Financial Cryptography

Banking - licensed to cheat! And whether you'll get away with it.

Research into what most people will feel is so trivially true that the research wasn't needed has been conducted -- are bankers cheats?

The subjects took part in a simple experiment of flipping a coin, and involved around two hundred bankers, including 128 from a single unnamed international bank. They were divided into two groups. The people from the first were asked specifically about their jobs in banking, while the other half were asked unrelated questions.

"The rules required subjects to take any coin, toss it 10 times, and report the outcomes online," the researchers reported in the journal Nature. "For each coin toss they could win an amount equal to approximately $20 depending on whether they reported 'heads' or 'tails'."

The point is that the players were told ahead of the game whether "heads" or "tails" would win as well as in which case they could keep their winnings.

Given maximum winnings of $200, there was "a considerable incentive to cheat," wrote the team of researchers.

The bankers were asked to fill out questionnaires before tossing each coin. Those who were asked about things unrelated to their job hardly ever cheated in the coin toss, reporting 51.6 percent wins.

But those asked about their banking careers made the cheat rate go up - they reported 58.2 percent as wins. If everyone was completely honest, the proportion of winning tosses in each group would be 50 percent.

That's actually a stunning result. Just talking about banking made the bankers cheat! As an aside, this research is a dead cert for the IgNoble awards, a sort of faux Noble in odd science which celebrates wacky research that on the face of it should not have been conducted, but in actuality reveals some interesting results.

Back to the banking cheats. Up until now, there has been a stunning silence on the behalf of the prosecution authorities for what is likely either the #1 or #2 crisis in modern history. So bankers are confirmed in their skulduggery, they will almost certainly get away with it.

What can we as society do about this? Putting some of them in jail has been commented as what is missing, indeed the reason we're likely confirmed that banking as a whole is a poisoned pot is that nobody's gone to jail for the financial crisis.

In Britain, last month, a crown court in London announced:

"A senior banker from a leading British bank pleaded guilty at Southwark Crown Court on 3 October 2014 to conspiracy to defraud in connection with manipulating Libor," the court said in a statement.

"This arises out of the Serious Fraud Office investigations into Libor fixing."

And, in Iceland a world-wide first:

Nov 19 (Reuters) - The former chief executive of Landsbanki, one of three banks that racked up $75 billion in debt before collapsing and crashing the economy in 2008, was sentenced to one year in jail on Wednesday for market manipulation.

Sigurjon Arnason was convicted of manipulating the bank's share price and deceiving investors, creditors and the authorities in the dying days of the bank between Sept. 29 and Oct. 3, 2008.

The Reykjavik District Court said nine months of Arnason's sentence were suspended. Ivar Gudjonsson, former director of proprietary trading, and Julius Heidarsson, a former broker, were also convicted and received nine-month sentences, six of which were suspended. All pleaded innocent to the charges.

"This sentence is a big surprise to me as I did not nothing wrong," Sigurjon Arnason told Reuters after the sentencing, adding that he and his attorney had not yet decided whether to appeal to the supreme court.

More:

In receiving a one year prison sentence, Sigurjon Arnason officially became the first bank executive to be convicted of manipulating the bank's stock price and deceiving investors, creditors and the authorities between Sept. 29 and Oct. 3, 2008, as the bank's fortunes unwound, crashing the economy with it. Landsbanki was one of three banks that had tallied nearly $75 billion in debt before the final curtain was drawn.

All pleaded innocent to the charges...

Bitcoin and the Byzantine Generals Problem -- a Crusade is needed? A Revolution?

It is commonly touted that Bitcoin solves the Byzantine Generals Problem because it deals with coordination between geographically separated points, and there is an element of attack on the communications. But I am somewhat suspicious that this is not quite the right statement.

To review "the Byzantine Generals Problem," let's take some snippets from Lamport, Shostack and Pease's seminal paper of that name:

We imagine that several divisions of the Byzantine army are camped outside an enemy city, each division commanded by its own general. The generals can communicate with one another only by messenger. After observing the enemy, they must decide upon a common plan of action. However, some of the generals may be traitors, trying to prevent the loyal generals from reaching agreement. The generals must have an algorithm to guarantee that

A. All loyal generals decide upon the same plan of action.

The loyal generals will all do what the algorithm says they should, but the traitors may do anything they wish. The algorithm must guarantee condition A regardless of what the traitors do.
The loyal generals should not only reach agreement, but should agree upon a reasonable plan. We therefore also want to insure that

B. A small number of traitors cannot cause the loyal generals to adopt a bad plan.

Lamport, Shostack and Pease, "the Byzantine Generals Problem", ACM Transactions on Programming Languages and Systems,Vol.4, No. 3, July 1982, Pages 382-401.

My criticism is one of strict weakening. Lamport et al addressed the problem of Generals communicating, but there are no Generals in the Bitcoin design. If we read Lamport, although it doesn't say it explicitly, there are N Generals, exactly, and they are all identified, being loyal or disloyal as it is stated. Which means that the Generals Problem only describes a fixed set in which everyone can authenticate each other.

While still a relevant problem, the Internet world of p2p solutions has another issue -- the sybil attack. Consider "Exposing Computationally-Challenged Byzantine Impostors" from 2005 by Aspnes, Jackson and Krishnamurthy:

Peer-to-peer systems that allow arbitrary machines to connect to them are known to be vulnerable to pseudospoofing or Sybil attacks, first described in a paper by Douceur [7], in which Byzantine nodes adopt multiple identities to break fault-tolerant distributed algorithms that require that the adversary control no more than a fixed fraction of the nodes. Douceur argues in particular that no practical system can prevent such attacks, even using techniques such as pricing via processing [9], without either using external validation (e.g., by relying on the scarceness of DNS domain names or Social Security numbers), or by making assumptions about the system that are unlikely to hold in practice. While he describes the possibility of using a system similar to Hashcash [3] for validating identities under certain very strong cryptographic assumptions, he suggests that this approach can only work if (a) all the nodes in the system have nearly identical resource constraints; (b) all identities are validated simultaneously by all participants; and (c) for "indirect validations," in which an identity is validated by being vouched for by some number of other validated identities, the number of such witnesses must exceed the maximum number of bad identities. This result has been abbreviated by many subsequent researchers [8, 11, 19-21] as a blanket statement that preventing Sybil attacks without external validation is impossible.

