Universal Music has announced it is moving its catalogue to a "free with adverts" model:
Backed by Universal, Spiralfrog will become one of the first sites to offer free music legally. Fans will be able to download songs by the record company's roster of artists, including U2, Gwen Stefani and The Roots.The service - which will be supported by advertising, unlike other legal download sites that charge for music - will launch in the US and Canada from December. It will become available in Europe in early 2007.
If the business succeeds, that will be the new standard price. If it fails, then it will take another year or two, I would predict, before the price goes back down to $0 (in delicious irony, the above article is now only available for a pound!).
There are a few reasons to believe that the business may not succeed -- massive lobbying by the others, duff selection, lousy adverts and plenty of time before now and then -- so this is a non-trivial question. Here's another reason:
Josh Lawler, a US-based music industry legal specialist, said news of the new service was "inevitable". He said questions over how artists would be paid may make some reluctant to agree to the free service. "SpiralFrog will have to find a way to pay artists from the advertising dollars they are generating," he added. "But they're not necessarily going to know how many advertising dollars there are and so some artists are going to be hesitant about it."
Here's my favourite quote, from a HMV rep who otherwise was quite positive (pay a pound for thereference) :
"What is a little concerning is that for a long time now, the trade body, BPI, has been anxious to put across an anti-illegal or piracy message, which suggests that music is of intrinsic value and people should be prepared to pay for it, so this may give a conflicting, mixed signal."
There's nothing "conflicting, mixed" about free. To see why this was inevitable:
"A report published last month by the International Federation of Phonographic Industries (IFPI) claimed 40 illegal downloads were made for every legal one in the US. The ratio, believed to be much the same in the UK,"
Now, I don't believe those numbers, necessarily, as I doubt the IFPI even bothered to pretend they weren't exaggerating. But even if in the ballpark, the amount of sharing dominates any other use, including practically everything else that isn't to do with music. If you believe the ISP grumbles, that is.
Time for a new model - the physics is the reality, the economics is the deal, and the legal stuff just has to keep up. BigMac suggests Pandora's Music Genome Project.
Another great quote:
"The US radio industry generates $20 billion a year in revenue and they give the product away for free," he said. "Record labels generate $12 billion a year and they sell their product."
Here's some clues on the new model:
Users can download an unlimited number of songs or music videos if they register at the site and watch online advertisements.The tracks cannot be burned to a CD, but users will be able to transfer music to portable media players equipped with Microsoft Windows digital rights management software, Ford said. However, the service will not work with Apple Computer's computers or its iPod music players.
Funny source for the nitty gritty!
Oh, I forgot to mention -- what's the nexus with FC? That's easy -- all those payment systems that were banking on micropayments from music downloads can close up shop. They should have studied more economics and less marketing.
2nd addition, to stress the move to $0 content:
Sony to buy Sausalito's GrouperSony Pictures is expected to announce today that it has acquired Sausalito Internet video-sharing company Grouper for $65 million.
Teaming up with Sony further highlights the role amateur videos -- and the companies that host them -- are having in changing the Hollywood landscape.
Traditional entertainment companies are working with Silicon Valley start-ups to navigate a new, on-demand entertainment world. Tuesday, the popular video-sharing site YouTube announced a new video advertising platform, and its first client is Warner Bros., which is promoting Paris Hilton's debut album.
Grouper's technology allows a user to easily take a video from its site and post it on third-party sites such as a MySpace or Blogger page. Its videos can also be watched on devices other than your personal computer, such as a video iPod.
For more naysaying, see BigPicture as suggested by Frank in comments below.
Crypto-author James Bamford names the unnamable in Time:
James Bamford, a respected author of books on the NSA and a plaintiff in the suit, called Taylor's ruling "very significant, because what you have here is a massive eavesdropping operation, the largest one in history. And it's a criminal statute that the President has violated," with jail terms dictated for violations. "Nobody's talking about impeachment," Bamford added, "but if you had opposite parties in Congress, you'd have a situation, I think, very much like Watergate."
At this stage, we have a situation. "We have a problem, Houston" as the saying goes.
President Bush is a few mistakes away from being charged with a crime, and it looks like a sticky one. Washington DC insiders report that negotiations have been going on all night to find a settlement. Unfortunately the negotiations seem to have been spiked as unamable administration officials have done the unbelievable -- gone to Congress to negotiate changing the law to make the wiretapping legal. (Or, speed up the Specter "everything in the shop" bill.)
