January 29, 2019

None of us love terrorists

None of us love terrorists. A few of us study and admire warfare and revolutionary spirit and history and daring battles, but that doesn't match actual facts on the ground. War is 1% heroism and 99% death, destruction, scorched earth for causes nobody can remember. Terrorists are 100% ruthless killers that will stop at nothing.

This however does not mean that we as a society should change our lives to suit the agenda of the terrorist. The theory of terrorism clearly aims to achieve maximum media blitz, because the terrorist wishes to recruit at home. More blitz, more willing immatures to the cause.

If you are reporting on terrorism, as I am today, you are part of the problem not the solution. Slice the lifeline of international media attention, kill the thrill. Cut the media buzz, there will be no global endorsement of the worthiness of the terrorist's pathetic message.

No worthy cause, no local hillbilly to take up arms.

The response of an intelligent society is to suppress that media blitz and get on with our life.

In particular I refer to the Londoners in 7/7 who walked home. Without fuss. Without complaint. Without media demands for war, vengance, invasion of some random country. Without caring that nobody much remembers that day.

I was in London that day, due to meet someone near Tavistock square. But I slept in.

Which was how it was: we did not respond.

Londoners have their memories. Many died. But we did not respond. The English have seen it all before and no amount of terrorism was going to cause a response from the people. Much the same all across the continent, Europeans understand the balance - it's a police business, and for the rest of us, we do not respond.

First day I was in Madrid back in 1991 or so, there were three ETA bombings. I saw the smoke from my 4 star hotel window and wondered. The Spanish have seen it all and they did not respond.

I do not refer to the British authorities who bought into the whole USA control-by-fear-of-terrorism agenda. It was you that the Brexiters voted against. And, for all the controls, costs, spying, economic exclusion, false positives, what do you have to show?

I was at the infamous JFK airport terrorist incident in New York, in the height of terromania in USA. In our thousands, we ran out of terminals onto the tarmac and camped under planes. To panicked people, I explained why we were totally safe - "no they can't shoot us because we just run further out to the airfield." Stay here, and do not respond. You are safe.

The Kenyan people aren't going to be effected by the Dusit attack. Nairobi as a people weren't effected by the Westgate attack, that I saw, and I was there in Nairobi at the time.

The Kenyans did not respond.

Not because Kenyans are insensitive or dumb or unaware. To the contrary - what Kenyans were effected by was political disaster of 2007, in which 2000 or more people died. Kenyas were marked by 2007, deeply. If there is anything that Kenyans remember of Westgate, it was the political backstory of Westgate - the army's response. The cynicism runs deep in Kenya, and it seems that the army did not shoot the police in this new Dusit event. Progress.

Do not respond.

The smarter society analyses the risks. Nairobi is a city of 3 million people or so, which means about 100 die on a given day. The people of Nairobi, and any large city, can only be effected by much larger numbers dying, OR by mainstream media spruiking a panic.

The smarter society does not respond to mainstream media.

Authorities everywhere would be smart to recognise that the agenda of fear only goes so far before they create their own revolution.

We, society are watching. Don't make us respond, because we will respond to something closer to the truth than you want.

Posted by iang at 02:18 AM | Comments (0)

How does the theory of terrorism stack up against AML? Badly - finally a case in Kenya: Dusit

Finally, an actual financial system & terrorism case lands before the courts, relating to the Dusit attack. Is this a world first? I don't know because this conjunction is so rare, nobody's tracking it.

The essential gripe is that since 9/11 the financial world decided to slap the terrorism label on their compliance process. Yet to no avail. Very few cases, so small that they fall between bayesian cracks. So misdirected because terrorists have options, and they can adjust their approach to slip under they radar. Backfiring because the terrorists are already outside norms and will do as much damage as needed, thus further harming the financial system.

And so hopeless because your true terrorist doesn't care about being caught afterwards - he's either dead or sacrificed.

Anyway, that's the theory - anti-terrorism applied to the financial system simply won't work. Let's see how the theory stacks against the evidence.

A suspect linked to the Dusit terror attack received Sh9 million from South Africa in three months and sent it to Somalia, the Anti-Terror Police Unit have said. Twenty one people, including a GSU officer, were killed in the January 15 attack. The cash was received through M-Pesa.

So far so good. We have about $90,000 (100 Kenya shillings is 1 USD) sent through M-Pesa, a mobile money system in Kenya, allegedly related to the Dusit attack.

Hassan Abdi Nur has 52 M-Pesa agent accounts. Fourty seven were registered between October and December last year, each with a SIM card. He used different IDs to register the SIM cards.

So (1), the theory of terrorism predicts that the money will be moved safely, whatever the cost. We have a match. In order to move the money, 52 accounts were opened, at the cost of different IDs.

One curiosity here is the cost. In my long running series on the Cost of your Identity Theft we see (or I suggest) an average cost of an Identity set of around $1000. Which would amount to a cost of $52k for 50 odd sets. But this is high for a washed amount of $90k.

Either the terrorists don't care of the cost, or cost of dodgy ID is lower in Kenya, or the alleged middleman amortised the cost over other deals. Interesting for further investigation but not germane to this case.

Then (2), the theory of bayesian statistics and the "base rate fallacy" predict that no terrorists will ever be caught before the fact based on AML/KYC controls.

Clearly this is a match - the evidence is being compiled from after-the-fact forensics. Now, in this the Kenyan authorities are to be applauded for coming out and actually revealing what's going on. In the western world, there is too much of a tendency to hide behind "national secrets" and thus render outside scrutiny, the democratic imperative, an impossibility. One up for the Kenyans, let's keep this investigation transparent and before the courts.

Next (3). The theory predicts that follow the money is a useless tool.

Ambitham was in constant communication with slain lead attacker Ali Salim Gichunge, who died during the attack and his spouse Violent Kemunto Omwoyo.

[Inspector] Githaiga yesterday said Ambitham’s phone led to his arrest on Tuesday after detectives established his communication with the Gichunges.

The police are following the social graph and arresting anyone involved. Having traced the phones, they then investigated the M-Pesa evidence, which provided many additional and interesting confirmatory facts.

Which is what they should do. But it was the contact information that cracked this case, not the financial flows. The contact information has always been available to them. And, where there is a credible case of terrorism as is in this case, the financial information has never been withheld. Again, the theory matches the evidence: follow the money is useless before the event, only confirmatory after the event.

Finally (4), the theory of unforeseen consequences says that the damage done by unintelligent responses will haunt the future of anti-terrorism efforts.

These are the agents that received the money, which was later withdrawn at the Diamond Trust Bank, Eastleigh branch, before it was wired to Somalia. ... The manager of the bank where Nur was withdrawing the money,, Sophia Mbogo, was arrested for failing to report Nur’s suspicious transactions. Nur is said to have made huge withdrawals in short intervals, which Mbogo ought to have reported to relevant authorities, but there is no indication she did so.

Without wishing to compromise the investigation - this looks inept. Eastleigh is the Somali district of Nairobi. It's a bustling centre of trade. In some respects the Somalis are better traders than the Kenyans, and a lot of trade is done. And a lot of that is in cash, because the Kenyan banking system is ... not responsive. Lots of legitimate cash would move in and out of that bank branch.

Given the alleged fact that the money man had 52 M-Pesa accounts, he was certainly aware enough to run under the radar of the branch. Thresholds and actions by banks are no secret, especially by those motivated by terrorism to conduct any crime to find out - bribery, extortion, kidnapping are options.

Maybe there is evidence that the branch or the manager is "in" on the deal. Or maybe there is not, and the Kenyan police have just confirmed the theory that FATF anti-terrorism will do more damage. They've sent a message to all branches to drown their customers in pointless compliance, and to not cooperate with the police.

The Kenyan police had better get a clear and undeniable conviction against the branch manager, or they are going to rue the day. The next terrorist attack will surely be harder.

Posted by iang at 01:33 AM | Comments (0)

June 25, 2018

FCA on Crypto: Just say no.

Because it's Sunday, I thought I'd write a missive on that favourite depressing topic, the current trend of the British nation to practice economic self-immolation. I speak of course of the FCA's letter to the CEO.

Some many may be bemused and think that this letter shows signs of progress. No such. What the letter literally is, is the publication of a hitherto secret order sent to CEOs of banks to not bank crypto.

The instruction was delivered some time ago. Verbally. And deniably. The banks knew it, the FCA knew it, but all denied it unless under condition of confidentiality or alcohol.

Which put the FCA, the banks, and Britain into considerable difficulties - the FCA could neither move forward to adjust because there was no position to adjust, the British banks could not bank crypto because they were under instruction, and the British crypto-using public either got screwed by the banks or they left the country for Europe and places further afield.

(Oddly, it turns out that Berlin is the major beneficiary here, but that's a salacious distraction.)

After some pressure as the 'star chamber' process of business policy, it transpires a week ago that the FCA has come out of the cold and issued the actual instruction in writing. This is now sufficient to replace the secret instruction, so it represents a movement of sorts. We can now at least openly debate it.

However the message has not changed. To understand this, one has to read the entire letter and also has to know quite a lot about banks, compliance and the fine art of nah-saying while appearing to be encouraging.

The tone is set early on:


As evidence emerges of the scope for cryptoassets1 to be used for criminal purposes, I am writing regarding good practice for how banks handle the financial crime risks posed by these products.

There are many non-criminal motives for using cryptoassets.

It's all about financial crime. The assumption is that crypto is probably used for financial crime, and the banks' job is to stop that happening. Which would logically set a pretty high bar because (like money, which is also used for financial crime) the use of crypto (money) by customers is generally opaque to the bank. But banks are used to being the frontline soldiers in the war on finance, so they will not notice a change here.

The problem is of course that it simply doesn't work. The bank can't see what you are doing with crypto, so what to do? When the banks ask customers what they do with the money, costs sky rocket, but the quality of the information doesn't increase.

There is therefore only one equilibrium in this mathematical puzzle that the FCA has set the banks: Just say no. Shut down any account that uses crypto. Because we will hold you for it and we will insist on no failures.

Now, if it was just that, a dismal letter conflating crime with business, one could argue the toss. But the letter goes on. Here's the smoking gun:

Following a risk-based approach does not mean banks should approach all clients operating in these activities in the same way. Instead, we expect banks to recognise that the risk associated with different business relationships in a single broad category can vary, and to manage those risks appropriately.

The risk-based approach!

Once that comes into play, what the bank reads is that they are technically permitted to use crypto, but they are strictly liable if it goes wrong. Because they've been told to do their risk analysis, and they've done their risk analysis, and therefore the risks are analysed which conflates with reduced to zero.

Which means, they can only touch crypto if they know . This knowledge being full knowledge not that other long-running joke called KYC. Banks must know that the crypto is all and totally bona fide.

But they generally have no such tool over customers, because (a) they are bankers and if they had such a tool (b) they wouldn't be bankers, they would be customers.

(NB., to those who know their history, anglo-world banks used to know their customers' business quite well. But that went the way of the local branch manager and the dodo. It was all replaced by online, national computer networks, and now AIs that do not manifestly know anything other than how to spit out false positives. NB2 - this really only refers to the anglo world being UK, USA, AU, CAN, NZ and the smaller followers. Continental banking and other places follow a different path.)

Back to today. The upshot of the relationship for regulator-bank in the anglo world is this: "risk-based analysis" is code for "if you get it wrong, you're screwed." Which latter part is code for fines and so forth.

So what is the significance of this, other than the British policy of not doing crypto as a business line (something that Berlin, Gibraltar, Malta, Bermuda and others are smiling about)? It's actually much more devastating that one would think.

It's not about just crypto. As a society, we don't care about crypto more than as a toy for rich white boys to play at politics and make money without actually doing anything. Fun for them, soap opera for observers but the hard work is elsewhere.

It's not in the crypto - it's in the compliance. As I wrote elsewhere, banks in the anglo world and their regulators are locked in a deadly embrace of compliance. It has gotten to the point where all banking product is now driven by compliance, and not by customer service, or by opportunity, or by new product.

In that missive on Identity written for R3's member banks, I made a startling claim:

FITS – the Financial Identity Trilemma Syndrome

If you’re suffering from FITS, if might be because of compliance. As discussed at length in the White Paper on Identity, McKinsey has called out costs of compliance as growing at 20% year on year. Meanwhile, the compliance issue has boxed in and dumbed down the security, and reduced the quality of the customer service. This is not just an unpleasantness for customers, it’s a danger sign – if customers desert because of bad service, or banks shed to reduce risk of fines, then banks shrink, and in the current environment of delicate balance sheets, rising compliance costs and a recessionary economy, reduction in bank customer base is a life-threatening issue.

For those who are good with numbers, you'll pretty quickly realise that 20% is great if it is profits or revenues or margin or one of those positive numbers, but it's death if it is cost. And, compliance is *only a cost*. So, death.

Which led us to wonder how long this can go on?

(youtube, transcript) Cost to compliance now is about 30% I’ve heard, but you pick your own number. Who works at a bank? Nobody, okay. That’s probably good news. [laughs] Who’s got a bank account? I’ve got bad news: if you do the compounding, in seven years you won’t have a bank accounts, because all the banks will be out of money. If you compound 30% forward by 20%, in seven years all of the money is consumed on compliance.

As I salaciously said at a recent Mattereum event on Identity, the British banks have 7 years before they die. That's assuming a 30% compliance cost today and 20% year on year increase. You could pick 5% now and 10% by 2020 as Duff & Phelps did which perversely seems more realistic as if the load is now 30% then banks are already dead, we don't need to wait until 100%. Either way, there is gloom and doom however society looks at it.

Now these are stupid numbers and bloody stupid predictions. The regulators are going to kill all the banks? Nah... that can only be believed with compelling evidence.

The FCA letter to the CEO is that compelling evidence. The FCA has doubled down on compliance. They have now, I suspect, achieved their 20% increase in compliance costs for this year, because now the banks must double down and test all accounts against crypto-closure policy. More.

We are one year closer to banking Armageddon - thanks, FCA.

What can we see here? Two things. Firstly, it cannot go on. Even Mark Carney must know that burning the banking village to save it is going to put Britain into the mother of all recessions. So they have to back off sometime, but when will that be? If I had to guess, it will be when major clients in the City of London desert the British banks, because no other message is heard in Whitehall or Threadneedle St. C.f., Brexit. Business itself isn't really listened to, or in the immortal words of the British Foreign Secretary,

Secondly, is it universal? No. There is a glimmer of hope. The major British banks cannot do crypto because the costs are asymmetric. But for a crypto bank that is constructed from ground up, within the FCA's impossible recipe, the costs are manageable. Such a bank would basically impose the crypto-compliance costs over all, so all must be in crypto. An equilibrium available to a specialist bank, not any high street dinosaur.

You might call that a silver lining. I call it a disaster. The regulators are hell bent on destroying the British economy by adding 20% extra compliance burden every year - note that they haven't begun to survey their costs, nor the costs to society.

After the collapse there will be green shoots, and we should cheer? Shoot me now.
Frankly, the broken window fallacy would be better than that process - we should just topple the banks with crypto right now and get the pain over with, because a fast transition is better than the FCA smothering the banks with compliance love.

But, obviously, the mandarins in Whitehall think differently. Watch the next seven years to learn how British people live in interesting times.

Posted by iang at 07:02 AM | Comments (2)

May 04, 2017

On a Principled Approach to Blockchain Governance - 7 Requirements

Over on Steem, I've published a short 7 part cycle on a Principled Approach to Blockchain Governance:

One of the things that I learnt in the CAcert adventure was that governance was critical to the safe operation of large communities. How large is large ... is a question of much debate, but to put it bluntly, this is needed beyond say a 2 digit size, which I’ve always seen as around 30, but certainly well before Dunbar’s number of 150.

Now, the problem with governance is that once it’s in place, it becomes power. And power corrupts. ...

Each part lays out one principle:

  1. Open Entry
  2. Toxics not Welcome!
  3. Constitution!
  4. Arbitration
  5. Consensors are Enforcers
  6. Arms of Governance are Independent
  7. Community exercises their Democratic voice to set rules

The reason I'm using Steem as the blog rather than good ol' Financial Cryptography ... might be revealed soon enough. Watch this space. Or that space!

Posted by iang at 09:40 PM | Comments (4)

October 23, 2016

Bitfinex - Wolves and a sheep voting on what's for dinner

When Bitcoin first started up, although I have to say I admired the solution in an academic sense, I had two critiques. One is that PoW is not really a sustainable approach. Yes, I buy the argument that you have to pay for security, and it worked so it must be right. But that's only in a narrow sense - there's also an ecosystem approach to think about.

Which brings us to the second critique. The Bitcoin community has typically focussed on security of the chain, and less so on the security of the individual. There aren't easy tools to protect the user's value. There is excess of focus on technologically elegant inventions such as multisig, HD, cold storage, 51% attacks and the like, but there isn't much or enough focus in how the user survives in that desperate world.

Instead, there's a lot of blame the victim, saying they should have done X, or Y or used our favourite toy or this exchange not that one. Blaming the victim isn't security, it's cannibalism.

Unfortunately, you don't get out of this for free. If the Bitcoin community doesn't move to protect the user, two things will happen. Firstly, Bitcoin will earn a dirty reputation, so the community won't be able to move to the mainstream. E.g., all these people talking about banks using Bitcoin - fantasy. Moms and pops will be and remain safer with money in the bank, and that's a scary thought if you actually read the news.

Secondly, and worse, the system remains vulnerable to collapse. Let's say someone hacks Mt.Gox and makes a lot of money. They've now got a lot of money to invest in the next hack and the next and the next. And then we get to the present day:

Message to the individual responsible for the Bitfinex security incident of August 2, 2016

We would like to have the opportunity to securely communicate with you. It might be possible to reach a mutually agreeable arrangement in exchange for an enormous bug bounty (payable through a more privacy-centric and anonymous way).

So it turns out a hacker took a big lump of Bitfinex's funds. However, the hacker didn't take it all. Joseph VaughnPerling tells me:

"The bitfinex hack took just about exactly what bitfinex had in cold storage as business profit capital. Bitfinex could have immediately made all customers whole, but then would have left insufficient working capital. The hack was executed to do the maximal damage without hurting the ecosystem by putting bitfinex out of business. They were sure to still be around to be hacked again later.

It is like a good farmer, you don't cut down the tree to get the apples."

A carefully calculated amount, coincidentally about the same as Bitfinex's working capital! This is annoyingly smart of the hacker - the parasite doesn't want to kill the host. The hacker just wants enough to keep the company in business until the next mafiosa-style protection invoice is due.

So how does the company respond? By realising that it is owned. Pwn'd the cool kids say. But owned. Which means a negotiation is due, and better to convert the hacker into a more responsible shareholder or partner than to just had over the company funds, because there has to be some left over to keep the business running. The hacker is incentivised to back off and just take a little, and the company is incentivised to roll over and let the bigger dog be boss dog.

Everyone wins - in terms of game theory and economics, this is a stable solution. Although customers would have trouble describing this as a win for them, we're looking at it from an ecosystem approach - parasite versus host.

But, that stability only survives if there is precisely one hacker. What happens if there are two hackers? What happens when two hackers stare at the victim and each other?

Well, it's pretty easy to see that two attackers won't agree to divide the spoils. If the first one in takes an amount calculated to keep the host alive, and then the next hacker does the same, the host will die. Even if two hackers could convert themselves into one cartel and split the profits, a third or fourth or Nth hacker breaks the cartel.

The hackers don't even have to vote on this - like the old joke about democracy, when there are 2 wolves and 1 sheep, they eat the sheep immediately. The talk about voting is just the funny part for human consumption. Pardon the pun.

The only stability that exists in the market is if there is between zero and one attacker. So, barring the emergence of some new consensus protocol to turn all the individual attackers into one global mafiosa guild, a theme frequently celebrated in the James Bond movies, this market cannot survive.

To survive in the long run, the Bitcoin community have to do better than the banks - much better. If the Bitcoin community wants a future, they have to change course. They have to stop obsessing about the chain's security and start obsessing about the user's security.

The mantra should be, nobody loses money. If you want users, that's where you have to set the bar - nobody loses money. On the other hand, if you want to build an ecosystem of gamblers, speculators and hackers, by all means, obsess about consensus algorithms, multisig and cold storage.

ps; I first made this argument of ecosystem instability in "Bitcoin & Gresham's Law - the economic inevitability of Collapse," co-authored with Philipp Güring.

Posted by iang at 12:35 PM | Comments (0)

July 17, 2016

Ricardian Contracts in the media!

Ricardian Contracts were featured in R3's event on Smart Contract Templates in coordination with Barclays.

See the deck, pages 44-67. The Riccy formed a big part of that event as the idea of laying out the prose contract alongside the smart code are now becoming evidently necessary as well as just merely necessary. The R3 weekend read pulls quotes from IBTimes / Lee Braine and Richard Gendal Brown:

The following pull quote is best contrasted with The DAO entry at the beginning of this post:
Braine said that one of the motivations for creating smart contracts, together with shared ledgers underneath them, is the opportunity to reduce the number and duration of disputes. Some of the potential improvements could result from simply making the relevant information, such as agreements governing specific trades, more easily accessible.

Brown agreed, adding: "If you look at the experience with The DAO recently, one of the key takeaways from that incident was that, in a system that perhaps had an express design goal of having the code be dominant, there is a need to have a broader contract that explains what happens in the event that things do go wrong."

This future of contracting sees a layout of {prose, code, params} which fully describe a smart contract entered into by parties, something I talked about in SOAC a while back.

Instead of the normal boring presentation on 'what' the Ricardian Contract is, I talked about 'why' with the hope that, by understanding the research origins that led to the design pattern, it would be clearer why it has to be so. I hope we can do a voice release or article / paper at some point so a little more context can be explained.

And, to round off the news, we now have the Ricardian Contract's own wikipedia page. Thanks to Arthur Doohan for that hard work!

Posted by iang at 05:40 PM | Comments (1)

June 18, 2016

Ethereum is one step away from creating a workable smart contracting community

To live in interesting times!

First TheDAO started up as a crowd funded smart contract which took in about $160m of contributions. Hoorah!

Then, a programmer spotted a bug and used it to sweep about $60m across to own account. Howzat!?

Next, the Ethereum coredevs reacted in collective angst and moved to unwind the 'theft.' Hooray!

Finally, someone called "attacker" claimed credit for the actions, and reminded everyone that there was a legal contract in place. YeeHaa!

Ethereum is the reality TV of the new financial cryptographic generation. However, let's not be entirely damning, it is also important to take pause and review what they have achieved. Positively.

Firstly, Ethereum has established beyond a doubt that the smart code needs to be part of a wider agreement at law. You can see this on the Explainer page of TheDAO where it carefully lays out:

"When you click the “I Accept” button or check box presented with the terms you are agreeing that you are taking part in The DAO’s Creation under the terms set forth in The DAO’s smart contract code at your own risk."

By clicking "I Accept", you enter into a legal contract, with the above text as part thereof.

To see that it is a legal contract, imagine if it didn't exist - in the absence of an agreement, there is no party who claims responsibility for TheDAO, and therefore TheDAO is abandoned at law. Which means that anyone can do whatever they like. Indeed, that means whoever can claim the value within can do so - it's like an abandoned ship at sea or unclaimed land; first person to plant a flag is the winner.

Clearly, the founders of TheDAO were smart enough not to want their smart contract to be 'abandoned' so it/they must and did enter into a legal agreement with contributors to (a) exert existence and (b) exert its authority to control the assets on behalf of the beneficiaries.

Having asserted its capacity to act, it also asserts that the smart code dominates over the legal prose:

The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code.

This is the correct order, which you can divine if you follow the logic: the legal agreement is prime over the smart code because it can bind the humans, and the legal agreement then has to defer primacy explicitly to any or all terms in the smart code. In summary, TheDAO has now exemplified 3 principles.

  1. The smart contract is a contract at law.
  2. The smart contract includes both code and prose.
    1. The legal prose asserts the capacity of the contract to act, a role outside the capability of the code;
    2. a purported smart contract without that capacity is likely abandoned, and also a statement that the authors are not smart enough to defend the property they create;
    3. the code requests that you click "I agree," a role outside the capability of the legal prose; and
    4. if you as user haven't clicked "I agree" or otherwise recorded your intent, then the smart contract is at liberty to ignore you - no intent established, no contract entered into.
  3. The legal prose rules over the smart contract.
    1. Then, the legal prose may with words pass the legal dominance to any part or all of the smart code; and
    2. indeed that might be the only thing that the legal prose does! But see below...

With these principles in hand, we are almost at the point of a viable smart contracting industry. And, we can thank the evolutionary efforts of many for this: Nick Szabo for the abstraction now called the smart contract, Satoshi for converting Nick's abstraction into the inspired form in Bitcoin, the Ethereum team for their more Turing-complete environment, and the authors of TheDAO for their big reveal of what it takes to make a real smart contract. What a social experiment!

On behalf of the entire Internet, I thank you. But we are still one step short of a complete smart contracting environment.

Recall that the point of a contract be it smart, simple, dumb or otherwise, is to create certainty over the uncertain agreements of human agents. Think about that statement for a moment - the goal is to create certainty. Got it? Now look at TheDAO and ask what you see?


If there is a better example of uncertainty in cryptographic affairs than TheDAO, I do not know of it, off hand. Indeed, the current life of TheDAO is so uncertain, it is likely to become a catchphrase for uncertainty in smart contracting!

Right? Let's list the ways. We have half the community up in arms that the terms of the smart code are going to be overridden and thus their contractual worldview is going to be overturned. We've the other half up in arms over the fact that someone has scarfed up a good chunk of the contents, and thus has breached the intent of the contract. And, now we have the Ethereum coredev team asserting their authority for a hard fork, and "Attacker" reminding them that there is a legal contract:

I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:

"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."

A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. ...

When we have such strong, valid-on-the-face arguments, at dramatically opposing poles, we have ... a dispute. TheDAO is now in fatal dispute. And what Ethereum lacks is a clear way forward to resolve that dispute.

Let's check the options. "Attacker" suggests a United States reading of the law, which suggests a USA court. USA courts typically accept any case for any nexus. But they will likely not accept the contract as valid under the securities laws in the USA, so Attacker will likely also find surprise in the event that it goes there. No matter, at $60million or whatever it is is well worth this minute, someone might try their luck in court.

And for the most part, Ethereum people are apparently located in Europe - London, Berlin, Switzerland. I'm not saying TheDAO was done by these people, but if Attacker knows who they are, and this seems reasonable, and any lawsuit names the authors and founders of TheDAO, what have we got?

A mess. What we haven't got is resolution. We can see a law suit that ricochets around the globe and locks a lot of people up in a world of pain. Everyone loses. We can see echoes of Assange and Snowden - we'll get articles, books, movies, but the one thing we won't get is ... resolution.

Certainty, this ain't.

And this is the critical step that Ethereum is short of - resolution, certainty. The traditional courts of law are not well suited to resolving this sort of dispute for a myriad of reasons - both good and bad.

Which brings us to the inevitable discovery that Ethereum must now make. There is a way that can give certainty to this mess in the general case; there is a way to resolve this sort of dispute. It is beholden on the community to find that forum of dispute resolution that can bring certainty to the smart contract when the smart contract itself has lost certainty.

Ethereum needs to set up its own forum - its own court - a court of smart contract dispute resolution.

This is not a trivial task; but it is a lot easier than you think. It's a matter of law, the choice is called Arbitration, and if you search around you can find volumes written on it. I'll leave that as an exercise for the reader, but you might want to look at DAMN. That's not how I would do it, but hey - compare and contrast!

Know it now - you face a fork in the road. On the one hand you have the failed social experiment known as TheDAO. On the other hand, you have your own forum of dispute resolution, designed to resolve precisely this mess, the smart contract in trouble. Like some science fiction movie, the choice is clear: choose to repeat the failure in TheDAO, or choose to engage in informed dispute resolution, customised for your disputes.

Choose quickly, before the next big reveal. Good luck.

Some notes.

  1. I'm handwaving over some elements of the legal arguments above, as I haven't identified precisely where the contract is entered. But that can be left as an exercise to the reader.
  2. Vitalik argues that there is no cryptographic connection. That's an odd argument, because (a) nobody's argued in court yet that there has to be a cryptographic connnection, (b) that argument reduces to "Vitalik doesn't attest to it being the contract" whereas (c) we need to go much much more, like "it isn't the contract because this other thing is the contract." Oh, and (d) we can guarantee that the court will look favourably on anything that looks like a contract, and will be entirely skeptical of a prose-free lump of code.
  3. I haven't talked about the parties to the contract at all in the above. That's because we don't need to - in this context. A given case may need to, but actually in TheDAO case, we don't need to. It could be entirely sufficient for the ethcore team to present the evidence as expert witnesses, and the Arbitrator to return a ruling authorising a hard fork. The parties do not need to be examined unless the case demands it.
Posted by Prometheus at 11:22 AM | Comments (0)

June 12, 2016

Where is the Contract? - a short history of the contract in Financial Cryptography systems

(Editor's note: Dates are approximate. Written in May of 2014 as an educational presentation to lawyers, notes forgotten until now. Freshened 2016.09.11.)

Where is the contract? This is a question that has bemused the legal fraternity, bewitched the regulator, and sent the tech community down the proverbial garden path. Let's track it down.

Within the financial cryptography community, we have seen the discussion of contracts in approximately these ways:

  1. Smart Contracts, as performance machines with money ,
  2. Ricardian Contract which captures the writings of an agreement ,
  3. Compositions: of elements such as the "offer and acceptance" agreement into a Russian Doll Contracts pattern, or of clause-code pairs, or of split contract constructions.

Let's look at each in turn.

a. Performance

a(i) Nick Szabo theorised the notion of smart contracts as far back as 1994. His design postulated the ability of our emerging financial cryptography technology to automate the performance of human agreements within computer programs that also handled money. That is, they are computer programs that manage performance of a contract with little or less human intervention.

At an analogous level at least, smart contracts are all around. So much of the performance of contracts is now built into the online services of corporations that we can't even count them anymore. Yet these corporate engines of performance were written once then left running forever, whereas Szabo's notion went a step further: he suggested smart contracts as more of a general service to everyone: your contractual-programmer wrote the smart contract and then plugged it into the stack, or the service or the cloud. Users would then come along and interact with this machine, to get services.

a(ii). Bitcoin. In 2009 Bitcoin deployed a limited form of Smart Contracts in an open service or cloud setting called the blockchain. This capability was almost a side-effect of a versatile payments transaction of smart contracts. After author Satoshi Nakamoto left, the power of smart contracts was reduced in scope somewhat due to security concerns.

To date, success has been limited to simple uses such as Multisig which provides a separation of concerns governance pattern by allowing multiple signers to release funds.

If we look at the above graphic we can see a fairly complicated story that we can now reduce into one smart contract. In a crowd funding, a person will propose a project. Many people will contribute to a pot of money for that project until a particular date. At that date, we have to decide whether the pot of money is enough to properly fund the project and if so, send over the funds. If not, return the funds.

To code this up, the smart contract has to do these steps:

  1. describe the project, including an target value v and a strike date t.
  2. collect and protect contributions (red, blue, green boxes)
  3. on the strike date /t/, count the total, and decide on option 1 or 2:
    1. if the contributions reach the amount, pay all over to owner (green arc), else
    2. if the contributions do not exceed the target v, pay them all back to funders (red and blue arcs).

A new service called Lighthouse now offers crowdfunding but keep your eyes open for crowdfunding in Ethereum as their smart contracts are more powerful.

b. Writings of the Contract

Back in 1996, as part of a startup doing bond trading on the net, I created a method to bring a classical 'paper' contract into touch with a digital accounting system such as cryptocurrencies. The form, which became known as the Ricardian Contract, was readily usable for anything that you could put into a written contract, beyond its original notion of bonds.

In short: write a standard contract such as a bond. Insert some machine-readable tags that would include parties, amounts, dates, etc that the program also needed to display. Then sign the document using a cleartext digital signature, one that preserves the essence as a human-readable contract. OpenPGP works well for that. This document can be seen on the left of this bow-tie diagram.

Then - hash the document using a cryptographic message digest function that creates a one-for-one identifier for the contract, as seen in the middle. Put this identifier into every transaction to lock in which instrument we're paying back and forth. As the transactions start from one genesis transaction and then fan out to many transactions, all of them including the Ricardian hash, with many users, this is shown in the right hand part of the bow-tie.

See 2004 paper and wikipedia page on the Ricardian contract. We have then a contract form that is readable by person and machine, and can be locked into every transaction - from the genesis transaction, value trickles out to all others.

The Ricardian Contract is now emerging in the Bitcoin world. Enough businesses are looking at the possibilities of doing settlement and are discovering what I found in 1996 - we need a secure way to lock tangible writings of a contract on to the blockchain. A highlight might be NASDAQ's recent announcements, and Coinprism's recent work with OpenAssets project [1, 2, 3], and some of the 2nd generation projects have incorporated it without much fuss.

c. Composition

c(i). Around 2006 Chris Odom built OpenTransactions, a cryptocurrency system that extended Ricardian Contract beyond issuance. The author found:

"While these contracts are simply signed-XML files, they can be nested like russian dolls, and they have turned out to become the critical building block of the entire Open Transactions library. Most objects in the library are derived, somehow, from OTContract. The messages are contracts. The datafiles are contracts. The ledgers are contracts. The payment plans are contracts. The markets and trades are all contracts. Etc.

I originally implemented contracts solely for the issuing, but they have really turned out to have become central to everything else in the library."

In effect Chris Odom built an agent-based system using the Ricardian Contract to communicate all its parameters and messages within and between its agents. He also experimented with Smart Contracts, but I think they were a server-upload model.

c(ii). CommonAccord construct small units containing matching smart code and prose clauses, and then compose these into full contracts using the browser. Once composed, the result can be read, verified and hashed a la Ricardian Contracts, and performed a la smart contracts.

c(iii) Let's consider person to person trading. With face-to-face trades, the contract is easy. With mail order it is harder, as we have to identify each components, follow a journey, and keep the paper work. With the Internet it is even worse because there is no paperwork, it's all pieces of digital data that might be displayed, might be changed, might be lost.

Shifting forward to 2014 and OpenBazaar decided to create a version of eBay or Amazon and put it onto the Bitcoin blockchain. To handle the formation of the contract between people distant and anonymous, they make each component into a Ricardian Contract, and place each one inside the succeeding component until we get to the end.

Let's review the elements of a contract in a cycle:

✓ Invitation to treat is found on blockchain similar to web page.
✓ offer by buyer
✓ acceptance by merchant
✓ (performance...)
✓ payment (multisig partner controls the money)

The Ricardian Contract finds itself as individual elements in the formation of the wider contract formation around a purchase. In each step, the prior step is included within the current contractual document. Like the lego blocks above, we can create a bigger contract by building on top of smaller components, thus implementing the trade cycle into Chris Odom's vision of Russian Dolls.


In conclusion, the question of the moment was:

Where is the contract?

So far, as far as the technology field sees it, in three areas:

  • as performance - the Smart Contract
  • as writing - the Ricardian Contract
  • as composition - elements packaged into Russian Dolls, clause-code pairs and convergance as split contracts.

I see the future as convergence of these primary ideas: the parts or views we call smart & legal contracts will complement each other and grow together, being combined as elements into fuller agreements between people.

For those who think nothing much has changed in the world of contracts for a century or more, I say this: We live in interesting times!

(Editor's reminder: Written in May of 2014, and the convergence notion fed straight into "The Sum of all Chains".)

Posted by iang at 07:35 PM | Comments (0)

March 13, 2016

Elinor Ostrom's 8 Principles for Managing A Commmons

(Editor's note: Originally published at http://www.onthecommons.org/magazine/elinor-ostroms-8-principles-managing-commmons by Jay Walljasper in 2011)

Elinor Ostrom shared the Nobel Prize in Economics in 2009 for her lifetime of scholarly work investigating how communities succeed or fail at managing common pool (finite) resources such as grazing land, forests and irrigation waters. On the Commons is co-sponsor of a Commons Festival at Augsburg College in Minneapolis October 7-8 where she will speak. (See accompanying sidebar for details.)

Ostrom, a political scientist at Indiana University, received the Nobel Prize for her research proving the importance of the commons around the world. Her work investigating how communities co-operate to share resources drives to the heart of debates today about resource use, the public sphere and the future of the planet. She is the first woman to be awarded the Nobel in Economics.

Ostrom’s achievement effectively answers popular theories about the "Tragedy of the Commons", which has been interpreted to mean that private property is the only means of protecting finite resources from ruin or depletion. She has documented in many places around the world how communities devise ways to govern the commons to assure its survival for their needs and future generations.

A classic example of this was her field research in a Swiss village where farmers tend private plots for crops but share a communal meadow to graze their cows. While this would appear a perfect model to prove the tragedy-of-the-commons theory, Ostrom discovered that in reality there were no problems with overgrazing. That is because of a common agreement among villagers that one is allowed to graze more cows on the meadow than they can care for over the winter—a rule that dates back to 1517. Ostrom has documented similar effective examples of "governing the commons" in her research in Kenya, Guatemala, Nepal, Turkey, and Los Angeles.

Based on her extensive work, Ostrom offers 8 principles for how commons can be governed sustainably and equitably in a community.

8 Principles for Managing a Commons

1. Define clear group boundaries.

2. Match rules governing use of common goods to local needs and conditions.

3. Ensure that those affected by the rules can participate in modifying the rules.

4. Make sure the rule-making rights of community members are respected by outside authorities.

5. Develop a system, carried out by community members, for monitoring members’ behavior.

6. Use graduated sanctions for rule violators.

7. Provide accessible, low-cost means for dispute resolution.

8. Build responsibility for governing the common resource in nested tiers from the lowest level up to the entire interconnected system.

Posted by iang at 08:34 PM | Comments (0)

August 24, 2015

The Great Bitcoin Fork - heartbleed or bleeding hearts?

Bitcoin has just had its first big security failure. Perhaps surprising to some, the security was breached at the human layer known as governance, and not at the cryptographic or protocol layers.

TL;DR: the threat that evaded the security model was this: the Bitcoin community has failed to agree on how to evolve the protocol, and this failure has taken concrete form in the announcement of Bitcoin-XT, an alternate that may be incompatible with the current client. To solve this failure, a new governance layer is needed.

If one subscribes to the triple entry thesis, Bitcoin underpins the most radical and productive innovation in finance since double entry accounting, and it thus behoves to analyse the nature of the security failure carefully. The failure for a group to reach consensus is a very old problem of humanity and is not easily susceptible to technological hack. Whilst we have some good algorithms and structures to manage these problems, it is important that the community recognise that fixes required to the threat model is as much to the community itself as to the protocol or cryptography.

A brief interlude to explain, before discussing solutions: This schism within the Bitcoin community resulted in the announcement of larger blocksizes in Bitcoin-XT to deliver higher transaction capacity, something which many claim is necessary to take Bitcoin commerce to the retail level. However, the process of changing the fixed parameters in the Bitcoin protocol is fraught because of the nature of the consensus algorithm.

Bitcoin is a replicated shared ledger system that batches transactions into 'blocks'. The network of distributed client programs comes together to agree on each block, the result being the Nakamoto Signature over each block.

It doesn't matter today how that signature works - the proof of work consensus protocol - what matters is that some 6000 nodes meet and sign every 10 minutes according to a very complicated set of rules. To change those rules is problematic because we can’t update all the clients at once, and so … problems can emerge.

That problem is broadly called a fork - when one part of the network fights for a block that differs to the block of another part, the consensus algorithm starts humming until there is an eventual winner. This is the genius of Nakamoto's signature - if there is a fork, the network just keeps humming away until one or other of the sides backs away and dies.

But, the fear is, if there are different protocol rules, the "erstwhile losers" will never back off and a permanent fork is possible - the shared replicated ledger enters the twilight zone where your transaction is both confirmed and lost at the same time. In this case, the older clients will never accept a block larger than 1,000,000 bytes; blocks greater than that size could conceivably trigger a permanent fork.

Conventional logic is that the community needs to manage such a change to software carefully and plan ahead. Which would be fine, if that were done, but as is the way with these things, this planning, which was first mooted 5 years ago, has been stymied by one means or another.

What's going on here? It probably helps to catalogue the forms of fork that exist, as of the moment, in a layered approach:

  1. There is the fork in transactional block understanding, which the proof of work consensus algorithm strives to and ultimately suppresses. This works because statistically, the network of clients includes enough uncertainty and the algorithm provides enough incentive to push some nodes around and thus force one side or other to lose.
  2. A fork in software is more problematic as the rules should be deterministic for the first fork to resolve. The normal statistical methods don't work here, but when it happens - once in recorded history - the core team can come together as they did in 2013, isolate the rule failure, and push software changes or recommendations out to fold back the competing blocks into one.
  3. A fork in the core team is more problematic. When one side of the team wants path A and the other side of the team wants path B, arguments ensue. Against the threat of core team fork, the Bitcoin mitigation of 'we voluntarily agree' is too soft for a credible security project.

It is this third type of fork we now observe. To defend against this fork, the control of Bitcoin’s core algorithm has been left by custom to a small, tight team that manages one client software base called bitcoind. Five committers work closely together to put changes in.

However there was always a fork possible because in the open source world, forking the software base and starting a new project is considered normal, routine, and a cause for celebration: creativity. Indeed, there are many hundreds of projects called altcoins that have done precisely that - forked the software and started up a new chain - and there are several competing code bases that follow the same rules.

That part we know well, but an attempt to fork the software, change the rules and work on the same chain is novel.

Surely the core team knew well enough to not do that? Surely they had the discipline to not deliberately risk a permanent fork and bring down the entire $4bn Bitcoin community? That’s how many people are putting it - outrage - but we instead would like to point out that in the history of human affairs, one thing stands out:

If it can go wrong, it will.

Murphy's Law has it that if there is a weakness, eventually someone or something will get around to finding the circumstances for triggering that precise set of conditions. This view would suggest that even if the core team could present that elusive quality of better discipline and better responsibility, something is going to happen, one day. The flaw isn't in the team, because they are human after all, the flaw is in the systems design or more properly the security model. Failure to agree is a well known failure mode, and should have at least had a higher likelihood assigned in the risk analysis. Accept the risk of core team failure was then always a short term mitigation.

Assuming the inevitability of human divergence, how do we solve the higher layer team fork?

There are several ways to deal with this. One is to not have a fork. Another way is to encourage forks to naturally resolve themselves. A third is to find a way to live with the fork.

Not having the fork means in essence better leadership - not have the core team decide to fork. But our Murphy's Law observation indicates that a small tight single team will always fork in one way or another. Or, to draw on political history, there is a contradiction between the ideals of Bitcoin as a system of property rights, and the lack of ownership of the system as a property right, and until that is fixed, Bitcoin is in trouble.

