefruit ads appear in the browser, while the title bar suggests that it's the official Google site. As a result, all those subdomains are only as secure as Barefruit's servers, which turned out to be not very secure at all. Barefruit neglected basic web programming techniques, making its servers vulnerable to a malicious JavaScript attack. That meant hackers could have crafted special links to unused subdomains of legitimate websites that, when visited, would serve any content the attacker wanted. The hacker could, for example, send spam e-mails to Earthlink subscribers with a link to a webpage on money.paypal.com. Visiting that link would take the victim to the hacker's site, and it would look as though they were on a real PayPal page. That's a subtle attack, one which the techies can understand but the ordinary users cannot. Here's a simpler one (hat-tip to Duane), ">a straight phish: Dear Wilmington Trust Banking Member, Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV SSL Certification on this Internet Banking website. The use of EV SSL certification works with high security Web browsers to clearly identify whether the site belongs to the company or is another site imitating that company’s site. It has been introduced to protect our clients against phishing and other online fraudulent activities. Since most Internet related crimes rely on false identity, WTDirect went through a rigorous validation process that meets the Extended Validation guidelines. Please Update your account to the new EV SSL certification by Clicking here. Please enter your User ID and Password and then click Go. (Failure to verify account details correctly will lead to account suspension) This is a phish email seen in the wild. We here -- the techies -- all know what's wrong with this attack, but can you explain it to your grandma? What is being attacked here here is the brand of EV rather than the technology. In effect, the more ads that relate EV to security in a simplistic fashion, the better this attack works.... Risks & Security iang 2008-10-06T05:27:08-05:00 https://financialcryptography.com/mt/archives/001103.html News is circulating about Clickjacking, an undisclosed vulnerability that effects all browsers (with the exception of Lynx, which you don't use :) . Apparently although exploit code is somewhat hard, it is an impressive result. Your browser is owned, once again. Hattip to BigMac, who might be the last person on the planet using Lynx. There appears to be limited options right now: Install NoScript: "NoScript would prevent most of the really bad clickjacking PoC, not 100%, which should be good enough to limit most risk." "If you’re desperate for a way to patch your browser from the issue, disable scripting and plugins for the time being." From my side, I wonder whether another possibility is to close all tabs, restart the browser, do your sensitive work, then shut it all down again. OK, that's just idle speculation on my part, but it is worth thinking about. A large component of the current breaches are a result of the browser being a general purpose tool with not only cross-admin-border protocols, but also parallel applications in play. Not generally a good idea in security thinking, and it means that the browser can only ever work in medium security modes. Also, I have another open question: should NoScript become standard recommendations for Mon'N'Pop ?... Threats iang 2008-09-29T10:21:52-05:00 https://financialcryptography.com/mt/archives/001102.html This curious article bears out some of the predictions made previously: In fact, most Wall Street computer models radically underestimated the risk of the complex mortgage securities, they said. That is partly because the level of financial distress is “the equivalent of the 100-year flood,” in the words of Leslie Rahl, the president of Capital Market Risk Advisors, a consulting firm. But she and others say there is more to it: The people who ran the financial firms chose to program their risk-management systems with overly optimistic assumptions and to feed them oversimplified data. This kept them from sounding the alarm early enough. Top bankers couldn’t simply ignore the computer models, because after the last round of big financial losses, regulators now require them to monitor their risk positions. Indeed, if the models say a firm’s risk has increased, the firm must either reduce its bets or set aside more capital as a cushion in case things go wrong. In other words, the computer is supposed to monitor the temperature of the party and drain the punch bowl as things get hot. And just as drunken revelers may want to put the thermostat in the freezer, Wall Street executives had lots of incentives to make sure their risk systems didn’t see much risk. “There was a willful designing of the systems to measure the risks in a certain way that would not necessarily pick up all the right risks,” said Gregg Berman, the co-head of the risk-management group at RiskMetrics, a software