The time for changing the law is over; that would be a slap back in the face for the courts. Unfortunately, it is almost certain that the Taylor ruling of yesterday was not done in isolation, and we can expect the Supreme Court to back up Judge Taylor's ruling, especially if she gets badly treated at the hands of the administration.
So we now have the spectre of two of the three arms of power in the US involved in a Mexican standoff. Who blinks first?
There's only one President, and those around him are blinking like there's no tomorrow, because those at the middle layer are far more vulnerable. Judge Taylor agreed to stay the enforcement until 7th September, which might be a blink. There are many courts and many judges, including a feared majority in the Supreme Court.
Time to think the unthinkable. The deeper question is how to see the transition, and one thing is clear: VP Cheney will not easily fill the warm seat. Where Bush goes, Cheney follows.
Which leaves Condalezza Rice. And one mountain of a logistics problem in trying to organise succession. Frankly, I'd not want to be a Republican at the moment.
(Ed's apologies for off-topic crazy-talk post. I should explain that I have seen this story a half dozen times before and I've put it down to Republican panic merchanting. It's just that this time, there's a court and a crime involved... Nexus with FC: the SWIFT breach IMO is the same class of activity.)
One of the key issues in designing new electronic payment systems is balancing the privacy of transaction counterparties (which may be a social good, even if neither of the counterparties cares one way or the other) with the legitimate requirements of law enforcement. But the article on Money Laundering says that the biggest recent boost to global money laundering is not hawala or pre-paid mobiles, but the euro. The fact that launderers can stuff 500 euro notes in their underpants, and zoom around Europe spending and depositing, helps them enormously.
I tried to write a comprehensive response to this important question, but it is too hard -- that is, long, involved. I suppose that is one point -- it is not possible to separate out the issues of privacy and law enforcement and present them as a balance, not in any cohesive fashion. Simplifying the question to that of a balance between these two factors will not help.
Having said that, there are some easy pithy things to say:
1. the "legitimate requirements" of law enforcement are handled by the law and the courts. Read the law, attend to court issued warrants. Don't get trapped in the marketing of LEOs and regulators who try to make their jobs easy at the expense of everyone else.
2. privacy is not an absolute, and users don't demand it in the general sense. What they do demand is a deal that doesn't change, and a deal that has no secret traps. So whatever you do in a payment system, do it openly. Likewise to the above, don't get trapped in the marketing of the privacy nuts who insist that assassination-grade secrecy is necessary for everyone.
3. the political move to monitor everything is way beyond logic or sense. Pointing out that paper notes are not controlled to the same extent is asking the political/bureaucratic body to start thinking logically and economically. To employ risk-based analysis, that is. That may happen one day (see #4 below), but it isn't likely to help any consumer or payment system in the forseeable future.
4. In time, the economists will get around to pointing out how all the tracking, tracing, monitoring and seizures is causing costs for little return. We the people already feel it, in trying to get simple transactions through recalcitrant payment systems, but it takes serious studies to point out the transaction costs to those who's interests are limited by guaranteed salaries.
5. The notion that a digital system does not involve tracking, tracing, monitoring is difficult to fathom. Even if we were not subject to external pressure and CYA behaviour at all levels of the business, we have substantial internal reasons to have in place sophisticated controls. How do I as an issuer know that I have issued exactly X? Only by looking at every transaction and counting them all up!
6. A full analysis of any system will reveal many requirements and many factors. To revisit the earlier point, privacy and such interests quickly become just more ticks on the box, and not essential ones at that. For e.g., a far more important thing to people is the reliability of the money as a money, and this tends to dwarf privacy issues. That is, privacy is what's left over when all the other things have been dealt with.
Having said all that, I know what Dave is saying -- the balance offered by "legitimate requirements" of law enforcement and the regulators is all wrong. It creates strains that can ultimately break a system (examples abound). Is there a way to get all the various external parties interested in tracking, tracing, monitoring and ultimately seizing everything to back off and stop breaking systems before they are fielded? How do we let financial cryptographers put in place systems that serve society?
Chris points to the Court of the Honourable Anna Diggs Taylor, representing the third branch of power in the USA. Justice A. D. Taylor rules the telephone wire tapping programs out of order. That is, illegal.
In summary, she knocked out the "states secrets" defence because all the information needed was already public, and she granted a permanent injunction based on breaches of the law -- FISA -- and the US constitution and US bill of rights.