There are many ways to deal with this contradiction, but just one way that seems to keep emerging throughout time is to split the single team into three and establish joint ownership of the system for the commons: Legislature ⇔ Judiciary ⇔ Executive.

Popularised by the US Republic, the 'powers' are split between the three ‘heads’ in an inherently unstable fashion. The executive appoints judges, but cannot tell the judiciary what to do. In contrast, the judiciary can tell the executive what to do, but, the judge's power is limited by a given case, and by the body of law and precedent, which comes from the Legislature. The legislature can tell the other two what to do, but only in the future. In order to keep the legislature and the executive in check, the people assemble every 4 or so years and throw the buggers out.

Long term stability is ensured by the inherent instability of the triangle; fights are frequent and noisy but civil war rarely breaks out. This stable triangle of unstable nodes, sometimes called three heads of power, can be adopted by any community. For example, the CAcert community does exactly that model: Policy ⇔ Arbitration ⇔ Board. Same powers and roles, same fights, different labels. Alternatively, many other methods and variants have been trialled throughout history and through the open source world.

How might this work in practice for the Bitcoin community? Part of it is already in place - Bitcoin’s system of BIPs presents a legislature. Another part would be to fork (pun intended) the political decisions away from the engineering decisions. In this case, the decision to increase the blocksize would be made by the political or executive team, which would be subject to regular elections. The technical dev or engineering team would then simply implement the how, and not engage in the politics of the whether other than to provide the politicians with advice.

The third part is when the technical team and executive team, or any other participants, cannot agree on something. For this, a forum of dispute resolution is needed. This is simple to organise - everyone who participates simply agrees up front to refer their disputes to the forum - but is harder to run as an Arbitrator has a tough job of making a ruling over an already complex situation. However, that’s out of scope of this article, what's important is that there is always a path by which fights are resolved, before escalating into civil war and bloodshed.

This method turns a core team fork into a decision as to lead team, but it wouldn’t stop the fork from happening - a rival team could simply start a new core development. But even then, the separation between political, engineering and dispute decisions would facilitate negotiation and finding new agreement because there are now three potential paths with which to negotiate with the rival team. Each of the three heads of power could find different paths, and the instability of their arrangement would lead to a solution emerging.

The combined power of the three, and the better control by the community would lead to more faith. The presence of the judiciary and the possibility of your voice being heard would strongly tilt preference to the governed system and away from rival teams. It might also lay the foundation for treasured ideals such as clear fungibility in most circumstances, and reversals of clear wrongs in the exception.

In closing, we should remember that technology cannot fix all of mankind’s problems. Very often, in fixing one problem, we reveal knottier and usually deferred problems in higher layers; Bitcoin’s consensus algorithm fixes blockchain forks and thus reveals forks in the rules and in the team. How to build a protocol that can handle higher layer forks remains an issue as outsiders can still attack the mainnet chain with their own proposed codebase. This is beyond the scope of today's brief missive, indeed, it's quite a project in its own right, but it is not outrageous - have a look at treechains or sidechains or Tezos for alternate schools of thought in how to handle higher-layer forks.

That the Bitcoin design got this far, and the community has come to cross this Rubicon so early in life is no disaster, rather it is the mark of accelerated intellectual robustness and excellence in design. But design does not solve everything, it especially does not address the age-old problem of being unable to foretell the future, a syndrome which is commonly referred to as 'politics'.

Ed note: this essay received some comments and wordings from Arthur Doohan and Ada Lovelace.

Posted by iang at 04:27 PM | Comments (5)

June 17, 2015

Cash seizure is a thing - maybe this picture will convince you

There are many many people who do not believe that the USA police seize cash from people and use it for budget. The system is set up for the benefit of police - budgetary plans are laid, you have no direct recourse to the law because it is the cash that defends itself, the proceeds are carved up.

Maybe this will convince you - if cash seizure by police wasn't a 'thing' we wouldn't need this chart:

Posted by iang at 08:00 PM | Comments (1)

June 05, 2015

Coase's Blockchain - the first half block - Vinay Gupta explains triple entry

Editor's Preamble! Back in 1997 I gave a paper on crowdfunding - I believe the first ever proper paper, although there was one "lost talk" earlier by Eric Hughes - at Financial Cryptography 1997. Now, this conference was the first polymath event in the space, and probably the only one in the space, but that story is another day. Because this was a polymath event, law professor who's name escapes Michael Froomkin stood up and asked why I hadn't analysed the crowdfunding system from the point of view of transaction economics.

I blathered - because I'd not heard of it! But I took the cue, went home and read the Ronald Coase paper, and some of his other stuff, and ploughed through the immensely sticky earth of Williamson. Who later joined Coase as a Nobel Laureate.

The prof was right, and I and a few others then turned transaction cost discussion into a cypherpunk topic. Of course, we were one or two decades too early, and hence it all died.

Now, with gusto, Vinay Gupta has revived it all as an explanation of why the blockchain works. Indeed, it's as elegant a description of 'why triple entry' as I've ever heard! So here goes my Saturday writing out Coase's first half block, or the first 5 minutes of Gupta's talk.

This is the title of the talk - Coase's Blockchain. Does anyone in the audience know who Ronald Coase was? No? Ok. He got the Nobel Prize for Economics in 1940. Coase's question was, why does the company exist as an institution? Theoretically, if markets are more efficient than command economies, because of a better distribution of information, why do we then recreate little pockets of command economy in the form of a thing you call a company?

And, understanding why the company exists is a critical thing if you want to start companies or operate companies because the question you have to ask is why are we doing this rather than having a market of individual actors. And Coase says, the reason that we don't have seas of contractors, we've got structures like say IBM, is because making good decisions is expensive.

Last time you bought a telephone or a television or a car you probably spent 2 days on the Internet looking at reviews trying to make a decision, right? Familiar experience? All of that is a cost, that in a company is made by purchasing. Same thing for deciding strategy, if you're a small business person you spend a ton of time worrying about strategy, and all of those costs in a large company are amortised across the whole company. The company serves to make decisions and then amortise the costs of the decisions across the entire structure.

This is all essentially about transaction costs. Now, move onto Venture Capital.

Paul Graham's famous essay "Black Swan Farming." What they basically say is venture capitalists have no idea what will or won't work, we can't tell. We are in the business of guessing winners, but it turns out that our ability to successfully predict is less than one in a hundred. Of a hundred companies we fund, 90 will fail, 10 will make about 10 times what we put into them, and one in about a thousand will make us a ton of money. One thousand to one returns are higher, but we actually have no way of telling which is which, so we just fund everything.

Even with their very large sample size, they are unable to successfully predict what will or will not succeed. And if this is true for venture capitalists, how much truer is it for entrepreneurs? As a venture capitalist, you have an N of maybe 600 or 1000, as an entrepreneur you've got an N of 2 or 3. All entrepreneurs are basically guessing that their thing might work with totally inadequate evidence and no legitimate right to assume their guess is any good because if the VCs can't tell, how the heck is the entrepreneur supposed to tell?

We're in an environment with extremely scarce information about what will or will not succeed and even the people with the best information in the world are still just guessing. The whole thing is just guesswork.

History of Blockchains in a Nutshell, and I will bring all this back together in time.

In the 1970s the SQL database was basically a software system that was designed to make it possible to do computation using tape storage. You know how in databases, you have these fixed field lengths, 80 characters 40 characters, all this stuff, it was so that when you fast-forwarded the tape, you knew that each field would take 31 inches and you could fast forward by 41 and a half feet to get to the record you needed next. The entire thing was about tape.

In the 1990s, we invent the computer network, at this point we're running everything across telephone wires, basically this is all pre-Ethernet. It's really really early stuff and then you get Ethernet and standardisation and DNS and the web, the second generation of technology.

The bridges between these systems never worked. Anybody that's tried to connect two corporations across a database knows that it's just an absolute nightmare. You get hacks like XML-EDI or JSON or SOAP or anything like that but you always discover that the two databases have different models of reality and when you interconnect them together in the middle you wind up having to write a third piece of software.

The N-squared problem. So the other problem is that if we've got 50 companies that want to talk to 50 companies you wind up having to write 50-squared interconnectors which results in an unaffordable economic cost of connecting all of these systems together. So you wind up with a hub and spoke architecture where one company acts as the broker, everybody writes a connector to that company, and then that company sells all of you down the river because it has absolute power.

As a result, computers have had very little impact on the structure of business even though they've brought the cost of communication and the cost of knowledge acquisition down to a nickel.

This is where we get back to Coase. The revolution that Coase predicted that computers should bring to business hasn't yet happened, and my thesis is that blockchains is what it takes to get that to run.

Editor again: That was Vinay's first 5m after which he took it across to blockchains. Meanwhile, I'll fork back a little to triple entry.

Recall the triple entry concept as being an extension of double entry: The 700 year old invention of double entry used two recordings as a redundant check to eliminate errors and surface fraud. This allowed the processing of accounting to be so reliable that employed accountants could do it. But accounting's double entries were never accepted outside the company, because as Gupta puts it, companies had "different models of reality."

Triple entry flips it all upside down by having one record come from an independent center, and then that record is distributed back to the two companies of any trade, making for 3 copies. Because we used digital signatures to fix one record, triply recorded, triple entry collapses the double vision of classical accounting's worldview into one reality.

We built triple entry in the 1990s, and ran it successfully, but it may have been an innovationary bridge too far. It may well be that what we were lacking was that critical piece: to overcome the trust factor we needed the blockchain.

On that note, here's another minute of the talk I copied before I realised my task was done!

The blockchain, regardless of all the complicated stuff you've heard about it, is simply a database that works just like the network. A computer network is everywhere and nowhere, nobody really owns it, and everybody cooperates to make it work, all of the nodes participate in the process, and they make the entire thing efficient.

Blockchains are simply databases updated to work on the network. And those databases are ones with different properties than the databases made to run on tape. They're decentralised, you can't edit anything, you can't delete anything, the history is stored perfectly, if you want to make an update you just republish a new version of it, and to ensure the thing has appropriate accountability you use digital signatures.

It's not nearly as complicated as the tech guys in blockchainland will tell you. Yes it's as complicated as the inside of an SQL database. All of your companies run SQL databases, none of you really know how they work, it's going to be just like that with blockchains. Two years you'll forget the word blockchain, you'll just hear database, and it'll mean the same thing. Probably.

Posted by iang at 08:07 AM | Comments (0)

May 16, 2015

NASDAQ on the blockchain - why?

The recent announcement that NASDAQ are experimenting with putting assets on the blockchain ruffled some feathers! Amonst many question, chief was /which chain/? Now the answer to that has leaked, people are asking "why Bitcoin?"

Two factors are strong here, being the asset-capabilities axis, and the control or "permission" axis.

1. First the assets. As I have hummed or written or shrilled loudly, the big thing that is missing in Bitcoin is assets. Just quickly, Satoshi Nakamoto made a remarkable simplification by establishing precisely one and only one unit - the BTC. But that trick is only possible for one unit; as soon as you need two units, chaos ensues.

And the altCoins market is the proof of that, chaos. The keystone it is missing is the ability to describe an issued instrument in cohesive, rigourous terms. By that I mean, in short words, the legal or prose contract offered by an issuer.

Briefly, we need a written, prose contract that is locked into the accounting system, one-for-one -- something you can take to court. The longer story can be read in my Ricardian Contract paper, etc, but for now, we need to just fixate on how we lock a legal contract into an issuance of value.

Recently, it turns out, there was a change in Bitcoin's underlying code ("OpReturn") that allowed sufficient information in it to do just that. This is seen most clearly in colored coins and the OpenAssets project, or at CoinPrism. In essence, you can now include the Ricardian hash in the transaction so that your payment points securely to the contract you are paying.

Having a contract means you can describe equity, securely. Which means that NASDAQ can describe their issuances, securely. Which means they can do an end-to-end demonstration of their intended vision, as a proof of concept.

The takeaway for assets is that NASDAQ can now do it on bitcoin, whereas before they would have been limited to one of the gen 2 products.

(NB, in the above, I'm not referring to smart contracts. For more on this distinction, see On the intersection of Smart Contracts and Ricardian Contracts.)

2. Now for Permission. To summarise the "permissionless" debate, it is industry expectation that institutions will want to be able to benefit from the innovation of bitcoin for the most part, but, at the end of the day, they will need a kill-switch. Because, we're talking the assets of the company, or the shares your client holds, or the loot the court just ordered you to seize, some control is needed. As Tim Swanson said:

"No bank's going to want to put a billion dollars of value [on a ledger] if it can be destroyed by anonymous validators," he said in an interview.

That's the industry expectation, and obviously this goes 100% counter to bitcoin expectation. Without getting into that debate today, I agree, *in principle* this is the force that will be brought to bear. But that's only in principle. It is a given that we know the layers and principles of financial cryptography, but the art lies in knowing when to break them.

Where then can we adjust?

As NASDAQ are only experimenting at this stage, it matters not what they do. Once they are done with experimenting with the tech, they'll then have to build it - which doesn't mean the tech, it means the rest of the infrastructure. The tech is a small part of the equation, sorry guys.

Out of that conversation will come any decisions to switch tech, so in essence NASDAQ are building one to throw away.

Thusly, their choice of technology is totally open. Why then not go with technology that more closely approximates their market, which might be Ethereum, Eris, Hyperledger, Open Transactions or even my own Ricardo? Again, the answer is the same: using permissionless technology such as Bitcoin gives them ... permissionlessness!

Why is this necessary or even slightly useful? Isn't NASDAQ a huge institution with incredible power?

They are. But this doesn't mean they are not subject to influence, power, pressure, bribery, corruption, rotating doors and favours. Directly above them, as an SRO, they have the SEC, and the Fed. To the side, the other exchanges, clearing houses, banks, DTCC, OTC markets, etc. Underneath many thousands of brokers. And then, swimming like sharks around a wounded whale, NASDAQ is surrounded by 50 direct state regulators, probably 10 national regulators in addition to the SEC and the Fed, and hundreds of other interested agencies, armed and ready to have their say. And we haven't even mentioned the insiders...

Telling those parties that they are working on the open blockchain is a very powerful signal. It basically stops everyone of those parties in their tracks. It means none of them can form an opinion, issue a letter, insist on a rule, start the power game, phone in favours, etc etc. Because bitcoin is permissionless, then it needs no permission for even NASDAQ to play. E.g., if FinCEN phones up, NASDAQ can respond, "by all means, come play with us, what's your bitcoin address?"

Or as gendal put it, come along and play in our permissionless innovation sandpit:

Permissionless Innovation

Because it turns out that censorship-resistance implies an even more interesting property: permissionless innovation.

"Permissionless innovation" -- the general freedom to experiment with new technologies and business models -- has been the secret sauce that fueled the success of the Internet and the digital economy.

This story is as important to a huge organisation such as NASDAQ as it is to the SV techie in a basement.

In the alternate, we can compare that story to the sad sorry debacle of Ripple. Although they said all the right words to anyone that would listen, at the end of the day, they were just words. Actions are the issue. Ripple had a permissioned system, and when push came to shove, they just didn't have enough of it.

By choosing the permissionless system, NASDAQ has bypassed all that. For now. Which is just what they need to ... experiment, innovate, play.

Posted by iang at 10:50 AM | Comments (1)

February 16, 2015

Google's bebapay to close down, Safaricom shows them how to do it

In news today, BebaPay, the google transit payment system in Nairobi, is shutting down. As predicted in this blog, the payment system was a disaster from the start, primarily because it did not understand the governance (aka corruption) flow of funds in the industry. This resulted in the erstwhile operators of the system conspiring to make sure it would not work.

How do I know this? I was in Nairobi when it first started up, and we were analysing a lot of market sectors for payments technology at the time. It was obvious to anyone who had actually taken a ride on a Matatu (the little buses that move millions of Kenyans to work) that automating their fares was a really tough sell. And, once we figured out how the flow of funds for the Matatu business worked, from inside sources, we knew a digital payments scheme was dead on arrival.

As an aside there is a play that could have been done there, in a nearby sector, which is the tuk-tuks or motorbike operators that are clustered at every corner. But that's a case-study for another day. The real point to take away here is that you have to understand the real flows of money, and when in Africa, understand that what we westerners call corruption means that our models are basically worthless.

Or in shorter terms, take a ride on the bus before you decide to improve it.

Meanwhile, in other news, Safaricom are now making a big push into the retail POS world. This was also in the wings at the time, and when I was there, we got the inside look into this field due to a friend who was running a plucky little mPesa facilitation business for retails. He was doing great stuff, but the elephant in the room was always Safaricom, and it was no polite toilet-trained beast. Its reputation for stealing other company's business ideas was a legend; in the payment systems world, you're better off modelling Safaricom as a bank.

Ah, that makes more sense... You'll note that Safaricom didn't press over-hard to enter the transit world.

The other great takeway here is that westerners should not enter into the business of Africa lightly if at all. Westerners' biggest problem is that they don't understand the conditions there, and consequently they will be trapped in a self-fulfilling cycle of western psuedo-economic drivel. Perhaps even more surprising, they also can't turn to their reliable local NGOs or government partners or consultancies because these people are trained & paid by the westerners to feed back the same academic models.

How to break out of that trap economically is a problem I've yet to figure out. I've now spent a year outside the place, and I can report that I have met maybe 4 or 5 people amongst say 100 who actually understand the difference? Not a one of these is employed by an NGO, aid department, consultant, etc. And, these impressive organisations around the world that specialise in Africa are in this situation -- totally misinformed and often dangerously wrong.

I feel very badly for the poor of the world, they are being given the worst possible help, with the biggest smile and a wad of cash to help it along its way to failure.

Which leads me to a pretty big economic problem - solving this requires teaching what I learnt in a few years over a single coffee - can't be done. I suspect you have to go there, but even that isn't saying what's what.

Luckily however the developing world -- at least the parts I saw in Nairobi -- is now emerging with its own digital skills to address their own issues. Startup labs abound! And, from what I've seen, they are doing a much better job at it than the outsiders.

So, maybe this is a problem that will solve itself? Growth doesn't happen at more than 10% pa, so patience is perhaps the answer, not anger. We can live and hope, and if an NGO does want to take a shot at the title, I'm in for the 101th coffee.

Posted by iang at 07:59 AM | Comments (1)

December 30, 2014

Audit: when the Economist finally opens up the debate on the silent fraud of the century

What ever happened to Audit? 5 years ago now it seems, I penned a 7 part essay that tried to lay out why audit did not spot or contribute anything to the financial crises if 2007-2008. The silence has not gone unnoticed, and now the Economist picks up with The dozy watchdogs

PwC's failure to detect the problem is hardly an isolated case. If accounting scandals no longer dominate headlines as they did when Enron and WorldCom imploded in 2001-02, that is not because they have vanished but because they have become routine. On December 4th a Spanish court reported that Bankia had mis-stated its finances when it went public in 2011, ten months before it was nationalised. In 2012 Hewlett-Packard wrote off 80% of its $10.3 billion purchase of Autonomy, a software company, after accusing the firm of counting forecast subscriptions as current sales (Autonomy pleads innocence). The previous year Olympus, a Japanese optical-device maker, revealed it had hidden billions of dollars in losses. In each case, Big Four auditors had given their blessing.

Yes, we've all noticed a steady series of blindspots-turned-disaster. But it goes further than the accidental, and I asked "Let's check the record: did any audit since Sarbanes-Oxley pick up any of the problems seen in the last 18 months to do with the financial crisis?" The Economist carries on:

And although accountants have largely avoided blame for the financial crisis of 2008, at the very least they failed to raise the alarm. America's Federal Deposit Insurance Corporation is suing PwC for $1 billion for not detecting fraud at Colonial Bank, which failed in 2009. (PwC denies wrongdoing and says the bank deceived the firm.) This June two KPMG auditors received suspensions for failing to scrutinise loan-loss reserves at TierOne, another failed bank. Just eight months before Lehman Brothers' demise, EY's audit kept mum about the repurchase transactions that disguised the bank's leverage.

What went wrong? The Economist puts it this way:

Of course, no police force can hope to prevent every crime. But such frequent scandals call into question whether this is the best the Big Four can do -- and if so, whether their efforts are worth the $50 billion a year they collect in audit fees. In popular imagination, auditors are there to sniff out fraud. But because the profession was historically allowed to self-regulate despite enjoying a government-guaranteed franchise, it has set the bar so low -- formally, auditors merely opine on whether financial statements meet accounting standards -- that it is all but impossible for them to fail at their jobs, as they define them.

Now, I put it differently, but not so differently that we would part friends:

My claim in today's post then is that the user cannot tell whether an audit is any use or not. Which audit is good for you, and which not, even if good for others? Which audit is good, and which is plain bad? The crux of the matter is that you yourself cannot tell what any of those pronouncements mean, unless you are an insider. You don't know whether you can rely, when to rely or how to rely.

Which was a truth, or an absence of reliable truth, that I'd discovered in a 3 year auditing experience at CAcert. Which leads to the Economist's view as to the future of audit:

In recent years this yawning "expectations gap" has led to a pattern in which investors disregard auditors and make little effort to learn about their work, value securities as if audited financial statements were the gospel truth, and then erupt in righteous fury when the inevitable downward revisions cost them their shirts.

The stakes are high. If investors stop trusting financial statements, they will charge a higher cost of capital to honest and deceitful companies alike, reducing funds available for investment and slowing growth. Only substantial reform of the auditors' perverse business model can end this cycle of disappointment.

Of course, the Economist is speaking to all those auditors who purchase subscriptions of the magazine, and thus it is best to suggest "substantial reform," details in issues to come. I'm not so sure; I actually think the Audit boat has sailed, and what is left I tried out for size in part 7:


People who have followed financial cryptography for the last 2 decades will know of which I speak. E.g., Ricardo was mostly self-auditing with a thing called the 5 parties model, and a lot of crypto-glue to knit the statements together, something which maybe now is making its way into Bitcoin and especially sidechains which attempt to knit two blockchains together. At CAcert we pioneered a way of delivering member-made reliable statements called CARS, and I built a system to couple this up to the criteria body. As long as we have a member-body to do the work, the audit itself is almost routine, and it's certainly auditable in and of itself.

We -- you! -- can do it without the auditors.

Which all leads to a dictum waiting to emerge, but already hinted at by the arisal of Bitcoin: we will build the next financial system as a self-auditing system. AKA "trustless" or "open governance."

Not because we're against the state, or we don't like taxes or we're looking to re-finance the silk road, or hoping to sell off our kid sister.

But because we have to. Because the audit profession left us no choice.

Posted by iang at 03:11 PM | Comments (2)

November 21, 2014

Banking - licensed to cheat! And whether you'll get away with it.

Research into what most people will feel is so trivially true that the research wasn't needed has been conducted -- are bankers cheats?

The subjects took part in a simple experiment of flipping a coin, and involved around two hundred bankers, including 128 from a single unnamed international bank. They were divided into two groups. The people from the first were asked specifically about their jobs in banking, while the other half were asked unrelated questions.

"The rules required subjects to take any coin, toss it 10 times, and report the outcomes online," the researchers reported in the journal Nature. "For each coin toss they could win an amount equal to approximately $20 depending on whether they reported 'heads' or 'tails'."

The point is that the players were told ahead of the game whether "heads" or "tails" would win as well as in which case they could keep their winnings.

Given maximum winnings of $200, there was "a considerable incentive to cheat," wrote the team of researchers.

The bankers were asked to fill out questionnaires before tossing each coin. Those who were asked about things unrelated to their job hardly ever cheated in the coin toss, reporting 51.6 percent wins.

But those asked about their banking careers made the cheat rate go up - they reported 58.2 percent as wins. If everyone was completely honest, the proportion of winning tosses in each group would be 50 percent.

That's actually a stunning result. Just talking about banking made the bankers cheat! As an aside, this research is a dead cert for the IgNoble awards, a sort of faux Noble in odd science which celebrates wacky research that on the face of it should not have been conducted, but in actuality reveals some interesting results.

Back to the banking cheats. Up until now, there has been a stunning silence on the behalf of the prosecution authorities for what is likely either the #1 or #2 crisis in modern history. So bankers are confirmed in their skulduggery, they will almost certainly get away with it.

What can we as society do about this? Putting some of them in jail has been commented as what is missing, indeed the reason we're likely confirmed that banking as a whole is a poisoned pot is that nobody's gone to jail for the financial crisis.

In Britain, last month, a crown court in London announced:

"A senior banker from a leading British bank pleaded guilty at Southwark Crown Court on 3 October 2014 to conspiracy to defraud in connection with manipulating Libor," the court said in a statement.

"This arises out of the Serious Fraud Office investigations into Libor fixing."

And, in Iceland a world-wide first:

Nov 19 (Reuters) - The former chief executive of Landsbanki, one of three banks that racked up $75 billion in debt before collapsing and crashing the economy in 2008, was sentenced to one year in jail on Wednesday for market manipulation.

Sigurjon Arnason was convicted of manipulating the bank's share price and deceiving investors, creditors and the authorities in the dying days of the bank between Sept. 29 and Oct. 3, 2008.

The Reykjavik District Court said nine months of Arnason's sentence were suspended. Ivar Gudjonsson, former director of proprietary trading, and Julius Heidarsson, a former broker, were also convicted and received nine-month sentences, six of which were suspended. All pleaded innocent to the charges.

"This sentence is a big surprise to me as I did not nothing wrong," Sigurjon Arnason told Reuters after the sentencing, adding that he and his attorney had not yet decided whether to appeal to the supreme court.


In receiving a one year prison sentence, Sigurjon Arnason officially became the first bank executive to be convicted of manipulating the bank's stock price and deceiving investors, creditors and the authorities between Sept. 29 and Oct. 3, 2008, as the bank's fortunes unwound, crashing the economy with it. Landsbanki was one of three banks that had tallied nearly $75 billion in debt before the final curtain was drawn.

All pleaded innocent to the charges...

Posted by iang at 12:07 AM | Comments (1)

May 26, 2014

Why triple-entry is interesting: when accounting is the weapon of choice

Bill Black gave an interview last year on how the financial system has moved from robustness to criminogenia:

If you can steal with impunity, as soon as you devastate regulation, you devastate the ability to prosecute. And as soon as that happens, in our jargon, in criminology, you make it a criminogenic environment. It just means an environment where the incentives are so perverse that they are going to produce widespread crime. In this context, it is going to be widespread accounting control fraud. And we see how few ethical restraints remain in the most elite banks.

You are looking at an underlying economic dynamic where fraud is a sure thing that will make people fabulously wealthy and where you select by your hiring, by your promotion, and by your firing for the ethically worst people at these firms that are committing the frauds.

No prizes for guessing he's talking about the financial system and the failure of the regulators to jail anyone, nor find any bank culpable, nor find any accounting firm that found any bank in trouble before it collapsed into the mercy of the public purse.

But where is the action? Where is the actual fraud taking place? This is the question that defies analysis and therefore allows the fraudsters to lay a merry trail of pointed fingers that curves around and joins itself. Here's the answer.

So in the financial sphere, we are mostly talking about accounting as the weapon of choice. And that is, where you overvalue assets, sometimes you undervalue liabilities. You create vast amounts of fictional income by making really bad loans if you are a lender. This makes you rich through modern executive compensation, and then it causes tremendous losses to the lender.

The first defence against this process is transparency. Which implies the robust availability of clear accounting records -- what really happened? Which is where triple-entry becomes much more interesting, and much more relevant.

In the old days, accounting was the domain of intra-firm transactions. Double entry enabled the growth of the business empire because internal errors could be eliminated by means of the double-links between separate books; clearly, money had to be either in one place or another, it couldn't slip between the cracks any more, so we didn't need to worry so much about external agents deliberately dropping a few entries.

Beyond the firm, it was caveat emptor. Which the world muddled along with for around 700 years until the development of electronic transactions. At this point of evolution from paper to electronic, we lost the transparency of the black & white, and we also lost the brake of inefficiency in transactions between firms. That which was on paper was evidence and accountable to an entire culture called accountants; that which was electronic was opaque except to a new generation of digital adepts.

Say hello to Nick Leeson, say good bye to Barings Bank. The fraud that was possible now exploded beyond imagination.

Triple-entry addresses this issue by adding cryptography to the accounting entry. In effect it locks the transaction into a single electronic record that is shared with three parties: the sender, the receiver and a third party to hold & adjudicate. Crypto makes it easy for them to hold the same entry, the third parties makes it easy to force the two interested agents not to play games.

You can see this concept with Bitcoin, which I suggest is a triple-entry system, albeit not one I envisaged. The transaction is held by the sender and the recipient of the currency, and the distributed blockchain plays the part of the third party.

Why is this governance arrangement a step forward? Look at say money laundering. Consider how you would launder funds through bitcoin, a fear claimed by the various government agencies. Simple, send your ill-gotten gains to some exchanger, push the resultant bitcoin around a bit, then cash out at another exchanger.

Simple, except every record is now locked into the blockchain -- the third party. Because it is cryptographic, it is now a record that an investigator can trace through and follow. You cannot hide, you cannot dive into the software system and fudge the numbers, you cannot change the records.

Triple-entry systems such as Bitcoin are so laughably transparent that only the stupidest money launderer would go there, and would therefore eliminate himself before long. It is fair to say that triple-entry is practically immunised against ML, and the question is not what to do about it in say Bitcoin, but why aren't the other systems adopting that technique?

And as for money laundering, so goes every other transaction. Transparency using triple-entry concepts has now addressed the chaos of inter-company financial relationships and restored it to a sensible accountable and governable framework. That which double-entry did for intra-company, triple-entry does for the financial system.

Of course, triple-entry does not solve everything. It's just a brick, we still need mortar of systems, the statics of dispute resolution, plans, bricklayers and all the other components. It doesn't solve the ethics failure in the financial system, it doesn't bring the fraudsters to jail.

And, it will take a long time before this idea of cryptographically sealed receipts seeps its way slowly into society. Once it gets hold, it is probably unstoppable because companies that show accounts solidified by triple-entry will eventually be rewarded by cheaper cost of capital. But that might take a decade or three.

H/t to zerohedge for this article of last year.

Posted by iang at 10:25 AM | Comments (0) | TrackBack

May 19, 2014

How to make scientifically verifiable randomness to generate EC curves -- the Hamlet variation on CAcert's root ceremony

It occurs to me that we could modify the CAcert process of verifiably creating random seeds to make it also scientifically verifiable, after the event. (See last post if this makes no sense.)

Instead of bringing a non-deterministic scheme, each participant could bring a deterministic scheme which is hitherto secret. E.g., instead of me using my laptop's webcam, I could use a Guttenberg copy of Hamlet, which I first declare in the event itself.

Another participant could use Treasure Island, a third could use Cien años de soledad.

As nobody knew what each other participate was going to declare, and the honest players amongst did a best-efforts guess on a new statically consistent tome, we can be sure that if there is at least one honest non-conspiring party, then the result is random.

And now verifiable post facto because we know the inputs.

Does this work? Does it meet all the requirements? I'm not sure because I haven't had time to think about it. Thoughts?

Posted by iang at 10:19 AM | Comments (1) | TrackBack

May 11, 2014

(B) The Business Choice of making a Business Investment in Bitcoin (part B of ABC)

Last month, I launched a rocket at those who invest in Bitcoin as the Coin or the Currency. It's bad, but I won't repeat the arguments against it.

For those of you who've survived the onslaught on your sensitivities, and are genuinely interested in how to make an investment into the cryptocurrency world, here is part B: the Business! The good news is that it is shorter.

If one was to look for a good Bitcoin investment in a business, what would it be? I think you should be asking questions like these:

  • The business in question has a regulatory model. It doesn't need to be right or sustainable, more that the business owners just need to understand the word. That's because, whether they know it or not, the word is coming for them one day.
  • hey have a governance model. Ditto.
  • You as investor understand the difference. This is where it gets messy. Most people think the above two terms are the same thing, but they are not. A regulatory model is imposed by a regulator, and is mostly about compliance with something that protects others such as the regulator or their flock (banks). Whereas a governance model is imposed by yourself, over your own operations, to protect your assets and the assets of the customer. Completely different, and completely misunderstood in the eyes of the external stakeholder community. Therefore, likely misaligned in the eyes of the Bitcoin CEO. Do you see where this is going?
  • They have a Sean Parker. By this, I mean the person with real experience of this broad Internet / money / social networking business space, the guy who's been there twice before, and this time, *he's there* at the critical juncture to that 2 kids and a fridge full of beer all the way to a big business. See the Facebook movie if this doesn't make any sense.

Signs of a bad investment:

  • Wanting to be the next big exchange.
  • No relevant experience in the chosen direct business model. This is distinct from the Sean Parker point above. By this I mean, if wanting to do an exchange, the people have / do not have (select one) prior experience in what a daily trading model is, what 5PM is, what governance is, what an internet security model is. E.g., Mt Gox, which traded without understanding any of these things.
  • Belief that tech solves all problems.
  • No knowledge of what came before the Bitcoin paper.
  • Deal hinges in part on banks or regulators. For example, these guys are DITW:
    Part of laying the groundwork is bringing the establishment on board, Malka said. “We need more banks participating in this. We need regulators. I’m part of the Bitcoin Foundation – we are out there trying to educate regulators.” Getting regulators on board will help get the banks to come along, Liew predicted. “If the regulators explicitly set forth rules that say, ‘Bright line, do this, you will find a bank that is willing to take on bitcoin customers,’” Liew said.

That's my B list so far. You'll note that it includes no conventional things, because you already have those. All it includes is pointers to the myths-of-doom peddled in the current bitcoin world as business talk. It's designed to separate out the happy hopefuls from the actual business possibilities, in a world where talking is deeper than walking.

Next up, when I get to it, is my A list: a point I believe so important I saved it for another post. Watch this space.

Posted by iang at 01:38 PM | Comments (1) | TrackBack

April 01, 2014

The IETF's Security Area post-NSA - what is the systemic problem?

In the light of yesterday's newly revealed attack by the NSA on Internet standards, what are the systemic problems here, if any?

I think we can question the way the IETF is approaching security. It has taken a lot of thinking on my part to identify the flaw(s), and not a few rants, with many and aggressive defences and counterattacks from defenders of the faith. Where I am thinking today is this:

First the good news. The IETF's Working Group concept is far better at developing general standards than anything we've seen so far (by this I mean ISO, national committees, industry cartels and whathaveyou). However, it still suffers from two shortfalls.

1. the Working Group system is more or less easily captured by the players with the largest budget. If one views standards as the property of the largest players, then this is not a problem. If OTOH one views the Internet as a shared resource of billions, designed to serve those billions back for their efforts, the WG method is a recipe for disenfranchisement. Perhaps apropos, spotted on the TLS list by Peter Gutmann:

Documenting use cases is an unnecessary distraction from doing actual work. You'll note that our charter does not say "enumerate applications that want to use TLS".

I think reasonable people can debate and disagree on the question of whether the WG model disenfranchises the users, because even though a a company can out-manouver the open Internet through sheer persistence and money, we can still see it happen. In this, IETF stands in violent sunlight compared to that travesty of mouldy dark closets, CABForum, which shut users out while industry insiders prepared the base documents in secrecy.

I'll take the IETF any day, except when...

2. the Working Group system is less able to defend itself from a byzantine attack. By this I mean the security concept of an attack from someone who doesn't follow the rules, and breaks them in ways meant to break your model and assumptions. We can suspect byzantium disclosures in the fingered ID:

The United States Department of Defense has requested a TLS mode which allows the use of longer public randomness values for use with high security level cipher suites like those specified in Suite B [I-D.rescorla-tls-suiteb]. The rationale for this as stated by DoD is that the public randomness for each side should be at least twice as long as the security level for cryptographic parity, which makes the 224 bits of randomness provided by the current TLS random values insufficient.

Assuming the story as told so far, the US DoD should have added "and our friends at the NSA asked us to do this so they could crack your infected TLS wide open in real time."

Such byzantine behaviour maybe isn't a problem when the industry players are for example subject to open observation, as best behaviour can be forced, and honesty at some level is necessary for long term reputation. But it likely is a problem where the attacker is accustomed to that other world: lies, deception, fraud, extortion or any of a number of other tricks which are the tools of trade of the spies.

Which points directly at the NSA. Spooks being spooks, every spy novel you've ever read will attest to the deception and rule breaking. So where is this a problem? Well, only in the one area where they are interested in: security.

Which is irony itself as security is the field where byzantine behaviour is our meat and drink. Would the Working Group concept past muster in an IETF security WG? Whether it does or no depends on whether you think it can defend against the byzantine attack. Likely it will pass-by-fiat because of the loyalty of those involved, I have been one of those WG stalwarts for a period, so I do see the dilemma. But in the cold hard light of sunlight, who is comfortable supporting a WG that is assisted by NSA employees who will apply all available SIGINT and HUMINT capabilities?

Can we agree or disagree on this? Is there room for reasonable debate amongst peers? I refer you now to these words:

On September 5, 2013, the New York Times [18], the Guardian [2] and ProPublica [12] reported the existence of a secret National Security Agency SIGINT Enabling Project with the mission to “actively [engage] the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs.” The revealed source documents describe a US $250 million/year program designed to “make [systems] exploitable through SIGINT collection” by inserting vulnerabilities, collecting target network data, and influencing policies, standards and specifications for commercial public key technologies. Named targets include protocols for “TLS/SSL, https (e.g. webmail), SSH, encrypted chat, VPNs and encrypted VOIP.”
The documents also make specific reference to a set of pseudorandom number generator (PRNG) algorithms adopted as part of the National Institute of Standards and Technology (NIST) Special Publication 800-90 [17] in 2006, and also standardized as part of ISO 18031 [11]. These standards include an algorithm called the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC). As a result of these revelations, NIST reopened the public comment period for SP 800-90.

And as previously written here. The NSA has conducted a long term programme to breach the standards-based crypto of the net.

As evidence of this claim, we now have *two attacks*, being clear attempts to trash the security of TLS and freinds, and we have their own admission of intent to breach. In their own words. There is no shortage of circumstantial evidence that NSA people have pushed, steered, nudged the WGs to make bad decisions.

I therefore suggest we have the evidence to take to a jury. Obviously we won't be allowed to do that, so we have to do the next best thing: use our collective wisdom and make the call in the public court of Internet opinion.

My vote is -- guilty.

One single piece of evidence wasn't enough. Two was enough to believe, but alternate explanations sounded plausible to some. But we now have three solid bodies of evidence. Redundancy. Triangulation. Conclusion. Guilty.

Where it leaves us is in difficulties. We can try and avoid all this stuff by e.g., avoiding American crypto, but it is a bit broader that that. Yes, they attacked and broke some elements of American crypto (and you know what I'm expecting to fall next.). But they also broke the standards process, and that had even more effect on the world.

It has to be said that the IETF security area is now under a cloud. Not only do they need to analyse things back in time to see where it went wrong, but they also need some concept to stop it happening in the future.

The first step however is to actually see the clouds, and admit that rain might be coming soon. May the security AD live in interesting times, borrow my umbrella?

Posted by iang at 11:56 PM | Comments (0) | TrackBack

March 10, 2014

How Bitcoin just made a bid to join the mainstream -- the choice of SSL PKI may be strategic rather than tactical

How fast does an alternative payment system take to join the mainstream? With Paypal it was less than a year; when they discovered that the palm pilot users were preferring the website, the strategy switched pretty quickly. With goldmoney it was pretty much instant, with e-gold, they never achieved it.

With Bitcoin's new announcement, we can mark their intent as around four years or so. Belated welcome is perhaps due, if one thinks the mainstream is actually the place to be. Many do, although I have my reservations on this point and it is somewhat of a surprise to read of Bitcoin's choice of merchant authentication mechanism:

Everyone seems to agree - the public key infrastructure, that network of certificate authorities that stands between you and encrypting your website, sucks.

It’s too expensive. CA’s don’t do enough for the fees they charge. It’s too big. There isn’t enough competition. It’s compromised by governments. The technology is old and crusty. We should all use PGP instead. The litany of complaints about the PKI is endless.

In recent weeks, the Bitcoin payment protocol (BIP 70) has started to roll out. One of the features present in version 1 is signing of payment requests, and the mechanism chosen was the SSL PKI.

Mike Hearn then goes on to describe why they have chosen the SSL PKI. The description reads like a mix between an advertisement, an attack on the alleged alternates (such as they are) and an apology. Suffice to say, he gets most of the argumentation as approximately right & wrong as 99% of the experts in the field do.

Several things stand out. I read from the article that there was little attempt to explore what might be called the "own alternative." From this I wonder if what is happening is that a conservative inner group are actually trying to push Bitcoin faster into the mainstream?

Choosing to push merchants to SSL PKI authentication would certainly be one way to do it. However, this is a dangerous strategy, and what I didn't see addressed was the vector of control issue. This was a surprise, so I'll bring it out.

A danger with stated approach is that it opens up a clear attack on every merchant. Right now, merchants deal under the radar, or can do so, and caveat emptor widely rules in Bitcoinlandia. Once merchants are certified to trade by the CAs however, there is a vector of identification, and permission. There is evidence. Requirements for incorporation. There are trade records and trade purposes.

And, there is a CA which has ... what?

Terms & conditions. Unfortunately, T&C in the CA industry are little known, widely ignored, and not at all understood. Don't believe me? Ask anyone in the industry for a serious discussion about the legal contracts behind PKI and you will hear more stoney silence than if you'd just proven to the UN that global warming was another malthusian plot to prepare the world for the invasion of Martians. Still don't believe me? Check what CABForum's documents say about them. Stoney silence, in words.

But they are real, they exist, and they are forceful. They are very intended, as even when CAs don't understand them themselves, they mostly end up copying them.

One thing you will find in them is that most CAs will decline to do business with any person or party that does something illegal. Skipping the whys and wherefores, this means that any agency can complain to any CA about a merchant on any basis ("hasn't got a license in my state to do some random thing") and the CA is now in a tricky position. Tricky enough to decide where its profits come from.

Now, we hope that most merchants are honest and legal, and as mentioned above, maybe the strategy is to move in that direction in a more forceful way. The problem is that in the war against Bitcoin, as yet undeclared and still being conducted under diplomatic cover, any claim of illegality will take on a sort of state-credibility, and as we know when the authorities say that a merchant is acting against the law, the party is typically seen to be guilty until proven innocent &/or bankrupt. Factor in that it is pretty easy for an agency to take a line that Bitcoin is illegal per se. Factor in that all commercial CAs are now controlled via CABForum and are all aligned into one homogoneous equivalency (forget talk of competition, pah-lease...). Factor in that one sore thumb isn't worth defending, and sets a precedent. We should now see that all CAs will slowly but surely feel the need to mitigate against the threat to their business that is Bitcoin.