company spun out of JPMorgan. “They wanted to keep their capital base as stable as possible so that the limits they imposed on their trading desks and portfolio managers would be stable.” One way they did this, Mr. Berman said, was to make sure the computer models looked at several years of trading history instead of just the last few months. The most important models calculate a measure known as Value at Risk — the amount of money you might lose in the worst plausible situation. They try to figure out what that worst case is by looking at how volatile markets have been in the past. So, what's going on here? It's a simple cycle. Something goes wrong. Someone creates a fix. Something goes wrong. We discover that those that fixed it were ok, and those that didn't failed. At this point, the bureaucrats and worry-worts leap into action and demand that the fix be regulated. But then what happens is this: Something goes wrong, and some fail as above. The fix is mandated. The fix is implemented. Someone bypasses the fix, creatively, because it reduces profits. Something goes much wronger because the system is now more complex. Those who bypassed the fix demand a bailout. Why is this? Managers took their eye off the ball of risk in 4 above. But, they followed the rules! Perversely, then, they can credibly go back and insist they did all that was asked of them. Therefore, the bailout is necessary, because the responsibility for risk is now passed from the risk takers to the rule makers. In time this pervades the market, so we end up with this: For everything that goes wrong, a new fix is mandated by the rule makers. For every mandated fix that is implemented, those that reduce profits are bypassed, creatively. The system is now much more complex. The complexity exceeds the ability of the rule makers, because while they understand the rules, they do not understand the bypasses. The complexity exceeds the ability of the risk takers, as they understand the bypasses, but have lost sight of the reasons for the fixes. We enter the territory known as "fragility to Black Swans". Black Swan arrives. None of this is any surprise to engineers. Complexity makes things really collapse in big and complex ways. The other solution is somewhat simpler: Something goes wrong. Those that covered the issue, survive. Those that didn't, die. The strong survive. Think of it as a plane with more than one engine... But this is really only possible when regulators and the public alike realise that these are complex systems, and are not amenable to the notions of total reliability. This is the territory where redundancy is king, and failure is encouraged. Bankrupcy is healthy to the eco-system. If you try and avoid it, watch out for a bigger failure later on. Another salutory lesson comes from the auditors. They were supposed to protect the public investor from the managers in the firm; when Arthur Anderson was caught out for allegedly protecting the managers from the investors ... it collapsed. When KPMG found itself on the wrong side of someone's stake holder list, it almost folded but wise regulators said we can't lose another one. The message here is very clear: It's a cycle thing again: Become very friendly with those who can save you. Make lots of money. Call in the favours when it goes wrong. To close, another perspective on all this is from the Black Swan of Nassim Nicholas Taleb. Here's an introductory article on Black Swans, pointed out by Twan, around 20 pages, describing the statistical anomaly that causes complex systems to fail spectacularly. This is no source of mystery to engineers, but for finance people, worth reading.... Economics iang 2008-09-25T12:42:09-05:00 https://financialcryptography.com/mt/archives/001101.html I have a curious question: why hasn't eBay's share price plummeted? Also, to a lesser extent, those of amazon and google who also depend on a robust retail sales trade. My theory is this: when cash dries up, or in USA terms, credit, then people stop buying, and start to save. Last week, apparently, the credit spigot was not only tightened, it was turned off and padlocked! Rumours circulated of consumer credit disappearing before ones very eyes. So, surely this should effect the consumer markets, and especially those who are more likely to be in rarities rather than rice. Hence, eBay. Anecdotally, I've been watching a particular class of out-of-date, dead-tech items over the last 2 months. 2 months ago, they were going for around $200-300. Last week I saw offers hovering around $100, but, surprisingly, one went for $300, another for $250. This weekend, I'm watching two offers with zero bids, days into their auctions, and heading towards giveaway prices. This is great news for me, if I can pick them up for shipping costs. But what's the news for the US economy and the retailers? Hence the question: is eBay likely to weather a collapse in auctions and retail sales? Are amazon and google to follow?... iang 2008-09-21T22:21:45-05:00