As the case has some bearing on the recent SWIFT breach by US Treasury (probably conducted under the same novel theories inside or outside the law), we present some snippets from Case No. 06-CV-10204:
The President of the United States, a creature of the same Constitution which gave us these Amendments, has undisputedly violated the Fourth in failing to procure judicial orders as required by FISA, and accordingly has violated the First Amendment Rights of these Plaintiffs as well.....In this case, if the teachings of Youngstown are law, the separation of powers doctrine has been violated. The President, undisputedly, has violated the provisions of FISA for a five-year
period. ...VII. The Separation of Powers The Constitution of the United States provides that “[a]ll legislative Powers herein granted shall be vested in a Congress of the United States. . . .”43 It further provides that “[t]he executive Power shall be vested in a President of the United States of America.”44 And that “. . . he shall take care that the laws be faithfully executed . . . .”45
.... Justice O’Connor concluded that such a citizen must be given Fifth Amendment rights to contest his classification, including notice and the opportunity to be heard by a neutral
decisionmaker. (citation) Accordingly, [Justice O’Connor's] holding was that the Bill of Rights of the United States Constitution must be applied despite authority granted by the AUMF.
She stated that:It is during our most challenging and uncertain moments that our Nation’s commitment to due process is most severely tested; and it is in those times that we must preserve our commitment at home to the principles for which we fight abroad. **** Any process in which the Executive’s factual assertions go wholly unchallenged or are simply presumed correct without any opportunity for the alleged combatant to demonstrate otherwise falls constitutionally short. Hamdi, 542 U.S. at 532, 537.Under Hamdi, accordingly, the Constitution of the United States must be followed.
...The duties and powers of the Chief Executive are carefully listed, including the duty to be Commander in Chief of the Army and Navy of the United States,49 and the Presidential Oath of Office is set forth in the Constitution and requires him to swear or affirm that he “will, to the best of my ability, preserve, protect and defend the Constitution of the United States.”50
...Not only FISA, but the Constitution itself has been violated by the Executive’s TSP. As the court states in Falvey, even where statutes are not explicit, the requirements of the Fourth Amendment must still be met.54 And of course, the Zweibon opinion of Judge Skelly Wright plainly states that although many cases hold that the President’s power to obtain foreign intelligence information is vast, none suggest that he is immune from Constitutional requirements.55
The argument that inherent powers justify the program here in litigation must fail.... Plaintiffs have prevailed, and the public interest is clear, in this matter. It is the upholding of our Constitution.
As Justice Warren wrote in U.S. v. Robel, 389 U.S. 258 (1967):
Implicit in the term ‘national defense’ is the notion of defending those values and ideas which set this Nation apart. . . . It would indeed be ironic if, in the name of national defense, we would sanction the subversion of . . . those liberties . . . which makes the defense of the Nation worthwhile. Id. at 264.IT IS SO ORDERED.
| Date: August 17, 2006 | s/Anna Diggs Taylor | |
| Detroit, Michigan | ANNA DIGGS TAYLOR | |
| UNITED STATES DISTRICT JUDGE |
Some caveats: we probably have to wait for the inevitable appeal, and we don't do law here, we just do FC. And here seems an appropriate moment to finish with Nick's observations on the wider scope:
There is a long-standing controversy about the idea of parliamentary supremacy -- the idea that legislative law trumps all other law. That is currently the dominant theory in England, but the United States holds a contrary view -- here judges review legislative laws against a prior and higher law: a written constitution (and perhaps also against natural law, but that is a subject we won't pursue here).
There will be multiple additional links to the precise case...
Rachna writes: I am organizing a workshop on usable security that will be held in conjunction with Financial Cryptography and Data Security (FC'07). I encourage people on this list to submit their work and/or to attend the workshop!
Thanks,
Rachna
FIRST CALL FOR PAPERSUsable Security (USEC'07)
http://www.usablesecurity.org/February 15-16, 2007
Lowlands, Scarborough, Trinidad/TobagoA workshop co-located with
The Eleventh Conference on Financial Cryptography and Data Security (FC'07)Submissions Due Date: November 5, 2006, 11:59pm, PST
Some of the most challenging problems in designing and maintaining secure systems involve human factors. A great deal remains to be understood about users' capabilities and motivations to perform security tasks. Usability problems have been at the root of many widely reported security failures in high-stakes financial, commercial and voting applications.
USEC'07 seeks submissions of novel research from academia and industry on all theoretical and practical aspects of usable security in the context of finance and commerce. The workshop will bring together an interdisciplinary group of researchers and practitioners, allowing experts in human-computer interaction, cryptography, data security and public policy to explore emerging problems and solutions.