It won't be that way to begin with. One thing that Bitcoiners will be advised to do is to get a CA in a safe and remote country, one with spine. That will last for a while. But the forces will build up. The risk is that one day, the meme will spread, "we're not welcoming that business any more."

In military strategy, they say that the battle is won by the general that imposes his plan over the opponent, and I fear that choosing the SSL PKI may just be the opponent's move of choice, not Bitcoin's move of choice, no matter how attractive it may appear.

But what's the alternative, Mike Hearn asks? His fundamental claim seems to stand: there isn't a clear alternative.

This is true. If you ignore Bitcoin's purpose in life, if you ignore your own capabilities and you ignore your community, then ... I agree! If you ignore CAcert, too, I agree. There is no alternate.

But what would happen if you didn't ignore these things? Bitcoin's community is ideally placed to duplicate the system. We know this because it's been done in the past, and the text book is written. Indeed, long term readers will know that I am to some extent just copying the textbook in my current business, and I can tell you it certainly isn't as hard as getting Bitcoin up and rolling.

Capabilities? Well, actually when it comes to cryptographic protocols and reliable transactions and so forth, Bitcoin would certainly be in the game. I'm not sure why they would be so shy of this, as they are almost certainly better placed in this game than all the other CAs except perhaps the very biggest, and even that's debatable because it's been a long time since the biggest actually had the staff and know-how to do any game-changing. Bitcoin has got the backing of google who almost certainly have more knowledge about this stuff than all the CAs combined, and most of the vendors as well (OK, so Microsoft might give them a run for their money if they could get out of the stables).

They've got the mission, the community, the capabilities and the textbook. Why then not? This is why I think that Bitcoin people have made a strategic decision to join the mainstream. If that's the case, then good luck, but boy-oh-boy! are they playing high-stakes poker here.

Old Chinese curse: be careful what you wish for.

Posted by iang at 06:55 AM | Comments (4) | TrackBack

February 26, 2014

How MtGox Failed the Five Parties Governance Test

This was a draft of an article now published in Bitcoin Magazine. That latter is somewhat larger, updated and has some additional imagery.

MtGox, the Bitcoin exchange, is in the news again, this time for collapsing. One leaked report maintains that MtGox may only have 2,000 Bitcoins in reserve over against 744,408 BTC in liabilities - which indicates a reserve of less than 1%.

MtGox originally claimed that their troubles stem from a long-term exploit of the evil malleability bug, which was exploited by means of repeated double spending through an algorithm. However a loss of 99.7% of their reserves cannot be attributed to some mere market timing bug. It is clear that the failure of MtGox is a failure of governance.

Trust Shall Not Live by Tech Alone

One of the temptations for applied cryptographers is to think that we can solve all problems with clever mathematics and inspired code. Thus there has been much discussion over the past two decades about using cryptography to build trust models that work for untrusted parties over the Internet.

This hope in cryptography is misplaced, and often dangerously so. In the first generation of the Internet, SSL was promoted to solve the trust and security problem. However, it failed to do that. Although it secured the line of communications, it left the end-points open to attack, and failed to solve the problem of knowing who the person at an end-point really is.

As history shows, and MtGox confirms, the end-point security question is by far the dominating one, and thus we saw the rise of phishing attacks, "man in the browser" attacks, and server breaches throughout the 2000's. Yet, SSL remains synonymous with Internet e-commerce security, and its very domination is a blindness that attackers benefit from.

Bitcoin can be broadly described as an attempt to solve the problem of governance of a centralised issuer of currency through technology. By using a common protocol to manage a public blockchain, we can make sure everyone follows the rules and make it technically impossible to issue more Bitcoins than the protocol has decreed shall ever exist.

However, like SSL, Bitcoin's solution to the issuance problem has left open the weaker parts of the system to continued attack. In order to provide useful Bitcoin services, businesses must hold the users' Bitcoins and/or their cash in trust. These businesses, such as exchanges, brokerages, online wallets, retail, etc, are at risk from insider theft, external hacking and loss through poor accounting.

Bitcoin's brilliant design for issuance governance may have obscured a complete lack of protection for end-point governance.

How can a user trust a person to protect his or her value?

This is not a new problem for finance. It is called the "agency problem" in reference to the fact that an agent acts for the user as a trusted intermediary. Institutions in the finance space have been dealing with the issue of trusted intermediaries for millennia. This field is broadly called "governance" and has many well known methods for achieving accountability and reliability for fiduciary institutions.

Drawing from "Financial Cryptography in Seven Layers," Governance includes the following techniques:

  • Escrow of value with trusted third parties. For example, funds underlying a dollar currency would be placed in a bank account.
  • Separation of powers: routine management from value creation, authentication from accounting, systems from marketing.
  • Dispute resolution procedures such as mediation, arbitration, ombudsman, judiciary, and force.
  • Use of third parties for some part of the protocol, such as creation of value within a closed system.
  • Auditing techniques that permit external monitoring of performance and assets.
  • Reports generation to keep information flowing to interested parties. For example, user-driven display of the reserved funds against which a currency is backed.

As technologists, we strive to make the protocols that we build as secure and self-sustaining as possible; our art is expressed in pushing problem resolution into the lower layers. This is an ideal, however, to which we can only aspire; there will always be some value somewhere that must be protected by non-protocol means.

Our task is made easier if we recognise the existence of this gap in the technological armoury, and seek to fill it with the tools of Governance. The design of a system is often ultimately expressed in a compromise between Governance and the lower layers: what we can do in the lower layers, we do; and what we cannot is cleaned up in Governance.

The question then is how to bring those practices into a digital accounting and payment system.

To address this weakness of customer escrowed funds, back in the late 1990's we developed a governance technique for digital currency that we called the "Five Parties Governance Model." (This model was built into the digital currency platform that we designed for exchange, called "Ricardo".)

The five parties model shares the responsibility and roles for protection of value amongst five distinct parties involved in the transactions. Although originally designed to protect an entire digital issuance, a problem that Bitcoin addressed with its public blockchain and its absence of an asset redemption contract, this technique can be broadly applied to many problems such as that which has brought MtGox down.

The Five Parties Model (5PM)

In terms of a cryptocurrency issuance with a single issuer (Ricardo model), the Five Parties Model looks like this (Figure 1).

Figure 1. Simple Five Parties Model

Issuer. The Issuer is the institution guaranteeing the contract with the User. This is the person or entity ultimately responsible for the assets and whether the governance succeeds or fails.

In the present case, MtGox is the contractual party that is guaranteeing to deliver an exchange of value, and in the mean time keep those values secure. In Ricardo the Issuer is the party who defines and offers the contract for a particular issuance, which contract creates the rules that govern the five parties.

As can be seen from the following screen capture taken from the Internet Archive, MtGox did in fact have a contract with the users to fully reserve their internal Bitcoin and currency accounts:

Figure 2. Mt. Gox Terms & Conditions

However, as an Issuer, MtGox appears to have failed to implement internal controls to put the other four parties into place.

Trustee. In a digital value scenario, there is always a Trustee role that controls creation or release of long-term funds. For MtGox, this Trustee might be the person who signs off on outgoing wires and outgoing Bitcoin payments, or it might be the person who creates or deletes the derivative monetary units (BTC,LTC,EUR,USD,etc) inside the exchange's books.

For a cryptocurrency that contracts to an underlying asset, the Trustee's account, sometimes known as the Mint account, is the only one that has the ability to create or destroy digital units of value, as that underlying asset pool increases or decreases. For a cryptocurrency without a contractual underlying, the protocol itself can stand in the person's stead by employing an algorithm such as Bitcoin's mining rewards program.

Manager. The manager is the person or entity, usually an employee of the Issuer, who asks the Trustee to perform the big controlled operations: create or destroy digital assets, or deposit or withdraw physical ones, in order to reflect the overall pattern of trading activities.

The Manager typically works on a daily trading basis. As funds come in and go out, some of these request match each other. For a perfect balance, nothing needs to be done, but normally there is an overall flow in one direction or another. As trading balances build up or draw down, the Manager asks the Trustee to authorise the conversion of daily trading assets against the long-term reserves.

In the MtGox context, when BTC is flowing out and cash is flowing in, the Manager would ask the Trustee to release the BTC from the cold wallets, and would deliver cash into the long-term sweep accounts held at bank under the Trustee's control. The Trustee would control that action by looking at the single transfer into the sweep account to confirm the transaction is backed by assets.

In the context of an issuance of digital gold, the Manager might receive an inflow of a 1kg physical bar. The Manager must bail the physical gold into the vault, and present the receipt to the Trustee. With that receipt in hand, and any other checks desired, the Trustee can now release 1kg of freshly-minted digital gold to the Manager's Account.

The Manager is in this way guarded by the Trustee, but it works the other way as well. In a well-governed system, the Trustee can only direct value to be sent to the Manager. In this way, the Trustee cannot steal the value under trust, without conspiring with the Manager; a well-run business will keep these two parties at a distance and bound to govern each other by various techniques such as professional conduct codes.

For example, Ricardo has an ability to lock the Mint's account together with the Manager's account in this fashion. Bitcoin lacks account-control features, but there is no reason that MtGox could not have implemented account-control for their internal Bitcoin accounts.

Operator / Escrow / Vault. For a cryptocurrency, the operator is the part of the business ensuring that the servers and the software are running and properly doing their job. By outsourcing this to a third party, we add another degree of separation of powers to the governance model.

In the case of Ricardo and similar contractually-controlled issuances, there is generally a single server cluster that maintains the accounts. The sysadmin for this server controls the accounts and ensures that no phantom accounts or transactions are let in; software designs assist by including techniques such as triple entry accounting, which guarantees that only original users can create signed instructions to transfer value with their private keys.

For the physical side of a digital issuance such as gold, a vault fills the operator role. In the case of GoldMoney.com the vault operator is ViaMat. They don't do anything with the client's gold unless they receive a signed instruction from the Trustee. They just keep thieves from physically stealing it.

Bitcoin is very different in this respect in that it creates the public blockchain as the accounting mechanism. In this case, the operator role is not outsourced to one party, rather it is spread across the miners, the software and the development team, presenting a very strong governance equation over operator malfeasance.

For a business such as MtGox, the operators or escrows are two-fold. On the one part is the bank providing accounts, and especially the primary account holding long term cash reserves. On the other part, as an exchange provider, is the set of cold wallets holding long term BTC.

The Fifth Party - The Public as Auditor. The final and most important element of the Five Parties Model is the role of the Public as auditor.

Typically, the role of audit is to examine the books to validate that the other parties are indeed doing their job. As is covered elsewhere (Audit), paid auditors have a long-term conflict of interest, which has been at the root of several notable disasters in the last decade - the failure of Enron, the wholesale bankruptcy of banking in 2007 financial crisis, the collapse of AIG, none of which auditors rang the bell for.

Auditors, as well as being conflicted, are also expensive, which leads to the search for alternates. Once we have mined the cryptographic techniques available to us, we are still left with a set of things we cannot control so easily. What then?

Introducing you, the user, or the Public. You do not have a conflict of interest, in that it is your value at risk, and you have a strong interest in seeing that the other four parties are doing their job properly. Which then begs the question of how you, the public, can audit anything, when audit almost by definition means seeing that which cannot be seen?

The answer is to make that which was previously unseen, seen. Some examples of digital currencies that have supported audit by you the Public include:

  • e-gold.com published a real time balance sheet of their digital issuance.
  • Goldmoney.com publishes their physical gold as held by their vault operators, and auditors publish the monthly report.
  • Bitcoin publishes the blockchain.
  • Ricardo publishes the balances of the Trustee and Manager accounts.

Two-Sided Variation on the Five Parties Model

The Five Parties Model is just and exactly that - a model. Which means there are variations and limitations, and a business must modify it to suit. For example, many businesses in the space have not one but two bases of value to control: an underlying asset and a digital issuance. Bitcoin Exchanges fall into this category, for example.

When an Issuer is backing the digital currency with a reserve asset, both of these assets need to be protected. To do this, we utilise two instances of the Five Parties Model in a mirrored pair. In each, the Issuer and the Public act as parties on both sides, whereas the Trustee, the Operator and the Manager may be duplicated (or not). Figure 3 shows an arrangement where a single Manager works with mirrored Operators and Trustees.

Figure 3. Two-Sided or Mirrored Variation of the 5 Parties Model

An exchange such as MtGox would have had an even more complicated regime. For every one of their assets - BTC, Altcoins, USD, EUR, JPY, etc, they would have needed to delegate operators, trustees and managers. We as users expect they did that, which then leaves us with a question -- what went wrong?

MtGox Failed Because Nobody Was Watching Them

We can now measure MtGox against the governance picture drawn above. Although originally developed for an issuance, the model applies wherever there is an important asset to protect.

As a business, the role of Issuer is relatively easy to identify - the company MtGox itself. Their terms and conditions constituted a clear contract between themselves and the users, where MtGox would hold the user's Bitcoin assets in reserve.

Likewise, the Operator for cash is clear: the banks holding the long-term value are presumably identifiable via incoming and outgoing wires. MtGox had transactions going in and out for some time, so Managers are in evidence. The Operator for the long-term BTC cold wallets is the Bitcoin network itself.

What about Trustees? Although MtGox has repeatedly placed blame on their in-house operations team for various hacks and bugs, it is rather more likely that they fell short on the appointment and management of Trustees.

Somehow, the Management created for themselves 744,408 BTC on their internal books against an underlying reserve of only 2,000 actual Bitcoins, which should have been an obvious disaster to all. If this is the case, this suggests that no Trustees were appointed at all, and Managers were essentially uncontrolled.

Finally, the Public as auditor is not in evidence. MtGox on their website did not show the balances of any of their major asset classes, nor provide any easy way to ensure that their parties are doing their job.

Ideally, MtGox would have displayed a balance sheet with references to cold wallets on one side, and their internal Bitcoin/Altcoin balances on the other side. The former is checkable via the blockchain, the latter could be made available by the operator, and periodically audited to ensure the code providing the balance query was accurate.

With this information, you the Public as individuals or as media or other observers can verify that things are as they should be, and if not, sound the alarm! That's what Twitter is for, that's what sites such as DGCMagazine.com, CoinDesk.com and Bitcoin Magazine are for.

Under such circumstances failure might be expected and indeed may be inevitable. As MtGox did not have a sufficient governance model in place, we might have been disconcerted to learn that more than $300 million worth of Bitcoin managed to disappear, but we should also be aware that we may ultimately blame our own failure to insist on good governance.

What other players in the Bitcoin world will fall for the same lack of care? You, the fifth party, the auditing Public would be well advised to review all of your Bitcoin partners to see what forms of governance they use, and to choose wisely. It is your value at risk, and demanding quality governance such as is outlined above is your right.

Posted by iang at 04:56 PM | Comments (3) | TrackBack

February 15, 2014

If you only read one thing this weekend, read about the Vampire Squid

If you read only one thing this weekend, read this.

This is why the 2007 crisis was not resolved. This is why we now socialize their losses, but leave them their profits. This is why it is impossible to fix, and the only game in town is predicting which economy is toast, this weekend, and which investment bank is making monopoly profits while being technically bankrupt.

It is likely impossible to roll back the USA's lifting of the Glass-Steagall barrier, which is in other places known as sound banking. How one deals with a world in which banking is morphing into industrial combines with infinite and free capital is beyond my small brain; we need something like bitcoin, but much stronger.

Hack on, your code may save society as we know it.

Posted by iang at 06:56 AM | Comments (1) | TrackBack

February 09, 2014

Digital Evidence journal is now open source!

Stephen Mason, the world's foremost expert on the topic, writes (edited for style):

The entire Digital Evidence and Electronic Signature Law Review is now available as open source for free here:

Current Issue         Archives

All of the articles are also available via university library electronic subscription services which require accounts:

EBSCO Host         HeinOnline         v|lex (has abstracts)

If you know of anybody that might have the knowledge to consider submitting an article to the journal, please feel free to let them know of the journal.

This is significant news for the professional financial cryptographer! For those who are interested in what all this means, this is the real stuff. Let me explain.

Back in the 1980s and 1990s, there was a little thing called the electronic signature, and its RSA cousin, the digital signature. Businesses, politicians, spooks and suppliers dreamed that they could inspire a world-wide culture of digitally signing your everything with a hand wave, with the added joy of non-repudiation.

They failed, and we thank our lucky stars for it. People do not want to sign away their life every time some little plastic card gets too close to a scammer, and thankfully humanity had the good sense to reject the massively complicated infrastructure that was built to enslave them.

However, a suitably huge legacy of that folly was the legislation around the world to regulate the use of electronic signatures -- something that Stephen Mason has catalogued here.

In contrast to the nuisance level of electronic signatures, in parallel, a separate development transpired which is far more significant. This was the increasing use of digital techniques to create trails of activity, which led to the rise of digital evidence, and its eventual domination in legal affairs.

Digital discovery is now the main act, and the implications have been huge if little understated outside legal circles, perhaps because of the persistent myth in technology circles that without digital signatures, evidence was worth less.

Every financial cryptographer needs to understand the implications of digital evidence, because without this wisdom, your designs are likely crap. They will fail when faced with real-world trials, in both senses of the word.

I can't write the short primer on digital evidence for you -- I'm not the world's expert, Stephen is! -- but I can /now/ point you to where to read.That's just one huge issue, hitherto locked away behind a hugely dominating paywall. Browse away at all 10 issues!

Posted by iang at 02:47 AM | Comments (0) | TrackBack

September 19, 2013

Research on Trust -- the numbers matter

Many systems are built on existing trust relationships, and understanding these is often key to their long term success or failure. For example, the turmoil between OpenPGP and x509/PKI can often be explained by reference to their trust assumptions, by comparing the web-of-trust model (trust each other) to the hierarchical CA model (trust mozilla/microsoft/google...).

In informal money systems such as LETS, barter circles and community currencies, it has often seemed to me that these things work well, or would work well, if they could leverage local trust relationships. But there is a limit.

To express that limit, I used to say that LETS would work well up to maybe 100 people. Beyond that number, fraud will start to undermine the system. To put a finer point on it, I claimed that beyond 1000 people, any system will require an FC approach of some form or other.

Now comes some research that confirms some sense of this intuition, below. I'm not commenting directly on it as yet, because I haven't the time to do more than post it. And I haven't read the paper...

'Money reduces trust' in small groups, study shows
By Melissa Hogenboom Science reporter, BBC News

People were more generous when there was no economic incentive

A new study sheds light on how money affects human behaviour.

Exchanging goods for currency is an age old trusted system for trade. In large groups it fosters co-operation as each party has a measurable payoff.

But within small groups a team found that introducing an incentive makes people less likely to share than they did before. In essence, even an artificial currency reduced their natural generosity.

The study is published in journal PNAS.

When money becomes involved, group dynamics have been known to change. Scientists have now found that even tokens with no monetary value completely changed the way in which people helped each other.

Gabriele Camera of Chapman University, US, who led the study, said that he wanted to investigate co-operation in large societies of strangers, where it is less likely for individuals to help others than in tight-knit communities.

The team devised an experiment where subjects in small and large groups had the option to give gifts in exchange for tokens.

The study
  • Participants of between two to 32 individuals were able to help anonymous counterparts by giving them a gift, based solely on trust that the good deed would be returned by another stranger in the future
  • In this setting small groups were more likely to help each other than the larger groups
  • In the next setting, a token was added as an incentive to exchange goods. The token had no cash value
  • Larger groups were more likely to help each other when tokens had been added, but the previous generosity of smaller groups suffered

Social cost

They found that there was a social cost to introducing this incentive. When all tokens were "spent", a potential gift-giver was less likely to help than they had been in a setting where tokens had not yet been introduced.

The same effect was found in smaller groups, who were less generous when there was the option of receiving a token.

"Subjects basically latched on to monetary exchange, and stopped helping unless they received immediate compensation in a form of an intrinsically worthless object [a token].

"Using money does help large societies to achieve larger levels of co-operation than smaller societies, but it does so at a cost of displacing normal of voluntary help that is the bread and butter of smaller societies, in which everyone knows each other," said Prof Camera.

But he said that this negative result was not found in larger anonymous groups of 32, instead co-operation increased with the use of tokens.

"This is exciting because we introduced something that adds nothing to the economy, but it helped participants converge on a behaviour that is more trustworthy."

He added that the study reflected monetary exchange in daily life: "Global interaction expands the set of trade opportunities, but it dilutes the level of information about others' past behaviour. In this sense, one can view tokens in our experiment as a parable for global monetary exchange."

'Self interest'

Sam Bowles, of the Santa Fe Institute, US, who was not involved with the study, specialises in evolutionary co-operation.

He commented that co-operation among self-interested people will always occur on a vast scale when "helping another" consists of exchanging a commodity that can be bought or sold with tokens, for example a shirt.

"The really interesting finding in the study is that tokens change the behavioural foundations of co-operation, from generosity in the absence of the tokens, to self-interest when tokens are present."

"It's striking that once tokens become available, people generally do not help others except in return for a token."

He told BBC news that it was evidence for an already observed phenomenon called "motivational crowding out, where paying an individual to do a task which they had already planned to do free of charge, could lead people to do this less".

However, Prof Bowles said that "most of the goods and services that we need that make our lives possible and beautiful are not like shirts".

"For these things, exchanging tokens could never work, which is why humans would never have become the co-operative species we are unless we had developed ethical and other regarding preferences."

Posted by iang at 05:24 AM | Comments (0) | TrackBack

June 07, 2013

PRISM Confirmed: major US providers grant direct, live access to the NSA and FBI

In an extraordinary clean sweep of disclosure from the Washington Post and the Guardian:

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.

The process is by direct connection to the servers, and requires no intervention by the companies:

Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

Dropbox, the cloud storage and synchronization service, is described as “coming soon.”

From outside direct access might appear unusual, but it is actually the best way as far as the NSA is concerned. Not only does it give them access at Level Zero, and probably better access than the company has itself, it also provides the victim supplier plausible deniability:

“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. ....

“We have never heard of PRISM,” said Steve Dowling, a spokesman for Apple. “We do not provide any government agency with direct access to our servers, ..." ....

“Google cares deeply about the security of our users’ data,” a company spokesman said. “We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”

Microsoft also provided a statement: “.... If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

Yahoo also issued a denial. “Yahoo! takes users’ privacy very seriously,” the company said in a statement. “We do not provide the government with direct access to our servers, systems, or network.”

How is this apparent contradiction possible? It is generally done via secret arrangements not with the company, but with the employees. The company does not provide back-door access, but the people do. The trick is to place people with excellent tech skills and dual loyalties into strategic locations in the company. These 'assets' will then execute the work required in secret, and spare the company and most all of their workmates the embarrassment.

Patriotism and secrecy are the keys. The source of these assets is easy: retired technical experts from the military and intelligence agencies. There are huge numbers of these people exiting out of the armed forces and intel community every year, and it takes only a little manipulation to present stellar CVs at the right place and time. Remember, the big tech companies will always employ a great CV that comes highly recommended by unimpeachable sources, and leapfrogging into a stable, very well paid civilian job is worth any discomfort.

Everyone wins. It is legal, defensible and plausibly deniable. Such people are expert at keeping secrets -- about their past and about their current work. This technique is age-old, refined and institutionalised for many a decade.

Questions remain: what to do about it, and how much to worry about it? Once it has started, this insertion tactic is rather difficult to stop and root out. At CAcert, we cared and a programme developed over time that was strong and fair -- to all interests. Part of the issue is dealing with the secrecy of it all:

Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that the companies would withdraw from the program if exposed. “98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,” the briefing’s author wrote in his speaker’s notes.

But for the big US companies, is it likely that they care? Enough? I am not seeing it, myself, but if they are interested, there are ways to deal with this. Fairly, legally and strongly.

How much should we worry about it? That depends on (a) what is collected, (b) who sees it, and (c) who's asking the question?

There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.

Live access to everything, it seems. So who sees it?

My rule of thumb was that if the information stayed in the NSA, then that was fine. Myself, my customers and my partners are not into "terrorism, espionage or nuclear proliferation." So as long as there is a compact with the intel community to keep that information clean and tight, it's not so worrying to our business, our privacy, our people or our legal situation.

But there is no such compact. Firstly, they have already engaged the FBI and the US Department of Justice as partners in this information:

In exchange for immunity from lawsuits, companies such as Yahoo and AOL are obliged to accept a “directive” from the attorney general and the director of national intelligence to open their servers to the FBI’s Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA. In 2008, Congress gave the Justice Department authority for a secret order from the Foreign Surveillance Intelligence Court to compel a reluctant company “to comply.”

Anyone with a beef with the Feds is at risk of what would essentially be a corrupt bypass of the legal justice system of fair discovery (see this for the start of this process).

Secondly, their credibility is zero: The NSA has lied about their access. They have deceived most if not all employees of the companies they have breached. They've almost certainly breached the US constitution and the US law in gaining warrant-free access to citizens. Dismissively. From the Guardian:

"Fisa was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all."

The FISA court that apparently governs their access is evidently ungovernable, as even members of Congress cannot breach its secrecy.

And that's within their own country -- the NSA feels that it is under no such restrictions or niceties outside their own country.

A reasonable examination of the facts and the record of the NSA (1, 2, 3) would therefore conclude that they cannot be trusted to keep the information secret. American society should therefore be worried. Scared, even. The risk of corruption of the FBI is by itself enough to pull the plug on not just this programme, but the system that allowed it to arise.

What does it mean to foreign society, companies, businesses, and people? Not a lot different as all of this was reasonable anyway. Under the history-not-rules of foreign espionage, anything goes. The only difficulty likely to be experienced is when the NSA conspires with American companies to benefit them both, or when American assets interfere with commercial businesses that they've targetted as assisting enemies.

One thing that might now get a boost is the Internet in other countries:

The presentation ... noted that the US has a "home-field advantage" due to housing much of the internet's architecture.

Take note, the rest of the world!

Posted by iang at 02:28 AM | Comments (3) | TrackBack

May 01, 2013

MayDay! MayDay! British Banking Launches new crisis of titanic proportions...

Yes, it's the first of May, also known as May Day, and the communist world's celebration of the victory over capitalism. Quite why MayDay became the international distress message over radio is not known to me, but I'd like to know!

Meanwhile, the British Banking sector is celebrating its own version of MayDay:

The bank went through their customer base and identified which businesses were asset rich and cash poor.

Typically, the SME (small to medium enterprise) would require funding for expansion or to cover short term exposures, and the bank’s relationship manager would work with the business owner on a loan funding cover.

The loan may be for five or ten years, and the relationship manager would often call the client after a short time and say “congratulations, you’ve got the funding”.

The business owner would be delighted and would start committing the funds.

Only then would the relationship manager call them back and say, “ah, we have a concern here about interest rates”.

This would start the process of the disturbance sale of the IRSA.

The rest you can imagine - the bank sold an inappropriate derivative with false information, and without advising the customer of the true costs. This time however the costs were more severe, as it seems that many such businesses went out of business in whole or in part because of the dodgy sale.

In particular, the core issue is that no-one has defined whether the bank will be responsible for contingent liabilities.

The liabilities are for losses made by those businesses that were mis-sold these products and, as a result, have now gone into bankruptcy or been constrained so much that they have been unable to compete or grow their business as they would have if they had not taken these products.

Ouch! I have to applaud Chris Skinner and the Financial Services Club here for coming forth with this information. It is time for society to break ranks here and start dealing with the banks. If this is not done, the banks will bring us all down, and it is not clear at all that the banks aren't going to do just that.

Meanwhile back to the scandal du jour. We are talking about 40k businesses, with average suggested compensation of 2.5 million quid - so we are already up to a potential exposure of 100 billion pounds. Given this, there is no doubt that even the most thickest of the dumbest can predict what will happen next:

Mainly because of the Parliamentary investigation, the Financial Services Authority was kicked into action and, on June 29 2012, announced that it had found "serious failings in the sale of IRSAs to small and medium sized businesses and that this has resulted in a severe impact on a large number of these businesses.”

However, it then left the banks to investigate the cases and work out how to compensate and address them .

The banks response was released on January 31 2013, and it was notable that between the June announcement and bank response in January that the number of cases rose from 28,000 to 40,000. It was also noteworthy that of those 40,000 cases investigated, over 90% were found to have been mis-sold. That’s a pretty damning indictment.

Even then the real issue, according to Jeremy [of Bully Banks], is that the banks are in charge of the process.

Not only is the fox in charge of the chickens, it's also paying off them off for their slaughter. Do we really need to say more? The regulators are in bed with the banks in trying to suppress this scandal.

Obviously, this cunning tactic will save poor banks money and embarrassment. But the emerging problem here is that, as suggested many times in this blog (e.g., 2, 3, 4, ...) and elsewhere, the public is now becoming increasingly convinced that banks are not healthy, honest members of society.

Which is fine, as long as nothing happens.

But I see an issue emerging in the next systemic shock to hit the financial world: if the public's patience is exhausted, as it appeared to be over Cyprus, then the next systemic shock is going to cause the collapse of some major banks. For right or wrong, the public is not going to accept any more talk of bailouts, taxpayer subsidies, etc etc.

The chickens are going to turn on the foxes, and they will not be satisfied with anything less than blood.

One hopes that the old Lady's bank tear-down team is boned up and ready to roll, because they'll be working hard soon.

Posted by iang at 04:34 AM | Comments (3) | TrackBack

July 17, 2012

Auditors All Fall Down; PFGBest and MF Global Frauds Reveal Weak Watchdogs

Without much comment, from Francine McKenna:

Auditors All Fall Down; PFGBest and MF Global Frauds Reveal Weak Watchdogs


The made-for-TV drama is instead unfolding in Cedar Falls, Iowa and Chicago where, in “truth is stranger than fiction” style, PFGBest’s Russell Wasendorf Sr. says he used his “blunt authority” as sole owner and CEO to falsify bank statements sent to regulators for twenty years using Photoshop, Excel, scanners and laser printers.

Instead of MF Global’s world-renowned auditor PwC, we’ve got a one-woman show, Jeannie Veraja-Snelling, signing the audit opinion accompanying the financial statements for PFGBest. Not that there’s much less apparent incompetence when a global firm like PwC misses increased risk and deteriorating controls at MF Global and signs off on a clean annual audit opinion as recently as March 31, 2011, seven months before MF Global was forced into bankruptcy. PwC also signed off on a 10-Q review at the end of June, and a bond issue in August of 2011.

Wasendorf’s suicide note said that he duped his first-response regulator, the National Futures Association, by intercepting its request for confirmation of his bank balances, including funds segregated and safeguarded for customers, by using a P.O. Box he set up in the name of US Bank. He simply wrote whatever he wanted on those confirmation requests and signed in the name of the bank. His doctored banks statements with matching figures were sent along with the confirmation request back to the regulator.

“I was forced into a difficult decision: Should I go out of business or cheat?” he wrote. “I guess my ego was too big to admit failure. So I cheated,” his suicide note said.

Regulators, auditors and internal controls can not prevent a psychopath from lying, cheating and stealing to perpetuate a myth and sustain a lavish lifestyle, but they can and should detect the fraud much sooner if not immediately.

Wasendorf’s admission does not explain how he also duped the independent auditor. One of the cornerstones of an independent audit is an independent confirmation of bank balances. PFGBest’s auditor was either duped for twenty years or complicit in the fraud. Neither conclusion is a good one for her. Auditors are forbidden to use company personnel to obtain or process bank balance confirmations. Of course, that hasn’t prevented auditors from falling down on this critical part of their job anyway, leading recently to some of the biggest and most notorious fraud cases in years.

Deloitte’s audit client Parmalat gave that firm falsified bank confirmations. Deloitte’s Milan firm and its international coordinating firm eventually settled the 2003 case with Parmalat bondholders and shareholders for almost $200 million total. Price Waterhouse India partners are still facing criminal charges and the firm is being sued by its former audit client Mahindra Satyam for the fraud revealed by Satyam’s CEO who admitted to falsifying $1 billion in bank balances. Price Waterhouse India paid fines to the SEC, PCAOB, and settled with shareholders. Regulators said Price Waterhouse India’s audits were negligent because they failed to obtain confirmations of bank balances directly from banks and instead accepted management’s representations without independent verification. Several of the current Chinese frauds allege bank confirmation fraud, including accusations of collusion with executives by bank officials and negligence by auditors Deloitte China and others.

What’s even more troubling to me is PFGBest’s auditor, and many others who audit only SEC-registered broker-dealers, may be breaking laws as well as being negligent in their public duty to the capital markets.

(Big Snip)

On that latter, read the article for detail...

Posted by iang at 09:23 AM | Comments (0) | TrackBack

June 20, 2012

Banks will take responsibility for online fraud

Several cases in USA are resolving in online theft via bank account hackery. Here's one:

Village View Escrow Inc., which in March 2010 lost nearly $400,000 after its online bank account with Professional Business Bank was taken over by hackers, has reached a settlement with the bank for an undisclosed amount, says Michelle Marsico, Village View's owner and president.

As a result of the settlement, Village View recovered more than the full amount of the funds that had been fraudulently taken from the account, plus interest, the company says in a statement.

And two more:

Two similar cases, PATCO Construction Inc. vs. Ocean Bank and Experi-Metal Inc. vs. Comerica Bank, raised questions about liability and reasonable security, yet each resulted in a different verdict.

In 2010, PATCO sued Ocean Bank for the more than $500,000 it lost in May 2009, after its commercial bank account with Ocean Bank was taken over. PATCO argued that Ocean Bank was not complying with existing FFIEC requirements for multifactor authentication when it relied solely on log-in and password credentials to verify transactions.

Last year, a District Court magistrate found the bank met legal requirements for multifactor authentication and dismissed the suit.

In December 2009, EMI sued Comerica after more than $550,000 in fraudulent wire transfers left EMI's account.

In the EMI ruling, the court found that Comerica should have identified and disallowed the fraudulent transactions, based on EMI's history, which had been limited to transactions with a select group of domestic entities. The court also noted that Comerica's knowledge of phishing attempts aimed at its clients should have caused the bank to be more cautious.

In the ruling, the court required Comerica to reimburse EMI for the more than $560,000 it lost after the bank approved the fraudulent wire transfers.

Here's how it happens. There will be many of these. Many of the victims will sue. Many if the cases will lose.

Those that lose are irrelevant. Those that win will set the scene. Eventually some precedent will be found, either at law or at reputation, that will allow people to trust banks again. Some more commentary.

The reason for the inevitability of this result is simple: society and banks both agree that we don't need banks unless the money is safe.

Online banking isn't safe. It behoves to the banks to make it safe. We're in the phase where the court of law and public opinion are working to get that result.

Posted by iang at 04:42 PM | Comments (2) | TrackBack

April 10, 2012

What's the takeaway on Audit?

OK, so I edited the title, to fit in with an old Audit cycle I penned a while ago (I, II, III, IV, V, VI, VII).

Here's the full unedited quote from Avivah Litan, who comments on the latest 1.5m credit card breach in US of A:

What’s the takeaway on PCI? The same one that’s been around for years. Passing a PCI compliance audit does not mean your systems are secure. Focus on security and not on passing the audit.

Just a little emphasis, so audit me! PCI is that audit imposed by the credit card industry on processors. It's widely criticised. I imagine it does the same thing as most mandated and controlled audits - sets a very low bar, one low enough to let everyone pass if they've got the money to pay to enter the race.

For those wondering what happened to the audits of Global Payments, DigiNotar, Heartland, and hell, let's invite a few old friends to the party: MFGlobal, AIG, Lehman Brothers, Northern Rock, Greece PLC, the Japanese Nuclear Industry disaster recovery team and the Federal Reserve.... well, here's Avivah's hint:

In the meantime, Global Payments who was PCI compliant at the time of their breach is no longer PCI compliant – and was delisted by Visa – yet they continue to process payments.

That's a relief! So PCI comes with a handy kill-switch. If something goes wrong, we kill your audit :)

Problem solved. I wonder what the price of the kill-switch is, without the audit?

Posted by iang at 06:41 PM | Comments (2) | TrackBack

February 18, 2012

one week later - chewing on the last morsel of Trust in the PKI business

After a week of fairly strong deliberations, Mozilla has sent out a message to all CAs to clarify that MITM activity is not acceptable.

It would seem that Trustwave might slip through without losing their spot in the root list of major vendors. The reasons for this is a combination of: up-front disclosure, a short timeframe within which the subCA was issued and used (at this stage limited to 2011), and the principle of wiser heads prevailing.

That's my assessment at least.

My hope is that this has set the scene. The next discovery will be fatal for that CA. The only way forward for a CA that has issued at any time in the past an MITM-enabled subCA would be the following:

+ up-front disclosure to the public. By that I mean, not privately to Mozilla or other vendors. That won't be good enough. Nobody trusts the secret channels anymore.
+ in the event that this is still going on, an *fast* plan, agreed and committed to vendors, to withdraw completely any of these MITM sub-CAs or similar arrangements. By that I mean *with prejudice* to any customers - breaching contract if necessary.

Any deviation means termination of the root. Guys, you got one free pass at this, and Trustwave used it up. The jaws of Trust are hungry for your response.

That is what I'll be looking for at Mozilla. Unfortunately there is no forum for Google and others, so Mozilla still remains the bellwether for trust in CAs in general.

That's not a compliment; it's more a description of how little trust there is. If there is a desire to create some, that's possibly where we'll see the signs.

Posted by iang at 10:53 PM | Comments (1) | TrackBack

January 21, 2012

the emerging market for corporate issuance of money

As an aside to the old currency market currently collapsing, in the now universally known movie GFC-2 rolling on your screens right now, some people have commented that perhaps online currencies and LETS and so forth will fill the gap. Unlikely, they won't fill the gap, but they will surge in popularity. From a business perspective, it is then some fun to keep an eye on them. An article on Facebook credits by George Anders, which is probably the one to watch:

Facebook’s 27-year-old founder, Mark Zuckerberg, isn’t usually mentioned in the same breath as Ben Bernanke, the 58-year-old head of the Federal Reserve. But Facebook’s early adventures in the money-creating business are going well enough that the central-bank comparison gets tempting.

Let's be very clear here: the mainstream media and most commentators will have very little clue what this is about. So they will search for easy analogues such as a comparison with national units, leading to specious comparisons of Zuckerberg to Bernanke. Hopeless and complete utter nonsense, but it makes for easy copy and nobody will call them on it.

Edward Castronova, a telecommunications professor at Indiana University, is fascinated by the rise of what he calls “wildcat currencies,” such as Facebook Credits. He has been studying the economics of online games and virtual worlds for the better part of a decade. Right now, he calculates, the Facebook Credits ecosystem can’t be any bigger than Barbados’s economy and might be significantly smaller. If the definition of digital goods keeps widening, though, he says, “this could be the start of something big.”

This is a little less naive and also slightly subtle. Let me re-write it:

If you believe that Facebook will continue to dominate and hold its market size, and if you believe that they will be able to successfully walk the minefield of self-issued currencies, then the result will be important. In approximate terms, think about PayPal-scaled importance, order of magnitude.

Note the assumptions there. Facebook have a shot at the title, because they have massive size and uncontested control of their userbase. (Google, Apple, Microsoft could all do the same thing, and in a sense, they already are...)

The more important assumption is how well they avoid the minefield of self-issued currencies. The problem here is that there are no books on it, no written lore, no academic seat of learning, nothing but the school of hard-knocks. To their credit, Facebook have already learnt quite a bit from the errors of their immediate predecessors. Which is no mean feat, as historically, self-issuers learn very little from their forebears, which is a good predictor of things to come.

Of the currency issuers that spring up, 99% are destined to walk on a mine. Worse, they can see the mine in front of them, they successfully aim for it, and walk right onto it with aplomb. No help needed at all. And, with 15 years of observation, I can say that this is quite consistent.

Why? I think it is because there is a core dichotomy at work here. In order to be a self-issuer you have to be independent enough to not need advice from anyone, which will be familiar to business observers as the entrepreneur-type. Others will call it arrogant, pig-headed, too darned confident for his own good... but I prefer to call it entrepreneurial spirit.

*But* the issuance of money is something that is typically beyond most people's ken at an academic or knowledge level. Usage of money is something that we all know, and all learnt at age 5 or so. We can all put a predictions in at this level, and some players can make good judgements (such as Peter Vodel's Predictions for Facebook Credits in 2012).

Issuance of money however is a completely different thing to usage. It is seriously difficult to research and learn; by way of benchmark, I wrote in 2000 you need to be quite adept at 7 different disciplines to do online money (what we then called Financial Cryptography). That number was reached after as many years of research on issuance, and nearly that number working in the field full time.

And, I still got criticised by disciplines that I didn't include.

Perhaps fairly...

You can see where I'm heading. The central dichotomy of money issuance then is that the self-issuer must be both capable of ignoring advice, and putting together an overwhelming body of knowledge at the same time; which is a disastrous clash as entrepreneurs are hopeless at blindspots, unknowns, and prior art.

There is no easy answer to this clash of intellectual challenges. Most people will for example assume that institutions are the way to handle any problem, but that answer is just another minefield:

If Facebook at some point is willing to reduce its cut of each Credits transaction, this new form of online liquidity may catch the eye of many more merchants and customers. As Castronova observes: “there’s a dynamic here that the Federal Reserve ought to look at.”

Now, we know that Castronovo said that for media interest only, but it is important to understand what really happens with the Central Banks. Part of the answer here is that they already do observe the emerging money market :) They just won't talk to the media or anyone else about it.

Another part of the answer is that CBs do not know how to issue money either; another dichotomy easily explained by the fact that most CBs manage a money that was created a long time ago, and the story has changed in the telling.

So, we come to the the really difficult question: what to do about it? CBs don't know, so they will definately keep the stony face up because their natural reaction to any question is silence.

But wait! you should be saying. What about the Euro?

Well, it is true that the Europeans did indeed successfully manage to re-invent the art and issue a new currency. But, did they really know what they were doing? I would put it to you that the Euro is the exception that proves the rule. They may have issued a currency very well, but they failed spectacularly in integrating that currency into the economy.

Which brings us full circle back to the movie now showing on media tonight and every night: GFC-2.

Posted by iang at 06:54 PM | Comments (1) | TrackBack

November 28, 2011

Audit redux.2 - and what happened to the missing MF Global client funds?

As we all know by now, MF Global crashed with some many billions of losses, filing for bankrupcy on 31st October. James Turk wonders aloud:

First of all investors should be concerned because everything is so inter-connected today. People call it contagion and this contagion is real because the MF Global bankruptcy is going to have a knock on effect, just like Lehman Brothers had a knock on effect.”