J. Aspnes, C. Jackson, and A. Krishnamurthy, "Exposing computationally-challenged byzantine impostors," Tech. Report YALEU/DCS/TR-1332, Yale University, 2005, http://www.cs.yale.edu/homes/aspnes/papers/tr1332.pdf

Prescient, or what? The paper then goes on to argue that the solution to the sybil attack is precisely in weakening the restriction over identity: *The good guys can also duplicate*.

We argue that this impossibility result is much more narrow than it appears, because it gives the attacking nodes a significant advantage in that it restricts legitimate nodes to one identity each. By removing this restriction...

This is clearly not what Lamport et al's Generals were puzzling over in 1982, but it is as clearly an important problem, related, and one that is perhaps more relevant to Internet times.

It's also the one solved according to the Bitcoin model. If Bitcoin solved the Byzantine Generals Problem, it did it by shifting the goal posts. Where then did Satoshi move the problem to? What is his problem?

With p2p in general and Bitcoin in particular, we're talking more formally about a dynamic membership set, where the set comes together once to demand strong consensus and that set is then migrated to a distinct set for the next round, albeit with approximately the same participants.

What's that? It's more like a herd, or a school of fish. As it moves forward, sudden changes in direction cause some to fall off, others to join.

The challenge then might be to come up with a name. Scratching my head to come up with an analogue in human military affairs, it occurs that the Crusades were something like this: A large group of powerful knights, accompanied by their individual retainers, with a forward goal in mind. The group was not formed on state lines typical of warfare but religious lines, and it would for circumstances change as it moved. Some joined, while some crusaders never made it to the front; others made it and died in the fighting, and indeed some entire crusades never made it out of Europe.

Crusaders were typically volunteers, often motivated by greed, force or threat of reputation damage. There were plenty of non-aligned interests in a crusade, and for added historical bonus, they typically travelled through Byzantium or Constantinople as it was then known. And, as often bogged down there, literally falling to the Byzantine attacks of the day.

Perhaps p2p faces the Byzantine Crusaders Problem, and perhaps this is what Bitcoin has solved?

In the alternate, I've seen elsewhere that the problem is referred to as the Revolutionaries' Problem. This term also works in that it speaks to the democracy of the moment. As a group of very interested parties come together they strike out at the old ways and form a new consensus over financial and other affairs.

History will be the judge of this, but it does seem that for the sake of pedagogy and accuracy, we need a new title. Bysantium Crusaders' problem? Democratic Revolutionaries' problem? Consensus needed!

HR is broken - the recruiter honeypot

It is an old claim of mine that the employment business is broken. Not broken in the sense of cryptography -- down from 256 bits of strength to 255, the horror! -- but broken in the human, social sense. ROT13 broken. A complete facade, a level of reliability that even bankers would find troubling.

To prove this total brokenness, here's some great informal research with some awful findings.

The Recruiting Crisis

In late 2009, my desk was piled with JavaScript resumes. Our homegrown JavaScript framework edged us over competitors but maintaining our technical advantage meant carefully crafting a lean, delta-force Web team. Though I averaged two interviews a day, we had only grown the team by three-four engineers each year.

However, in 2010, that had to change. It was our first year with a real revenue target and also the first time we planned to pivot from our original IM product. We charted our end-of-year goals, quarterly milestones, and eventually backtracked to our team and hiring priorities. To meet our 2010 goals, I needed to double the JavaScript team in just one quarter. If I didn't, innovation would stall and without revenue, our business would be in serious jeopardy.

To summarise, a founder of a startup got frustrated with recruiting Javascript programmers, and in one mad regrettable night, created a false identity as the very image of the geekly god of code she wanted to employ. She then watched what the recruiters did with the perhaps noble intention that she would employ the best of those very recruiters to help her.

Didn't quite work out that way. Here's her findings in a nutshell:

• LinkedIn is the *only* channel for recruiters! Anything else was worthless for garnering their attention. Only LinkedIn got attention from recruiters. While great for LinkedIn's stock holders, it is a sad sickening result in and of itself; it evidences a monocultural blindness that bespeaks of disaster for the employment business.
• Her own company did not use LinkedIn. They had recruited a great team by all sorts of other methods. Which matches what I recommended a while back: when you discover a trend, do the reverse.
• All the recruiting approaches were the same. There were mild differences between the general categories of Large & Startup, but within those archtypes, the approaches were cut & paste. Best Practices has become Monoculture has taken root with a vengeance.
• Every recruiter she had used in the past broke the contract. There was no love lost with recruiters' clients, they all tried to poach her false god of code. This is the endgame in a broken employment market, "I poach because I can't think (of anything better)"
• Every recruiter used white lies such as "I've been referred to you by ..."
• Who was best at recruiting? The ordinary manager with no recruiting experience, training or bias.
• Finally, out of 382 recruiters, only one checked the facts and tried to get a real contact with the person. And found out the person didn't exist! So when you think you are paying these people for reliable information, you are deceived. Recruiters provide no checking on anything, in general.

That's the quick read. If however you are a company founder interested in recruiting, you should definitely read the entire thing. It's off the wall, very counter-cultural. But that's what it takes to defeat a monocultural failure -- fresh approach.