(Editorial comment -- it is good to see the arisal of more polymath conferences, which is where much of the work will be done in risks and security in the future.)
Adam over at EC, responding to an entry by Phill, is banging the drum on breach data collection and distribution, which is well needed. I first saw this point in a paper from around 2004, and it has been a well trodden theme in the now popular field of Sec&Econ. All well and good. We need more breach data.
However, collecting the data is not the be-all and end-all. It's not for example what would have saved Enron, which is what Adam alludes to:
SarBox is what we get when we have no data with which to push back.
Sarbanes-Oxley collects lots of data, but doesn't change the problem space, and it arguably makes the problem space worse.
Sarbanes-Oxley is what you get when (a) systems get too complex and (b) businesses don't implement Financial Cryptography techniques to reduce and eliminate those complexities. Under these two conditions, what you get first is fraud -- keep in mind that fraud comes out of complexity and lack of reliable systems. The lack of reliability means the systems can be perverted, and the complexity means the perversions can be hidden.
What you get second is Sarbanes-Oxley, as well-meaning accountants discover that they can set themselves up for a *lot* of work and provide a veneer of cover for frauds like Enron.
In contrast, in FC, we have patterns and methods to tighten up all that transaction stuff. RAH's old saw about it being 2 orders of magnitude cheaper is in the right ballpark, except that it might be conservative. FC creates both reliability --- cryptographically based real time non-pervertable reliability -- and removes complexity, as whole layers at a time can be dispensed with because we can simply write automatic audit processes that show 100% conformance.
But these aspects are also why FC didn't get implemented. In a regulated industry, there is incentive to corporate business model cloning (economists call this 'herding'), which leads to cartel behaviour (see paper for another angle) and this then leads to an incentive to raise costs, not lower costs. The banks are a canonical case, as they are so highly regulated that all banks are almost always clones of each other.
If that doesn't make sense, consider it this way. Ask an accountant whether he would recommend a system (say, FC) that would halve his account, or whether he'd recommend a system (like Sarbanes-Oxley) that would double his account.
Add to these effects of fraud and we find another barrier to FC: the experience of those who work at the systemic level to try to put in simpler, more cost-effective systems that eliminate fraud is that they also run slap-bang into those people who perpetuate fraud. These people are very hard to dislodge, for very good reason: they are making a lot of money out of the complexity and poor reliability systems. They are prepared to spend a lot of money keeping systems complex and unreliable.
The answer then is not to increase regulation a la Sarbanes-Oxley, but to decrease regulation, and let things like SOX (or AADS or other similar systems) innovate and drive costs and complexity down. Every time the regulation increases, expect more complexity and therefore more fraud and more costs. Decrease regulation and expect the reverse. Simple.
Economists have known this for decades, we don't need to re-invent the wheel in the security industry with calls for this or that regulation.
Readers might be mighty sick of reading how the boring non-entity SWIFT lost its data virginity in the grubby hands of the US Government. Now we have a change in melody, but the beat remains the same.
AOL released 20 million randomised searches, indexed to 650,000 users, from its Google-rebranded search front-end as an experiment to aid researchers. Unfortunately for them, the bloggers got hold and started to research:
....someone typed in "borderline personality disorder" multiple times and then days later there were many queries about "men that are abused by wives." The queries seem to be coming from somewhere in Toledo, Ohio. Months later someone searched for "ohio correctional institute strkyer ohio," then for airline tickets to Detroit Wayne airport and then finally on the words "win him back."
The Internet has been a boon to those who have needed to search difficult subjects. We all know that the doctor says, "visit me," but how many of us do? The net has the answers.
What might not have been clear is that the net has your questions, too. How easy is it to misconstrue dangerous search requests? Well, one could argue that if one is using the net, and not asking a human, there is a good reason. Plenty of room for misinterpretation, we can assume.
Sometimes it is clearer:
Check out the search history for user 17556639, most recent search is at the bottom of the list.. Does this look like the search history of a user wanting to do something bad?17556639 how to kill your wife
17556639 how to kill your wife
17556639 wife killer
17556639 how to kill a wife
....
We all want to know that from time to time, but mostly we don't write down those spur of the moment thoughts. User 17556639, would you come quietly with us, please?
The primary point here being that this data is now permanently breached. Once breached, it will be shared. And datamined. Once datamined, expect surprising results, visits by surprising people and surprising levels of abuse.