The point being that we know there is a big collapse coming, but we don't know what it will that will trigger it. James is making the broad point that a firm collapsing on the west side of the Atlantic could cause collapse in Europe. But wait, there's more:

So the contagion is the first reason for concern. The second reason for concern is it’s taking so long for them to find this so called missing money, which I find shocking. It’s been three weeks now since the MF Global bankruptcy was declared and they started talking about $600 million of missing funds.

So I’m not too surprised that now they are talking about $1.2 billion of missing customer funds. I think they are just trying to delay the inevitable as to how bad the situation at MF Global really is.

And more! Chris points to an article by Bloomberg / Jonathan Weil:

This week the trustee for the liquidation of its U.S. brokerage unit said as much as $1.2 billion of customer money is missing, maybe more. Those deposits should have been kept segregated from the company’s funds. By all indications, they weren’t.

Jonathan zeroes in on the heart of the matter:

Six months ago the accounting firm PricewaterhouseCoopers LLP said MF Global Holdings Ltd. and its units “maintained, in all material respects, effective internal control over financial reporting as of March 31, 2011.” A lot of people who relied on that opinion lost a ton of money.

So when I asked:

Let's check the record: did any audit since Sarbanes-Oxley pick up any of the problems seen in the last 18 months to do with the financial crisis?

we now know that PricewaterhouseCoopers LLP will not be stepping up to the podium with MF Global! Jonathan echoes some of the questions I asked:

What’s the point of having auditors do reports like this? And are they worth the cost? It’s getting harder to answer those questions in a way the accounting profession would favor.

But now that we have a more cohesive case study to pick through, some clues are emerging:

“Their books are a disaster,” Scott O’Malia, a commissioner at the Commodity Futures Trading Commission, told the Wall Street Journal in an interview two weeks ago. The newspaper also quoted Thomas Peterffy, CEO of Interactive Brokers Group Inc., saying: “I always knew the records were in shambles, but I didn’t know to what extent.” Interactive Brokers backed out of a potential deal to buy MF last month after finding discrepancies in its financial reports.

That's a tough start for PricewaterhouseCoopers LLP. Then:

For fiscal 2007, MF Global paid Pricewaterhouse $17.1 million in audit fees. By fiscal 2011, that had fallen to $10.9 million, even as warning signs about MF’s internal controls were surfacing publicly.

In 2007, MF and one of its executives paid a combined $77 million to settle CFTC allegations of mishandling hedge-fund clients’ accounts, as well as supervisory and record-keeping violations. In 2009, the commission fined MF $10 million for four instances of risk-supervision failures, including one that resulted in $141 million of trading losses on wheat futures. Suffice it to say, Pricewaterhouse should have been on high alert.

On top of that, Pricewaterhouse’s main regulator, the Public Company Accounting Oversight Board, released a nasty report this week on the firm’s audit performance. The agency cited deficiencies in 28 audits, out of 75 that it inspected last year. The tally included 13 clients where the board said the firm had botched its internal-control audits. The report didn’t name the companies. One of them could have been MF, for all we know.

In a response letter to the board, Pricewaterhouse’s U.S. chairman, Bob Moritz, and the head of its U.S. audit practice, Tim Ryan, said the firm is taking steps to improve its audit quality.

Ha! Jonathan asks the pointed question:

The point of having a report by an independent auditor is to assure the public that what a company says is true. Yet if the reports aren’t reliable, they’re worse than worthless, because they sucker the public with false promises. Maybe, just maybe, we should stop requiring them altogether.

Exactly. This was what I was laying out for the reader in my Audit cycle. But I was doing it from observation and logic, not from knowing about any particular episode. One however was expected to follow from the other...

The Audit brand depletes. Certainly time to start asking hard questions. Is there value in using a big 4 auditor? Could a firm get by on a more local operation? Are there better ways?

And, what does a big N auditor do in the new world? Well, here's one suggestion: take the bull by the horns and start laying out the truth! KPMG's new Chairman seems to be keen to add on to last week's revelation with some more:

KPMG International LLP’s global chairman, Michael Andrew, said fraud was evident at Olympus Corp. (7733) and his firm met all legal obligations to pass on information related to Olympus’s 2008 acquisition of Gyrus Group Ltd. before it was replaced as the camera maker’s auditor.

“We were displaced as a result of doing our job,” Andrew told reporters at the Foreign Correspondents’ Club in Hong Kong today. “It’s pretty evident to me there was very, very significant fraud and that a number of parties had been complicit.”

Now, if I was a big N auditor, that's exactly what I'd do. Break the cone of silence and start revealing the dirt. We can't possibly make things any worse for audit, so let's shake things up. Go, Andrew.

Posted by iang at 03:51 PM | Comments (1) | TrackBack

November 21, 2011

Audit redux - KPMG reveals... FRAUD? You be the Jury!

I like a guy who picks a fight. Especially, if he's an auditor!

New KPMG global chairman Michael Andrew says global regulators are hell-bent on breaking the dominance of large global audit firms without regard for the impact on stability of financial makerts and employment. "This is the worst time to be reforming the profession. You want financial stability. You want large employers in the marketplace taking on graduates. Why an earth is this an imperative right now?"

Australian Financial Review's article, "Global Chief blasts audacious attack on audit" of 21st November 2011, brings us some of the worst sort of self-serving excuses - saying that Auditors are part of the solution, not part of the problem.

I'm not buying it. Back in February of 2009 I asked of the auditors:

Let's check the record: did any audit since Sarbanes-Oxley pick up any of the problems seen in the last 18 months to do with the financial crisis?

No. Not one, not even a single one!

KPMG's Chairman is going to need a better set of excuses. Indeed, belatedly, it seems that others are asking too. From the same article, behind a paywall it seems:

The move against the big four is a backlash to the global financial crisis. The whole premise of audit is to inform capital markets. So why didn't they foresee, or prevent, the financial crisis and Europe's currency problems?

Now, I'm not going that far. I don't think audit could or should have prevented the GFC1 or GFC2, and it is the economist that foresees crises, not auditors. Rather, I'm saying:

Yet, the basic failures in the financial crisis are so blatant that surely, even by accident at least one audit should have picked up at least one pending failure, and fixed it?

Surely an easier test: not a single auditor has rung the bell on a single bad bank, that we know of. So what went wrong? I suggest the cause of failure by examination of the basic product of audit, and I conclude, in short words, you the public cannot rely on it. To you, the public, audit is an unknown unknown, you don't even know enough to know what it is. And in that environment, auditors shifted it somewhere else.

However, Michael Andrew brings a new causality to the court of public appeal:

One of the US's major criticisms of IFRS (International Financial Reporting Standards) is that it is subject to political intervention.

They're right to be concerned, said Mr Andrew. "We had regulators and governments telling us not to write down Greek debt in certain countries. They were refusing to allow accounting firms to adjust, saying they would underwrite a portion of the debt but refusing to put [that commitment] in writing," he said.

Whoa! Did he just say that? Did I just write out those words, taken from a scrappy photocopy of a print-only article? Yes indeed, word for word.

Haven't we seen that before? Let's ask Joseph T. Wells for the definition of fraud:

Under common law, three elements are required to prove fraud: a material false statement made with an intent to deceive (scienter), a victim's reliance on the statement and damages.

Now, I don't want to be sued back into the dark ages by accusing auditors of fraud, so let's test it in the court of the informed observer:

  1. Intent?!
    1. Was failing to write down the greeks a bad?
    2. Did the Auditors deliver reports saying the banks' accounts were good?
    3. Would good reports over bad greeks be materially false?
    4. Was there an intent to deceive the audit-relying public?
    5. Who by?
  2. Did the victims of the worlds financial markets rely on rosy audit reports? and
  3. Were there damages?

Now, I'm no lawyer. And, the Auditor's defence will clearly be "the government told us to do it!" Which might even get them off, who knows? Or it might just bring the governments in on the act -- have they defrauded the entire planet by some act of conspiracy or abuse? Or, or or...

I don't know. But this is a question that simply must be answered.

I call for a jury of victims! Over to you. What is your verdict?

PS: before the papparazzi and the bureaucrats get too excited: Michael Andrew did the right thing by blowing the lid on the intervention. We need more facts, more causes, not more coverups.

PPS 2017: finally 6 years later, the system may be brought to trial.

Posted by iang at 02:18 PM | Comments (3) | TrackBack

August 07, 2011

Regulating the future financial system - the double-entry headache needs a triple-entry aspirin

How to cope with a financial system that looks like it's about to collapse every time bad news turns up? This is an issue that is causing a few headaches amongst the regulators. Here's some musings from Chris Skinner over a paper from the Financial Stability gurus at the Bank of England:

Third, the paper argues for policies that create much greater transparency in the system.

This means that the committees worldwide will begin “collecting systematically much greater amounts of data on evolving financial network structure, potentially in close to real time. For example, the introduction of the Office of Financial Research (OFR) under the Dodd-Frank Act will nudge the United States in this direction.

“This data revolution potentially brings at least two benefits.

“First, it ought to provide the authorities with data to calibrate and parameterise the sort of network framework developed here. An empirical mapping of the true network structure should allow for better identification of potential financial tipping points and cliff edges across the financial system. It could thus provide a sounder, quantitative basis for judging remedial policy actions to avoid these cliff edges.

“Second, more publicly available data on network structures may affect the behaviour of financial institutions in the network. Armed with greater information on counterparty risk, banks may feel less need to hoard liquidity following a disturbance.”

Yup. Real time data collection will be there in the foundation of future finance.

But have a care: you can't use the systems you have now. That's because if you layer regulation over policy over predictions over datamining over banking over securitization over transaction systems … all layered over clunky old 14th century double entry … the whole system will come crashing down like the WTC when someone flies a big can of gas into it.

The reason? Double entry is a fine tool at the intra-corporate level. Indeed, it was material in the rise of the modern corporation form, in the fine tradition of the Italian city states, longitudinal contractual obligations and open employment. But, double entry isn't designed to cope with the transactional load of of inter-company globalised finance. Once we go outside the corporation, the inverted pyramid gets too big, too heavy, and the forces crush down on the apex.

It can't do it. Triple entry can. That's because it is cryptographically solid, so it can survive the rigours of those concentrated forces at the inverted apex. That doesn't solve the nightmare scenarios like securitization spaghetti loans, but it does mean that when they ultimately unravel and collapse, we can track and allocate them.

Message to the regulators: if you want your pyramid to last, start with triple entry.

PS: did the paper really say "More taxes and levies on banks to ensure that the system can survive future shocks;" … seriously? Do people really believe that Tobin tax nonsense?

Posted by iang at 07:46 AM | Comments (0) | TrackBack

May 24, 2011

Lords: Auditors guilty of 'dereliction of duty'

I had thought I was a voice in the wilderness on the question of criticising Audit as having left the party by the back door before the cops arrived. But, no, it seems that some have noticed. The Economist reports:

THE average divorce in Britain comes after 11 years of marriage. Compare that with the fidelity of a big British company to its auditors: 48 years on average, according to the Financial Reporting Council, Britain’s accounting watchdog, which tallied the figures for Britain’s biggest firms, the constituents of the FTSE 100. The reason is increasingly obvious, and worrisome, to regulators in Britain and elsewhere: the concentration of big accounting engagements in just four firms’ hands: PwC, Deloitte, KPMG and Ernst & Young.

The “Big Four” audit 99 of the FTSE 100, and 240 of the FTSE 250. ...

OK, that's really a follow-on from the Arthur Anderson and KPMG story of too big to fail. Yes, the Audit industry is now totally concentrated, which indicates to the economists amongst us that fees will have risen and the product will have drifted. Note that I didn't say quality, as in some cases the quality might have gone up -- including to well beyond reasonable, where we are paying for something we don't get a benefit from.

Which point I made in that Audit cycle; Auditors no longer serve society, society serves Auditors. Which came to a head with the financial crisis of 2007:

This caught the attention of the House of Lords, which in March pinned the firms’ “dereliction of duty” in the financial crisis, in part, on their oligopoly. (To make matters worse, only three of the four audit banks in Britain.) The Lords recommended that the Office of Fair Trading take a look at the problem. On May 17th the OFT announced that it was opening formal investigations into whether to refer the issue onto the Competition Commission, which could force changes on the industry.

So an investigation is being opened. This is one of those sticky areas where the Auditors police themselves, so what happens when that fails? Who do you go to? Well, the answers are somewhere between nobody and everyone. In this case, everyone includes the Lords, the OFT and the Competition Commission.

Which brings up the next sticky point. Are we really saying that this is a competition issue?

The firms insist that removing experienced audit firms from their clients would be inefficient and expensive. But regulators will weigh that potential expense against the expense of another systemic “dereliction of duty” by the auditors. The disappearance of one of the Big Four—recalling how quickly Arthur Andersen evaporated in the Enron scandal—would be more expensive still.

Apparently we are at least weighing competition issues with the systemic problem of the collapse of 2007. I don't know quite how the Economist came to that conclusion, but to me, the big question is this: how did the Auditors completely miss that all the big firms in Wall Street were about to cross into bankrupcy (declared or otherwise)? As the UK parliament summarised this question:

‘The breakdown of dialogue between bank auditors and regulators made the financial crisis worse’

Auditors were either unaware of the mounting dangers in the banks or, if they were aware, failed to alert the supervisory authority. The paucity of meetings between bank auditors and the supervisor was a “dereliction of duty” by both auditors and regulators. The Committee recommends legislation to re-establish mandatory two-way confidential dialogue between bank auditors and supervisors to help avoid a similar crisis in future.

Here's one suggestion of an answer:

...the UK House of Lords’ Economic Committee [...] recently asked UK leaders of all of the Big 4 audit firms – Deloitte, Ernst & Young, KPMG and PricewaterhouseCoopers – about the absence of warnings or “going concern” qualification for banks that failed or were bailed out.

The auditors’ response: The Bank of England told us, in confidence, that they would support the banks financially.

That's a really interesting answer! But I for one am not ready to call that a *good answer*. And if we don't have a good answer to that question, do we have a need for a good Audit?

ICAEW chief executive Michael Izza rejected the argument that auditors were culpable in the banking crisis, stating: “They did the job that they were expected to do - provide an audit opinion on banks' financial statements.”

But that isn't it! Audit has shifted from "opinion over financial statements" to being a small cog in a huge consulting machine. So we seem to be getting to the nub of the question: can the Auditors have their cake and eat it to?

This is a question that is slowly being asked. Amongst leading cases against audit is this:

Cuomo’s final act as NYAG last [December] was suing Ernst & Young for fraud for allowing Lehman Brothers to cook its books using “Repo 105.” That accounting practice, which may have been used by other Wall Street firms during the subprime binge, allowed Lehman to take billions of its toxic assets off its balance sheet for a few days at the end of the crucial 2nd and 3rd quarters of 2008, months before it filed for bankruptcy.

By moving toxic assets first off and then back on its books, Lehman was effectively dressing up its balance sheet in a deceptive manner. The lawsuit essentially alleges that Ernst & Young was aware of the practice, starting when it became Lehman Bros.’ auditor in 2001 until the firm’s death in 2008.

Lehman Bros.’ actions, and Ernst & Young turning a blind eye to them, stink to high heaven. Investors suffered devastating losses from the accounting chicanery. But one, huge question remains unanswered: As the financial and subprime crisis unfolded, where were the auditors who were the “gatekeepers” charged with protecting shareholders?

Or, more on point to whether Auditors do indeed provide an audit opinion, the Lehman Brothers bankrupcy report said:

(3) Ernst & Young Would Not Opine on the Materiality of Lehman’s Repo 105 Usage

Don't hold your breath that Auditors will be brought to account before the judge, though.

"Every time somebody comes up with a new fraudulent scheme, auditors miss it," said Andrea Kim, a partner at law firm Diamond McCarthy LLP in Houston who represents plaintiffs in auditor lawsuits. "The historical pattern is that they find a way to manage the litigation to limit their liability."

The credit crisis, which pushed the U.S. financial system to the brink of collapse, led to a wave of investor litigation against banks, lenders and others. Auditors are prime targets because investors try to rope in as many defendants as possible to increase recoveries. Auditors also may have the deepest pockets if the company they audited files for bankruptcy.

So we are now seeing a big lesson unfold. So far the Auditors are securing many dismissals and some settlements. The lesson then is more for us than them.

Posted by iang at 04:37 AM | Comments (3) | TrackBack

May 06, 2011

"Members of the media are not included."

In yet more confusing evidence, Wired reports on the Boeing Audit Whistleblowing case:

The 9th U.S. Circuit Court of Appeals set aside the appeal of two former Boeing auditors who claimed their leaks to the media were protected by the Sarbanes-Oxley Act of 2002, adopted to protect shareholders against fraud. A three-judge panel of the San Francisco-based appeals court sided with Boeing, saying a provision in the act only protects those who notify the authorities, not the media, of alleged wrongdoing.

What appears to be the cause of this is that auditors, frustrated at trying to get attention in Boeing for Sarbanes-Oxley compliance, decided to leak some documents. Claiming immunity under Sarbanes-Oxley is novel, but leaking documents to the media in order to put pressure on the company is not novel - it's just not done. And, this is not a case of "should have known better." Auditors know better, they knew they are given the keys to the castle, so it is unclear why they were just fired.

The law protects employees from discrimination if they deliver the information to a federal regulatory or law enforcement agency, a member or committee of Congress or or a work supervisor.

“Members of the media are not included,” Judge Barry Silverman wrote for the unanimous court.

Anyway, that all aside, we benefit by a unique insight into the traumas of audit. Referring to the original article from Seattle-Post Intelligencer:

Sarbanes-Oxley is a wide-ranging law aimed at preventing stockholder rip-offs such as the Enron scandal from happening again. Among its requirements, it forced public companies such as Boeing to shine a light on their internal controls. It must show it has checks and balances on people and computer systems to guarantee accuracy of financial statements. ....

The federal guidelines for computer controls are unclear, and where the law is murky, auditors and company officials are left to fill in the gaps — facing criminal penalties if they are wrong. Companies are hungry for clarification on how to handle the information technology portion of Sarbanes-Oxley, according to The Institute of Internal Auditors, a leading professional association.

In step the Auditors, the cash-machine bells spinning in their eyes, and havoc reigns:

But Boeing’s information technology staff suffered. “They weren’t used to being involved in a finance-related audit,” McGee said in a June interview at Chicago headquarters. “We drove process discipline pretty hard.”

One person involved in the compliance effort, who asked not to be identified, told the P-I that information technology managers thought the new rules would blow over and that workers were “openly hostile” to the audits. The level of rigor — for example, documenting every single approval for a coding change — was foreign to the get-things-done culture of Boeing’s computer professionals.

The employee described the first two years as “pure hell” for the information technology staff. Colleagues agreed. Even auditors were unhappy, leading to infighting last year between consultants at PricewaterhouseCoopers and Jefferson Wells — the two firms contracted to help Boeing with internal audits.

Infighting in consultants is nothing special, as they defend their billings to the death. There's a huge incentive in replacing another contractor that turns them against each other. This sometimes ends up badly for a consultant, but it always ends up badly for the client:

Meanwhile, the experts at Jefferson Wells and PricewaterhouseCoopers spent hours — billed to Boeing — disputing each other’s findings.

What appears to be at the heart of this is that audit hasn't really served the corporation well. We know that Sarbanes-Oxley was a good effort at tightening up controls. But to what end? In this case, Boeing wasn't an Enron. It's easy to measure its progress. Planes come off the line at regular intervals, they are huge and easily countable, and if they don't work, it's spectacularly obvious.

So we have the possibility of over-measurement -- measuring something that costs more to measure than it delivers in benefits to the stockholder. What might be needed for the Enrons and the banks of the world, which deal in virtual product, isn't so clear for the physical sector.

“This sounds really, really messy,” Heriot Prentice, director of technology practices at the Institute of Internal Auditors, said upon hearing all of the charges and countercharges without knowing that he was speaking about Boeing, specifically. “This sounds like a big mess.”

Companies have been monitoring their computer systems for years — but under Sarbanes-Oxley, it was the first time that all public companies were required by law to do so as a part of a company’s “internal control over financial reporting.”

That control requirement, often nicknamed “404 compliance” after its corresponding part of the law, has been the most controversial and expensive aspect of Sarbanes-Oxley — and federal rules are now under review. Many executives bristled at the soaring costs of information technology compliance.

Control over financial reporting starts with control over financial transactions ... perhaps this was a simple case where they should have used SOX not SOx and triple entry accounting not double entry auditors?

Posted by iang at 01:22 AM | Comments (2) | TrackBack

May 05, 2011

Did you read your adverse Audit Review?

Twans asks what happened to the blog, and the short answer is, like the US Patent Office in the early 1900s, there's nothing new worth writing.

Here's a small piece of evidence from the financial crisis, which I covered in much depth in my Audit cycle:

At one point, the lack of quality control at Deutsche Bank’s mortgage lending unit, MortgageIT, prompted the hiring of an outside vendor to conduct reviews of the mortgages the bank approved for FHA insurance.

According to the suit, when the outside vendor found violations in the way it was approving mortgages for FHA insurance it sent letters to MortgageIT making them aware of the problems. Unfortunately, those letters weren’t read because employees there “stuffed the letters, unopened and unread, in a closet in MortgageIT’s Manhattan headquarters,” according to the suit.

Short version: In order to get some form of subsidy in the securitization business, Deutschebank hired an external auditor to review its lending practices. Then, didn't read the results. Which of course were adverse.

What does it mean for the mortgage lending industry? Sabino speculates that there’s a 50/50 chance that the allegations made by the U.S. Attorney’s office are not unique to Deutsche Bank.

In my Audit cycle I speculated that the Audit industry is so filled with errors at many and different points that at this time in history, it is useless to society. That is, it cannot be relied upon to deliver the result. This is evidence supporting that hypothesis.

Posted by iang at 12:48 AM | Comments (1) | TrackBack

November 03, 2010

VeriSign takes the "Trust" out of "SSL certificates"

In a funny little announcement that will have CA industry fans scratching their heads for a year or so, Verisign announces a one day sale of its "Trust seals":

According to VeriSign, "The VeriSign Trust seal shows the world that VeriSign has confirmed your identity and your site has passed the VeriSign malware scan."

A year's worth of service for a VeriSign Trust seal normally sells for $299. During the "Dollar Day" sale, which will run from 12:01AM PST to 11:59PM -- "from midnight to midnight," said Tim Callan, head of marketing for VeriSign trust services at Symantec -- VeriSign is offering a $298 discount on one year's worth of Trust seal.

A comment of background. VeriSign recently closed a deal to sell its CA (Certification Authority) to Symantec. For CAs, this was a big development, because VeriSign has about three quarters of the market, it would be like General Motors selling its car division to some random dude with a car parts shop.

The big issue then for VeriSign and Symantec is how to slice and dice the various brands and assets up to maintain the integrity of the deal [1]. VeriSign more or less pioneered the use of the word "Trust" as with a lot else, hence the term "Trust Business." A curiosity that arose from the sale was whether Symantec was to be Trusted with the Business, as it were. Apparently they are:

Available since April 2010, the VeriSign Trust seal is an alternative to the company's older seal. "The 'VeriSign Secured' circle-and-check VeriSign Seal has historically been yoked to our VeriSign SSL certificate, which meant that you had to be using VeriSign SSL Certificates to get a seal," said Callan.

"But many small businesses outsource their shopping cart to a third party like Yahoo or eBay, where they can't get SSL," said Callan. These third-party shopping carts are typically secured with SSL on their own, as indicated by the URL starting with HTTPS or SHTTP. "This means that credible businesses are penalized for being too small. So we are creating a standalone version of the seal. Businesses have to be secure, and have their identify confirmed... but they don't have to be using SSL."

Is that for real? Yes it is. Indeed, over at CAcert (where I do lots) we have long recognised that the use of these words in the context of the overall certificate business was confusing and could present substantial difficulties if challenged in court [2].

The word "Trust" is more or less taboo in CAcert, and has been for many years; instead, we do other things that IMNSHO are far more sustainable, useful and justifiable. These are loosely grouped under the term RELY, generally written in caps to signal its special status as a word of much meaning.

Using the opportunity at hand, the new manager has wisely firewalled the issue as a separated brand and business. Which leaves the rest of the CA business to swing back into line in their own time.

[1] this is a standard business problem. For example, IBM had to do the same when it sold its market-leading laptops to Lenova, giving them a 5 year franchise on the use of the IBM brand.

[2] That's euphemistic code for "open to charges of deceptive trading practices" or other salacious troublemongering by an aggrieved plaintiff. I also hasten to point out that I have from time to time warned CAs about sailing too close to the wind, and VeriSign to its credit had become more careful about using the term too aggressively. Which is to say, I claim voce piano, there's more to this than idle grumbling about a successful competitor's annoyingly successful brand.

Posted by iang at 07:31 PM | Comments (2) | TrackBack

September 28, 2010

Crypto-plumbers versus the Men in Black, round 16.

Skype, RIM, and now CircleTech v. the governments. This battle has been going on for a while. Here's today's battle results:

BIS [Czech counter-intelligence] officers first offered to Satanek that his firm would supply an encryption system with "a defect" to the market which would help the secret service find out the content of encrypted messages. "This is out of question. It is as if we were proclaiming we are selling bullet-proof vests that would actually not be bullet-proof," Satanek told MfD.

This is why BIS offered a deal to the firm's owners. BIS wanted CircleTech to develop a programme to decipher the codes. It would only partially help the secret service since not even CircleTech is capable of developing a universal key to decipher all of its codes. Nevertheless, software companies are offering such partial services, and consequently it would not be a problem for CircleTech to meet the order, MfD notes.

However, BIS officers said the firm need not register the money it would receive from BIS for the order, the paper writes. "You will have on opportunity to get an income that need not be subject to taxation," MfD cites the secret recording of a BIS officer at a meeting with the firm. Satanek rejected the offer and recorded the meetings with BIS.

BIS then gave it up. However, two months ago it contacted Satanek again, MfD writes. "They told me that we are allegedly meeting suspicious persons who pose a security risk to the state. In such a case we may not pass security vetting of the National Security Office (NBU)," Satanek told MfD.

Subversion, bribes, and threats, it's all in there! And, no wonder every hot new code jockey goes all starry-eyed at the thought of working on free, open encryption systems.

Posted by iang at 07:55 AM | Comments (0) | TrackBack

August 24, 2010

What would the auditor say to this?

Iran's Bushehr nuclear power plant in Bushehr Port:

"An error is seen on a computer screen of Bushehr nuclear power plant's map in the Bushehr Port on the Persian Gulf, 1,000 kms south of Tehran, Iran on February 25, 2009. Iranian officials said the long-awaited power plant was expected to become operational last fall but its construction was plagued by several setbacks, including difficulties in procuring its remaining equipment and the necessary uranium fuel. (UPI Photo/Mohammad Kheirkhah)"

Click onwards for full sized image:

Compliant? Minor problem? Slight discordance? Conspiracy theory?

(spotted by Steve Bellovin)

Posted by iang at 05:53 AM | Comments (2) | TrackBack

May 18, 2010

Why Open + Internet + Brand can changes the Governance map for CAs

Daniel wrote in comments a month or so back about the need to put the CA's brand on the chrome, so all can see who makes the statement:

Assume for the moment that there is a real interest in fixing this issue (there isn't, but I'll play along). Andy is right that it isn't going to do much good because, in essence, users don't care.

The fundamental problem with this security scheme is that it requires some action of the part of the consumer. But consumers aren't interested in the bother.

This is the accepted wisdom of the community that builds these tools. Unfortunately it is too simple, and the sad reality is that this view is dangerously wrong, but self-perpetuating. Absence of respect is not evidence that the actors are stupid. For a longer discussion, see this paper: "So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users." The title is maybe self-referential; if it takes you a while to work out what it is saying, you'll appreciate how consumers feel :-)

In short, it is not that consumers aren't interested in the bother, it's that they reject bad advice. And they're right to do so.

So there are two paths here, one is to improve the advice /up to the point where it is rational for users to pay attention/ which you'll recognise is a very hard target. Or, remove the advice entirely and fix the model so that it represents a better trade-off (e.g., there is only one mode, and it is secure). As far as the secure browser architecture goes, that second path is pretty much impossible because it relies on too many external components, ones which will not move unless we've also figured out how to start and stop earthquakes, volcanoes and tsunamis at whim.

So we are left with improving the advice, itself a very hard target. Let's try that:

Imagine the following situation. You walk into your local bank but in order to withdraw any money you needed to do the following: interview the guard at the door to make sure he really worked for the bank, interviewed the teller to make sure he really worked for the bank, and then set at least 10% of the money you withdrew from the bank on fire so you could watch it burn and see if it was fake or not.

Right, this is a common problem. The mistake you are making is that the majority view is how to design the product. In this case, if the majority ignore the information, we don't need to follow their view in order to redesign the product.

The reason for this is that the minority can have a sufficient effect to achieve the desired result. This is what we call Open Governance: the information is put out there, but only a small minority look at any particular subset. The crowd in aggregate looks at all, but individually, specialisation takes root and becomes the norm.

Let's step outside that context and try another. Consider a police officer's badge. It's got a number on it. Often a name, as well. When the police officer busts some trouble maker, likely the perp does not notice the badge, nor the number. 99% likely, because the perp doesn't need to know, he's busted, and it matters little by whom. So what's the point?

The point is, 1% will notice the badge number! And that's enough to cause the police -- that officer and all others -- to be cautious. To follow the rules. They don't know beforehand who's noting these things down, or not, and they don't need to. The just need to know that bad behaviour can be spotted, and as we get closer to routine bad behaviour, it is more likely that the number will be noted.

Same with your bank guard. You don't have to interview him because the teller will. And if not, someone else in the branch. And if not them, some other customer will look.

Welcome to Open Governance. This is a concept where the governance of the thing, whatever it be (a CA, a bank, a government, a copper) is done by all of us, the world, not by "some special agency." Each of us on the net has the same chance to play in this game -- to govern the big bad player -- but only a very few of us actually govern any particular thing in question.

Let's go back closer into context and consider CAs. How are these governed? Well, they publish CPSs, they get audited by auditors, and they audit is checked over by third party vendors.

For example, we've seen audit reports that totally exclude important issues from consideration. And, nobody noticed beforehand! Which indicates that whatever is being done, whatever is being written, it isn't being verified nor understood. Which more or less casts in doubt all the prior due diligence done over CAs.

This is one reason why Mozilla decided to bring in more open governance ideas. There was a recognition that the old mid-1990s CA audit model wasn't providing a reliably solid answer. There was at least some smoke and mirrors, some criticism of abuse, and these criticisms weren't getting answered. More was needed, but not more of the same, more alternate governance.

So Mozilla put in place an open list (you can join), published all new requests from CAs, and proposed them for open review (section 16 of the policy). There are a few people who read these things. Not many, because it is hard work, and it takes a lot of time. But it's a start, we can't grow these things on trees. A forest starts with a single tree.

The brand name on the chrome is the same thing. We might predict that 99% of the users won't look at it. But 1% will. And, we also know that most all computer users have someone experienced they turn to for help, and those people have a shot at knowing what the brand is about.

The effect of the brand on the chrome as a security feature is then highly dependent on that effect: the CA doesn't know who is looking, but it knows that it is now totally tied to the results in the minds of those who are looking. This is powerful. Any marketing person will tell you that a threat to the brand is far more important than a deviation from a policy. CAs will fiddle their policies and practices in a heartbeat, but they'll not fiddle their brand.

There is an old saying "trust but verify". The problem is that this is a contradiction in terms. Trust means precisely that I don't have to verify. If I have to verify every transaction to see if the money is good, that's not trust. If I have to spy on my wife all the time to see if she's cheating, that's not trust.

Asking the user to verify, when what the user wants to do is trust, is design failure that no amount of coding is going to fix.

Actually, the expression is dead-right; trust can only come from verification, and repeated verifications at that. However, those verifications will have happened in the past; we might for example point to the fact that 99.999999% of all certificates issued have never caused a problem. That's a million verifications, right there.

When you say you don't have to verify, you're really saying you can take a risk this time. But there will come a time when that will rebound. Trust without verification is naïveté.

But, what we can do is outsource and share who does the verifying. And that's what Brand on the Chrome is about; outsourcing and sharing the verification of the CAs' business practices to the crowd.

Posted by iang at 06:49 AM | Comments (4) | TrackBack

April 26, 2010

The Python and the Mongoose: it helps if you know the rules of engagement

NYT suggests that the SEC changes mentioned yesterday are approved:

The proposed changes, approved in a 5-0 vote despite misgivings expressed by two commissioners, now enter a 90-day period for public comment before coming back to the commission for revision and final approval.

but more importantly,

The bond issuers would also be required to keep a chunk of the securities in their own portfolios so that they retain some of the bonds’ risk, under the S.E.C.’s plan. ... The changes would “represent a fundamental revision to the way in which the asset-backed securities market would be regulated,” the S.E.C.’s chairwoman, Mary L. Schapiro, said. “I think changes are both necessary and critical components of restoring investor confidence.”

Aha! Someone knows the definition of banking:

Banking is the borrowing of /demand deposits/ from the public, and the lending of those same deposits, /at term/ to the public.

Banking is special for one and only one reason. Because the funds are borrowed as deposits, they can be returned today, immediately. That's what "on demand" means, and also that's what deposits mean.

Yet the loans are "at term" or to be repaid in the future. 30 years away, in the case of modern western mortgages.

And that is the crux of banking. The loans out on houses can't be called in under normal circumstances, but the public can call in its deposits now, today. Ordinarily this would be called fraud, because the bank is entering into a contract that it knows it is impossible to guarantee. For this reason, a bank charter is like a specialised permission to undergo a certain sort of fraud, or more kindly, to turn this specialised contract into something that isn't a fraud.

This arrangement is delicate. Change one word above and it is no longer banking (and in this statement you can find much of the ills of modern banking). Which leads us to securitization.

Securitization is the process of creating the at-term loans, with demand deposits, and then packaging them and selling them onto the bond market. A bond issue might collectively handle thousands of similar properties, and gets sold into the market maybe 100 days after the mortgages are sold.

Securitization breaks banking. It breaks banking because the loans are no longer at term, or they are, but they are no longer in the hands of the banks, they are on the market! So the investors in the bond market are lending at term to the house owners, and the magic link of banking has been broken.

Regulators say the financial companies that created the bonds had little incentive to ensure that the bonds were backed by reliable loans. When large portions of the borrowers began to default on the loans, the holders of the securities had big losses.

Right, exactly. As, in theory the banks no longer owned the bonds, having sold them on the market, they no longer had an incentive to manage the loans. And this is the implicit, unwritten corollary in the definition of banking: in order to get the charter, you have to look after the loans for their entire term. That's what it means, to be a bank, guard the deposited funds, out on loan, for their entire life!

The proposed rules, which would affect a large portion of new offerings in the $9.5 trillion market for securities backed by consumer loans, would in many cases require financial companies to retain 5 percent of each offering, a move that Ms. Schapiro said would “better align” the interests of investors and the securities firms.

Financial reform bills winding their way through Congress contain similar requirements that financial companies “keep skin in the game,” as the commission put it. So does a proposal by the Federal Deposit Insurance Corporation, which regulates some asset-backed securities originated by banks.

Skin in the game! Which the Python can only shed, as it outgrows model after model, leaving investors more and more confused. Models can only approximate risks of defaulting borrowers, and aren't a substitute for attentive bankers.

The big message to take away is this: Securitization breaks the fundamental law of banking. Is this good or bad? We should probably know this, because practically everything is done with securitization these days. And why not? It is decidedly more efficient, saving the occasional global meltdown.

The answer is, that securitization is decidedly good, but it renders banking no longer "special." This has a lot of ramifications: it means we no longer need banks. But we've got banks, so there is going to be a huge hangover period while society shifts from banking to market-oriented facilitation. And likely a few more crises.

It also means we don't need central banks; or at least partly, we don't need that part which regulates the banks, because standard competition and exchange regulators should be able to do the job. It's all consumer products called bonds, after all.

Yeah, sure, I hear you say, "we don't need banks..." chortle chortle. Admittedly the hangover from the century of central banking will be with us for a long time, and we can only move forward slowly. But watch: slowly but surely the move will be to open the market for loans origination.

Under the new rules, bond underwriters would not be required to receive a credit rating; rather, the chief executive of the bond issuer would have to certify that the assets were likely to produce the expected cash flows. ... Moody’s, in a statement, said, “We believe the market benefits when ratings agencies compete on the basis of the quality of their credit analysis, and we have long supported the removal of ratings from regulation.”

Baby step by baby step, the business of banking is moving over to the marketplace.

Posted by iang at 12:53 AM | Comments (6) | TrackBack

April 24, 2010

When the Python meets the Mongoose ... the SEC and programming Asset Backed Securities

Twan points to an odd thing from the Securities and Exchanges Commission in USA:

We are proposing to require that most ABS issuers file a computer program that gives effect to the flow of funds, or “waterfall,” provisions of the transaction. We are proposing that the computer program be filed on EDGAR in the form of downloadable source code in Python. … (page 205)

Under the proposed requirement, the filed source code, when downloaded and run by an investor, must provide the user with the ability to programmatically input the user’s own assumptions regarding the future performance and cash flows from the pool assets, including but not limited to assumptions about future interest rates, default rates, prepayment speeds, loss-given-default rates, and any other necessary assumptions … (page 210)

An ABS or asset backed security is a basically a financial instrument that has or "owns" a lump of property. In short, instead of owning the property yourself, you own a security (or instrument or contract) that has an interest in the property. At the simplest, trivial level of own house, one instrument, this is mostly meaningless, because the instrument owns the property so you may as well own it directly.

But it allows for more complexity. What they are talking about here is securitized home loans and the like, essentially the instruments that blew up in the recent financial crisis. In this case, your instrument has an interest in 1000 properties, but also this is the same interest that another 10,000 instruments have. So you don't own a house, or a tenth of a house, you own a share in the revenues of a combined 1000 houses.

What is that revenue? Well, it is probably the mortgage payments on the 1000 houses. Every month, the mortgage payments are collected, aggregated, fees taken, then the payments out are sent to the instrument holder.

So what the SEC is on about is complicated formulas. Also, they change. If 10 of the houses are delinquent this month, then 20 next month, the money changes. If interest rates go up, again it changes. If fees change, more change. Indeed, it's pretty clear that there is much more complexity and change than there is stability.

So the SEC is seeking to encourage the manager to show the formulas. In a computer program, so we can plug in the numbers, and investors can play around to isolate their preferred situations. On the surface it is a good idea. It gives the investor more power, and it sets up a key disclosure which can likely be challenged in the event of trouble. But it is unlikely to work as a mandated thing.

There are several things against this. Complexity is the enemy here. There are two ways of looking at it, as too complex, and as not complex enough. Initially, the models will be simple, but this will just set the scene for disputes, and the models will get more complex. And then more complex again because the hidden-by-complexity bug will strike -- managers will realise that if they make the models so complex that nobody can deal with them except real experts, then they'll be both compliant and impenetrable, and can get back to their normal games. If you look long enough at the financial crisis, you'll see that one important factor is complexity, and worse, deliberate complexity. This is an old game.

Further, there is a bit of a trap for young players here (as explained to me by Jim). The model will display the "flow of funds" which is in turn dictated by the instrument (the contract). Servicing and pooling provisions in the contract will mandate the manager's actions, and therefore the cash flow. So measuring & comparing the cash flow in this way tells us the manager is meeting targets, etc, *but it tells us nothing about the underlying collateral* which is the true asset in the picture. Recall, again, the financial crisis: meeting targets and bonuses was part of the problem, not the solution. These agreements are written to provide plenty of scope for this sort of trouble, and the SEC's invention runs the risk of making this worse, not better.

What's the solution? Well, the real health of the fund to which your instrument draws on is based on the collateral, and the revenues from it. That is, the real information you want is detailed income, not aggregated outgoings. So if the SEC were to want to make a difference, what it should do is mandate that the anonymised income transactions be made available (FCers will know what that means). That is, any time a house-owner makes a payment into the fund, that transaction be published to the fund investors. By tracking month to month the payments, and matching that to what the investors get, we have some data of value.

Would they do this? The SEC is not going to propose this, because of the complexity argument. The industry will not give up any of its treasured complexity, because that's how it makes money. If you could see what was going on, the prices would be beaten down.

But it could be done voluntarily. A private player could set this up; we have all the tech and understanding to do this. So what could the SEC do? Expand its proposal slightly, and create a format for a fund to reveal the anonymised flow of incomes from the collateral. And provide a program to deal with that. And see if anyone bites...

Meanwhile, two postcripts on spotted observations. One: a group of language specialists think the SEC are trying to give formal definition to the instrument; by means of Python. No, they're on the wrong track. Firstly, that isn't what the SEC is trying to do. Secondly, it won't work because bonds by their nature are contracts, and formal proofs of contracts are the domain of the courts, not compilers. Although this concept has been explored, real world bonds still have more to do with my Ricardian Contract form than esoterica like Nick Szabo's smart contracts.

Two: another group of developers are arguing whether Python is the right language. No need to comment :)

And Three, added from next post, maybe this is to happen:

The companies selling the bonds would also have to give the government extensive information, in a form that is easily searchable, on all of the individual loans that make up the portfolio behind the bond offering, and update it on a continuing basis. Previously, reports were required only on the overall credit quality of the pool of loans, and for some bonds, updates were suspended after about a year. .... Ms. Casey also expressed concerns about the impact of the rules on personal privacy, asking whether “data miners” might be able to use the information on individual loans to determine the identification of loan holders.

Spotted in NYT article.

Posted by iang at 09:15 AM | Comments (2) | TrackBack

March 15, 2010

Ernst & Young staring down the barrel that shot Arthur Andersen

The report on Lehman Brothers' collapse is out, and it apparently includes a smoking gun against the auditor. Prison Planet alleges that "The firm’s auditor, Ernst & Young, one of the four biggest auditing firms in the world, failed in its oversight role:"

In May 2008, a Lehman Senior Vice President, Matthew Lee, wrote a letter to management alleging accounting improprieties; in the course of investigating the allegations, Ernst & Young was advised by Lee on June 12, 2008 that Lehman used $50 billion of Repo 105 transactions to temporarily move assets off balance sheet and quarter end.The next day -- on June 13, 2008 -- Ernst & Young met with the Lehman Board Audit Committee but did not advise it about Lee’s assertions, despite an express direction from the Committee to advise on all allegations raised by Lee.

Ernst & Young took virtually no action to investigate the Repo 105 allegations. Ernst & Young took no steps to question or challenge the non-disclosure by Lehman of its use of $50 billion of temporary, off-balance sheet transactions.

Colorable claims exist that Ernst & Young did not meet professional standards, both in investigating Lee’s allegations and in connection with its audit and review of Lehman’s financial statements.

