May 19, 2010

blasts from the past -- old predictions come true

Some things I've seen that match predictions from a long time back, just weren't exciting enough to merit an entire blog post, but were sufficient to blow the trumpet in orchestra:

Chris Skinner of The Finanser puts in his old post written in 1997, which says that retailers (Tesco and Sainsbury's) would make fine banks, and were angling for it. Yet:

Thirteen years later, we talk about Tesco and Virgin breaking into UK banking again.

A note of caution: after thirteen years, these names have not made a dent on these markets. Will they in the next thirteen years?

Answer: in 1997, none of these brands stood a cat in hell’s chance of getting a banking licence. Today, Virgin and Tesco have banking licences.

Exactly. As my 1996 paper on electronic money in Europe also made somewhat clear, the regulatory approach of the times was captured by the banks, for the banks, of the banks. The intention of the 1994 directive was to stop new entrants in payments, and it did that quite well. So much so that they got walloped by the inevitable (and predicted) takeover by foreign entrants such as Paypal.

However regulators in the European Commission working groups(s) seemed not to like the result. They tried again in 2000 to open up the market, but again didn't quite realise what a barrier was, and didn't spot the clauses slipped in that killed the market. However, in 2008 they got it more right with the latest eMoney directive, which actually has a snowball's chance in hell. Banking regulations and the PSD (Payment Services Directive) also opened things up a lot, which explains why Virgin and Tesco today have their licence.

One more iteration and this might make the sector competitive...

Then, over on the Economist, an article on task markets

Over the past few years a host of fast-growing firms such as Elance, oDesk and LiveOps have begun to take advantage of “the cloud”—tech-speak for the combination of ubiquitous fast internet connections and cheap, plentiful web-based computing power—to deliver sophisticated software that makes it easier to monitor and manage remote workers. Maynard Webb, the boss of LiveOps, which runs virtual call centres with an army of over 20,000 home workers in America, says the company’s revenue exceeded $125m in 2009. He is confidently expecting a sixth year of double-digit growth this year.

Although numerous online exchanges still act primarily as brokers between employers in rich countries and workers in poorer ones, the number of rich-world freelancers is growing. Gary Swart, the boss of oDesk, says the number of freelancers registered with the firm in America has risen from 28,000 at the end of 2008 to 247,000 at the end of April.

Back in 1997, I wrote about how to do task markets, and I built a system to do it as well. The system worked fine, but it lacked a couple of key external elements, so I didn't pursue it. Quite a few companies popped up over the next decade, in successive waves, and hit the same barriers.

Those elements are partly in place these days (but still partly not) so it is unsurprising that companies are getting better at it.

And, over on this blog by Eric Rescorla, he argues against rekeying in a cryptographically secure protocol:

It's IETF time again and recently I've reviewed a bunch of drafts concerned with cryptographic rekeying. In my opinion, rekeying is massively overrated, but apparently I've never bothered to comprehensively address the usual arguments.

Which I wholly concur with, as I've fought about all sorts of agility before (See H1 and H3). Rekeying is yet another sign of a designer gone mad, on par with mumbling to the moon and washing imaginary spots from hands.

The basic argument here is that rekeying is trying to maintain a clean record of security in a connection; yet this is impossible because there will always be other reasons why the thing fails. Therefore, the application must enjoy the privileges of restarting from scratch, regardless. And, rekeying can be done then, without a problem. QED. What is sad about this argument is that once you understand the architectural issues, it has far too many knock-on effects, ones that might even put you out of a job, so it isn't a *popular argument* amongst security designers.

Oh well. But it is good to see some challenging of the false gods....

An article "Why Hawks Win," examines national security, or what passes for military and geopolitical debate in Washington DC.

In fact, when we constructed a list of the biases uncovered in 40 years of psychological research, we were startled by what we found: All the biases in our list favor hawks. These psychological impulses -- only a few of which we discuss here -- incline national leaders to exaggerate the evil intentions of adversaries, to misjudge how adversaries perceive them, to be overly sanguine when hostilities start, and overly reluctant to make necessary concessions in negotiations. In short, these biases have the effect of making wars more likely to begin and more difficult to end.

It's not talking about information security, but the analysis seems to resonate. In short, it establishes a strong claim that in a market where there is insufficient information (c.f., the market for silver bullets), we will tend to fall to a FUD campaign. Our psychological biases will carry us in that direction.

Posted by iang at May 19, 2010 09:44 PM | TrackBack

Equivalent in the US was 99 bank modernization act (aka GLBA, known for repeal of glass-steagall and opt-out privacy sharing provisions ... somewhat federal preemption of cal. legislation in progress requiring opt-in for privacy sharing) ... where the rhetoric on floor of congress was saying a major purpose of the act was that if you were already a bank, you got to remain a bank ... but if you weren't already a bank, you couldn't become a bank (specifically calling out walmart and microsoft).

Since then there was somewhat low profile of number of operations getting ILC charters ... but then when walmart tried to get an ILC charter (claiming it would just be used for being its own acquiring institution .... eliminating those part of its interchange fees) ... there was big cry from S&Ls and community banks that it was going to sneak into local consumer banking (walmart supposedly represents 25-30 percent of retail transactions in the US ... so just becoming its own acquiring institution would have huge impact on a couple large acquiring institutions).

In the recent aftermath of financial mess ... some of the large unregulated investment banks were handing banking charters ... as part of helping them get out of the financial hole that they had dug for themselves ... aka allowing them to go to the federal reserve for free money (which in theory would have been counter to the earlier stated purpose of GLBA).

Posted by: Lynn Wheeler at May 20, 2010 01:56 PM

there had been work for walmart to deploy x9.59 standard ... for stored-value, debit, and credit ... all for about the cost of mag stored-value transaction. chip (planned for issuing) was more secure than current generation (and much cheaper) ... could do both contact & contactless ... and could do secure contactless within the distance, power, and elapsed time constraints of transit turnstyle.

as periodically mentioned, side-effect of using x9.59 standard was slight change to the paradigm that (also) eliminated breach and skimming threats ... didn't do anything to eliminate breaches and skimming; just eliminated the threat that crooks could use the information for fraudulent transactions (and therefor any fraudulent financial motivation for doing breaches and skimming)

result would have been significant larger impact on interchange revenue than any of the current legislative activity.

Posted by: Lynn Wheeler at May 21, 2010 02:48 PM

another part of walmart taking costs out of infrastructure

Wal-Mart Asks Suppliers to Cede Control of Deliveries

from above

The retailer has sought to offer goods like cereal and laundry detergent for less to lure shoppers back to stores, and lowering transport costs provides room to do that. The strategy is part of what Wal-Mart calls its “productivity loop” -- efficiency reflected in lower bills at the cash register.

... snip ...

Posted by: Lynn Wheeler at May 22, 2010 10:03 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.