Got governance? AOL does not, placing it in firm company with the US government. According to today's earlier post, expect firings & hirings to soar at AOL, and conspiracy theorists will suggest that the USG suggested the research angle to the witless at AOL after the subpoena debacle earlier in the year.
Thanks to Dani for heads-up.
More rumours on how the US Treasury breached SWIFT: It appears that UST knew about certain SWIFT breaches by insiders in the past and used those infractions as leverage to get access.
This may be in contrast to claims by SWIFT itself that UST prepared warrants for seizure as extortion ploys. Indeed, it has been suggested that not only were no warrants prepared, but that the UST provided no written evidence of any form of due process at all. An interesting question to put to SWIFT, #1: show us the evidence!
It gets better: SWIFT was breached not once, not twice, but three times!
Rumour has it that two other agencies of unknown character had also breached the SWIFT record set independently of UST, and that they were better at it than UST in that they really knew how to use the information. The timeline of these breaches is unclear.
At least one of these agencies has found all sorts of interesting information and has used it -- which is how the secret was outed. They apparently have done the datamining thing and fed the results into various cases. It's what you do with data, right? Then, conversations with those implicated groups (read: wall street firms) has led to a suspicion that more than just domestic data was involved. At least one company with rock-solid profitably has already proceeded on an "orderly exit from the market," after having been given "the talk." The people involved read like a who's who of the mothers of the Texas / Washington DC oil industry which raises the idle speculation of political connections and insider trading -- were there suspiciously good trading records in oil? And was this found in the SWIFT analysis? And what sort of agency takes on that power group and lives to tell the tale?
All which rumours might point to TLA2 being a US agency with interests domestic rather than foreign. Likely candidates we could speculate on given the financial regulatory interest would be the SEC or the Federal Reserve.
TLA3 remains obscure. But, once we get to 3 agencies, we can stop counting and also stop pretending that there is any governance in place. SWIFT is an open book for regulators in the US at least, and that makes it just another smoking gun in the never-ending Spy v. Spy game. At the least, this suggests question #2 for SWIFT: how many agencies have your data?
In related gossip, SWIFT itself has conducted an internal audit, perhaps in response to the above rumour of leverage, or perhaps out of caution. It has apparently found additional multiple breaches across the lines -- uncovering misuses of data by employees.
Insiders suggest a strategy of cleaning house before outside regulators come in. Do we audit then Ajax, or is it the other way around? Sustained pressure on privacy and banking regulators in Europe has made intervention a non-trivial risk; latest rumour there is that the Belgian privacy regulator is taking lead on the case for all EU privacy regulators, and they all now working through SWIFT's response to the first round of questioning. The question of whether European companies are alive to the risks of "Restaurant economics," a.k.a. industrial espionage remainsl an open one.
Question #3 for SWIFT: why didn't your prior and no doubt expensive audits uncover signs of data abuses? (Readers of FC already know the answer to that, but SWIFT might not, so it is worth making them think about it.)
Also, there are scurrilous suggestions that the SWIFT breach has triggered a wave of copycat audits across FIs with a wide network of users. Major banks take note -- you may want to now go through and audit how your data has been used and misused, and we ain't talking about Sarbanes Oxley. "One more time, with feeling." Many institutions are apparently already doing this, which has lead to a surge of firings and hirings where misuse of data has been found. Some of the breaches relate to USG as beneficiary, others do not, but details are of course scant. (Companies that are mentioned as having surges in firings/hriings other than SWIFT include three household names, leaders in their respective sectors.)
[ Search for more on SWIFT breach. ]
"Hackers clone e-passports" from wired reports that the RFID in the new passport formfactor can be cloned for peanuts:
Grunwald says it took him only two weeks to figure out how to clone the passport chip. Most of that time he spent reading the standards for e-passports that are posted on a website for the International Civil Aviation Organization, a United Nations body that developed the standard. He tested the attack on a new European Union German passport, but the method would work on any country's e-passport, since all of them will be adhering to the same ICAO standard.
Lynn says that sounds somewhat akin to the "yes card" clones of sda chip&pin that started to show up in the 90s [1, 2].
And now for something completely different:
Confidence in the Government's immigration policy - insofar as it has one - is at rock bottom. The latest revelation was buried in a threat assessment issued by the Serious Organised Crime Agency yesterday. It revealed that the cost of a clandestine passage from France to Britain is now just £150.