Now, I haven't read it in depth. But, on first blush, that looks directly analogous to the conditions that wiped out Arthur Andersen. (Agreement on Business Insider.)

The Audit industry will now feel the old Chinese curse: to live in interesting times...

Posted by iang at 09:25 PM | Comments (3) | TrackBack

December 29, 2009

pushback against the external auditor (if they can do it, so can you!)

Lynn in comments points to news that Mastercard has eased up on the PCI (association for credit card issuers) standard for merchant auditing:

But come Dec. 31, 2010, MasterCard planned to require that all Level 1 and, for the first time, Level 2 merchants, use a QSA for the annual on-site PCI assessment.

(Level 1 merchants are above 6 million transactions per year, with 352 merchants bringing in around 50% of all transactions in the USA. Level 2 merchants are from 1 to 6 million, 895 merchants and 13% of all merchants.)

Now, this rule would have cost your merchant hard money:

That policy generated many complaints from Level 2 merchants, who security experts say would have to pay anywhere from $100,000 to $1 million for a QSA’s services.

These Qualified Security Assessors (QSA) are certified by the PCI Security Standards Council for an on-site assessment, or audit. Because of kickback, complaints, etc, MasterCard backed down:

This month, however, MasterCard pushed back the deadline by six months, to June 30, 2011. And instead of requiring use of a QSA, MasterCard will let Level 2 merchants do the assessments themselves provided they have staff attend merchant-training courses offered by the PCI Council, and each year pass a PCI Council accreditation program. Level 2 merchants are free to use QSAs if they wish. Come June 30, 2011, Level 1 merchants can use an internal auditor provided the audit staff has PCI Council training and annual accreditation.

That's you, that is. Or close enough that it hurts. Your company, being a retail merchant bringing in say 100 million dollars a year over 1 million transactions, can now save itself some $100,000 to $1 million. You can do it with your own staff as long as they go on some courses.

If a merchant with millions to billions of direct value on the line, and measurable losses of say 1% of that (handwave and duck) can choose to self-audit, why can't you?

Posted by iang at 11:09 AM | Comments (1) | TrackBack

December 28, 2009

Audits VII: the future of the Audit is in your hands

I established in a series of posts that Audit is in a crisis (I, II, III, IV, V, VI). It didn't perform during the financial crisis, and even if it had, we wouldn't know it. Audit has entered a phase of life where it can not deliver its brand-promise to the buying public, but the cost of the brand is delivered frequently in invoices to us, the buying public. Worse, the cost will go up and the relevance will go down, the machine they built ensures it.

What then do we do in the future? How do we live in a world of Audits without Control? How do we reclaim the control that works to our real needs?

As a user, as a (systems not financial) auditor, as a builder of systems, both financial and Internet, as an investor, as a financial player and as a party reading and relying on audits, I've come across only one person that will provide for your auditing needs. That person is:


In a maxim, it is this: if you the user cannot see it, it is worthless. To you.

It is not entirely true that Audit is worthless, per se, in absolute terms. Many checks and balances can help, and this is the spirit that the audit profession alludes to. These checks and balances are good; we call them governance. But the problem for you is, you can't tell from the outside whether these checks, this audit, are useful or useless. Whether they are coded positively or negatively, whether they are purchased or perverted.

And therefore, your only good strategy is to label an opaque process as useless.

Which leads to a first step: Let's call for an open audit process, not a closed audit process. We know that "open" works from the Internet world, and the claim of many is that "open" can work in many more scenarios than we believed. I emphasise this in a presentation on An Open Audit (which, to close the loop back to the first post of the Audit series, was immediately after Bruce Schneier's apropos talk on the psychology of security).

But, please note, openness is only a first and intermediate step: once we get across the brave step of opening up the entire process, we are inexorably drawn to the fact that if an audit is really open, then the user can do it, herself. An open audit is an audit over open data; if the data is open, she can also audit the data herself.

All of it, or most of it, as much as the user can handle. Which is to say, even my meager attempt at open audit is not going far enough; what you really want is to openly audit the entire system yourself. I as auditor might simply lay the guide posts for you to follow, and in future, you can follow them better than I can.

Say hello to open governance . Yes, this way means more work for the user. But, this is work we already proved we could do. The wider Internet musters thousands of communities of thousands and millions, and a few of those people -- call them the 1% -- are the self-appointed guardians of truth and justice within their communities. Open governance harnesses the vigilantes of Wall Street, the crypto-jihadists of the security world, the peer-to-peer rebels of the intellectual property world, all, as the leaders in a process of checking for everyone else.

What then is the part of the professional auditor? We already recognised over the past couple of years that the proper role of the security expert is to educate programmers and architects to employ more security techniques. Likewise, the proper role of the auditor may be to teach the mechanisms of open governance; rather than opine on their results themselves. To teach, rather than to measure. To lead, rather than to do. To participate, rather than bill.

How would this work? Well, here's one idea. I haven't implemented it, but I want to. Over at the audit I participated in, there is a set of criteria which have to be audited against. Some have green ticks, others have red crosses, signifying OK and not OK. Classical audit process would call for me to investigate all those criteria, find evidence of controls over the criteria, and report on each. That's a lot of work. A lot of billable hours.

Open governance would call for each individual of the body-public to do that instead; in tech terms, each criteria would become a blog post, with comments added by the public, including comments of reliance. In effect, mini-opinions. If you the member-public post that the criteria is good and covered, and you put your monika on to that statement (which is easy to do because it is a CA and client-certs are its business), then that becomes reliable evidence. Once the set of criteria meets some watermark (say 95% green ticks), the audit is done.

By you.

That's just one idea. I know a dozen or so others; but their essence is all the same. Instead of having one person look and attest, have our entire net community look, and share notes. Travelling long distances, checking technical things and making clear reports is now trivial with the net, with cryptography, with protocols, with communities. We no longer need the single trusted third party to do this, we have the trusted members, we have our own stakeholders, we have customers.

It may be that the evolution of open governance, an invention from the world of digital cash, has come just in time to save us. We'll see.

Posted by iang at 11:30 PM | Comments (6) | TrackBack

December 09, 2009

Bowles case is more evidence: Britain takes another step to a hollowed-out state

In the very sad story of the Justice System as we know it, a British courts has ruled the beginning of the end.

He went to jail this week, protesting his innocence. Speaking to The Times, he said: "There are no missing millions, there's no villa in the Virgin Islands, there has been no fraud. I am not allowed to earn any money, my assets were restrained so I couldn't use them to defend myself - it's a relentless, never-ending, vicious, cruel and wicked system.

Of course, all mobsters say that. So what was the crime?

Bowles was convicted by a jury in June of cheating the Revenue of £1.2 million in VAT but sentencing had been adjourned on three previous occasions. He had been found guilty of failing to pay VAT on a BIG land sale and diverting money due to the taxman to prop up Airfreight Express, his ailing air-freight company.

Now we have come full circle, and the evidence is presented: the Anti-money-laundering project of the OECD (known as the Financial Action Task Force, a Paris-based body) is basically and fundamentally inspired by the desire to raise tax. Hence, we will see a steady progression of government-revenue cases, occasionally interspersed with Mr Big cases. This is exactly what the OECD wanted. Not the mobsters, murderers, drug barons and terrorists pick up, but:

Bowles is a divorced, middle-aged company director from Maidenhead who has been transformed from successful entrepreneur to convicted fraudster.

A businessman, from the very heartland of English countryside. Not a dangerous criminal at all, but someone doing business. Not "them" but us. POCA or Proceeds of Crime Act is now an important revenue-raising tool:

It was not suggested that Bowles, who has no criminal record, had used the money to fund a luxury lifestyle. Nevertheless, when the Revenue began a criminal investigation into his affairs in 2006 all his assets were frozen under the powers of the Proceeds of Crime Act.

Bowles was required to live on an allowance and rely on legal aid for his defence rather than pay out of his own resources. Defence lawyers claimed that preparation of Bowles's defence case was hampered further because his companies' financial records were in the hands of administrators.

The accounts were not disclosed until a court hearing in February this year, at which point Bowles sought permission to have a forensic accountant examine them to determine the VAT position. He was refused a relaxation of the restraint order to pay for a forensic accountants' report. The Legal Services Commission also declined to fund such a report from legal aid.

After the court was told that the records "could be considered by counsel with a calculator" the trial went ahead. Bowles was cleared of two charges but found guilty of a third.

It works this way. First the money is identified. Then, the crime is constructed, the assets are frozen, legal-aid is denied, and the businessman goes to jail. By the time he gets out of that, he probably cannot mount a defence anyway, and rights are just so much confetti. This stripping of rights is a well-known technique in law, as only 1 in 100 can then mount a recovery of rights action, it is often done when the job of the prosecutor is more important than rights.

Let's be realistic here and assume that Bowles was guilty of tax fraud. His local paper certainly thinks he was guilty:

A tax cheat from Maidenhead who dodged paying £1.3m in VAT has been jailed for three-and-a-half years. ... The court heard between October 2001 and July 2006 Bowles failed to submit VAT returns to HM Customs and Excise (HMCE) and then HM Revenue & Customs (HMRC). The VAT related to the sale of land for commercial development in Cardiff worth £7.5m.

Following an HMRC criminal investigation Bowles, from Sandisplatt Road, was charged on three counts of 'cheating the revenue'. Peter Avery, assistant director, HMRC Criminal Investigations, said: "This sentence will serve as a deterrent to anyone who thinks that tax fraud is a risk worth taking."

Firstly, this is quite common, and secondly, tax is the most complicated thing in existence, so complicated that most ordinary lawyers don't recognise it as law by principle. It's the tax code, it's special. It's actually very hard not to be guilty of it, when you have a fair-sized business (whoever heard of a value-added-tax on a land sale?)

But even assuming that the guy was guilty, there was rather stunning evidence to the contrary, which underscores the point that this was revenue raising, not the bringing down of a Mr Big:

A financial report has since been prepared, free of charge, by a firm of chartered accountants. A draft copy was presented to the judge two months ago and a full version handed to him this week. Its analysis concludes that rather than owing tax, Bowles's companies had actually overpaid their taxes.

The report stated: "In our opinion, none of the evidence points to Philip Bowles fraudulently evading or concealing VAT due to HMRC ... It would have been reasonable to conclude that no fraud has taken place."

Lawyers for Bowles claimed in court that matters were compounded by a failure to explain VAT law properly. They alleged the jury were wrongly informed that companies in the same group could not assign tax liabilities and credits between each other.

When a firm of *chartered accountants* utters _an opinion_ over finances, this is a legally imposing evidence. It is given a special status in court, in that the court may rely on it, and so might all others; this special status is awarded for the purposes of public companies that need to impress others such as creditors and shareholders that the company is sound. This form of reliance is not available outside the accounting profession, and only available in an accounting context (e.g., when a firm of accountants audits a certification authority, we do not get a special right to rely on it without further ado).

When a firm of chartered accountants does this for free, this is beyond surprising, this is a shock. The natural order of things is now upset. When the accountants are working for free, this might mean that the professions are mounting a last-ditch effort to preserve the Justice System in Britain, as I predicted:

It took 20 years to hollow out Mexico, we have a bit longer in other countries, because the institutions are staffed by stiffer, better educated people.

Those stiffer, better educated institutions realise that we all are poorer when the justice system is used to raise revenue. Or perhaps they realise their turn is next?

Posted by iang at 08:26 AM | Comments (1) | TrackBack

October 25, 2009

Audits VI: the wheel spins. Until?

We've established that Audit isn't doing it for us (I, II, III). And that it had its material part to play in the financial crisis (IV). Or its material non-part (II). I think I've also had a fair shot at explaining why this happened (V).

I left off last time asking why the audit industry didn't move to correct these things, and especially why it didn't fight Sarbanes-Oxley as being more work for little reward? In posts that came afterwards, thanks to Todd Boyle, it is now clear that the audit industry will not stand in front of anything that allows its own house to grow. The Audit Industry is an insatiable growth machine, and this is its priority. No bad thing if you are an Auditor.

Which leaves us with curious question: What then stops the Audit from growing without bound? What force exists to counterbalance the natural tendency of the auditor to increase the complexity, and increase the bills? Can we do SOX-1, SOX-2, SOX-3 and each time increase the cost?

Those engineers and others familiar with "systems theory" among us will be thinking in terms of feedback: all sustainable systems have positive feedback loops which encourage their growth, and negative feedback loops which stop their growth exploding out of control. In earlier posts, we identify the positive feedback loop of the insider interest. The question would then be (for the engineers) what is the negative feedback control?

Wikipedia helpfully suggests that Audit is a feedback control over organisations, but where is the feedback control over Audit? Even accepting the controversial claim that Sarbanes-Oxley delivered better reliability and quality in audits, we do know there must be a point where that quality is too expensive to pay for. So there must be a limit, and we must know when to stop paying.

And now the audit penny drops: There is no counterbalancing force!

We already established that the outside world has no view into the audit. Our chartered outsider has taken the keys to the citadel and now owns the most inner sanctums. The insider operates to standard incentives which is to improve own position at the expense of the outsider; the Auditor is now the insider. Which leads to a compelling desire to increase size, complexity and fees of Audit.

Yet the machine of audit growth has no brake. So it has no way to stop it moving from a useful position of valuable service to society to an excessive position of unsustainable drain on the public welfare. There is nothing to stop audit consuming the host it parasites off, nor is there anything that keeps even the old part of the Audit on the straight and narrow.

And this is more or less what has happened. That which was useful 30 years ago -- the opinion of financial statements, useful to educated investors -- has migrated well beyond that position into consuming the very core of the body corporate. IT security audits, industry compliance audits, quality audits, consulting engagements, market projects, manufacturing advice, and the rest of it now consume far more of their proper share.

Many others will point at other effects. But I believe this is at the core of it: the auditor promises a result for outsiders, has taken the insiders' keys and crafted a role of great personal benefit, without any external control. So it follows that it must grow, and it must drift off any useful agenda. And so it has, as we see from the financial crisis.

Which leads to a rather depressing conclusion: Audit cannot regulate itself. And we can't look to the government to deal with it, because that was part & parcel of our famous financial crisis. Indeed, the agencies have their hands full right now making the financial crisis worse, we hardly want to ask them to fix this mess. Today's evidence of agency complicity is only just more added to a mountain of depression.

What's left?

Posted by iang at 08:46 PM | Comments (2) | TrackBack

October 15, 2009

taking phishing to the next level

Phishing has come a long way. It is now no longer characterised by its email lure to get you to click on a different website. The phishers have moved on from the basic MITM that cracked secure browsing ... and are now concentrating on takeover of the machine. MITB, and the email is one of their weaker hooks.

Defences have also moved on, too. In some places they relied on two-factor auth, and in others a series of barriers. One common barrier was to make transactions to the country easy, and outside hard, on the basis that all phishers come from another country.

Phishers responded by employing Mules, being people who are in the country, and are well-paid to just re-transmit the money. People, it turns out, can easily send the money abroad, but trojans or MITBs couldn't.

But a problem with Mules is that they are slow. They might take a day or two to get around to it, because they are busy people. And in that time, the victim often spotted the fraudulent transaction ... and complained to the Mule! At which point the latter often realised he had been duped, was not part of the new International trading world, but was instead an essential cog in an international conspiracy to launder money etc et al ad nauseum.

Now phishers have gone to the next step:

New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.

The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.

The ruse buys the crooks time before a victim discovers the fraud, though won’t work if a victim uses an uninfected machine to check his or her bank balance.

The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan

This is the man in the middle, par exellence. Not only does Mallory steal the information and use it, he rewrites the evidence to hide the crime. Note, this was back in August. More claimed facts, ftr, and also and here:

The researchers also found statistics in the command tool showing that out of 90,000 visitors to the gang’s rogue and compromised websites, 6,400 were infected with the URLZone trojan. Most of the attacks Finjan observed affected people using Internet Explorer browsers, but Ben-Itzhak says other browsers are vulnerable too.

Which juxtaposes with a question that Stephen asked me a few days ago: how can we presume that the system is operating correctly? He was asking this hypothetical from the legal tradition, where it is common for banks to assert the presumption. In the above case, it is quite interesting, because from both points of view, the evidence is clear: correct operation.

The user sees the correct balances and transactions. The bank sees the correct authentication procedures. But we have a case here were neither side is correct, and the system is not operating correctly.

Why is this a problem? Because security commerce has it that a security system is secure. It has to be completely secure, otherwise it is impossible to sell. Nobody buys a partly-secure system, they want the fully-secured model. So what tends to happen is a form of society-wide cognitive dissonance where we sell the partly-secured as fully-secured. Hence, by the time the banks get around to being the defendents in some case against their "fully-secured" system, they are compelling in their belief that it is secure. The presumption that it operates correctly is part of that cognitive dissonance.

Which reminds us of a German case where the presumption that DES was secure was knocked out, because there were things like DeepCrack out there. The role of the courts in breaking this dissonance is important; I can't recall the case precisely, but here is another case from German courts, this time over the famous Sony rootkit:

According to Germany’s Heise, a district court has just ruled in a case where an individual claimed that the presence of the Sony rootkit caused him financial losses.

After purchasing an Anastacia CD, the plaintiff played it in his computer but his anti-virus software set off an alert saying the disc was infected with a rootkit. He went on to test the CD on three other computers. As a result, the plaintiff ended up losing valuable data.

Claiming for his losses, the plaintiff demanded 200 euros for 20 hours wasted dealing with the virus alerts and another 100 euros for 10 hours spent restoring lost data. Since the plaintiff was self-employed, he also claimed for loss of profits and in addition claimed 800 euros which he paid to a computer expert to repair his network after the infection. Added to this was 185 euros in legal costs making a total claim of around 1,500 euros.

The judge’s assessment was that the CD sold to the plaintiff was faulty, since he should be able to expect that the CD could play on his system without interfering with it. The court ordered the retailer of the CD to pay damages of 1,200 euros.

Which strangely echoes this case:

Between April 2007 and January 2008, visitors to the Kmart and Sears web sites were invited to join an "online community" for which they would be paid $10 with the idea they would be helping the company learn more about their customers. It turned out they learned a lot more than participants realized or that the feds thought was reasonable.

To join the "My SHC Community," users downloaded software that ended up grabbing some members' prescription information, emails, bank account data and purchases on other sites. Sears called the group that participated "small" and said the data captured by the program was at all times secure and was then destroyed.

The FTC filed a complaint against Sears, accusing the retailer of deceiving those who signed up for the service and downloaded the software.

"(Sears) failed to disclose adequately that the software application, when installed, would: monitor nearly all of the Internet behavior that occurs on consumers' computers, including information exchanged between consumers and websites other than those owned, operated, or affiliated with respondent, information provided in secure sessions when interacting with third-party websites, shopping carts, and online accounts, and headers of web-based email; track certain non-Internet related activities taking place on those computers; and transmit nearly all of the monitored information (excluding selected categories of filtered information) to respondent's remote computer servers," the FTC concluded.

Which all seems to lead to a rather heavy presumption of rightness in favour of the larger party. Sony was safe in installing rootkits, and only got slapped for the direct costs that this unexpected behaviour caused. Sears was safe for the same practice, except it got a tap on the wrist for not disclosing it fully.

Which leads to class action. The obvious asymmetry here is that the large parties (allegedly) did a lot of small damages to many parties. Yet, in each case, they do not get more than a light tap, for various reasons. So the message is clear: if there is profit, take on that risk, because the downside is small.

Which leads me to an old observation I made many times in the original phishing days: the issue of fundamental liability allocation will only be sorted out when class action suits redress the imbalance in power (to avoid adverse judgement).

This solution of course is only applicable in the USA where class-action is popular. And it probably doesn't apply to continental banking where the banks tend to take more care and absorb more of the liabilities directly (hence their losses are much lower). Which is bad news for UK, Australia, Canada, where the banking models tend to follow liability-dumping models, but don't have the ultimate backstop of the class-action suit.

Closing remark: all of these articles were spotted in Bruce Schneier's cryptogram, and all seemed to resonate. There is one hilarious thread about the DHS in USA deciding to "employ 1000 cyber-security experts." Frequent readers of this blog will see the error at multiple levels. But Bob Cringley took the claim at face value and did some research. He asked 6 people who he thought were experts, and this one was the closest:

“Define ‘expert,’ said another friend from behind Door Number Three, who comes from the security software business. “(An expert is) a person with a high degree of skill in or knowledge of a certain subject. Great, but the question is all about scope. I may be an expert cook – but can I run a kitchen? Same thing with security there are tons of experts – in specific areas. I was an expert in AV, IDS, and other areas. But I was not the all knowing security guru. (even though my knowledge base was very broad). This is where we run into unintended actuated consequences. An expert will make a choice and take an action. The end result may not be what they had anticipated because of other factors beyond the realm of their expertise caused an unanticipated consequence.

Which is to say, the word expert simply doesn't work for us. The field is too big so you are either a generalist like myself (and make frequent detailed mistakes, but hopefully survive in the big picture) or you are a deep specialist who gets the detail correct, but ends up on the wrong mapboard.

But this guy also hit the nail on the head:

So this is the wrong approach entirely. It won’t work, the DHS probably knows it won’t work (if they don’t know that, well God help us all) but they see it as better than nothing. That doesn’t worry me so much, though. What really worries me is the point brought up by cybersecurity expert number six, who himself came in from the cold:

“Sure there are 1,000 (cybersecurity experts),” he said, ” but they are already employed… as hackers.”

And, looking at our "presumption of security" question in the big picture, we can understand why. Because of liability dumping, your country's banks are cooperating with the world's 1000 cybersecurity experts. Who's engaged in a criminal conspiracy now?

Posted by iang at 09:28 AM | Comments (1) | TrackBack

September 18, 2009

Where does the accounting profession want to go, today?

So, if they are not doing audits and accounting, where does the accounting profession want to go? Perhaps unwittingly, TOdd provided the answer with that reference to the book Accounting Education: Charting the Course through a Perilous Future by W. Steve Albrecht and Robert J. Sack.

It seems that Messrs Albrecht and Sack, the authors of that book, took the question of the future of Accounting seriously:

Sales experts long ago concluded that "word of mouth" and "personal testimonials" are the best types of advertising. The Taylor Group1 found this to be true when they asked high school and college students what they intended to study in college. Their study found that students were more likely to major in accounting if they knew someone, such as a friend or relative, who was an accountant.

So they tested it by asking a slightly more revealing question of the accounting professionals:

When asked "If you could prepare for your professional career by starting college over again today, which of the following would you be most likely to do?" the responses were as follows:
Type of Degree % of Educators Who Would % of Practitioners Who Would

Who Would Earn a bachelor's degree in something other than accounting and then stop 0.0 7.8
Earn a bachelor's degree in accounting, then stop 4.3 6.4
Earn a Master's of Business Administration (M.B.A.) degree 37.7 36.4
Earn a Master's of Accountancy degree 31.5 5.9
Earn a Master's of Information Systems degree 17.9 21.3
Earn a master's degree in something else 5.4 6.4
Earn a Ph.D. 1.6 4.4
Earn a J.D. (law degree) 1.6 11.4

These results are frightening,...

Well indeed! As they say:

It is telling that six times as many practicing accountants would get an M.B.A. as would an M.Acc., over three times as many practitioners would get a Master's of Information Systems degree as would get an M.Acc., and nearly twice as many practitioners would get a law degree instead of an M.Acc. Together, only 12.3 percent (6.4% + 5.9%) of practitioners would get either an undergraduate or graduate degree in accounting.2 This decrease in the perceived value of accounting degrees by practitioners is captured in the following quotes:
We asked a financial executive what advice he would give to a student who wanted to emulate his career. We asked him if he would recommend a M.Acc. degree. He said, "No, I think it had better be broad. Students should be studying other courses and not just taking as many accounting courses as possible. ...

My job right now is no longer putting numbers together. I do more analysis. My finance skills and my M.B.A. come into play a lot more than my CPA skills.

.... we are creating a new course of study that will combine accounting and
information technology into one unique major....

...I want to learn about information systems.

(Of course I'm snipping out the relevant parts for speed, you should read the whole lot.) Now, we could of course be skeptical because we know computing is the big thing, it's the first addition to the old list of Reading, Arithmetic and Writing since the dark ages. Saying that Computing is core is cliche these days. But the above message goes further, it's almost saying that Accountants are better off not doing accounting!

The Accounting profession of course can be relied upon to market their profession. Or can they? Todd was on point when he mentioned the value chain, the image in yesterday's post. Let's look at the wider context of the pretty picture:

Robert Elliott, KPMG partner and current chairman of the AICPA, speaks often about the value that accountants can and should provide. He identifies five stages of the "value chain" of information. The first stage is recording business events. The second stage is summarizing recorded events into usable data. The third stage is manipulating the data to provide useful information. The fourth stage is converting the information to knowledge that is helpful to decision makers. The fifth and final stage is using the knowledge to make value-added decisions. He uses the following diagram to illustrate this value chain:

This five-stage breakdown is a helpful analysis of the information process. However, the frightening part of Mr. Elliott's analysis is his judgment as to what the segments of the value chain are worth in today's world. Because of the impact of technology, he believes that:

  • Stage 1 activity is now worth no more than $10 per hour
  • Stage 2 activity is now worth no more than $30 per hour
  • Stage 3 activity is now worth $100 per hour
  • Stage 4 activity is now worth $300 per hour
  • Stage 5 activity is now worth $1,000 per hour

In discussing this value chain, Mr. Elliott urges the practice community to focus on upper-end services, and he urges us to prepare our students so they aim toward that goal as well. Historically, accounting education has prepared students to perform stage 1- and stage 2-type work.

Boom! This is compelling evidence. It might not mean that the profession has abandoned accounting completely. But it does mean that whatever they do, they simply don't care about it. Accounting, and its cousin Audits are loss-leaders for the other stuff, and eyes are firmly fixed on other, higher things. We might call the other stuff Consulting, and we might wonder at the correlation: consulting activities have consumed the major audit firms. There are no major audit firms any more, there are major consulting firms, some of which seem to sport a vestigial audit capability.

Robert Elliot's message is, more or less, that the audit's fundamental purpose in life is to urge accountancy firms into higher stages. It therefore matters not what the quality (high?) is, nor what the original purpose is (delivering a report for reliance by the external stakeholder?). We might argue for example whether audit is Stage 2 or Stage 3. But we know that the auditor doesn't express his opinion to the company, directly, and knowledge is the essence of the value chain. By the rules, he maintains independence, his opinion is reserved for outsiders. So audit is limited to Stages 3 and below, by its definition.

Can you see a "stage 4,5 sales opportunity" here?

Or perhaps more on point, can you avoid it?

It is now very clear where the auditors are. They're not "on audit" but somewhere higher. Consulting. MBA territory. Stage 5, please! The question is not where the accounting profession wants to go today, because they already got there, yesterday. The financial crisis thesis is confirmed. Audits are very much part of our problem, even if they are the accounting profession's solution.

What is less clear is where are we, the business world? The clients, the users, the reliers of audit product? And perhaps the question for us really is, what are we going to do about it?

Posted by iang at 09:13 AM | Comments (3) | TrackBack

September 17, 2009

TOdd on Audits V: why oh why?

Editor's note: TOdd wrote this long comment to Audits V and I thought it had to be a post:

Regarding the failure of financial auditing, or statutory audits, there is probably a body of knowledge to be found in academia and business journals. There is certainly a lot of wisdom and knowledge among the accounting profession, although it is heavily suppressed, and auditors, like bankers, start out opaque and unself-aware. All three of these things grow deeper over lifelong habit (lack of honest self appraisal, lack of communication skills to talk about their business in anything but literal terms, and lack of any motive or impulse to be honest or candid even if they wanted to.) So, you'll find the best research on this problem in the business schools and press, for whom auditors are a business problem to be understood, and in the accountancy schools who still harbor a lot of great minds, with too much integrity to survive in the global audit firms. The audit profession took root in the 1930s and I would have to guess that it was captured from day one, by the publicly listed companies they were supposed to be auditing.

Accountants have had the choice to improve themselves at several historic points in time; the 1929 crash, the end of WW2, when every other economy was demolished, and the end of the Soviet threat. What they've actually done was continue fiddling with their false definitions of economic substance, called GAAP, which is really intended to modulate the lies and maintain as much opaqueness as the public would tolerate.

The greatest opportunity to improve business reporting, if that were the intention, has come from improvements in database, computing, and the internet. Internally of course, companies have built information tools to navigate and understand their customers, suppliers, financial structures and inner working. All of it conceived, developed and maintained for the benefit of senior executives. The host-centric, server-centric architecture of the dominant computing architectures (ibm, att, dec, sun, microsoft etc) reflect this.

There is nothing that reveals the intent and will of the AICPA more clearly than its design choices in XBRL. And I doubt if anybody will ever write the book about XBRL, since the people who realized what a betrayal it was, while it was being cooked up, were physically nauseated and left the standards bodies, myself included. Outside the meeting room and convention halls, there were more than a few people who saw what was happening-- and why would they pay annual dues of $thousands, plus travel costs, to attend the next XBRL conference, unless they were part of the corrupt agenda themselves?

I am reminded of the State of Washington democratic party convention I attended a few years ago-- more than 2/3s of the 1000 delegates from the precincts, statewide had never been to a convention before. And, by the end of the convention, a percentage even larger than that, was in open rebellion against the selection of candidates and railroading of the platform and agenda, by top party officials. So, 2/3s of them would never bother participating in the Democratic Party in the next election cycle either.

The people responsible for the sabotage and corruption of the AICPA's XBRL and other technologies, are Barry Melancon, working on behalf of opaque interests in the audit firms and wall street, and, the young turks they hired, Charlie Hoffman and Eric Cohen. Hoffman bubbled up in the Seattle area as an evangelist for microsoft technologies in accounting firms and probably never understood where the money and support for his magic carpet ride was coming from. Microsoft itself being a front-end for IBM and wall street. There have been a few, who try from time to time, to make these technologies honest, such as David RR Weber, Glen Gray, Bill McCarthy...

A more hopeful technology, ebXML emerged shortly after XBRL, and again the history is so vast, somebody should write a book---indeed would write a book-- if they had the stomach for it. Now, here, we ran into a different set of entrenched interests, the EDI industry and adjacent companies and interests. It was a fabulous project, with at least ten different workgroups, each with a lot of dedicated people, supported by many great companies.

To sum it all up-- there are people who want to use the power of computers and communications to reach process improvements, labor savings, AND transparency for all stakeholders. These people have developed over many years, a very complete understanding of business processes in their industries and somewhat less completely, a generalized architecture for all economic transactions. However, there are a plutocracy who own all their companies and make all of the hiring and firing decisions. Obviously, these people at the very top, have leaned hard on the tiller, since the early days.

And the accounting and auditing profession knows where its bread is buttered, see Bob Elliot's diagram of "five stage value chain."

Iang responds in the next post.

Posted by iang at 07:43 PM | Comments (0) | TrackBack

September 14, 2009

OSS on how to run a business

After a rather disastrous meeting a few days ago, I finally found the time to load up:

OSS's Simple Sabotage Field Manual

The Office of Strategic Services was the USA dirty tricks brigade of WWII, which later became the CIA. Their field manual was declassified and published, and, lo and behold, it includes some mighty fine advice. This manual was noticed to the world by the guy who presented the story of the CIA's "open intel" wiki, he thought it relevant I guess.

Sections 11, 12 are most important to us, the rest concentrating on the physical spectrum of blowing up stuff. Onwards:

(11) General Interference with Organizations and Production

(a) Organizations and Conferences

(1) Insist on doing everything through "channels." Never permit short-cuts to be taken in order to, expedite decisions.

(2) Make "speeches." Talk as frequently as possible and at great length. Illustrate your "points" by long anecdotes and accounts of personal experiences. Never hesitate to make a few appropriate "patriotic" comments.

(3) When possible, refer all matters to committees, for "further study and consideration." Attempt to make the committees as large as possible - never less than five.

(4) Bring up irrelevant issues as frequently as possible.

(5) Haggle over precise wordings of communications, minutes, resolutions.

(6) Refer back to matters decided upon at the last meeting and attempt to reopen the question of the advisability of that decision.

(7) Advocate "caution." Be "reasonable" and urge your fellow-conferees to be "reasonable" and avoid haste which might result in embarrassments or difficulties later on.

(8) Be worried about the propriety of any decision -raise the question of whether such action as is contemplated lies within the jurisdiction of the group or whether it might conflict with the policy of some higher echelon.

Read the full sections 11,12 and for reference, also the entire manual. As some have suggested, it reads like a modern management manual, perhaps proving that people don't change over time!

Posted by iang at 09:42 PM | Comments (1) | TrackBack

Audits V: Why did this happen to us ;-(

To summarise previous posts, what do we know? We know so far that the hallowed financial Audit doesn't seem to pick up impending financial disaster, on either a micro-level like Madoff (I) or a macro-level like the financial crisis (II). We also know we don't know anything about it (III), trying harder didn't work (II), and in all probability the problem with Audit is systemic (IV). That is, likely all of them, the system of Audits, not any particular one. The financial crisis tells us that.

Notwithstanding its great brand, Audit does not deliver. How could this happen? Why did our glowing vision of Audit turn out to be our worst nightmare? Global financial collapse, trillions lost, entire economies wallowing in the mud and slime of bankruptcy shame?

Let me establish the answer to this by means of several claims.

First, complexity . Consider what audit firm Ernst & Young told us a while back:

The economic crisis has exposed inherent weaknesses in the risk management practices of banks, but few have a well-defined vision of how to tackle the problems, according to a study by Ernst & Young.

Of 48 senior executives from 36 major banks around the world questioned by Ernst & Young, just 14% say they have a consolidated view of risk across their organisation. Organisational silos, decentralisation of resources and decision-making, inadequate forecasting, and lack of transparent reporting were all cited as major barriers to effective enterprise-wide risk management.

The point highlighted above is this: This situation is complex! In essence, the process is too complex for anyone to appreciate from the outside. I don't think this point is so controversial, but the next are.

My second claim is that in any situation, stakeholders work to improve their own position . To see this, think about the stakeholders you work with. Examine every decision that they take. In general, every decision that reduces the benefit to them will be fiercely resisted, and any decision that increases the benefit to them will be fiercely supported. Consider what competing audit firm KPMG says:

A new study put out by KPMG, an audit, tax and advisory firm said that pressure to do "whatever it takes" to achieve business goals continues as the primary driver behind corporate fraud and misconduct.

Of more than 5,000 U.S. workers polled this summer, 74 percent said they had personally observed misconduct within their organizations during the prior 12 months, unchanged from the level reported by KPMG survey respondents in 2005. Roughly half (46 percent) of respondents reported that what they observed "could cause a significant loss of public trust if discovered," a figure that rises to 60 percent among employees working in the banking and finance industry.

This is human nature, right? It happens, and it happens more than we like to admit. I suggest it is the core and prime influence, and won't bother to argue it further, although if you are unsatisfied at this claim, I suggest you read Lewis on The End (warning it's long).

As we are dealing with complexity, even insiders will not find it easy to identify the nominal, original benefit to end-users. And, if the insiders can't identify the benefit, they can't put it above their own benefit. Claims one and two, added together, give us claim three: over time, all the benefit will be transferred from the end-users to the insiders . Inevitably. And, it is done naturally, subconciously and legally.

What does this mean to Audits? Well, Auditors cannot change this situation. If anything, they might make it worse. Consider these issues:

  • the Auditor is retained by the company,
  • to investigate a company secret,
  • the examination, the notes, the results and concerns are all secret,
  • the process and the learning of audit work is surrounded by mystique and control in classical guild fashion,
  • the Auditor bills-per-hour,
  • the Auditor knows what the problems are,
  • and has integral consulting resources attached,
  • who can be introduced to solve the problems,
  • and bill-per-hour.

As against all that complexity and all that secrecy, there is a single Auditor, delivering a single report. To you. A rather single very small report, as against a rather frequent and in sum, huge series of bills.

So in all this complexity, although the Audit might suggest that they can reduce the complexity by means of compressing it all into one single "opinion", the complexity actually works to the ultimate benefit of the Auditor. Not to your benefit. It is to the Auditor's advantage to increase the complexity, and because it is all secret and you don't understand it anyway, any negative benefit to you is not observable. Given our second claim, this is indeed what they do.

Say hello to SOX, a doubling of the complexity, and a doubling of your auditor's invoice.

Say thank you, Congressmen Sarbanes and Oxley, and we hope your pension survives!

Claim Number 4: The Auditor has become the insider. Although he is the one you perceive to be an outsider, protecting your interests, in reality, the Auditor is only a nominal, pretend outsider. He is in reality a stakeholder who was given the keys to become an insider a long time ago. Is there any surprise that, with the passage of time, the profession has moved to secure its role? As stakeholder? As insider? To secure the benefit to itself?

Over time, the noble profession of Auditing has moved against your interests. Once, it was a mighty independent observer, a white knight riding forth to save your honour, your interest, your very patrimony. Audits were penetrating and meticulous!

Now, the auditor is just another incumbent stakeholder, another mercenary for hire. Test this: did any audit firm fight the rise of Sarbanes-Oxley as being unnecessary, overly costly and not delivering value for money to clients? Does any audit firm promote a product that halves the price? Halves the complexity? Has any audit firm investigated the relationship between the failed banks and the failed audits over those banks? Did any audit firm suggest that reserves weren't up to a downturn? Has any audit firm complained that mark-to-market depends on a market? Did any auditor insist on stress testing? Has ... oh never mind.

I'm honestly interested in this question. If you know the answer: posted it in comments! With luck, we can change the flow of this entire research, which awaits ... the NEXT post.

Posted by iang at 03:42 PM | Comments (3) | TrackBack

July 15, 2009

trouble in PKI land

The CA and PKI business is busy this week. CAcert, a community Certification Authority, has a special general meeting to resolve the trauma of the collapse of their audit process. Depending on who you ask, my resignation as auditor was either the symptom or the cause.

In my opinion, the process wasn't working, so now I'm switching to the other side of the tracks. I'll work to get the audit done from the inside. Whether it will be faster or easier this way is difficult to say, we only get to run the experiment once.

Meanwhile, Mike Zusman and Alex Sotirov are claiming to have breached the EV green bar thing used by some higher end websites. No details available yet, it's the normal tease before a BlabHat style presentation by academics. Rumour has it that they've exploited weaknesses in the browsers. Some details emerging:

With control of the DNS for the access point, the attackers can establish their machines as men-in-the-middle, monitoring what victims logged into the access point are up to. They can let victims connect to EV SSL sites - turning the address bars green. Subsequently, they can redirect the connection to a DV SSL sessions under a certificates they have gotten illicitly, but the browser will still show the green bar.

Ah that old chestnut: if you slice your site down the middle and do security on the left and no or lesser security on the right, guess where the attacker comes in? Not the left or the right, but up the middle, between the two. He exploits the gap. Which is why elsewhere, we say "there is only one mode and it is secure."

Aside from that, this is an interesting data point. It might be considered that this is proof that the process is working (following the GP theory), or it might be proof that the process is broken (following the sleeping-dogs-lie model of security).

Although EV represents a good documentation of what the USA/Canada region (not Europe) would subscribe as "best practices," it fails in some disappointing ways. And in some ways it has made matters worse. Here's one: because the closed proprietary group CA/B Forum didn't really agree to fix the real problems, those real problems are still there. As Extended Validation has held itself up as a sort of gold standard, this means that attackers now have something fun to focus on. We all knew that SSL was sort of facade-ware in the real security game, and didn't bother to mention it. But now that the bigger CAs have bought into the marketing campaign, they'll get a steady stream of attention from academics and press.

I would guess less so from real attackers, because there are easier pickings elsewhere, but maybe I'm wrong:

"From May to June 2009 the total number of fraudulent website URLs using VeriSign SSL certificates represented 26% of all SSL certificate attacks, while the previous six months presented only a single occurrence," Raza wrote on the Symantec Security blogs.

... MarkMonitor found more than 7,300 domains exploited four top U.S. and international bank brands with 16% of them registered since September 2008.
.... But in the latest spate of phishing attempts, the SSL certificates were legitimate because "they matched the URL of the fake pages that were mimicking the target brands," Raza wrote.

VeriSign Inc., which sells SSL certificates, points out that SSL certificate fraud currently represents a tiny percentage of overall phishing attacks. Only two domains, and two VeriSign certificates were compromised in the attacks identified by Symantec, which targeted seven different brands.

"This activity falls well within the normal variability you would see on a very infrequent occurrence," said Tim Callan, a product marketing executive for VeriSign's SSL business unit. "If these were the results of a coin flip, with heads yielding 1 and tails yielding 0, we wouldn't be surprised to see this sequence at all, and certainly wouldn't conclude that there's any upward trend towards heads coming up on the coin."

Well, we hope that nobody's head is flipped in an unsurprising fashion....

It remains to be seen whether this makes any difference. I must admit, I check the green bar on my browser when online-banking, but annoyingly it makes me click to see who signed it. For real users, Firefox says that it is the website, and this is wrong and annoying, but Mozilla has not shown itself adept at understanding the legal and business side of security. I've heard Safari has been fixed up so probably time to try that again and report sometime.

Then, over to Germany, where a snafu with a HSM ("high security module") caused a root key to be lost (also in German). Over in the crypto lists, there are PKI opponents pointing out how this means it doesn't work, and there are PKI proponents pointing out how they should have employed better consultants. Both sides are right of course, so what to conclude?

Test runs with Germany's first-generation electronic health cards and doctors' "health professional cards" have suffered a serious setback. After the failure of a hardware security module (HSM) holding the private keys for the root Certificate Authority (root CA) for the first-generation cards, it emerged that the data had not been backed up. Consequently, if additional new cards are required for field testing, all of the cards previously produced for the tests will have to be replaced, because a new root CA will have to be generated. ... Besides its use in authentication, the root CA is also important for card withdrawal (the revocation service).

The first thing to realise was that this was a test rollout and not the real thing. So the test discovered a major weakness; in that sense it is successful, albeit highly embarrassing because it reached the press.

The second thing is the HSM issue. As we know, PKI is constructed as a hierarchy, or a tree. At the root of the tree is the root key of course. If this breaks, everything else collapses.

Hence there is a terrible fear of the root breaking. This feeds into the wishes of suppliers of high security modules, who make hardware that protect the root from being stolen. But, in this case, the HSM broke, and there was no backup. So a protection for one fear -- theft -- resulted in a vulnerability to another fear -- data loss.

A moment's thought and we realise that the HSM has to have a backup. Which has to be at least as good as the HSM. Which means we then have some rather cute conundrums, based on the Alice in Wonderland concept of having one single root except we need multiple single roots... In practice, how do we create the root inside the HSM (for security protection) and get it to another HSM (for recovery protection)?

