June 27, 2005

Definitions, competition-by-regulation, and Justice-by-Press-Release

I had a go at upgrading the Wikipedia definition of Financial Cryptography. Anyone can edit it and improve on it, and I left you plenty of room for that!

I also added an article on Token Money as I saw it. Curiously, it may be a definition that only exists in the FC world! The Money entry in Wikipedia saw it differently, referring to tokens as those that had no intrinsic value (by which it meant gold). Any economists in the house to rule on this?

SL points me to Simpay, a pan-european mobile phone payments system that has decided not to roll out everything ... in what appears to be a response to the overbearing regulation by the EU. Donald at linkdump has a few choice words on how the regulators now get to clean up the mess they made:

Mobile operators make money by exploiting their own quick-and-dirty payment mechanisms and (inter)national roaming agreements for the interoperable use of these instruments. With Simpay they found out what it would cost to build and operate a system that really accounts for all transactions. Also, they may have started to discuss interchange fees for Simpay, the applicable Regulation 2560 as well as the future legal framework for payments in the European Market.

The conclusion could then well have been that they are far better of with the current grey-area, less-visible payment arrangements than with a formal payment processor that has no business case to work on. The benefit: more income from payments business while maintaining less visibility and transparance.

Well, of course. The regulations were put in place to protect the banks from competition, and the competitors' mission is to avoid the regulations. Society cheers you on! Speaking of regulating banks, what have you to say about the chart 1/3 way down in this article:

The Economist (thanks, Ron!) weighs in on the data crisis in the USA. Not much to say other than they've picked up a series of soundbites from b-school profs who all think the board should pay more attention. With opinions like that it's no wonder the data gets lost. But it gets worse:

The FTC decided to settle with BJ's Wholesale Club, a retailer whose lax data-protection practices the agency said constituted an “unfair practice that violated federal law.” The firm collected too much data, kept it too long, did not encrypt it, lacked password protections and left its wireless network open. This, in turn, enabled criminals to produce counterfeit credit and debit cards using stolen customer data and rack up millions of dollars in fraudulent charges. The firm has agreed to fix these problems and undergo information-security audits for 20 years.

So the FTC is getting tough, but what's with the "information-security audits for 20 years" nonsense? Straight on to KPMG, then. Confirming the judicial flavour of issuing justice only at arbitrary times and places, the discussion surrounding the pending and alleged KPMG indictment is centering around whether we really need to stick another barb in the already wounded animal known today as the Big Four Accounting Firms:

Some accounting experts said that, while an indictment could surely ground KPMG, it would not bode well for the accounting industry. Dozens of top notch corporations had to scramble around the world to find a new auditor after Arthur Andersen was brought down by an indictment over its role in the accounting fraud committed at energy trader Enron Corp.

There does not seem to be any appetite for reducing the number of audit firms any more. It is already difficult enough for a large corporate entity to retain the size and sophistication of auditors. (An indictment) will be intolerable," said Mark Cheffers, head of auditor research firm Audit Analytics.

What ever happened to compassion and the right to a speedy trial? If the audit is dying, put it out of its misery! The public has little faith in audits, so what's the point?

And over in gambling territory, the poker players are calling the US Department of Justice's bluff. The now legendary 5 billion pounds IPO of just one of the online poker companies has drawn out the DoJ in a its approach to gambling - tell everyone that gambling is illegal, but don't actually litigate so aggressively just in case they are wrong.

One has to applaud the poker players in this. If justice is to be done by press release not law, then what happens when various officials decide to misinterpret the law for their own purposes?

I saw a perfect of example of regulation by press release becoming a protection subsidy over at the Wikipedia definition of money where some innocent said that Western economies ban the private issuance of money. That's not actually the case, and it is explicitly not the case to my knowledge in USA, Europe (the eMoney directive), New Zealand, Australia and one supposes any country that has ever trialled a smart card money. Luckily, it looks like someone else saw it and corrected the flaky text in a couple of days. Pretty snappy those Wikipedia folks!

Tao reports (here and here) on the CISSP certification, a common test you can take to become a security professional. So my question is: is a CISSP a neutral signal? And if not is it negative or positive? And what do I do with this CISSP spam I'm now getting?

Posted by iang at June 27, 2005 09:06 AM | TrackBack

Thanks for beefing up the FC entry in Wikipedia. Do you have a source for the Hettinga reference, by the way? You might also be interested in the cryptography "WikiProject" -- http://en.wikipedia.org/wiki/Wikipedia:WikiProject_Cryptography -- a place for editors with an interest in crypto to hang out.

Posted by: Matt Crypto at July 2, 2005 03:19 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.