Is that with a free Identity, or don't you need one as you stride out below the white cliffs of Dover? I've postulated on the basis of this and other collected resources that $1000 is the value of your identity. Over in Russia, Vlad Miller also came up with a $1000 maximum liability number which he uses when selling identity certification. He writes (from email):
My estimations of the liability amount was mostly based on similar indirect research of black market prices. According to the majority of my sources (paper and internet press as well as some unofficial discussions with old-hat officials from MIA) russian black market has two main fake identity (mostly domestic passports) offers:1. Fake real identity, that is just a counterfeit document that looks real (at glance or under a more in-detail examination). Those cost 100-800 USD depending on the quality of forgery.
2. Real fake identity, that is a *real* and fully legal identity document issued on a *fake* name. These IDs can't be detecter with any forgery detection techniques; in some cases you can't determine this is a forgery even by inquiry to the official MIA database because this fake name is entered there too (this is resembling to real fake IDs used by undercover operatives). Such forgeries cost starting at 1200 USD (just filled on a legal blank) and may run up to 2000 USD and even more (fake information is inserted into the database).
I've made some security risks calculations, and final $1000 came up.
Our routine survey of fake Ids does not challenge:
The fake IDs were for more than 20 countries including South Korea, Singapore, Germany and the United States. Police also found about 1,500 visas for Australia, Malta, Moldova, the European Union (EU), Canada, Japan and South Africa. ... The suspects admitted that the gang charged about 4,000 baht ( 105 U.S. dollars) for producing a fake passport. They added forgery had become easy with the help of high-tech digital equipment.
Where this comes to the point is in the application of money. Here's Dani's Report from the Wild East:
I have participated in a conference titled "Banking and Criminal Law" organized by the International Association of Penal Law (AIDP, http://www.penal.org ) where the following figures were announced for 2005 in Hungary:Reports by banks and law-firms concerning possible money-laundering: approx. 14000
Investigations initiated by the police: 8
Cases heared at court: 2
Guilty verdicts: 0
At the same time, the estimated volume of money laundering through the Hungarian financial system during the same year: $4 billion.These figures came as a shock to some of the participants (including myself). This proves that the immensely expensive snooping machinery that requires one or two full-time employees at major branches (the guy dealing with the paperwork required for reporting suspicious cash transactions), which both customers and banks hate, is completely ineffective. Banks were forced into compliance by the regulation that puts the criminal responsibility for money-laundering on the teller, if s/he failed to report it; thus, they end up reporting almost every transaction, just in case. Same for law firms and escrow agencies (these two functions are traditionally performed by the same companies in Hungary).
On the other hand, living without a bank account is nearly impossible in Hungary (for instance, it is illegal to pay salaries in cash for a wide range of jobs) and it is becoming increasingly burdensome to transact without the banks' participation. It's getting worse year by year.
Russia is a completely different story, where the trust in the banking sector is generally low among the general population and large parts of savings are held either at home in cash (exclusively in USD during the nineties, then in Euros and in the past two years increasingly in the local currency, roubels) or lended to trustworthy friends and relatives. Major money laundering is done through off-shore banks, mostly in the baltic states (Russian-owned Latvian banks are the favorites). Even if salaries arrive to bank accounts, people tend to visit the ATM on pay-day to get some cash (most ATMs give both roubles and USD; when ATMs first appeared in Russia, they were dollar-only). Escrow agencies (of which WebMoney is technically one) are very popular in securing p2p or b2b transactions. These are very loosely regulated, use a diverse set of communication channels, and God alone can track all the financial flows. There are just too many of them.
Posted by: Daniel A. Nagy
It is relatively easy to draw a line from drugs -> ML -> AML -> identity obsession -> identity theft, albeit hard to stomach for the unforseen consequences. We can now possibly calculate the losses from AML: as identity became necessary for more and more processes, including for example the expansion of the credit society, more and more stress is placed on the weak instrument of the one true identity. In this case, the AML people have paved the way for fairly massive identity theft and concomittant fraud. Last time I saw the figures it was running around $10bn per year in the US, but maye it is more:
Nearly 10 million consumers were victimized by some form of identity theft in 2004 alone. That equals 19,178 people per day, 799 per hour and 13.3 per minute. Consumers have reportedly lost over US$5 million, and businesses have lost an estimated $50 billion or more.
The authorities will see statistics on the uselessness of AML as more evidence that they must try harder, but economists see it differently; If we reverse the cause and effect in our minds, correlation is still found to confirm our mistakes.
The late great President Ronald Reagan is often lauded as the most Austrian of leaders, but he made some mistakes. As instigator of the original war on drugs, he set the foundation for our current epidemic of identity theft, and his war fell victim to the law of unforseen consequences.