Serious engineers and architects will be reaching for one word: BRITTLE! And so it is. Yes, it is possible to do this, but only by breaking the hierarchical principle of PKI itself. It is hard to break fundamental principles, and the result is that PKI will always be brittle, the implementations will always have contradictions that are swept under the carpet by the managers, auditors and salesmen. The PKI design is simply not real world engineering, and the only thing that keeps it going is the institutional deadly embrace of governments, standards committees, developers and security companies.

Not the market demand. But, not all has been bad in the PKI world. Actually, since the bottoming out of the dotcom collapse, certs have been on the uptake, and market demand is present albeit not anything beyond compliance-driven. Here comes a minor item of success:

VeriSign, Inc. [SNIP] today reported it has topped the 1 billion mark for daily Online Certificate Status Protocol (OCSP) checks.

[SNIP] A key link in the online security chain, OCSP offers the most timely and efficient way for Web browsers to determine whether a Secure Sockets Layer (SSL) or user certificate is still valid or has been revoked. Generally, when a browser initiates an SSL session, OCSP servers receive a query to check to see if the certificate in use is valid. Likewise, when a user initiates actions such as smartcard logon, VPN access or Web authentication, OCSP servers check the validity of the user certificate that is presented. OSCP servers are operated by Certificate Authorities, and VeriSign is the world's leading Certificate Authority.

[SNIP] VeriSign is the EV SSL Certificate provider of choice for more than 10,000 Internet domain names, representing 74 percent of the entire EV SSL Certificate market worldwide.

(In the above, I've snipped the self-serving marketing and one blatant misrepresentation.)

Certificates are static statements. They can be revoked, but the old design of downloading complete lists of all revocations was not really workable (some CAs ship megabyte-sized lists). We now have a new thing whereby if you are in possession of a certificate, you can do an online check of its status, called OCSP.

The fundamental problem with this, and the reason why it took the industry so long to get around to making revocation a real-time thing, is that once you have that architecture in place, you no longer need certificates. If you know the website, you simply go to a trusted provider and get the public key. The problem with this approach is that it doesn't allow the CA business to sell certificates to web site owners. As it lacks any business model for CAs, the CAs will fight it tooth & nail.

Just another conundrum from the office of security Kafkaism.

Here's another one, this time from the world of code signing. The idea is that updates and plugins can be sent to you with a digital signature. This means variously that the code is good and won't hurt you, or someone knows who the attacker is, and you can't hurt him. Whatever it means, developers put great store in the apparent ability of the digital signature to protect themselves from something or other.

But it doesn't work with Blackberry users. Allegedly, a Blackberry provider sent a signed code update to all users in United Arab Emirates:

Yesterday it was reported by various media outlets that a recent BlackBerry software update from Etisalat (a UAE-based carrier) contained spyware that would intercept emails and text messages and send copies to a central Etisalat server. We decided to take a look to find out more.

Whenever a message is received on the device, the Recv class first inspects it to determine if it contains an embedded command — more on this later. If not, it UTF-8 encodes the message, GZIPs it, AES encrypts it using a static key (”EtisalatIsAProviderForBlackBerry”), and Base64 encodes the result. It then adds this bundle to a transmit queue. The main app polls this queue every five seconds using a Timer, and when there are items in the queue to transmit, it calls this function to forward the message to a hardcoded server via HTTP (see below). The call to http.sendData() simply constructs the POST request and sends it over the wire with the proper headers.

Oops! A signed spyware from the provider that copies all your private email and sends it to a server. Sounds simple, but there's a gotcha...

The most alarming part about this whole situation is that people only noticed the malware because it was draining their batteries. The server receiving the initial registration packets (i.e. “Here I am, software is installed!”) got overloaded. Devices kept trying to connect every five seconds to empty the outbound message queue, thereby causing a battery drain. Some people were reporting on official BlackBerry forums that their batteries were being depleted from full charge in as little as half an hour.

So, even though the spyware provider had a way to turn it on and off:

It doesn’t seem to execute arbitrary commands, just packages up device information such as IMEI, IMSI, phone number, etc. and sends it back to the central server, the same way it does for received messages. It also provides a way to remotely enable/disable the spyware itself using the commands “start” and “stop”.

There was something wrong with the design, and everyone's blackberry went mad. Two points: if you want to spy on your own customers, be careful, and test it. Get quality engineers on to that part, because you are perverting a brittle design, and that is tricky stuff.

Second point. If you want to control a large portion of the population who has these devices, the centralised hierarchy of PKI and its one root to bind them all principle would seem to be perfectly designed. Nobody can control it except the center, which puts you in charge. In this case, the center can use its powerful code-signing abilities to deliver whatever you trust to it. (You trust what it tells you to trust, of course.)

Which has led some wits to label the CAs as centralised vulnerability partners. Which is odd, because some organisations that should know better than to outsource the keys to their security continue to do so.

But who cares, as long as the work flows for the consultants, the committees, the HSM providers and the CAs?

Posted by iang at 07:13 AM | Comments (7) | TrackBack

July 12, 2009

Audits IV - How many rotten apples will spoil the barrel?

In the previous post on Audits (1, 2, 3) I established that you yourself cannot determine from the outside whether an audit is any good. So how do we deal with this problem?

We can take a statistical approach to the investigation. We can probably agree that some audits are not strong (the financial crisis thesis), and some are definitely part of the problem (Enron, Madoff, Satyam, Stanford) not the solution. This rules out all audits being good.

The easy question: are all audits in the bad category, and we just don't know it, or are some good and some bad? We can rule out all audits being bad, because Refco was caught by a good audit, eventually.

So we are somewhere in-between the extremes. Some good, some bad. The question then further develops into whether the ones that are good are sufficiently valuable to overcome the ones that are bad. That is, one totally fraudulent result can be absorbed in a million good results. Or, if something is audited, even badly or with a percentage chance of bad results, some things should be improved, right?

Statistically, we should still get a greater benefit.

The problem with this view is that we the outside world can't tell which is which, yet the point of the audit is to tell us: which is which. Because of the intent of the audit -- entering into the secrets of the corporate and delivering a judgment over the secrets -- there are no tools for us to distinguish. This is almost deliberate, almost by definition! The point of the audit is for us to distinguish the secretively good from the secretively bad; if we also have to distinguish amongst the audits, we have a problem.

Which is to say, auditing is highly susceptible to the rotten apples problem: a few rotten apples in a barrel quickly makes the whole barrel worthless.

How many is a few? One failed audit is not enough. But 10 might be, or 100, or 1% or 10%, it all depends. So we need to know some sort of threshold, past which, the barrel is worthless. Once we determine that some percentage of audits above the threshold are bad, all of them are dead, because confidence in the system fails and all audits become ignored by those that might have business in relying on them.

The empirical question of what that percentage would be is obviously a subject of some serious research, but I believe we can skip it by this simple check. Compare the threshold to our by now painfully famous financial crisis test. So far, in the financial crisis, all the audits failed to pick up the problem (and please, by all means post in comments any exceptions! Anonymously is fine!).

Whatever the watermark for general failure is, if the financial crisis is any guide, we've probably reached it. We are, I would claim, in the presence of material evidence that the Audit has passed the threshold for public reliance. The barrel is rotten.

But, how did we reach this terrible state of affairs? How could this happen? Let's leave that speculation for another post.

(Afterword: Since the last post on Audit, I resigned my role as Auditor over at CAcert. This moves me from slightly inside the profession to mostly outside. Does this change these views written here? So far, no, but you can be the judge.)

Posted by iang at 05:21 PM | Comments (3) | TrackBack

June 11, 2009

Bullion and Bandits: The Rise and Fall of Another Visionary

(Lynn and RAH point to) an article on the sad declines of e-gold, which I was involved with in some sense back in the period 1998 to 2000.

Bullion and Bandits: The Improbable Rise and Fall of E-Gold

Following his story, the picture that emerges of Jackson is not a portrait of a calculating criminal. Rather it is one of a naive visionary who thought his dream was bigger than any financial regulations, who got in over his head, and who finally struggled, too late, to make up for his missteps.

“There was no indication at all that anyone had a problem with what he was doing,” says Richard Timberlake, a former economics professor at the University of Georgia and author of several books on U.S. banking. Timberlake visited Jackson at his E-Gold office in 1997 and vouches for Jackson’s innocent intentions. “He was always very honest and very forthright in what he was trying to do as a business. Even the Federal Reserve believed it was legitimate.”

Well, in 1997, and indeed up until the end of 1999, it was indeed easy to believe that all was good. As we entered into 2000, the signs started popping up, and by the middle of that year, they were everywhere. It was this inability to deal with the changing makeup of the business, while always standing firm to the 1997 business model, that sewed the seeds of disaster.

It is possible to say, "naive visionary." It's also necessary to say, "responsible director." Which is, at its core, the Founder's paradox: we need that Founder to get us this far, pass the unbeatable odds, beat the regs, bash the naysayers.

Then, when he's done his job, how do we ease him aside to start running the business, as a business, and not as a mission from God?

As Jackson envisioned it, E-Gold was a private, international currency that would circulate independent of government controls, and stand impervious to the market’s highs and lows. Brimming with evangelical enthusiasm, Jackson proclaimed it a cure for the modern monetary system’s ills and described it at one point as “an epochal change in human destiny” and “probably the greatest benefit to humanity that’s ever been thought of.”...

Over the next few years, Jackson drained his retirement accounts, sold his medical practice and charged credit cards to raise more than $1 million to nurture the fledgling venture. Cynics might have considered him just another internet hustler looking to strike it rich, but those who knew him say he was a true believer. “He truly thinks that having a gold-backed currency is what’s needed in the world,” says James Clement, a libertarian attorney who met Jackson in 2003. “I don’t think anyone would have stuck with it … other than that he thinks it’s extremely important and somebody has to do this.”

Something like that. We stuck with him (and really, many many of us committed a great deal to the community!) because it was a truly great idea, and he'd done the hard work to get it off the ground. We left when it became clear that Jackson's visionary focus was going to take e-gold to disaster.

Jackson, who’d hocked his future to start E-Gold, now faced the potential of a federal prison term. He was frustrated and confused.

“It never crossed my mind that anyone could seriously want people like us in prison,” he says. “But I guess my bigger fear was that we would go bankrupt, and there would be a train wreck of people that had trusted value to us who couldn’t get their money.”

The worst part about it is that we were right, he was wrong, and the world lost the benefit of his great, original vision.

The financial innovations that came out of the 1990s were extraordinary, and e-gold was one of them. Now they are all confined to the history books, perhaps with little footnotes such as "with this, the financial crisis might have been averted." Oh well. Learning is not humanity's strong suit.

Posted by iang at 10:27 AM | Comments (4) | TrackBack

June 04, 2009

Auditor(s) to be held to account? - CardSystems and Savvis

Duane points to a Wired report that Savvis has been sued (also /., 1, 2). Savvis was the Auditor of the ill-fated payments operator CardSystems that was breached heavily, lost huge amounts of privacy data, and went bankrupt.

This is significant. The audit business has invaded the IT field, now dominating the quality aspects with a stamp of approval over security and governance of all forms. I'm in one myself (at least today, not sure about tomorrow). The way it works is that we check the systems according to some metrics like criteria, management's disclosures, and other things that are called variously best practices (worst case) or common sense (better) or core competences (best case). Then we write up an opinion. Then others attempt to use that opinion in some sense or other:

When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor’s report.

In theory, CardSystems should have been safe. The industry’s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems’ auditor, Savvis Inc, had just given them a clean bill of health three months before.

The problem arises when something goes wrong -- see last week's post on the inverted pyramid. Is the auditor responsible for failure, and how much? The issue is murky, and here are two extremes:

One view has it that the auditor's opinion is relied upon by others and that this is a fiduciary responsibility before the courts, deriving from the history and tradition of financial audits. These latter hold a privileged place in the legal system; others can rely on audits over financial statements, and they can sue the auditor if there were issues. This then applies to systems audits.

A completely contrary view is that the auditor provides a useful service for whoever asks for it, and writes a limited opinion to that person. Others rely at their peril. The opinion is written in internal language, with limitations of liability, over a snapshot of time, and would not be a sound basis for reliance. The tests are closely guarded secrets, the interpretations are interesting but not revealed, and there is absolutely no indication in the process that it is oriented to the needs of the public. That is, an audit is worth practically nothing to any outsider (and insiders don't need it because they can see what's there themselves).

My view is explored in the "Audit" series of essays (1, 2, 3). However the ultimate call may come before the judge, and whichever way it goes, I suggest it is bad news for the audit business.

“We’re at a critical juncture where we need to decide . . . whether [network security] auditing is voluntary or will have the force of law behind it,” says Andrea Matwyshyn, a law and business ethics professor at the University of Pennsylvania’s Wharton School who specializes in information security issues. “For companies to be able to rely on audits . . . there needs to be mechanisms developed to hold auditors accountable for the accuracy of their audits.”

If the court rules that the auditor can be sued, and did wrong ... then the results will ripple through the field. Auditors will reach further into their bag of tricks to cover their backs, which will make audits more difficult to rely upon. This can be seen as an economic result, because likely the court's adverse ruling will break the firm that is doing the audit. No other audit firm will like that scenario of a random bankrupcy event, and we even have the data point to show it: walk the line from Arthur Andersen to Sarbanes-Oxley to the global financial crisis.

In contrast, if the court rules that the Audit cannot be relied upon, then it is game over. Once a court rules that the process is not to be relied upon, then relying parties don't need it. The audit business collapses. Maybe we need to change jobs before the exodus...

Posted by iang at 07:13 AM | Comments (5) | TrackBack

May 28, 2009

Have the accountants sold out?

Gunnar points to an interview that echos my "Audit" series (1, 2, 3). This time from Charlie Munger:

Grundfest: As we look at the current situation, how much of the responsibility would you lay at the feet of the accounting profession?

Munger: I would argue that a majority of the horrors we face would not have happened if the accounting profession developed and enforced better accounting. They are way too liberal in providing the kind of accounting the financial promoters want. They’ve sold out, and they do not even realize that they’ve sold out.

Grundfest: Would you give an example of a particular accounting practice you Find problematic?

Munger: Take derivative trading with mark-to-market accounting, which degenerates into mark-to-model. Two firms make a big derivative trade and the accountants on both sides show a large profit from the same trade.

Grundfest: And they can’t both be right. But both of them are following the rules.

Munger: Yes, and nobody is even bothered by the folly. It violates the most elemental principles of common sense. And the reasons they do it are: (1) there’s a demand for it from the financial promoters, (2) fixing the system is hard work, and (3) they are afraid that a sensible fix might create new responsibilities that cause new litigation risks for accountants.

Yeah, I just copied Gunnar's post (including the crazy "Fi" HTML artifact!). Except this bit:

This situation is very comparable to what happens in when auditors interview infosec. Auditor asks -do you have a firewall? Infosec says yes. Check.

Its too bad but assumptions of yesteryear lead to building things on shaky foundations.

The full interview is worth reading!

Posted by iang at 08:07 AM | Comments (5) | TrackBack

May 25, 2009

The Inverted Pyramid of Identity

Let's talk about why we want Identity. There appear to be two popular reasons why Identity is useful. One is as a handle for the customer experience, so that our dear user can return day after day and maintain her context.

The other is as a vector of punishment. If something goes wrong, we can punish our user, no longer dear.

It's a sad indictment of security, but it does seem as if the state of the security nation is that we cannot design, build and roll-out secure and safe systems. Abuse is likely, even certain, sometimes relished: it is almost a business requirement for a system of value to prove itself by having the value stolen. Following the inevitable security disaster, the business strategy switches smoothly to seeking who to blame, dumping the liability and covering up the dirt.

Users have a very different perspective. Users are well aware of the upsides and downsides, they know well: Identity is for good and for bad.

Indeed, one of the persistent fears of users is that an identity system will be used to hurt them. Steal their soul, breach their privacy, hold them to unreasonable terms, ultimately hunt them down and hurt them, these are some of the thoughts that invasive systems bring to the mind of our dear user.

This is the bad side of identity: the individual and the system are "in dispute," it's man against the machine, Jane against Justice. Unlike the usage case of "identity-as-a-handle," which seems to be relatively well developed in theory and documentation, the "identity-as-punishment" metaphor seems woefully inadequate. It is little talked about, it is the domain of lawyers and investigators, police and journalists. It's not the domain of technologists. Outside the odd and forgettable area of law, disputes are a non-subject, and not covered at all where I believe it is required the most: marketing, design, systems building, customer relations, costs analysis.

Indeed, disputes are taboo for any business.

Yet, this is unsustainable. I like to think of good Internet (or similar) systems as an inverted pyramid. On the top, the mesa, is the place where users build their value. It needs to be flat and stable. Efficient, and able to expand horizontally without costs. Hopefully it won't shift around a lot.

Dig slightly down, and we find the dirty business of user support. Here, the business faces the death of a 1000 tiny support cuts. Each trivial, cheap and ignorable, except in the aggregate. Below them deeper down are the 100 interesting support issues. Deeper still, the 10 or so really serious red alerts. Of which one becomes a real dispute.

The robustness of the pyramid is based on the relationship between the dispute at the bottom, the support activity in the middle, and the top, as it expands horizontally for business and for profit.

Your growth potential is teetering on this one thing: the dispute at the apex of the pyramid. And, if you are interested in privacy, this is the front line, for a perverse reason: this is where it is most lost. Support and full-blown disputes are the front line of privacy and security. Events in this area are destroyers of trust, they are the bane of marketing, the nightmare of PR.

Which brings up some interesting questions. If support is such a destroyer of trust, why is it an afterthought in so many systems? If the dispute is such a business disaster, why is resolution not covered at all? Or hidden, taboo? Or, why do businesses think that their dispute resolution process starts with their customers' identity handles? And ends with the lawyers?

Here's a thought: If badly-handled support and dispute events are leaks of privacy, destroyers of trust, maybe well-handled events are builders of trust? Preservers of privacy?

If that is plausible, if it is possible that good support and good dispute handling build good trust ... maybe a business objective is to shift the process: support designed up front, disputes surfaced, all of it open? A mature and trusted provider might say: we love our disputes, we promote them. Come one, come all. That's how we show we care!

An imature and unstrusted provider will say: we have no disputes, we don't need them. We ask you the user to believe in our promise.

The principle that the business hums along on top of an inverted pyramid, that rests ultimately on a small powerful but brittle apex, is likely to cause some scratching of technophiliac heads. So let me close the circle, and bring it back to the Identity topic.

If you do this, if you design the dispute mechanism as a fully cross-discipline business process for the benefit of all, not only will trust go positive and privacy become aligned, you will get an extra bonus. A carefully constructed dispute resolution method frees up the identity system, as the latter no longer has to do double duty as the user handle *and* the facade of punishment. Your identity system can simply concentrate on the user's experience. The dark clouds of fear disappear, and the technology has a chance to work how the techies said it would.

We can pretty much de-link the entire identity-as-handles from the identity-as-punishment concept. Doing that removes the fear from the user's mind, because she can now analyse the dispute mechanism on its merits. It also means that the Identity system can be written only for its technical and usability merits, something that we always wanted to do but never could, quite.

(This is the rough transcript of a talk I gave at Identity & Privacy conference in London a couple of weeks ago. The concept was first introduced at LexCybernetoria, it was initially tried by WebMoney, partly explored in digital gold currencies, and finally was built in
CAcert's Arbitration project

Posted by iang at 03:45 PM | Comments (6) | TrackBack

April 02, 2009

Are the "brightest minds in finance" finally onto something?

[Lynn writes somewhere else, copied without shame:]

A repeated theme in the Madoff hearing (by the person trying for a decade to get SEC to do something about Madoff) was that while new legislation and regulation was required, it was much more important to have transparency and visibility; crooks are inventive and will always be ahead of regulation.

however ... from The Quiet Coup:

But there's a deeper and more disturbing similarity: elite business interests -- financiers, in the case of the U.S. -- played a central role in creating the crisis, making ever-larger gambles, with the implicit backing of the government, until the inevitable collapse. More alarming, they are now using their influence to prevent precisely the sorts of reforms that are needed, and fast, to pull the economy out of its nosedive. The government seems helpless, or unwilling, to act against them.

From The DNA of Corruption:

While the scale of venality of Wall Street dwarfs that of the Pentagon's, I submit that many of the central qualities shaping America's Defense Meltdown (an important new book with this title, also written by insiders, can be found here) can be found in Simon Johnson's exegesis of America's even more profound Financial Meltdown.

... and related to above, Mark-to-Market Lobby Buoys Bank Profits 20% as FASB May Say Yes:

Officials at Norwalk, Connecticut-based FASB were under "tremendous pressure" and "more or less eviscerated mark-to-market accounting," said Robert Willens, a former managing director at Lehman Brothers Holdings Inc. who runs his own tax and accounting advisory firm in New York. "I'd say there was a pretty close cause and effect."

From Now-needy FDIC collected little in premiums:

The federal agency that insures bank deposits, which is asking for emergency powers to borrow up to $500 billion to take over failed banks, is facing a potential major shortfall in part because it collected no insurance premiums from most banks from 1996 to 2006.

with respect to taxes, there was roundtable of "leading expert" economists last summer about current economic mess. their solution was "flat rate" tax. the justification was:

  1. eliminates possibly majority of current graft & corruption in washington that is related to current tax code structure, lobbying and special interests
  2. picks up 3-5% productivity in GNP. current 65,000 page taxcode is reduced to 600 pages ... that frees up huge amount of people-hrs in lost productivity involved in dealing directly with the taxcode as well as lost productivity because of non-optimal business decisions.

their bottom line was that it probably would only be temporary before the special interests reestablish the current pervasive atmosphere of graft & corruption.

a semi-humorous comment was that a special interest that has lobbied against such a change has been Ireland ... supposedly because some number of US operations have been motivated to move to Ireland because of their much simpler business environment.

with respect to feedback processes ... I (Lynn) had done a lot with dynamic adaptive (feedback) control algorithms as an undergraduate in the 60s ... which was used in some products shipped in the 70s & 80s. In theearly 80s, I had a chance to meet John Boyd and sponsor his briefings. I found quite a bit of affinity to John's OODA-loop concept (observe, orient, decide, act) that is now starting to be taught in some MBA programs.

Posted by iang at 06:51 PM | Comments (3) | TrackBack

March 15, 2009

... and then granny loses her house!

A canonical question in cryptography was about how much money you could put over a digital signature, and a proposed attack would often end, "and then Granny loses her house!" It might be seen as a sort of reminder that the crypto only went so far, and needed to be backed by institutional support for a lot of things.

And now comes Darren with news that Granny is losing her house, proverbially at least. In a somewhat imprecise article (written by a lawyer?) in the Times:

... The ingenuity of the heists carried out ranges from “selling” property they do not own to “buying” property at inflated valuations and making off with the difference.

Critical to many of these scams is the use of stolen identities. According to many solicitors specialising in the field, the key context for the problem was the dash into deregulation and e-commerce earlier this decade.

“There was a view throughout the profession that the abolition of documents of title and reliance upon electronic records would contribute to fraud. And so it has proved,” Samson says. “All this information is open to view through the internet so a fraudster can see exactly who owns a property, assume his or her identity and then sell it.”

While this may sound absurd for owner-occupied homes, it is all too easy, for example, with vacant properties. “What’s more the rightful owner won’t even know that it has happened,” he adds.

So the basic fraud appears to be: find a property that is not cared for by its owner. Assume the owner's identity. Sell it. Or,

To put the hat on what seems a complete botch-up by lawmakers and regulators, the effect of the Land Registration Act 2002 was that the fraudulent purchasers are given a legal title to their “purchase”. “If the fraudster succeeds in having title registered in his name he can mortgage the property,” Samson says. “The true owner may be able to have the transfer to the fraudster reversed by rectification but he will still take the property subject to the mortgage.”

buy it! Now, within that article, there is no shortage of soliciters saying "we told you so!" But the real systemic causes of this fraud will need more digging. We can guess what the first cause is: identify theft. That is, high levels of dependency on the fictitious notion of identity as a protector of security. Yes, that will always get you, and it will likely take another decade before the British populace lose their current faith in identity.

The second cause however is more subtle. As pointed out by Eliana Morandi in a 2007 article, "The role of the notary in real estate conveyancing," problems like that do not happen in continental Europe (see _Digital Evidence and Electronic Signature Law Review," 2007). What's the difference? Whereas the English common law system requires each party to have independent representation, the continental system requires one party, the notary to secure the entire deed for both the buyer and seller. And take the full responsibility, so issues such as this are solved easily:

In cases where, for example, a lender whose mortgage is being paid off has no lawyer, the conveyancer may face claims for having not fully observed the Land Registry’s practice guide. And instead of the Land Registry paying compensation, it will look to the solicitors to reimburse the victims.

Warren Gordon, of Olswang, who sits on the Law Society’s conveyancing and land law committee, protests that it is unrealistic to expect solicitors to do a comprehensive check on someone who is not their client. “It’s unfair to put all the risk on the solicitor, including asking him or her to sign off on the identity of someone he or she does not act for,” he says.

Meanwhile, Paul Marsh, president of the Law Society, points the finger instead at the bankers who are providing fraudsters with the funds to perpetrate their dodgy deals. “At the top end we see vast bonuses being paid to bankers at board level for what turn out to be disastrous investments, while at the grass roots local bankers are under pressure to make loans — to sell money — without even the most basic procedures in place to prevent fraud,” he says. “The banks are refusing to take responsibility for this because they know that they can pin it on the solicitors.”

The bottom line of course is which system is more efficient in the long run. The European Notary may charge more money for the perfect transaction. If the English solicitors can undercut that price, and reduce the fraud such that the result is still better, it is a good deal. Which is it? The abstract to Morandi's article gives a clue:

The role of the notary in real estate conveyancing

Eliana Morandi sets out the role of the civil law notary in the context of real estate conveyancing, illustrating how more effective and less costly it is when undertaken by civil law notaries.

(Unfortunately my copy has conveyed itself into hiding.) If fraud rises in Britain, we will need changes. Now, we've seen with the rise of identity fraud in the USA that there has been zero incentive for the players to change the way identity is used, so we can predict that the Brits will not change the registry practice. Also, the likelihood of the soliciters giving up their lucrative representational practice is pretty low.

However the complicated notarial versus solicitorial versus identity versus registry war pans out in the long run, it seems that solicitors are going to have to bear increased responsibility to check the identity of their counterparty. Perhaps they should pop into the Identity and Privacy forum, 14th 15th May over in London's Charing Cross Hotel? Probably a bargain if it saves them from granny's wrath.

Posted by iang at 05:58 AM | Comments (3) | TrackBack

March 01, 2009

Audits III: we don't know enough even to know what we don't know

Are Audits going to help at all? Are they worth the cost? Are they part of the problem or can they be part of the solution? Originally, I claim they can help, especially for an organisation that has never been audited. That's my experience of one data point. But that's surely not sufficient, we need more. We need to know whether we can rely on these things, we need to know how to rely on these things, and when. And in the aftermath of the failure of Sarbanes-Oxley, we need to dismiss the easy answer of "we'll all just work harder."

In short, we need to know what it is we do know. Here is my view: we don't know enough.

Let's see if I can sustain that claim. If we read through the background of the cases of failure before us, whether Madoff, Satyam, Bear-Stearns, Lehman Brothers or all the bailouts, we will (a) find the Auditor, (b) find why he didn't pick up the failure, (c) cry foul, and say it should be like this or that, and (d) be fooled again. Why is this? We need to look beyond the superficial (tweaks like changing the auditor, rewriting the rules, or collapsing all firms down to the Big One) and go deep.

What actually do we the end-user really know about an audit? We can look at this several ways.

  1. We can read the audit opinion itself. That is, read any audit report of any bank-that-then-failed, and ask yourself what it says? Try these on for size:
    • Is there any language in there tells us it is good? Or about to fail?
    • Drill further. Do the criteria used for the examination advance your interests or not? Do you understand the criteria? Can you even find the criteria?
    • Who was the audit report delivered to? If the opinion wasn't delivered to you how do you know that it is relevant to you?
    • Are the opinions summarised, are critical disclaimers included?
    • Did the auditor tell the client what was to be provided, or did the client tell the auditor what was wanted? Were the terms of the examination stipulated? Where does it say that? Where does it say it wasn't?
    • Is it an audit, an opinion, a review, an attestation, or an attest? Is it a "trust service," an SAS70, or? Compatible with, or compliant with?
    • Was it a compliance audit or chosen by discretion? Almost certainly, it was a compliance audit, but what was it in compliance with? How useful is that goal to you?
    • Is there "audit language" in there that is only interpretable by another auditor? A "secret code," as it were, for other auditors?

    If you didn't quite follow the above, that is precisely the point. To cut a long story short, if you can successfully interpret an audit report, you are probably either very experienced, or in the business yourself. For the most part, the result of the audit is inscrutable to the outsider.

  2. There wider business issues in the audit. Some are well known signals, frequently commented on in the press: Is the auditor too small or under-resourced to do the job? Is the auditor too big to avoid the channeled result, to avoid being locked in his box? Is the reviewer licensed by a body, tested to some standard, trained to some degree or knowledgeable through street learning? Are any of these relevant? And some are more subtle, but well understood in the industry: whether there are conflicts of interest, whether the auditor was chosen for the result, or more blatantly, whether the auditor is in pocket or for hire, or an out-and-out crook?

    Just to ask that stress that last point, I asked a mate this seemingly innocent and easy question: "how do I find a dodgy auditor for hire?" Without a moment's thought, he came back with three recommendations: examine the regulatory filings, look for suspensions, and, ask a crooked lawyer. There followed a much more detailed explanation of how these things will help, which I won't bore people with here. Suffice to say, these dirty tricks reveal the existence of auditors who are easily for hire. Hopefully, they are the exception not the rule, but how do we know?

  3. It's probably also worth mentioning that the audit itself is only a very specific or narrow thing, yet most people like to think of the audit as a binary signal of saintliness. The public brand of the audit is still very good, indeed, almost unchallenged. The broader public likes to think of an audit as proof of goodliness, investment potential, security etc etc, when anyone who has been close to the situation knows that the gulf between perception and reality is so wide as to be at least wrong, definately troubling and possibly deceptive.

    Let me explain what I mean by that point. Auditors if pressed will reveal that their opinion is strictly limited by a number of caveats. Indeed, the opinion is rendered over layers of indirection, such as the management's procedures rather than the assets in question. See point 1 above. However, Auditors will not press home the real conclusions: you yourself do not understand it, nor will you spot when it is no longer useful to you. Meanwhile, those same Auditors are happy to let you believe as the wider public that the audit is a singular, all encompassing stamp of goodliness.

    In short, the Audit profession benefits by letting you believe in one very broad and saintly brand, but acts to reduce the scope of the result so far as to make that brand non-representative. To use a polite term, you understand ... the point to fixate on here is not why it is like this, or how far it is from the truth, but that this may explain why you don't really appreciate the limits of audit, let alone understand them.

My claim in today's post then is that the user cannot tell whether an audit is any use or not. Which audit is good for you, and which not, even if good for others? Which audit is good, and which is plain bad? The crux of the matter is that you yourself cannot tell what any of those pronouncements mean, unless you are an insider. You don't know whether you can rely, when to rely or how to rely.

Instead, you are offered a promise of a verified obscurity, within the comfort of a wonderful brand. In this situation, although there is a vague promise of positive results, there are also far too many circumstances in which the results can be positive for others, while negative for you, so obfuscated and confused as to be worthless, or, even as far as downright fraudulent. You will never know, and indeed, you probably can never know.

To put it in terms of the popular security media, the Audit is fully compliant with security-by-obscurity. In the security world, we would say that a tool designed to that standard is generally brittle. Once cracked, it often fails completely, and badly. This is because, although the obscurity gave a measure of protection, that same obscurity hid other weaknesses which could have been easily fixed. For that reason, we in the security field do not advise security-by-obscurity.

What that does to the concept of reliance on Audits is left for another post!

Posted by iang at 04:35 PM | Comments (4) | TrackBack

February 08, 2009

Audits II: Two more scary words: Sarbanes-Oxley

In the last post on audit, I raised the possibility that we need some fixes to the audit process, rather than just following some journo's best practices list ("use a big-4 auditor"). Is it then a possibility to rewrite the regime, to create a tougher approach? If we look a little deeper in history, we find the answer:

No, we already tried it. Say hello to two more scary words: Sarbanes-Oxley. Recall that this was a huge project by the Congress of the USA to rewrite the entire auditing requirement for public companies. It was deliberately and carefully done in the aftermath of the collapse of audited-but-unauditable Enron.

In Sarbanes-Oxley, no stone was left un-turned, no leaf un-renewed. The noble profession of Financial Auditors had, post-Enron, plenty of incentive to improve their game. Sarbanes-Oxley was written at the behest of the auditing industry. They asked for it, and they got it, cost regardless. It more or less doubled the size of the public audit.

Indeed, Sarbanes-Oxley was so fierce that, by some lights, it killed the international market for Wall Street IPOs! Given all this substantial work, and substantial cost, the paying public might therefore expect that Sarbanes-Oxley must have done some good. Fair enough?

Certainly, there have been many reports of "stronger, better" but this is one of those questions that is hard to measure objectively because we cannot run proper tests. However, we do now have would could be considered to be a highly indicative test: the financial crisis.

Let's check the record: did any audit since Sarbanes-Oxley pick up any of the problems seen in the last 18 months to do with the financial crisis?

No. Not one, not even a single one!

Yet, the basic failures in the financial crisis are so blatant that surely, even by accident at least one audit should have picked up at least one pending failure, and fixed it? No, not one, known to date. At least, as far as I know, and we should probably wait a few years before writing the final judgment. Post any examples in comments! (And yes, for the record, we are ignoring all of the regulators, central banks, finance committees, rating agencies and other checks and balances that also apparently came to nought.)

Can we pronounce the financial audit as bankrupt by its own measures? In theory, the audit should have picked up these failures, all of them. Consider this case-in-point, to prove that the theory works: the enhanced audit required on public listing did in fact pick up the Refco fraud that led quickly to its failure, and the near-failure of Bawag, a big bank in Austria that participated in the fraud. (The sorry fool who found the fraud was fired for his troubles, and only later did his reports filter out and cause questions that ultimately forced the fatal result.)

The audit theory works, then, in some sense or other. Manifestly, audits didn't work for the financial crisis. And, they so didn't work after that so-huge rewrite called Sarbanes-Oxley, that we can conclude that mere improvement is completely off the agenda.

Questions arise. And, this time they are serious, more serious than post-Enron. This time the questions cannot be answered from within, but only from without. By us, the paying public. The questions before us could be considered like this:

Why did the audit not work in practice? For the financial crisis?

Are audits delivering a benefit?

Is the benefit of audits in excess of their cost?

Are audits part of the problem rather than the solution?

What do we do about it?

In order to answer that, we need more information. What is it that we really know about that audit? That's the subject of the next post.

Posted by iang at 07:29 PM | Comments (5) | TrackBack

February 03, 2009

"No, you don't understand sheep"

Sometimes I slave over a hot keyboard for an entire weekend to get a point across. With elegant arguments, carefully constructed logic, and a full path from beginning to end. Integrated across 3 separate disciplines. If I get to QED in less than 3 pages, I'm happy!

And then Gunnar comes along and says:

A teacher asks the class, 'If there are nine sheep in the pen and one jumps out, how many are left?'

A little girl says, 'None of them are left.'

The teacher shakes her head sadly and says, 'You don't understand arithmetic.'

The girls says, 'No, you don't understand sheep.'

Posted by iang at 09:27 AM | Comments (0) | TrackBack

January 25, 2009

Audits I: A Word on the Limits -- Madoff

I had been meaning to write something on audits when this dropped into the email box from Bruce Schneier, late last year, which gave me the perfect opening:

How to Prevent Digital Snooping

What these three incidents illustrate is not that computerized databases are vulnerable to hacking -- we already knew that, and anyway the perpetrators all had legitimate access to the systems they used -- but how important audit is as a security measure.
Most security against crime comes from audit. Of course we use locks and alarms, but we don't wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that's audit.

Audit helps ensure that people don't abuse positions of trust. The cash register, for example, is basically an audit system. Cashiers have to handle the store's money. To ensure they don't skim from the till, the cash register keeps an audit trail of every transaction. The store owner can look at the register totals at the end of the day and make sure the amount of money in the register is the amount that should be there.

Bruce Schneier presents the positive, classical case for Auditing fairly well. Audits can help, especially operations that have never been audited, which receive what amounts to a serious kick in the behind.

But, and switching away from Schneier's "world without Audit" context to the financial world, it is fairly clear that the Audit has limits. Here's a word on those limits: *Madoff*. A reasonable question would be, if Audit can save us from bad stuff, why didn't it save us from Madoff? Some apparent or alleged facts from that case:

  1. The crime had been running for years, with Madoff himself admitting that the fund was technically bankrupt for years. Allegedly.
  2. It was the most basic fraud of all: funds that were used to pay out retiring investors did not exist, and instead were being transferred from new investors. E.g., we are talking about the Numbero Uno, Absolute First Thing that a financial audit should check: solvency.
  3. There was an auditor.
  4. The Auditor spotted nothing.
  5. The SEC likewise spotted nothing.
  6. Investors spotted nothing, at least the ones that invested didn't and those that did said little.

(Note, I wrote this about a month ago, and we probably know more now... hopefully I haven't missed something key. Anyway, journalistic standards being pretty low these days, onwards and upwards!)

All these claims, alleged or claimed or assumed or otherwise, have to give pause for thought.

What's truly scary about Madoff is that when you talk to people who were ripped off you think, there but for the grace of God goes me.

Professionals feel the same way.

This from the president of a fund of fund business: "Every time one of these frauds is discovered I get scared to death it could happen to us. We do lots of things to try to ensure it doesn't, such as checking and confirming auditors and auditor changes, using a private investigator to check on managers when we first invest and the having the PI annually update the file, trying to find references which are not on someone's reference list, etc." If big investors like these could be fooled, he said, anybody can be fooled.

Audits can help, and I do one myself. It helps, I claim, and I document some of the effects. Yet we clearly have problems, there are many flaws. For example, some will say, Madoff happened because it wasn't a big auditor:

"Clearly everyone believed that someone else had done the due diligence. And by relying on some small firm that Madoff employed rather than a big independent auditor was clearly a mistake," said one person who asked not to be identified because several clients lost money with Madoff and he was not permitted to speak publicly.

If you believe that, then I have an audited bridge to sell you. There is something more endemic and more core going on here, and the answer to this is likely not as trivial as "use a big 4 auditor." Indeed, we can knock that one on the head, comprehensively, with one single fearsome word: Enron. Followed by two more scary words: Arthur Andersen.

The world's oldest and most prestigious Auditor collapsed because of the audit failure with Enron. But, for the real result in this, and what happened after those fearsome events, let's slice some more scary words off to another post.

Posted by iang at 05:38 PM | Comments (1) | TrackBack

November 25, 2008

Who would judge a contest for voting machines?

In a previous entry I suggested creating an AES-style competition for automated voting systems. The idea is to throw the design open to the world's expertise on complex systems, including universities, foundations and corporates, and manage the process in an open fashion to bring out the best result.

Several people said "Who would judge a contest for voting machines?" I thought at first blush that this wasn't an issue, but others do. Why is that? I wonder if the AES experience surfaced more good stuff than superficially apparent?

If you look at the AES competition, NIST/NSA decided who would be the winner. James points out in comments that the NSA is indeed competent to do this, but we also know that they are biased by their mission. So why did we trust them to judge honestly?

In this case, what happened is that NIST decided to start off with an open round which attracted around 30 contributions, and then whittled that down to 5 in a second round. Those 5 then went forward and battled it out under increased scrutiny. Then, on the basis of the open scrutiny, and some other not-so-open scrutiny, the NSA chose Rijndael to be the future AES standard.

Let's hypothesize that the NSA team had a solid incentive to choose the worst algorithm, and were minded to do that. What stopped them doing it?

Several things. Firstly, there were two rounds, and all the weaker algorithms were cleaned out in the first round. All of the five algorithms in the second round were more or less "good enough," so the NSA didn't have any easy material to work with. Secondly, they were up against the open scrutiny of the community. So any tricky choice was likely to cause muttering, which could spread mistrust in the future, and standards are susceptible to mistrust. Thirdly, by running a first round, and fairly whittling the algorithms done on quality, and then leading into the second round, NIST created an expectation. Positively, this encouraged everyone to get involved, including those who would normally dismiss the experiment as just another government fraud, waiting to reveal itself. At a more aggressive extreme, it created a precedent, and this exposed the competition to legal attack later on.

These mechanisms worked hand in hand. Probably, either alone was not sufficient to push the NSA into our camp, but together they locked down the choices. Once that was done, the NSA saw its natural incentives to cheat neutered by future costs and open scrutiny. As it no longer could justify the risk of cheating, its best strategy was to do the best job, in return for reputation.

The mechanism design of the competition created the incentives for the judge to vote how we wanted -- for the best algorithm -- even if he didn't want to.

So, we can turn the original question around. Instead of asking who would judge such a competition, design a mechanism such that we don't care who would judge it. Make it like the AES competition, where even if they had wanted to, the NSA's best strategy was to choose the best. Set yourself a challenge: we get the right result even when it is our worst enemy.

Posted by iang at 11:35 AM | Comments (3) | TrackBack

September 21, 2008

Success has many fathers, but failure has the US taxpayer

The USA financial mess was seen taking a brief pause, with almost 24 hours going by without another new world record in greatest failures ever. Morgan Stanley gamely held on ... But even as we speak, they are preparing the mother of all bailouts. It's the weekend, of course, and recent tradition has it that only on Sundays is it right to sell the free market. Or something.

Since the crisis began more than a year ago, the Treasury and Federal Reserve have already put nearly $1 trillion of taxpayer money on the line to help credit flows, while banks have suffered more than $500 billion of write-downs and loan losses.

A trillion here, 500 billion there. 700 billion by Monday? Pretty soon we'll be talking about real money.

The deficit for this budget year, which ends on Sept. 30, is expected to rise to $407 billion, a figure that is more than double the $161.5 billion imbalance for 2007, reflecting what the economic slowdown and this year's $168 billion economic stimulus program are already doing to the government's books. And that forecast doesn't include the $200 billion the administration committed to spending two weeks ago when it took over the nation's two biggest mortgage companies, Fannie Mae and Freddie Mac.

And it doesn't have any of the $700 billion the administration is seeking to soak up the bad mortgage-backed securities that have been at the heart of the severe credit crisis the country has been struggling with since August 2007. The legislation Congress passed this summer that gave the authority to rescue Fannie and Freddie boosted the limit on the national debt by $800 billion to $10.6 trillion.

Frankly, writing about the financial scene right now is trivially easy -- any number of sage saying will ring true. But, writing is also pointless, as the flood of diatribe might entertain us, but does nothing to take us forward.

Well, maybe it's the grief thing: we need this time to wail and gnash over lost innocence and easy profits. We seem to be in the bargaining phase, as Ben Bernanke and Henry Paulson tell various leaders, great and good, to move forward, sign the (blank) cheque and accept the master you all know you need.

In an ideal world, we could skip the depression and move onto acceptance, and rebuilding. How to rebuild? The answer to that question requires a very deep understanding of what is wrong, first and foremost. As I described earlier, I believe the failure syndrome is one of an overly complex system, in which each component works in isolation, but is too complex to analyse externally. Especially, building upwards on this shaky foundation is not safe, but continues nonetheless.

(If, by way of your example, you believe the problem is something else, you are not going to subscribe to the following. That's ok, because in the blogosphere, we still retain a free market in ideas, if little else.)

Onwards. Financial cryptography exists to reduce that complexity. One of the emerging results of financial cryptography, in all its various guises, is that the simple component is the stronger one, and the only sound basis for building to the next layer. We can build higher if we aggressively simplify the lower layers.

Let's present an example, one from Ricardo, which isn't the only system to employ these strategies, just the one I did and therefore is easier to present (another is Lynn's x9.59).

In this system, we use a thing called triple entry bookkeeping, which is digitally signed transactions stored in three places: yours, mine and the repository. Because the transactions are digitally signed and because there are 3 independently administered copies, and because all are equivalent (students of digital evidence take note) there is a very strong foundation on which to build the next layer. It might not be the best way to do transactions, per se (all those extra copies! all that superflous crypto-cycling! no two-phase commits!) but it does present the strongest foundation known to the upper layers.

So much so, that triple entry does for external accounting what double entry did for internal accounting 700 years ago. It is for reasons like this that designs like Ricardo will eventually change the financial system: they create building blocks that can be built on, and will support a massive weight, unlike the the current benchmark of cinder blocks of reinforced air.

When this system was presented to the SEC, someone at the meeting called it the third rail, which is finance-geek talk for the silver bullet. Ben Bernanke probably won't remember (he was there), but the point of this sophistication is an aggressive simplification: by knowing we can rely on every transaction being solidly recorded, we can move up to the next layer. Which we did; the whole system was really intended to resolve many of the uncertainties in today's trading, not just the lower layer accounting.

Which then raises the real question: why the innovations in FC (the above one, and for further example, the so-called blinding formula and its three orders of cost-reduction, or naked transactions de-risking strategies, or ...) did not move forward? I believe the answer is found, again, in the complexity of each incumbent building block.

Incumbents favour complexity. More complexity means more jobs, which finds more favour. Complexity means that while it takes a long time to learn it all, once you get there, you are safer. It requires extraordinary minds to understand it all, and that makes you feel good about yourself, and helps you to lord it over the rest. It gives plenty of flexibility to deliver complex claims, and cover them up when they go wrong.

In fact, it is rather hard to find a good reason not to make something complex. That's because all of these things are good for incumbents, and terrible for everyone else, and nobody asks anyone else. E.g., the customer or the taxpayer is never asked, always told, and always lied to. Every one of the great reasons for complexity is a cost, a priori, with no payback. Every little complexity helps in the long run to raise our own entrenched position, inside, and create a 'tax' on the paying classes. Otherwise we wouldn't promote it.

But what is worse is that complexity hides a greater sin: what we might call complexity fraud. When everything is a mess, nobody cares if someone is stealing the garbage. Nobody will likely notice, and if indeed you are noticed, they'll likely praise you for your help! Complexity fraud is the best fraud of all, because it is a long term cash flow, it looks legal, and anyone smart enough to spot it and understand it would probably join it rather than fight it.

For example, consider the rating agencies. They are supposed to warn of credit risks. They didn't (again), until it was too late (again). Why not? Because they are mandated. Ratings have to be done for many markets, which guarantees a steady flow of revenue as long as nobody upsets the apple cart. This might have seemed like a wise move once, but it can also be seen as a fraud born of complexity: if the complex markets are too hard to understand, then we can create a rating agency that is simple to interpret. Fine. On paper, we apparently simplified it, but in practice, we removed the observation from the real complexity, and put it across to a single number system, and we created a payout for a special person. The moment it is *mandated* then the rating agency kicks back and sucks at the teat, like everyone else, as it has absolutely no interest in upsetting its relationship with the companies that pay for their rating. (Students of incentives, take note.)

And, this is why there was not so much resistance to that early 2000s evil, Sarbanes-Oxley. As long as it was done to everyone equally, everyone made more money. Everyone who was asked, that is. Accounting doubled in size, so the auditors weren't complaining. Rules doubled, too, so the high-end complexity-crooks were happy. Large banks weren't complaining because it reduced the nibbling of the smaller banks. Democrats are always happy at more regulation. Republicans are always happy to promise a safe free market. Everyone was happy.

Who lost? The end-paying public of course. Sarbanes-Oxley was a bill to ravell fraud, but it was hopeless at unravelling. Rather than stopping Enrons, we got a rabbit-like plague of them; not directly because of Sarbanes-Oxley, but because we took our eye off of the systemic mess -- well identified in the early 2000s -- and created more complexity to hide the real problems.

Technology can help. FC can simplify things; but the leadership to put in simplifications instead of complications is strangely absent in Finance, and tech can not solve that. You might not agree that this is because of the forces I outline above; but I've yet to find another compelling explanation for this observation: simplification is rarely praised, but complexity finds many friends.

Posted by iang at 03:31 PM | Comments (4) | TrackBack

September 11, 2008

reliance on security claims: what can go wrong?

One of the perpetual threads is about how to deal with users' expectations (profit!), especially when they clash with the goal of protecting their assets (governance). In one example, people are dealing with the impossibility of CA liability versus the imponderability of universal service to browser users. In another place, security researchers are mentally edging away from life-as-seller to life-as-mentor. In user interface circles, the news is likewise not good: all the efforts look good on paper, but have trouble working in measurable practice.

Just how far is the gulf between user expectations and what the infrastructure can deliver? One airline just got a lesson:

Apparently a botched news story sparked a selloff of shares of United Airlines (UAL) yesterday. It seems that, on Sunday afternoon, the South Florida Sun-Sentinel accidentally re-ran a six year old Chicago Tribune article about United filing bankruptcy. Unfortunately, there was no date associated with the story, and Bloomberg picked it up and reported it as new information shortly before 11AM yesterday.

Not surprisingly, this blunder resulted in massive selling, driving shares of UAL down 75% from a bit over $12/share to $3/share. Here’s a screenshot of the stock chart showing the precipitous drop.

The story was pulled, and United is reportedly investigating what happened. As of right now, the stock is trading at just shy of $11/share. It’s kind of scary what an errant click of the mouse can do, isn’t it?

It is pretty clear that users can be spooked by a false story. It's also clear that the degree of spooking is inversely related to the accuracy of information; the vast number of stories that are printed in the media have approximate truth in them.

What to do about this? In practice, there is little to do. Make sure that the source of the error is fixed, and, make sure it was an innocent error. But that doesn't solve the real problem, only makes sure that the one person never makes the one exact error again.

In practice, a rogue hit can always damage. So, roll out the damage control. The answer with how to deal with these totally unexpected events then is almost always "we'll look at it when it happens," and "we have damage control for that."

(The users in the above case might have other views. But for them: investment is risky, and they can always take their dispute to the courts. I'm more interested in how it would play out in a security market where courts traditionally haven't backed up the user, and the market is supposed to be non-risky by design.)

Posted by iang at 04:30 PM | Comments (0) | TrackBack

September 09, 2008

WSJ finds someone to blame.... be skeptical, and tell the WSJ to grow up.

JPM points to the tabloid for serious teenagers, the Wall Street Journal, who finds someone to blame for Fannie Mae and Freddie Mac:

There you have the Fannie Mae problem in profile. Mr. Frank wants you to pick up the tab for its failures, while he still vows to block a reform that might prevent the same disaster from happening again.

At least the Massachusetts Democrat is consistent. His record is close to perfect as a stalwart opponent of reforming the two companies, going back more than a decade. The first concerted push to rein in Fan and Fred in Congress came as far back as 1992, and Mr. Frank was right there, standing athwart. But things really picked up this decade, and Barney was there at every turn. Let's roll the audiotape:

In 2000, then-Rep. Richard Baker proposed a bill to reform Fannie and Freddie's oversight. Mr. Frank dismissed the idea, saying concerns about the two were "overblown" and that there was "no federal liability there whatsoever."

Read the whole thing, it is hilarious or sad, depending on whether you have to pick up the check. (For the latter, consider that $200bn leveraging that $5.4 trillion of expanded credit is actually a bargain!).

Yet, blaming Mr Frank is just childish. The WSJ writes as if it were Peter Pan:

Mr. Frank has had many accomplices from both parties in his protection of Fan and Fred. But he was and is among the most vociferous and powerful. In any other area of American life, this track record would get a man run out of town.

A Congressman is just a hired gun. Perhaps suspecting that adults lurk nearby, it is admitted that, if it wasn't Mr Frank, it would be someone else. Or something else. Running him out of town might make the lost boys feel better, but it changes nothing.

The core failure in the mess is as I described yesterday, and if you want to avoid collapses of this size, then there is one solution: "don't do that!" That being, in a nutshell, interfere in a market. Sometimes known as "small government" or whatever passes for the opposite of socialism these days (now that choosing capitalism is no longer trendy).

The US government has, like all other socialist enterprises, fallen for the old trick of interfering in a market, because (a) it can, and (b) it's always easy to convince people you have a good idea, if you pay them... Of course, it's not a good idea, and the real truth is the governments do not know how the markets work, almost by definition: that's why we have markets, and if government workers knew how they worked, they would get in them and make money like everyone else.

If the population of the USA decides to run a socialist housing market, then so be it. And, there seems little doubt that this is what the population of the USA wants, as the only man who wouldn't write the check, Ron Paul, got nowhere in the recent Presidential nominations.

It's your choice! Pass the hat around, and write up another mortgage application.

Posted by iang at 06:37 AM | Comments (6) | TrackBack

September 08, 2008

The Mess: looking for someone to blame?

A slightly smaller problem than this weekend's systemic risk and the US Treasury is the continuing weakness of the security of the US retail banking sector:

They are a staple of consumer-complaint hotlines and Web sites: anguished tales about money stolen electronically from bank accounts, about unhelpful bank tellers and, finally, about unreimbursed losses.

But surely customers of the elite private banking operation at JPMorgan Chase, serving only the bank’s wealthiest clients, are safe from such problems, right? Wrong, says Guy Wyser-Pratte, an activist investor on Wall Street for more than 40 years who uses his hedge fund’s war chest of roughly $500 million to wage takeover fights and proxy battles in the United States and Europe.

In May, Mr. Wyser-Pratte learned that someone had siphoned nearly $300,000 from his personal account at the private bank through many small electronic transfers over a 15-month period. Then he was told by the bank that he could stop the theft only by closing his account and opening a new one — an enormous hassle, he said. And finally, JPMorgan Chase told him that the bank would cover only $50,000 of his losses.

Just like the other scandals, we watched this one arise, and now it is here. Warnings fell on deaf ears, so we can only wonder what is the systemic cause here of this mess.

In the case of phishing, it is relatively clear. The developers believe the PKI book. The PKI people believe in the efficacy of digital signatures to prove stuff. The cryptographers believe in the perfection of mathematics, and the security world believes in the completeness of their own learning. They are all wrong, but only at the large level of generalisations, not at the detailed level of particular claims. Any one of the claims, in isolation can be shown to be true. But, generalising these brittle claims to be solid building blocks is a completely different question. Few of the claims are strong enough to partake in a general model without severe support; the general model of secure browsing is the best evidence of how it is secure in name only.

How then is it built? By accident or by design, a series of claims meet together in a holy ring of righteous architecture. Each of the proponents claim loudly that their part is strong, but the ring has no strength. Eventually, one of the claims in the links is broken. For phishing, the browsers never did have the potential to show authenticity; not only did they not have the security strength to do it (c.f., Skype v. CSRF), they didn't even do it in practice (recall the lost padlock?), and their recent efforts to show authenticity (c.f. colour debate) reveal how far they are from understanding even the goal, let alone the implementation. Once that link was broken, and money was made, all the others revealed their weaknesses, as crooks systematically worked to breach the lot.

If we look at the wider financial collapse, now underscored by the nationalisation of the worlds biggest financiers of mortgages ($ 5.3 trillion.... or is it $ 5.4 ?), we see the same pattern. The bankers believed in their product. The originators believed in their origination, the securitizers believed in their free market and accurate price, and the holders believed in the assets. The CDO, the subprime, the other 100 special names, each was a contract. Each was clear in and of itself. But, when placed end-to-end, in a line, with a bunch of other agreements, the claims that were good in isolation were not strong enough to participate in the super-claim made of the overall edifice.

The financial system was built like a bridge; each piece rested on the previous one. And then, the clever architects bent the bridge around ... and around again, until the first piece met the last. The elegant keystone of finance was to finally lift up the first one to rest on the last.

Thus, the banks themselves invested their capital in their own product.

This weekend, the US Treasury joined in to make the ring stronger. The cunning masters of the financial universe carefully lifted up the fan-fred paper and rested them on the T-bills, which as we know are the expressions of the US economy's ability to generate taxes. These willing taxpayers are proud to place themselves and their mortgaged homes in the ring of power.

Beautiful, elegant, and hugely profitable. Just, somewhat, slightly against the laws of gravity.

The problem with this -- both the financial markets and the Internet security markets -- is that there is no-one to blame . Each is constructed in ring of claims, which eventually return to rely on themselves.

So when you read about who is to blame, be quick to be skeptical:

Long before the mortgage crisis began rocking Main Street and Wall Street, a top FBI official made a chilling, if little-noticed, prediction: The booming mortgage business, fueled by low interest rates and soaring home values, was starting to attract shady operators and billions in losses were possible.

"It has the potential to be an epidemic," Chris Swecker, the FBI official in charge of criminal investigations, told reporters in September 2004. But, he added reassuringly, the FBI was on the case. "We think we can prevent a problem that could have as much impact as the S&L crisis," he said.

Today, the damage from the global mortgage meltdown has more than matched that of the savings-and-loan bailouts of the 1980s and early 1990s. By some estimates, it has made that costly debacle look like chump change. But it's also clear that the FBI failed to avert a problem it had accurately forecast

Forget it. My experience of the mutual funds mess -- one what was *not* cleaned up despite public pronouncements to the contrary -- and other messes such as the digital gold story indicates that the FBI has zero chance of understanding the mortgage mess, let alone cleaning it up. Sure, there is fraud going on, but don't expect the FBI to understand the nature of it.

Posted by iang at 07:54 AM | Comments (2) | TrackBack

September 06, 2008

When risks go south: FM&FM to be nationalized

Not just another two scalps being counted: Fannie Mae and Freddie Mac, the huge USA mortgage lenders, are to be nationalised:

The government’s planned takeover of Fannie Mae and Freddie Mac, expected to be announced as early as this weekend, came together hurriedly after advisers poring over the companies’ books for the Treasury Department concluded that Freddie’s accounting methods had overstated its capital cushion, according to regulatory officials briefed on the matter.

Well, what else can they do? Think about how huge this is: the two of them hold or back debts of around $5.3 trillion dollars . Failure is almost certain systemic collapse: first the US housing market, then the rest.

The theory of central banking has it that the CB is the lender of last resort. And after that last resort, it owns the bank. So the Fed now will own these mortgage lenders, as a consequence of its role. No change here.

But, the theory also has it that any lending brings on the most severe punishments. Collapse and rescue by the CB then means: all shareholders are set to zero. All directors are sacked. It is then welcome to see that, in contrast to earlier wimpy efforts by Bernanke's Fed, this:

The details of the deal have not fully emerged, but it appears that investors who own the companies’ common stock will be virtually wiped out; preferred shareholders, who have priority over other shareholders, may also wind up with little. Holders of debt, including many foreign central banks, are expected to receive government backing. Top executives of both companies will be pushed out, according to those briefed on the plan.

will be pushed out? Pah! In Switzerland, it is apparently a crime to be an officer of a failed bank. Think hard here.... Who are their auditors? Who were the ratings agencies? Who were the regulators?

While others ponder the detail of rounding up the guilty, there is the wider question of how to act, systemically, and properly, if one were a CB. What caused this to happen?

Clearly, we don't know the full detailed story. We do know the US economy has been out of balance for the last many years, you pick the number. We do know that pay-up time is now. Further, it has been obvious for a long time that FM & FM have been structured on continually rising housing prices. How dumb is that?

Still, assuming a free-market, the government is wise not to tell bad investors (or companies) how to act properly. Even if it "knows" what is "right", the theory of free markets is that it knows much less than it would like to, and certainly less than how to run a business. (Otherwise it would be doing it, right?)

The mistake then is in allowing the mortgage backers to become too big to fail. That is, assuming a free-market, we must also respect the right to collapse. When there is no right to collapse, there is no free market. All else is subsidies, and the various other isms are just around the corner. Communism, nationalism, socialism, playing-fieldism:

Fannie Mae executives are likely to have resisted the proposed takeover because the company's financial condition isn't as dire as its sibling company, said Bert Ely, an Alexandria, Va.-based banking industry consultant.

But the government would still have to take over both companies, he said, to allow them to borrow money at the same rates. "In order to level the playing field between the two companies, you've got to take over both of them," said Ely, a longtime critic of the two companies.

The backing by the USG for the mortgage lenders' debt is the tactical error. Having got the systemic details off our chest, let's move to the witchhunt. Who started these monstrosities then? How did the shared guarantee from the US taxpayer come into being? Who fell for that old trick? The US taxpayer deserves to know who's stupidity she's paying for this time, no?

Fannie Mae was created by the government in 1938, and was turned into a shareholder-owned company 30 years later. Freddie Mac was established in 1970 to provide competition for Fannie.


Posted by iang at 07:29 PM | Comments (4) | TrackBack

September 03, 2008

Yet more evidence: your CISO needs an MBA

I have in the past presented the strawman that your CISO needs an MBA. Nobody has yet succeeded in knocking it down, and it is proving surprisingly resilient. Yet more evidence comes from Bruce Schneier's blog post of yesterday:

Return on investment, or ROI, is a big deal in business. Any business venture needs to demonstrate a positive return on investment, and a good one at that, in order to be viable.

It's become a big deal in IT security, too. Many corporate customers are demanding ROI models to demonstrate that a particular security investment pays off. And in response, vendors are providing ROI models that demonstrate how their particular security solution provides the best return on investment.

It's a good idea in theory, but it's mostly bunk in practice.

Bunk is wrong. Let's drill down. It works this way: NPV (net present value) and ROI (its lesser cousin) are a mathematical tool for choosing between alternate projects. Keep the notion of comparison tightly in your mind.

The tools measure the money going in versus the money going out in a neutral way. They are entirely neutral between projects because NPV is just mathematics, and the same mathematics is used for each project. (See the top part of Richard's post.)

Obviously, any result from the model depends totally on the inputs, so there is a great deal of care and theory needed supply those proper inputs. And, it is here that security projects have the trouble, in that we don't have a good view as to how to predict attack costs. To be clear, there is no controversy about the inputs being a big problem.

But, assuming we have the theory, the process and the inputs, we can, again in principle, measure fairly across all projects.

That's how it works. As you can see above, we do not make a distinction between investment, savings, costs, returns or profits. Why not? Because NPV model and the numbers don't, either.

What then goes wrong with security people when they say ROI doesn't apply to security?

Before I get into the details, there's one point I have to make. "ROI" as used in a security context is inaccurate. Security is not an investment that provides a return, like a new factory or a financial instrument. It's an expense that, hopefully, pays for itself in cost savings. Security is about loss prevention, not about earnings. The term just doesn't make sense in this context.

Or, or here:

The bottom line is that security saves money; it does not create money.

It seems to be that they seize on the words investment and returns, etc, and realise that the words differ from costs and savings. In conceptual or balance sheet terms, they do differ, but here's the catch: to the models of NPV and ROI, it's all the same. In this sense, we could say that the title of ROI is a misnomer, or that there are several meanings to the word "investment" and you've seized on the wrong one.

If you are good at maths, consider it as simply a model that deals equally well with negative numbers as well as positive numbers. To a model, savings are just negatives of returns.

Now, if your security director had an MBA, she would know that the purpose of NPV is to compare projects, and not anything else, like generating returns. She would also know that the model is neutral, and that the ability to handle negative numbers mean that expenses and savings can be compared as well. She would further know that the problems occur in the inputs and assumptions, not in the model.

Finally, she would know how to speak in the language of finance, which is the language that the finance people use. This might sound obvious, but it isn't so clear. As a generalism, it is this last point that is probably most significant about the MBA concept: it teaches you the language of all the other specialities. It doesn't necessarily make you a whizz at finance, or human resources, or marketing. But it at least lets you talk to them in their language. And, it reminds you that the other professions do have some credibility, so if they say something, listen first before teaching them how to suck eggs.

Posted by iang at 10:09 AM | Comments (2) | TrackBack

August 14, 2008

Another gold issuer finds himself temporarily unavailable ...

What's wrong with this picture, from an affidavit filed into a random Los Angeles court concerning divorce proceedings (his emphasis):

"I personally maintain and control ALL access security codes and passwords. I have been and am the ONLY individual in the company who can physically access the building, its contents AND precious metal vaults simultaneously, twenty-four hours a day. All others have limited access that is monitored and/or time-controlled (clock-based) and recorded in security records. Alarm calls are sent directly to me at all hours. ...

... I personally designed and customized the installation of a complex, ultra-sophisticated DOUBLE REDUNDANT security system that is both physical (in the building and its parameters) and virtual (reporting to his private office network round the clock.) This custom, high security system monitors and controls the safety of the corporate headquarters and all its contents, the safety of its employees, and the active 24/7 implementation of advanced, anti-theft, crime prevention. I oversee and monitor all security issues round the clock through a Virtual Private Network set-up at my home office."

Nothing, as long as the above mentioned person is available forever. Unfortunately he is now in jail, charged with much the same situation as the e-gold founders faced over the last two years. Checking the webpage:

Dear Customer,

05 August, 2008, 1:00pm PST: The e-Bullion website will be unavailable for a period of approximately four hours while our Tech Dept. performs routine maintenance.

We apologize for any inconvenience caused by this interruption to service.

e-Bullion Management

Is this a coincidence? Maybe, but it is just another reminder that serious and professional operations do not subscribe to superhero status as described above, for any of a hundred routine and boring scenarios.

(More details might be found here, written up by Ian Lamont of the Standard. Poking around a bit there is also a complication that the other side of the divorce proceedings, his wife, was murdered, and the LA police allege that there is a connection of some form.)

Posted by iang at 04:03 PM | Comments (2) | TrackBack

August 13, 2008

When rogue system administrators lock out Managers

Over in San Francisco, we've no doubt all read about the guy who owned the city government's network deciding to ... own the network (1, 2). For the city at least there was a happy ending:

The computer network hostage crisis in San Francisco is over, thanks to the city's mayor.

Terry Childs, a network administrator for the city of San Francisco, has been in custody since July 13 on four felony charges of taking control of the city's computer network and locking administrators out. Access to much of the city's information was blocked, including law enforcement, payroll, and jail-booking records.

Childs had reportedly refused to surrender the codes to his supervisors, but after a little more than a week as a guest of the city, he apparently had a change of heart and invited Mayor Gavin Newsom to meet with him, according to a report on the San Francisco Chronicle Web site Monday night.

A secret meeting was arranged at the city jail on Monday afternoon, where Childs gave Newsom the codes to the network. The meeting reportedly was so secret that the police department and district attorney were not informed of the meeting ahead of time.

Well, he built it, right? So why can't he tell the users what to do? Right?

The serious question here is whether there is in fact a viable case where a systems administrator takes over and decides to lock his managers out:

Erin Crane, Childs' defense attorney, is expected to cite his cooperation during a court hearing on Wednesday in a bid to have his $5 million bail reduced. Crane has argued that Childs was merely protecting the network from incompetent city officials who were trying to force him out of his job.

"Mr. Childs had good reason to be protective of the password," Crane told the newspaper. "His co-workers and supervisors had in the past maliciously damaged the system themselves, hindered his ability to maintain it...and shown complete indifference to maintaining it themselves...He was the only person in that department capable of running that system."

Tough call! It is rather rare, but this is essentially what whistleblowing seeks to exploit: the insider knowledge that a manager is manipulating the system for nefarious purposes. However, for all practical purposes this is an unlikely situation. Firstly, the managers who are doing the nefarious stuff are likely to then bury he who blows the whistle. See above, $5m bail buys a lot of dirt on this guy's coffin.

Secondly, there is a huge difference between incompetence and fraud. Incompetence is routine, but also the full and proper legal and moral right of the manager. The system administrator that determines that the world should be protected from the manager's incompetence, is generally as deluded as the manager, and is technically and legally wrong. The way to do that is to write to higher-ups and lay paper evidence.

Fraud, while another consideration entirely, is equally difficult: let's start with an easy question. Please define fraud! Now prove it! If you can get that far, the fun is only just starting....

Posted by iang at 10:26 AM | Comments (2) | TrackBack

August 06, 2008

_Electronic Signatures in Law_, Stephen Mason, 2007

Electronic signatures are now present in legal cases to the extent that while they remain novel, they are not without precedence. Just about every major legal code has formed a view in law on their use, and many industries have at least tried to incorporate them into vertical applications. It is then exceedingly necessary that there be an authoritative tome on the legal issues surrounding the topic.

Electronic Signatures in Law is such a book, and I'm now the proud owner of a copy of the recent 2007 second edition, autographed no less by the author, Stephen Mason. Consider this a review, although I'm unaccustomed to such. Like the book, this review is long: intro, stats, a description of the sections, my view of the old digsig dream, and finally 4 challenges I threw at the book to measure its paces. (Shorter reviews here.)

First the headlines: This is a book that is decidedly worth it if you are seriously in the narrow market indicated by the title. For those who are writing directives or legislation, architecting software of reliance, involved in the Certificate Authority business of some form, or likely to find themselves in a case or two, this could well be the essential book.

At £130 or so, I'd have to say that the Financial Cryptographer who is not working directly in the area will possibly find the book too much for mild Sunday afternoon reading, but if you have it, it does not dive so deeply and so legally that it is impenetrable to those of us without an LLB up our sleeves. For us on the technical side, there is welcome news: although the book does not cover all of the failings and bugs that exist in the use of PKI-style digital signatures, it covers the major issues. Perhaps more importantly, those bugs identified are more or less correctly handled, and the criticism is well-ground in legal thinking that itself rests on centuries of tradition.

Raw stats: Published by Tottel publishing. ISBN 978-1-84592-425-6. At over 700 pages, it includes a comprehensive indexes of statutory instruments, legislation and cases that runs to 55 pages, by my count, and a further 10 pages on United Kingdom orders. As well, there are 54 pages on standards, correspondents, resources, glossary, followed by a 22 page index.

Description. Mason starts out with serious treatments on issues such as "what is a signature?" and "what forms a good signature?" These two hefty chapters (119 pages) are beyond comprehensive but not beyond comprehension. Although I knew that the signature was a (mere) mark of intent, and it is the intent which is the key, I was not aware of how far this simple subject could go. Mason cites case law where "Mum" can prove a will, where one person signs for another, where a usage of any name is still a good signature, and, of course, where apparent signatures are rejected due to irregularities, and others accepted regardless of irregularities.

Next, there is a fairly comprehensive (156 pages) review of country and region legal foundations, covering the major anglo countries, the European Union, and Germany in depth, with a chapter on International comparisons covering approaches, presumptions, liabilities and other complexities and a handful of other countries. Then, Mason covers electronic signatures comprehensively and then seeks to compare them to Parties and risks, liability, non-contractual issues, and evidence (230 pages). Finally, he wraps up with a discussion of digital signatures (42 pages) and data protection (12 pages).

Let me briefly summarise the financial cryptography view of the history of Digital Signatures: The concept of the digital signature had been around since the mid-1970s, firstly in the form of the writings by the public key infrastructure crowd, and secondly, popularised to a small geeky audience in the form of PGP in the early 1990s. However, deployment suffered as nobody could quite figure out the application.

When the web hit in 1994, it created a wave that digital signatures were able to ride. To pour cold water on a grand fire-side story, RSA Laboratories manage to convince Netscape that (a) credit cards needed to be saved from the evil Mallory, (b) the RSA algorithm was critical to that need, and (c) certificates were the way to manage the keys required for RSA. Verisign was a business created by (friends of) RSA for that express purpose, and Netscape was happily impressed on the need to let other friends in. For a while everything was mom's apple pie, and we'll all be rich, as, alongside VeriSign and friends, business plans claiming that all citizens would need certificates for signing purposes were floated around Wall Street, and this would set Americans back $100 a pop.

Neither the fabulous b-plans nor the digital signing dream happened, but to the eternal surprise of the technologists, some legislatures put money down on the cryptographers' dream to render evidence and signing matters "simpler, please." The State of Utah led the way, but the politicians dream is now more clearly seen in the European Directive on Electronic Signatures, and especially in the Germanic attitude that digital signatures are as strong by policy, as they are weak in implementation terms. Today, digital signatures are relegated to either tight vertical applications (e.g., Ricardian contracts), cryptographic protocol work (TLS-style key exchanges), or being unworkable misfits lumbered with the cross of law and the shackles of PKI. These latter embarrassments only survive in those areas where (a) governments have rolled out smart cards for identity on a national basis, and/or (b) governments have used industrial policy to get some of that certificate love to their dependencies.

In contrast to the above dream of digital signatures, attention really should be directed to the mere electronic signature, because they are much more in use than the cryptographic public key form, and arguably much more useful. Mason does that well, by showing how different forms are all acceptable (Chapter 10, or summarised here): Click-wrap, typing a name, PINs, email addresses, scanned manuscript signatures, and biometric forms are all contrasted against actual cases.

The digital signature, and especially the legal projects of many nations get criticised heavily. According to the cases cited, the European project of qualified certificates, with all its CAs, smart cards, infrastructure, liabilities, laws, and costs ad infinitum ... are just not needed. A PC, a word processor program and a scan of a hand signature should be fine for your ultimate document. Or, a typewritten name, or the words "signed!" Nowhere does this come out more clearly than the Chapter on Germany, where results deviate from the rest of the world.

Due to the German Government's continuing love affair with the digital signature, and the backfired-attempt by the EU to regularise the concept in the Electronic Signature Directives, digital and electronic signatures are guaranteed to provide for much confusion in the future. Germany especially mandated its courts to pursue the dream, with the result that most of the German case results deal with rejecting electronic submissions to courts if not attached with a qualified signature (6 of 8 cases listed in Chapter 7). The end result would be simple if Europeans could be trusted to use fax or paper, but consider this final case:

(h) Decision of the BGH (Federal Supreme Court, 'Bundesgerichtshof') dated 10 October 2006,...: A scanned manuscript signature is not sufficient to be qualified as 'in writing' under §130 VI ZPO if such a signature is printed on a document which is then sent by facsimile transmission. Referring to a prior decision, the court pointed out that it would have been sufficient if the scanned signature was implemented into a computer fax, or if a document was manually signed before being sent by facsimile transmission to court.

How deliciously Kafkaesque! and how much of a waste of time is being imposed on the poor, untrustworthy German lawyer. Mason's book takes on the task of documenting this confusion, and pointing some of the way forward. It is extraordinarily refreshing to find that the first to chapters, and over 100 pages, are devoted to simply describing signatures in law. It has been a frequent complaint that without an understanding of what a signature is, it is rather unlikely that any mathematical invention such as digsigs would come even close to mimicing it. And it didn't, as is seen in the 118 pages romp through the act of signing:

What has been lost in the rush to enact legislation is the fact that the function of the signature is generally determined by the nature and content of the document to which it is affixed.

Which security people should have recognised as a red flag: we would generally not expect to use the same mechanism to protect things of wildly different values.

Finally, I found myself pondering these teasers:

Athenticate. I found myself wondering what the word "authenticate" really means, and from Mason's book, I was able to divine an answer: to make an act authentic. What then does "authentic" mean and what then is an "act"? Well, they are both defined as things in law: an "act" is something that has legal significance, and it is authentic if it is required by law and is done in the proper fashion. Which, I claim, is curiously different to whatever definition the technologists and security specialists use. OK, as a caveat, I am not the lawyer, so let's wait and see if I get the above right.

Burden of Liability. The second challenge was whether the burden of liability in signing has really shifted. As we may recall, one of the selling points of digital signatures was that once properly formed, they would enable a relying party to hold the signing party to account, something which was sometimes loosely but unreliably referred to as non-repudiation.

In legal terms, this would have shifted the burden of proof and liability from the recipient to the signer, and was thought by the technologists to be a useful thing for business. Hence, a selling point, especially to big companies and banks! Unfortunately the technologists didn't understand that burden and liability are topics of law, not technology, and for all sorts of reasons it was a bad idea. See that rant elsewhere. Still, undaunted, laws and contracts were written on the advice of technologists to shift the liability. As Mason puts it (M9.27 pp270):

For obvious reasons, the liability of the recipient is shaped by the warp and weft of political and commercial obstructionism. Often, a recipient has no precise rights or obligations, but attempts are made using obscure methods to impose quasi-contractual duties that are virtually impossible to comply with. Neither governments nor commercial certification authorities wish to make explicit what they seek to achieve implicitly: that is, to cause the recipient to become a verifying party, with all the responsibilities that such a role implies....

So how successful was the attempt to shift the liability / burder in law? Mason surveys this question in several ways: presumptions, duties, and liabilities directly. For a presumption that the sender was the named party in the signature, 6 countries said yes (Israel, Japan, Argentina, Dubai, Korea, Singapore) and one said no (Australia) (M9.18 pp265) Britain used statutory instruments to give a presumption to herself, the Crown only, that the citizen was the sender (M9.27 pp270). Others were silent, which I judge an effective absence of a presumption, and a majority for no presumption.

Another important selling point was whether the CA took on any especial presumption of correctness: the best efforts seen here were that CAs were generally protected from any liability unless shown to have acted improperly, which somewhat undermines the entire concept of a trusted third party.

How then are a signer and recipient to share the liability? Australia states quite clearly that the signing party is only considered to have signed, if she signed. That is, she can simply state that she did not sign, and the burden falls on the relying party to show she did. This is simply the restatement of the principle in the English common law; and in effect states that digital signatures may be used, but they are not any more effective than others. Then, the liability is exactly as before: it is up the to relying party to check beforehand, to the extent reasonable. Other countries say that reliance is reasonable, if the relying party checks. But this is practically a null statement, as not only is it already the case, it is the common-sense situation of caveat emptor deriving from Roman times.

Although murky, I would conclude that the liability and burden for reliance on a signature is not shifted in the electronic domain, or at least governments seem to have held back from legislating any shift. In general, it remains firmly with the recipient of the signature. The best it gets in shiftyville is the British Government's bounty, which awards its citizens the special privilege of paying for their Government's blind blundering; same as it ever was. What most governments have done is a lot of hand-waving, while permitting CAs to utilise contract arrangements to put the parties in the position of doing the necessary due diligence,. Again, same as it ever was, and decidedly no benefit or joy for the relying party is seen anywhere. This is no more than the normal private right to a contract or arrangement, and no new law nor regulation was needed for that.

Digital Signing, finally, for real! The final challenge remains a work-in-progress: to construct some way to use digital signatures in a signing protocol. That is, use them to sign documents, or, in other words, what they were sold for in the first place. You might be forgiven for wondering if the hot summer sun has reached my head, but we have to recall that most of the useful software out there does not take OpenPGP, rather it takes PKI and x.509 style certificate cryptographic keys and certificates. Some of these things offer to do things called signing, but there remains a challenge to make these features safe enough to be recommended to users. For example, my Thunderbird now puts a digital signature on my emails, but nobody, not it, not Mozilla, not CAcert, not anyone can tell me what my liability is.

To address this need, I consulted the first two chapters, which lay out what a signature is, and by implication what signing is. Signing is the act of showing intent to give legal effect to a document; signatures are a token of that intention, recorded in the act of signing. In order, then, to use digital certificates in signing, we need to show a user's intent. Unfortunately, certificates cannot do that, as is repeatedly described in the book: mostly because they are applied by the software agent in a way mysterious and impenetrable to the user.

Of course, the answer to my question is not clearly laid out, but the foundations are there: create a private contract and/or arrangement between the parties, indicate clearly the difference between a signed and unsigned document, and add the digital signature around the document for its cryptographic properties (primarily integrity protection and confirmation of source).

The two chapters lay out the story for how to indicate intention in the English common law: it is simple enough to add the name, and the intention to sign, manually. No pen and ink is needed, nor more mathematics than that of ASCII, as long as the intention is clear. Hence, it suffices for me to write something like signed, iang at the bottom of my document. As the English common law will accept the addition of merely ones name as a signature, and the PKI school has hope that digital signatures can be used as legal signatures, it follows that both are required to be safe and clear in all circumstances. For the champions of either school, the other method seems like a reduction to futility, as neither seems adequate nor meaningful, but the combination may ease the transition for those who can't appreciate the other language.

Finally, I should close with a final thought: how does the book effect my notions as described in the Ricardian Contract, still one of the very few strong and clear designs in digital signing? I am happy to say that not much has changed, and if anything Mason's book confirms that the Ricardo designs were solid. Although, if I was upgrading the design, I would add the above logic. That is, as the digital signature remains impenetrable to the court, it behoves to add the words seen below somewhere in the contract. Hence, no more than a field name-change, the tiniest tweak only, is indicated:

Signed By: Ivan

Posted by iang at 10:44 AM | Comments (0) | TrackBack

June 30, 2008

Cross-border Notarisations and Digital Signatures

My notes of a presentation by Dr Ugo Bechini at the Int. Conf. on Digital Evidence, London. As it touches on many chords, I've typed it up for the blog:

The European or Civil Law Notary is a powerful agent in commerce in the civil law countries, providing a trusted control of a high value transaction. Often, this check is in the form of an Apostille which is (loosely) a stamp by the Notary on an official document that asserts that the document is indeed official. Although it sounds simple, and similar to common law Notaries Public, behind the simple signature is a weighty process that may be used for real estate, wills, etc.

It works, and as Eliana Morandi puts it, writing in the 2007 edition of the Digital Evidence and Electronic Signature Law Review:

Clear evidence of these risks can be seen in the very rapid escalation, in common law countries, of criminal phenomena that are almost unheard of in civil law countries, at least in the sectors where notaries are involved. The phenomena related to mortgage fraud is particularly important, which the Mortgage Bankers Association estimates to have caused the American system losses of 2.5 trillion dollars in 2005.

OK, so that latter number came from Choicepoint's "research" (referenced somewhere here) but we can probably agree that the grains of truth sum to many billions.

Back to the Notaries. The task that they see ahead of them is to digitise the Apostille, which to some simplification is seen as a small text with a (dig)sig, which they have tried and tested. One lament common in all European tech adventures is that the Notaries, split along national lines, use many different systems: 7 formats indicating at at least 7 softwares, frequent upgrades, and of course, ultimately, incompatibility across the Eurozone.

To make notary documents interchangeable, there are (posits Dr Bechini) two solutions:

  1. a single homogenous solution for digsigs; he calls this the "GSM" solution, whereas I thought of it as a potential new "directive failure".
  2. a translation platform; one-stop shop for all formats

A commercial alternative was notably absent. Either way, IVTF (or CNUE) has adopted and built the second solution: a website where documents can be uploaded and checked for digsigs; the system checks the signature, the certificate and the authority and translates the results into 4 metrics:

  • Signed - whether the digsig is mathematically sound
  • Unrevoked - whether the certificate has been reported compromised
  • Unexpired - whether the certificate is out of date
  • Is a notary - the signer is part of a recognised network of TTPs

In the IVTF circle, a notary can take full responsibility for a document from another notary when there are 4 green boxes above, meaning that all 4 things check out.

This seems to be working: Notaries are now big users of digsigs, 3 million this year. This is balanced by some downsides: although they cover 4 countries (Deustchland, España, France, Italy), every additional country creates additional complexity.

Question is (and I asked), what happens when the expired or revoked certificate causes a yellow or red warning?

The answer was surprising: the certificates are replaced 6 months before expiry, and the messages themselves are sent on the basis of a few hours. So, instead of the document being archived with digsig and then shared, a relying Notary goes back to the originating Notary to request a new copy. The originating Notary goes to his national repository, picks up his *original* which was registered when the document was created, adds a fresh new digsig, and forwards it. The relying notary checks the fresh signature and moves on to her other tasks.

You can probably see where we are going here. This isn't digital signing of documents, as it was envisaged by the champions of same, it is more like real-time authentication. On the other hand, it does speak to that hypothesis of secure protocol design that suggests you have to get into the soul of your application: Notaries already have a secure way to archive the documents, what they need is a secure way to transmit that confidence on request, to another Notary. There is no problem with short term throw-away signatures, and once we get used to the idea, we can see that it works.

One closing thought I had was the sensitivity of the national registry. I started this post by commenting on the powerful position that notaries hold in European commerce, the presenter closed by saying "and we want to maintain that position." It doesn't require a PhD to spot the disintermediation problem here, so it will be interesting to see how far this goes.

A second closing thought is that Morandi cites

... the work of economist Hernando de Soto, who has pointed out that a major obstacle to growth in many developing countries is the absence of efficient financial markets that allow people to transform property, first and foremost real estate, into financial capital. The problem, according to de Soto, lies not in the inadequacy of resources (which de Soto estimates at approximately 9.34 trillion dollars) but rather in the absence of a formal, public system for registering property rights that are guaranteed by the state in some way, and which allows owners to use property as collateral to obtain access to the financial captal associated with ownership.

But, Latin America, where de Soto did much of his work, follows the Civil Notary system! There is an unanswered question here. It didn't work for them, so either the European Notaries are wrong about their assertation that this is the reason for no fraud in this area, or de Soto is wrong about his assertation as above. Or?

Posted by iang at 08:02 AM | Comments (1) | TrackBack

June 17, 2008

Digital Evidence -- 26-27 June, London

Cryptographers, software and hardware architects and others in the tech world have developed a strong belief that everything can be solved with more bits and bites. Often to our benefit, but sometimes to our cost. Just so with matters of law and disputes, where inventions like digital signatures have laid a trail of havoc and confusion through security practices and tools. As we know in financial cryptography, public-key reverse encryptions -- confusingly labelled as digital signatures -- are more usefully examined within the context of the law of evidence than within that of signatures.

Now here cometh those who have to take these legal theories from the back of the technologists' napkins and make them really work: the lawyers. Stephen Mason leads an impressive line-up from many countries in a conference on Digital Evidence:

Digital evidence is ubiquitous, and to such an extent, that it is used in courts every day in criminal, family, maritime, banking, contract, planning and a range of other legal matters. It will not be long before the only evidence before most courts across the globe will all be in the form of digital evidence: photographs taken from mobile telephones, e-mails from Blackberries and laptops, and videos showing criminal behaviour on You Tube are just some of the examples. Now is the time for judges, lawyers and in-house counsel to understand (i) that they need to know some of the issues and (ii) they cannot ignore digital evidence, because the courts deal with it every day, and the amount will increase as time goes by. The aim of the conference will be to alert judges, lawyers (in-house lawyers as well as lawyers in practice), digital forensic specialists, police officers and IT directors responsible for conducting investigations to the issues that surround digital evidence.

Not digital signatures, but evidence! This is a genuinely welcome development, and well worth the visit. Here's more of the blurb:

Conference Programme International Conference on Digital Evidence

26th- 27th June 2008, The Vintner's Hall, London – UNITED KINGDOM
Conference: 26th & 27th June 2008, Vintners' Hall, London
Cocktail & Dinner: 26th June 2008, The Honourable Society of Gray's Inn


This event has also been accredited on an ad hoc basis under the Faculty's CPD Scheme and will qualify for 12 hours

Understanding the Technology: Best Practice & Principles for Judges, Lawyers, Litigants, the Accused & Information Security & Digital Evidence Specialists

MIS is hosting & developing this event in partnership with & under the guidance of Stephen Mason, Barrister & Visiting Research Fellow, Digital Evidence Research, British Institute of International and Comparative Law.
Mr. Mason is in charge of the programme's content and is the author of Electronic Signatures in Law (Tottel, 2nd edn, 2007) [This text covers 98 jurisdictions including case law from Argentina, Australia, Brazil, Canada, China, Colombia, Czech Republic, Denmark, Dominican Republic, England & Wales, Estonia, Finland, France, Germany, Greece, Hungary, Israel, Italy, Lithuania, Netherlands, Papua New Guinea, Poland, Portugal, Singapore, South Africa, Spain, Switzerland and the United States of America]. He is also an author and general editor of Electronic Evidence: Disclosure, Discovery & Admissibility (LexisNexis Butterworths, 2007) [This text covers the following jurisdictions: Australia, Canada, England & Wales, Hong Kong, India, Ireland, New Zealand, Scotland, Singapore, South Africa and the United States of America]. Register Now!

Stephen is also International Electronic Evidence, general editor, (British Institute of International and Comparative Law, 2008), ISBN 978-1-905221-29-5, covering the following jurisdictions: Argentina, Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Egypt, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Mexico, Netherlands, Norway, Poland, Romania, Russia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Thailand and Turkey.

Posted by iang at 09:46 AM | Comments (2) | TrackBack

June 03, 2008

Technologists on signatures: looking in the wrong place

Bruce Schneier writes about the classical technology / security view and how it applies to such oddities as the fax signature. As he shows, we have trouble making them work according to classical security & tools thinking.

In a 2003 paper, "Economics, Psychology, and Sociology of Security," Professor Andrew Odlyzko looks at fax signatures and concludes:
Although fax signatures have become widespread, their usage is restricted. They are not used for final contracts of substantial value, such as home purchases. That means that the insecurity of fax communications is not easy to exploit for large gain. Additional protection against abuse of fax insecurity is provided by the context in which faxes are used. There are records of phone calls that carry the faxes, paper trails inside enterprises and so on. Furthermore, unexpected large financial transfers trigger scrutiny. As a result, successful frauds are not easy to carry out by purely technical means.

He's right. Thinking back, there really aren't ways in which a criminal could use a forged document sent by fax to defraud me.

The problem that shakes the above comments is that signatures are not tools to make things secure, nor to stop fraud. Instead, they are signals of legal intent. The law has developed them over centuries or millenia not as tools to make contracts binding, as per the simplistic common myth, or to somehow make it hard for fraudsters, the above security myth, but signals to record the intent of the person.

These subtleties matter. When you send a fax with your signature on it, it doesn't matter that the signature can be copied; it is the act of you creating and sending the fax with signature that establishes intent. Indeed, the intent can be shown without the signature, and the source of the fax is then as important as anything else. For this reason, we generally confirm what you intended somehow. Or we should, as Bruce Schneier writes:

On October 30, 2004, Tristian Wilson was released from a Memphis jail on the authority of a forged fax message. It wasn't even a particularly good forgery. It wasn't on the standard letterhead of the West Memphis Police Department. The name of the policeman who signed the fax was misspelled. And the time stamp on the top of the fax clearly showed that it was sent from a local McDonald's.

The success of this hack has nothing to do with the fact that it was sent over by fax. It worked because the jail had lousy verification procedures. They didn't notice any discrepancies in the fax. They didn't notice the phone number from which the fax was sent. They didn't call and verify that it was official. The jail was accustomed to getting release orders via fax, and just acted on this one without thinking. Would it have been any different had the forged release form been sent by mail or courier?

It's all backwards, according to the law. There should have been an intent, but there wasn't one. It wasn't that the policeman's signature established an intent, it was that the signature should have been a final step in confirming an intent that already existed. The point of phoning the policeman wasn't to check the signature, but to establish the intent. Which the signature would have nicely confirmed, but the check on intent isn't substitutable with the check on signature. As Jeff commented on the post:

Most people don't understand that signatures don't generally perform a security function, they perform a solemnization function. At least that was the case before the mathematicians got involved and tried to convince folks of the value of digitial signatures . . .. :-)

Before they got it totally backwards, that is. Your copied signature does not show intent by you, instead, it suggests an intent by you, that should be confirmed regardless. For you, this is good, as the principle of redundancy applies: you need something much more than one signature to lock you into a contract, or get you out of prison. And this process of showing intent bounces back to the signature in a particularly powerful protocol that is used in the legal world. This is a closely held secret, but I shall now reveal it and risk censure and expulsion for breaking the code:


That's it, just ask the question. This can happen anywhere, but is best seen in a court setting: The judge says "Did you sign this?" If you did, then you say yes. (Else you're up for perjury, which is a serious risk.) If you didn't, you deny it, and then the court has a claim that it is not yours. The court now looks further to establish who's intent was behind this act.

It is for these reasons that digital signatures failed to make any mark on the real world, when cast as some sort of analogue to the human signature. Indeed, the cryptography community got it backwards, upside down and inside out. They thought that the goal was to remove the uncertainty and simplify the procedure, when in fact the goal was to preserve and exploit the uncertainty, and to augment the procedure. They were thinking non-repudiation, yet the signature is there to entice repudiation. They thought the signature was sufficient, yet it is no more than a signal of something much more important. They thought simplicity, when redundancy is the principle.

Digital signatures were presented as a new beginning and ending for electronci contracts, and users intuitively recognised they were neither a beginning nor an ending. Digital signatures were nothing, without a custom, and within a custom were shown to be more trouble than they were worth. Case in point: this is the reason why the digital signature on Ricardian Contracts is just cryptographic sugar: the intent is better shown by the server mounting the contract, by the issuer saying "I'm selling this contract", and by the system memorialising all these events in other signed records.

You might ask, why they are there, but I'll side-step that question for now :) Instead, let us ask, how then do we move forward and use digital signatures?

We should be able to see now that it is the wrong question. The right question is firstly, how do we establish intent, and the follow-up is, intent of what? Attest to a statement, conclude a negotiation, sell a house, contract for a road to be dug up, marriage with or without a shotgun? Once we have established that, we can construct a custom (techies would say a protocol) that captures the intent _and_ the agreement, suitable for the value at hand.

We might find a way to slip in some digsigs or we might not. That's because the role is to capture intent, not the signature. Intent is obligatory, signature is not.

(Indeed, this is why we say, in financial cryptography, the cryptography is optional, which causes no end of head-scratching. What then does a poor vendor of cryptographic digsigs do with them? Simple: define the digsig as meaning nothing, legally, outside an additional custom. Nothing, nix, nada, zip! And use them purely for their cryptographic properties, only. Which happen to be useful enough, if properly designed.)

Posted by iang at 12:02 PM | Comments (4) | TrackBack

February 12, 2008

on Revocation of Signing Certs and Public Key Signing itself

Philipp pointed me to another issue that turns the good ship Digital Signature into yet another Nautilus, rapidly going down the whirlpool.

Consider compromise of my signing key. If my key is compromised, then it can be used to sign any document on behalf of the erstwhile owner (was, me). Now, a curiosity of this is that the signature can be backdated, so if I lose my signing key to you, then you can sign away my house, back date it to a few years back to when it was a valid key, and take my house for a buck.

Hence, when my key is compromised, I have to revoke the key, and also potentially revoke all the signatures. The revocation of a signing cert can result in signatures of all dates becoming invalid, or questionable, even back in time. (Apparently, some proportion of client software works this way, because once a cert is revoked, all signatures are deemed "unacceptable" and thus effectively revoked. Nautilus, meet whirlpool.)

This could even be used by myself, in a nefarious mood, to cast doubt over the my own validly-made signatures. If I was homesick, I could conceivably use this to deny a valid contract to sell my house. Hey presto, Grandma gets her house back! (For other woes in the use of public keys for signing purposes, see Signed Confusion)

So how do we solve this problem? Skip down to **** if you are fully informed on that invention known as the Ricardian Contract, which does solve this issue.

In the Ricardian Contract I solved it by taking the hash of the signed contract, making that the identifier for the contract, and then embedding that hash into every transaction that happens thereafter. So, in effect, all new transactions accept and affirm the contract; and therefore form part of the evidence over the signature; if we question the original digsig, we also question all the transactions in the issuance, which is not reasonable beyond the first few dozen transactions.

What happens in more conventional PKI-land, where wisdom is writ, and standards are dusty? As is frequently pointed out, any human-meaningful use of digital signatures would then need to be confirmed with a secure timestamp, perhaps so that any later key revocation can avoid revoking that signature. Makes some sense, and indeed, every single Ricardo transaction sums to achieve that timestamp, as it builds up a tree of timestamped, signed transactions, pyramided on the original contract and its certificate.

We could then propose a rule in the use of public key digsigs for digital signing:

digital signatures cannot be relied upon over time without secure timestamping

The problem with this is that it undermines the very architecture of PKI; if we are assuming online, authoritive entities such as timestamping or digital cash issuers, then we don't actually need PKI, as it is written. Click on lynn://frequent.rant/ at this point... or for my version, in Ricardo as described above, the strength was the fact that strong evidence of the contract was kept over time, not the digsig. In this case, the evidentiary hash over the total document is what is kept, and the digsig added no more than the sweetness of headline confirmation of intent to the picture.

Because PKI (and in this case, OpenPGP cleartext signing) established a convention of signalling an intent with a digsig, it was handy to use that signal.

But we never relied on that, and a specific requirement was that someone could steal the signing key and create a bogus contract. The real strength that captured the signing over the contract was this: we took the hash of the document, and used that hash as the identifier for the contract. We are talking about Ivan, a person who is an issuer of value, and is purporting to the world that his contract is good. Them we arrange matters so that in every statement he makes to the world, he uses a strong identifier. By including the hash of the contract in every transaction, we establish Ivan's intent, understanding, liability on the basis of strong acts by the signer himself. The subtext is that the dominating evidence of intent on the document was the hash over the document, and the transactions that embedded that hash preserved and published that evidence [1].

**** The conclusion is that the hash is a better "signature" than a public-private-key digsig, if we are talking about evidence of time, leading to intent, etc; both need to be accompanied by an infrastructure that isolates the realtime of effect of the original event, and an environment where that intent is preserved. In which case, we can take the above, spin it and say that simple hashes are as good as public key digsigs at the application known as digital signing, and better because they are cheaper. Or, if the infrastructure is present, then public key digsigs makes a good carrier of hashes, as long as their use doesn't damage the application in other ways (which unfortunately it does, c.f. revocation).

What does a timestamped hash lack? It has no indicator of who the signer is. Hence, the hash does not quite defeat the digsig on the basis of Occam's razor.

But we need that in other ways anyway, as the pure cryptographic notion of a public key signature is no better than "this set of bits saw that set of bits" and we know from practical cryptography that there is no easy way to measure and control the distance from a human (intent) to a set of bits. PKI fails to achieve this because it outsources identity to a thing called Certificate Authorities, which so far have not shown themselves to be useful harbingers of your signatory, if in part because they are more expensive than the old pen&ink method.

Let's step back then, and place this in terms of requirements. We need these things to create any system of digital signing:

  • a contract
  • who is the person(s) that is "intending" the contract
  • the time of original intent
  • the preservation of all the above

Public key signatures add very little if anything over hashes and timestamps, as the former needs independent timestamping and revocation, which means that their PKI claims of offline-checking are unravelled. Neither public key digsigs or simple hashes establishes who, easily (consider the cost of PKI infrastructures versus the low statements of reliance), and neither establishes intent.

Indeed, the requirements are so badly met that we can invent a system in 30 seconds that beats the incumbent "approved digital signing systems", hands down:

Iang is who Iang says he is.

This is strong, because, it was me that said it, me that posted it, and this blog, google, the time machine and all the other net tricks will preserve it [2]. Oh, and the hash adds some precision.

Are public key signatures dead? In technical and legal terms, yes. Public key signatures are at least brain-dead, and should be terminated for lack of sentience. While they retain some residual value in marketing senses and in infrastructure senses, they cannot be relied upon as signatures. We'll continue to put in the cryptocandy of the OpenPGP signatures on contracts, but the strength is elsewhere.

Which also means that we do not need to worry about revocation in digsig signing applications: the PKI digsigs as signing applications already revoked themselves, and we shouldn't spend any time over the issue except to say that they are not reliable enough for reliance applications. Instead, if you want a reliable digital signing application, read the Ricardian Contract paper carefully, and construct a protocol that carries the cryptocandy of the existing infrastructure alongside a proper chain that evidences the perfection of the contract: reading/understanding/intent/delivery.

Notes [1]: To follow a digital issuance through in technical, accounting terms: in a digital currency, we start out with one transaction to create value. This is of necessity a double entry transaction that puts large positive value into a manager's account, against large negative value into a float account. Then, the freshly minted positive value is distributed to the users, resulting in more transactions. The value is probably split in the second transaction and further split and recombined in each succeeding transaction, resulting in something like a tree structure.

Each of these transactions evidence an intent to honour the contract, as they all point back by means of the same hash over the same document. Hence, the OpenPGP signature is crypto-icing over the real cake within the Ricardian contract; in this particular case at least, the OpenPGP signature adds little to what the evidentiary chain of transactions provides.

Note [2]: If you want to wrap some cleartext signing sugar onto it, try this:

----- BEGIN OpenPGP Hash-Signed Document -----
I am who I say I am.
----- BEGIN HashSIG -----
----- END HashSIG -----

Note [3]: how did we do that hash? Like this:

$ openssl sha1
Hash-signing my contract is as easy as typing text and adding newline then control-D at the end

Cut and paste the text line into a Unix terminal application, and follow the instructions. Don't forget to hit return, then hit ctrl-D. Don't include the spaces at the beginning.

Posted by iang at 10:48 AM | Comments (3) | TrackBack

February 02, 2008

SocGen - the FC solution, the core failure, and some short term hacks...

Everyone is talking about Société Générale and how they managed to mislay EUR 4.7bn. The current public line is that a rogue trader threw it all away on the market, but some of the more canny people in the business don't buy it.

One superficial question is how to avoid this dilemma?

That's a question for financial cryptographers, I say. If we imagine a hard payment system is used for the various derivative trades, we would have to model the trades as two or more back-to-back payments. As they are positions that have to be made then unwound, or cancelled off against each other, this means that each trader is an issuer of subsidiary instruments that are combined into a package that simulates the intent of the trade (theoretical market specialists will recall the zero-coupon bond concept as the basic building block).

So, Monsieur Kerviel would have to issue his part in the trades, and match them to the issued instruments of his counterparty (whos name we would dearly love to know!). The two issued instruments can be made dependent on each other, an implementation detail we can gloss over today.

Which brings us to the first part: fraudulent trades to cover other trades would not be possible with proper FC because it is not possible to forge the counterparty's position under triple-entry systems (that being the special magic of triple-entry).

Higher layer issues are harder, because they are less core rights issues and more human constructs, so they aren't as yet as amenable to cryptographic techniques, but we can use higher layer governance tricks. For example, the size of the position, the alarms and limits, and the creation of accounts (secret or bogus customers). The backoffice people can see into the systems because it is they who manage the issuance servers (ok, that's a presumption). Given the ability to tie down every transaction, we are simply left with the difficult job of correctly analysing every deviation. But, it is at least easier because a whole class of errors is removed.

Which brings us to the underlying FC question: why not? It was apparent through history, and there are now enough cases to form a pattern, that the reason for the failure of FC was fundamentally that the banks did not want it. If anything, they'd rather you dropped dead on the spot than suggest something that might improve their lives.

Which leads us to the very troubling question of why banks hate to do it properly. There are many answers, all speculation, and as far as I know, nobody has done research into why banks do not employ the stuff they should if they responded to events as other markets do. Here are some speculative suggestions:

  • banks love complexity
  • more money is made in complexity because the customer pays more, and the margins are higher for higher payments
  • complexity works as a barrier to entry
  • complexity hides funny business, which works as well for naughty banks, tricky managers, and rogue traders. It creates jobs, makes staffs look bigger. Indeed it works well for everyone, except outsiders.
  • compliance helps increase complexity, which helps everything else, so compliance is fine as long as all have to suffer the same fate.
  • banks have a tendency to adopt one compatible solution across the board, and cartels are slow to change
  • nobody is rewarded for taking a management risk (only a trading risk)
  • banks are not entrepreneurial or experimental
  • HR processes are steam-age, so there aren't the people to do it even if they wanted to.

Every one of those reasons is a completely standard malaise which strikes every company, but not other industries. The difference is competition; in every other industry, the competition would eat up the poorer players, but in banking, it keeps the poorer players alive. So the #1 fundamental reason why rogue traders will continue to eat up banks, one by one, is lack of competitive pressures to do any better.

And of course, all these issues feed into each other. Given all that, it is hard to see how FC will ever make a difference from inside; the only way is from outside, to the extent that challengers find an end-run around the rules for non-competition in banking.

What then would we propose to the bank to solve the SocGen dilemma as a short term hack? There are two possibilities that might be explored.

  1. Insurance for rogue traders. Employ an external insurer and underwriter to provide a 10bn policy on such events. Then, let the insurer dictate systems & controls. As more knowledge of how to stop the event comes in, the premiums will drop to reward those who have the better protection.

    This works because it is an independent and financially motivated check. It also helps to start the inevitable shift of moving parts of regulation from the current broken 20th century structure over to a free market governance mechanism. That is, it is aligned with the eventual future economic structure.

  2. Separate board charged with governance of risky (banking) assets. As the current board structure of banking is that the directors cannot and will not see into the real positions, due to all the above and more, it seems that as time goes on, more and more systematic and systemic conditions will build up. Managing these is more than a full time job, and more than an ordinary board can do.

    So outsource the whole lot of risk governance to specialists in a separate board-level structure. This structure should have visibility of all accounts, all SPEs, all positions, and should also be the main conduit to the regulator. It has to be equal to the business board, because it has to have the power to make it happen.

    The existing board maintains the business side: HR, markets, products, etc. This would nicely divide into two the "special" area of banking from the "general" area of business. Then, when things go wrong, it is much easier to identify who to sack, which improves the feedback to the point where it can be useful. It also puts into more clear focus the specialness of banks, and their packaged franchises, regulatory costs and other things.

Why or how these work is beyond scope of a blog. Indeed, whether they work is a difficult experiment to run, and given the Competition finding above, it might be that we do all this, and still fail. But, I'd still suggest them, as both those ideas can be rolled out in a year, and the current central banking structure has at least another decade to run, and probably two, before the penny drops, and people realise that the regulation is the problem, not the solution.

(PS: Jim invented the second one!)

Posted by iang at 06:31 PM | Comments (2) | TrackBack

January 26, 2008

When the SLippery SLope beckons

Second Life takes another step onto the slippery slope. They have previously banned gambling, and now they are banning finance.

Please read this if you operate, or have transferred L$ to, an in-world “bank” or financial company.

As of January 22, 2008, it will be prohibited to offer interest or any direct return on an investment (whether in L$ or other currency) from any object, such as an ATM, located in Second Life, without proof of an applicable government registration statement or financial institution charter. ...

This is the slippery slope. By putting a blanket ban on the operation of financial services (or, passing the buck to the old-world regulators, which amounts to the same thing), they have exited from a large sector of commerce. Expect others to follow.

The reason? In short, it is not economic for them. Linden Labs have no economic / libertarian background to understand the theory, so they cannot see a forward path. Nor do they have the necessary regulatory background or friends, so they have inherited a big and powerful enemy (or more precisely, a horde of enemies who all look the same on first glance) with no way to deal with a war.

Also, it has been recently shown by one similar venture (eBay/Paypal) that taking the slippery slope has a quid pro quo: no financial downside, indeed success and profits. Other than a lot of noisy press ("traitors to the cause"), what's the problem? The process looks on track according to modern marketing theories (ditch the early adoptors as you move to the mainstream).

Under this cloud of exit stories, sad to some, there is at least a silver lining. We extract one data point from the experiment that confirms the theories developed in the 1990s for unregulated finance providers:

You probably haven’t heard of Joshua Zarwel (Second Life’s ‘Teufel Hauptmann’), but he was the very first person I thought of when Linden Lab banned banking last week. ‘Hauptmann’ doesn’t get a lot of press. He’s never been accused of insider trading or blackmail in the Second Life Herald, he doesn’t spend much money on his avatar, he SL Bank Logodoesn’t issue cringe-inducing press releases, and he doesn’t have his name in diamonds above his virtual door. In short, he’s the kind of guy you want managing your money.

Sounds like a scam already, right? Call the Feds? The USSS should be hovering as we speak? Read on...

The fund’s web site is plain, and its entire in-world presence consists of one tiny, unremarkable virtual building. ... When Linden Lab ended banking in Second Life last week, Zarwel did something I’ve not heard of any other banker doing: he quietly announced that every single Linden Dollar in his customers’ accounts was available for immediate withdrawal. ...

For those who have memories of the unregulated gold and dollars economy:

... we tried to be as transparent as possible. If you check our website and/or in world note card you will see that we provide our real world names, addresses, backgrounds, profitability, fund allocation, etc. We had nothing to hide, nor did we ever wish to be anonymous.

This is rhyme. Indeed, it's as close to repeat as you can get, to challenge Mark Twain. We can see everything, as indeed it should be in open governance:

  • provide transparent access to account balances
  • show the governance arrangements (a.k.a. 5PM)
  • describe the business model fully
  • describe who the controllers really are (Ivan the Honourable)
  • allow the public to regulate (the fifth party)

The long and the short is that if Linden Labs had implemented the lessons of open governance, they would have likely knocked out (over time) the scams and been left with the gems (again, over time). This does not change the question of whether it would have been economic of them to pursue Austrian approaches to commerce (Hayek's open money, etc), but it does show that there was a forward path, and the place at the end of that path will stand up to scrutiny.

While we are on the finance business, let's check in to see where the regulated world are at in governing their activities:

The UK's HSBC is to use Identrust's Internet authentication network to enable its corporate customers to digitally sign electronic payments files. Identrus provides a secure digital certificate-based infrastructure for business-to-business e-commerce transactions and corporate-to-bank communications....

A select number of HSBC corporate banking clients will be issued with Identrus digital certificates so that their staff can electronically sign payment files.

Identrust-backed digital signatures are used to guarantee non-repudiable and legally binding electronic communications between banks and their corporate clients. Only one Identrus digital identity per user is needed to interact with all of a corporate client's banks, which simplifies the transaction authentication process.

(Imagine here comments about Ricardian contracts, x.509 failings, x9.59 designs, transaction economics, and a whole host of lessons that simply can't be learnt at any price.)

Posted by iang at 05:18 PM | Comments (0) | TrackBack

January 24, 2008

Break the rules of governance and lose 4.9 billion...

This would be almost boring except for the numbers involved. The Economist writes:

TROUBLE had been expected but nothing like this. Widespread concerns that Société Générale, a large French bank, had more subprime-related problems to reveal were proved right on January 24th with the announcement of a €2.05 billion ($3 billion) write-down on its exposure to mortgage-related investments and to creaking bond insurers. But those numbers were a side-show to something far more shocking.

The bank also disclosed that a single trader, Jérôme Kerviel, had racked up a further €4.9 billion loss by taking unauthorised bets on futures linked to European stockmarkets. Trading in SocGen's shares was temporarily suspended on January 24th, but punishment was bound to be severe.

How did this happen? For that we have to see what the FT wrote:

The trader joined the bank in 2000 and worked in Paris. The first three years of his career were spent in the bank’s so-called “back office” and “middle office”, where trades are settled and risk is managed. Though it did not name Mr Kerviel, SocGen said he had never worked directly in its risk control section, but remained in contact with people in those areas so he could be updated with the bank’s risk controls.

“The reasons he could succeed was because the trader knew intimately the bank’s risk controls and swiftly shifted positions to evade detection at each level of control,” Mr Bouton said.

The fraud was discovered after the trader made an error with a fictitious counterparty. Its extent became clear over the weekend, when the bank‘s management interviewed Mr Kerviel.

OK, so rule #1 in governance is to separate the decisions from the implemention. Those on the decision side (in this case, traders) can not touch the money. Those on the money side (in financial lingo, back-office) cannot make any decisions. Seems simple, right?

The flaw here is that separation of roles also has to be backed up by more than mere words. Those in the back-office are supposed to check for valid trading by some metric or other, and supervisors are supposed to watch everything and make judgement calls. Those in the front-office (traders) are supposed to be rewarded for successful trades, and those in the back-office are supposed to be rewarded for safe trades.

As we know from the Barings case (and a thousand years of history) if a person crosses the border between front and back-office, there is trouble. Nick Leeson not only traded, he was also the guru that fixed or ran the accounting system in the Singapore branch. So he knew the back-office commands to create special or secret accounts, like 88888, which came in handy to hide losses.

The same will be true here: Kervial was trained in the back office, so almost certainly he knew how to do things that were under the covers. Which points to a crazy state of affairs: how is it at all possible to do things that are below the covers?

If you need a systemic reason, it would be because the system has evolved through centuries and is full of obscure rules, quirks, paperwork, oversights and so forth. It is too complex for anyone but a few to understand, indeed, it is quicker to build a complete new governance system from scratch than it is to understand a modern trading system (I know because I've done it). We can conclude that the modern systems are opaque, by history if not by design, and that therefore the real question to ask is whether it is plausible to even understand what happens under the covers, and to stop this weakness?

We know how to solve these problems in financial cryptography. My results were confirmed by others; but we all faced the same systemic blockages in getting systems deployed. Those same blockages will probably also work to save Société Générale from the real solution, which is sacking of the entire board at minimum and sacking of the shareholders at maximum.

Top tip from anonymous observer: watch Société Générale slide in a lot of other hidden losses into this one, so as to combine all the losses into one efficient hit. This is good news for shareholders, and bad news for everyone else, but that sort of high stakes poker playing with assets can also backfire if the losses threaten real closure.

Posted by iang at 03:14 PM | Comments (4) | TrackBack

October 10, 2007

Where the US Congress is going on virtual regulation

I listened to an entire Second Life interview with Dan Miller from the Joint Economic Council, a thinktank for the USA government. Interesting stuff, because virtual world governance gives us a window on all-of-Internet governance.

  • US Congress isn't likely to pass laws, and indeed the JEC prefers less regulation;
  • But agencies might issue rules;
  • UST will probably treat trade in virtual games under the barter provisions. Also see Reuters article.
  • Laws on currency were written in post-civil war and post-Fed periods, and did not consider issues today;
  • Fed & SEC are less likely to be issuing any rules soon, they are busy elsewhere?;
  • terrorists might use games to conduct dry runs;
  • ML hasn't really taken off in virtual communities as the more round-eyed members of the press keep suggesting;
  • SL isn't the big player, WoW is much bigger;
  • Big corporations have this expectation that there will exist many platforms, all inter-communicating, and all equally available for global commerce. Can you take assets from world to another? (My view: dream on while others build on. Here's another view.)
  • youth will be totally comfortable having meetings in the game-space, whereas old people like elected politicians have trouble understanding the basics...;
  • a white paper is being written within JEC to prepare the ground for the future, but no promises;
  • anyone can send a comment to the JEC (dan underscore miller at JEC dot senate dot gov) or their member of congress.

On a slightly related question, I have one question on the efficiency of the new generation of podcasts and interviews and so forth. These new tools are seeking to simulate the old world of radio and TV as the channel of preference, but to my mind they are terribly inefficient. I had to spend an entire hour or so listening to the scratchy sound, with a drop out in a critical part, when I could have skimmed the same written content in about 2 minutes. The nice way of putting this is that it's not ready for recommendation to my business partners as yet, and a slightly less nice way is "who has time for that?"

Does anyone have any alternate experience in these podcasts, etc, that indicates it is finding a market place in real business?

(Addendum: cross-over to TV.)

Posted by iang at 07:08 AM | Comments (3) | TrackBack

September 25, 2007

Arbitration -- a community tool or a weapon?

CAcert has just approved rules for dispute resolution which, in brief, puts all before their own arbitration. (Disclosure: I was involved!)

The key in this process is the provision in the user agreement that asserts the agreement to arbitrate disputes, and the lock that matches the key is the Arbitration Act in most countries. To make it work, the Act generally says that courts must respect the intent to arbitrate. From the US:

Under the FAA, on the motion of a party, a court must stay proceedings and order the parties to arbitrate the dispute if the court finds that the parties have agreed in writing to do so. A party seeking to compel arbitration must show (1) that a valid agreement to arbitrate exists between the parties and (2) that the specific dispute falls within the scope of the agreement.

E.g., the courts will kick you back to Arbitration. But, there are some exceptions, and I took that above quote from one such, being Bragg v. Second Life, wherein Judge Robreno decided to kick out the Arbitration Clause, not the parties. As VB writes, this is a big deal. So, it is useful to check his logic, and find out if CAcert has made some of the same mistakes.

Bear in mind this is not legal writing; if you want the real story you have to read the full transcripts linked above. To stress that, I've stripped out the references, etc, so as to maintain the readability rather than the reliability.

Having said that, onwards! With some legal musing, the Court arrives at this:

Bragg claims that the arbitration agreement itself would effectively deny him access to an arbitrator, because the costs would be prohibitively expensive, a question that is more appropriately reserved for the Court to answer.

To answer the question, the Court decided to look at procedural and substantive components to the issue of unconscionability which is a get-out card generally written into Arbitration Acts, and construct a balanced view from those components. Here's a quick summary:

Contract of adhesion. The Second Life agreement is a contract of adhesion, because there is no chance to negotiate. It's a take it or leave it. Therefore, the contract meets a standard of procedural unconscionability.

"Surprise," meaning that the Arbitration intent is hidden. Again, SL has met the Court's standard of surprise, by (a) using an opaque heading and (b) not setting out the costs clearly. This is a second leg of procedural unconscionability.

"One-sidedness of the contract terms." This seems to ride on several issues:

  • Does one side have a choice in forums the other does not?
  • Does one side have a range in remedies, yet reduce the other party to less?
  • Are fees imposed in excess of a similar action in court?

The Court asserted that "the arbitration remedy must contain a “modicum of bilaterality." It also quoted a Paypal case which is likely as close as it gets in industry similarity. In short, Paypal was able to control the entire assets within by way of freezing, restricting, take ownership, and change the TOS, whereas the the user could only (presumably) arbitrate. Linden Labs had (has?) the same power:

The TOS proclaim that “Linden has the right at any time for any reason or no reason to suspend or terminate your Account, terminate this Agreement, and/or refuse any and all current or future use of the Service without notice or liability to you.” Whether or not a customer has breached the Agreement is “determined in Linden’s sole discretion.” Linden also reserves the right to return no money at all based on mere “suspicions of fraud” or other violations of law. Finally, the TOS state that “Linden may amend this Agreement . . . at any time in its sole discretion by posting the amended Agreement [on its website].”

Ouch! Which brings us to tricky issue of costs. For some reason, Linden Labs chose the ICC for Arbitration, with three Arbitrators. The Court estimated costs at $17,250 for an action of recovery of $75,000. However, the ICC rules say that costs must be shared by the parties, and that is apparently sufficient to make Arbitration unenforceable in California law. The trick here appears to be that the existence of a fee, imposed in excess of a similar court process, creates a supports the finding of unconscionability:

California law has often been applied to declare arbitration fee-sharing schemes unenforceable. Such schemes are unconscionable where they “impose[] on some consumers costs greater than those a complainant would bear if he or she would file the same complaint in court.” ... Here, even taking Defendants characterization of the fees to be accurate, the total estimate of costs and fees would be $7,500, which would result in Bragg having to advance $3,750 at the outset of arbitration. See Dfts.’ Reply at 11. The court’s own estimates place the amount that Bragg would likely have to advance at $8,625, but they could reach as high as $13,687.50. Any of these figures are significantly greater than the costs that Bragg bears by filing his action in a state or federal court. Accordingly, the arbitration costs and fee-splitting scheme together also support a finding of unconscionability.

As well as that, the Court found that all these factors helped to suggest that Arbitration was an attempt to shield liability rather than resolve disputes:

  • imposing a location for Arbitration hearings over small disputes in Carlifornia
  • imposing confidentiality on Arbitration (ICC rules)
  • no "business realities" reason was advanced for the one-sidedness

OK, so the court really went to town in striking down the Arbitration clause. When I read their agreement a couple of weeks ago, I came to the same conclusion, without the Court's care, and the tip-off was the choice of the ICC (a big, expensive French body?!) and three, that's THREE arbitrators. The ICC has to be expensive just from the name, and by Linden Labs choosing 3 times the price, it doesn't take a PhD in maths to realise this was a barrier not an aid.

It may be that Linden Labs have learnt their lesson, as the TOS has just been changed, which is what sparked this blog post. Benjamin of VB writes:

the new terms also create a special class of claims under $10,000 that are to be handled via non-appearance arbitration. This change is very good for users, as the new clause replaces one that required a full-blown arbitration proceeding before a three-person panel, which could easily cost more than $10,000 itself (that is essentially why the clause was declared unconscionable in the Bragg case). Non-appearance arbitration can actually be quite inexpensive, and, notably, it could even be conducted in Second Life. The arbitrator must be an established ADR provider, must have published guidelines for dispute resolution, and must be a “retired judge or attorney with legal expertise in the subject matter of the dispute.”

Two caveats: it seems to stop around the $10k mark, and I haven't looked at the new terms.

Now, to get back to CAcert and their new arbitration system. We can run the Court's ruler over CAcert's new user agreement (albeit, still in DRAFT). It's maybe a little premature as experience is new, and only one case has been heard. But let's see what we can find:

  • Fees: Maybe. CAcert reserves the right to impose some costs, but none are currently applied. Something to watch.
  • Contract of Adhesion: Yes. That is probably an affirmative, by the definition of such contracts and Internet business. CAcert certainly intends that the user not negotiate, and should "take it or leave it." One pleading here might be that the bound users may seek changes by either open policy processes or through Arbitration itself.
  • Surprise: No. I counted 25 references to Arbitration and the Arbitrator in 5.5 pages of their draft agreement. The heading says "3.2 Arbitration as Forum of Dispute Resolution." Also, contributory factors will be that the Assurers are to be trained in this area, and CAcert's principles would rule against "surprising" the users as a tactic.
  • Choice of forums: No. Both CAcert and the user go to Arbitration for any dispute.
  • Range of remedies: No. Only the Arbitrator may terminate an account or impose a financial penalty. Although support members may revoke, they must then refer to Arbitration for authorisation (this is unapproved CPS writings).
  • Change of TOS: No. CAcert Inc has explicitly passed the right to change the TOS across to the users themselves, by way of the policy process. While CAcert Inc retains a veto, this seems not unreasonable given the fiduciary duties.
  • Costly forum: No. Hearings are mostly conducted over email, and to address a point that the Court did not address, the process seeks to reduce costs by using senior people from within the community as advisors.
  • Abusing even a "Modicum of mutality:" No, as Arbitrators are chosen from senior and experienced Assurers. E.g., arbitration is before peers, and CAcert itself is bound by the ruling.

Now, with a nod to the other elements of the Court's ruling, and to the Appeals Court which needs to affirm the ruling, it should be borne in mind that this is a back-of-the-napkin calculation. Still, it's instructive. I'd say cautiously that CAcert made none of the mistakes that the Court found. Indeed, CAcert bent over backwards and tied itself in knots in order to present itself as approximately equal to the registered users.

(As I say, I had something to do with the process. Indeed, I have been hammering the desk for this policy, or any other, to be approved for more than a year now. The more excellent result of last week's conference, which I attended, is that CAcert is now firmly back on the rails.)

Posted by iang at 08:46 AM | Comments (3) | TrackBack

September 11, 2007

If Insurance is the Answer to Identity, what's the Question?

Over on Second Life, they (LL) are trying to solve a problem by providing an outsourced service on identity verification with a company called Integrity. This post puts it in context (warning, it's quite long, longer even than an FC post!):

So now we understand better what this is all about. In effect, Integrity does not really provide “just a verification service”. Their core business is actually far more interesting: they buy LL’s liability in case LL gets a lawsuit for letting minors to see “inappropriate content”. Even more interesting is that LL does not need to worry about what “inappropriate content” means: this is a cultural question, not a philosophic one, but LL does not need to care. Whatever lawsuits will come LL’s way, they will simply get Integrity to pay for them.

Put into other words: Integrity is an insurance company. In this day and age where parents basically don’t care what their children are doing, and blame the State for not taking care of a “children-friendly environment” by filing lawsuits against “the big bad companies who display terrible content”, a new business opportunity has arisen: selling insurance against the (albeit remote) possibility that you get a lawsuit for displaying “inappropriate content”.

(Shorter version maybe here.)

Over on Perilocity, which is a blog about the insurance world, John S. Quarterman points at the arisal of insurance to cover identity theft from a company called LifeLock.

I have to give them credit for honesty, though: LifeLock admits right out that the main four preventive things they do you could do for yourself. Beyond that, the main substance they seem to offer is essentially an insurance package:

"If your Identity is stolen while you are our client, we’re going to do whatever it takes to recover your good name. If you need lawyers, we’re going to hire the best we can find. If you need investigators, accountants, case managers, whatever, they’re yours. If you lose money as a result of the theft, we’re going to give it back to you."

For $110/year or $10/month, is such an insurance policy overpriced, underpriced, or what?

It's possible easier for the second provider to be transparent and open. After all they are selling insurance for stuff that is a validated disaster. The first provider is trying to cover a problem which is not yet a disaster, so there is a sort of nervousness about baring all.

How viable is this model? The first thing would be to ask: can't we fix the underlying problem? For identity theft, apparently not, Americans want their identity system because it gives them their credit system, and there aren't too many Americans out there that would give up the right to drive their latest SUV out of the forecourt.

On the other hand, a potential liability issue within a game would seem to be something that could be solved. After all, the game operator has all the control, and all the players are within their reach. Tonight's pop-quiz: Any suggestions on how to solve the potential for large/class-action suits circling around dodgy characters and identity?

(Manual trackbacks: Perilocity suggests we need identity insurance in the form of governments taking the problem more seriously and dealing with identity thefts more proactively when they occur.)

Posted by iang at 05:57 PM | Comments (0) | TrackBack

September 09, 2007

The Failure of the Academic Contribution to Security Science

This blog frequently presses the case for the dysfunctional family known as security, and even presents evidence. So much so, that we've gone beyond the evidence and the conclusion, and we are more interested in the why?

Today we have insights from the crypto layer. Neal Koblitz provides his thoughts in an article named "The Uneasy Relationship Between Mathematics and Cryptography" published in something called the Notices of the AMS. As perhaps everyone knows, it's mostly about money, and Koblitz identifies several threads:

  • bandwagon effect
  • NSA-supplied money
  • "the power that an aura of mathematical certainty can have over competitive solutions" a.k.a. provable security
  • the unfortunate effect of computer science on cryptography

We've certainly seen the first three, and Koblitz disposes of them well. Definately well recommended reading.

But the last thread takes me by surprise. I would have said that cryptographers have done precisely the reverse, by meddling in areas outside their competence. To leap to computer science's defence, then, permit me to turn Koblitz's evidence:

Here the word “protocol” means a specific sequence of steps that people carry out in a particular application of cryptography. From the early years of public key cryptography it has been traditional to call two users A and B of the system by the names “Alice” and “Bob.” So a description of a protocol might go as follows: “Alice sends Bob..., then Bob responds with..., then Alice responds with...,” and so on.

I don't think so! If you think that is a protocol, you are not a computer scientist. Indeed, if you look at the designs for protocols by cryptographers, that's what you get: provable security and a "protocol" that looks like Alice talking to Bob.

Computer science protocols are not about Alice and Bob, they are about errors. Errors happen to include a bunch of things, including Alice and Bob. Also, Mallory and Eve, but also many many other things. As the number of things that can go wrong far exceed the numbers of cryptographic friends on the planet, we would generally suggest that computer scientists should write protocols, so as to avoid the Alice-Bob effect.

Just to square that circle with yesterday's post, it is OK to talk about Alice-Bob protocols, in order to convey a cryptographic idea. But it should be computer scientists who put it into practice, and as early as possible. Some like to point out that cryptography is complex, and therefore you should employ cryptographers for this part. I disagree, and quote Adi Shamir's 3rd misconception. Eventually your crypto will be handled by developers, and you had better give them the simplest possible constructions they can deal with.

Back to Koblitz's drive-by shooting on computer science:

Cryptography has been heavily influenced by the disciplinary culture of computer science, which is quite different from that of mathematics. Some of the explanation for the divergence between the two fields might be a matter of time scale. Mathematicians, who are part of a rich tradition going back thousands of years, perceive the passing of time as an elephant does. In the grand scheme of things it is of little consequence whether their big paper appears this year or next. Computer science and cryptography, on the other hand, are influenced by the corporate world of high technology, with its frenetic rush to be the first to bring some new gadget to market. Cryptographers, thus, see time passing as a hummingbird does. Top researchers expect that practically every conference should include one or more quickie papers by them or their students.

Ouch! OK, that's fair point. However the underlying force here is the market, and computer science itself is not to blame, rather, the product of its work happens to locate a lot closer to the market than, say, mathematics. Koblitz goes on to say:

There’s also a difficulty that comes from the disciplinary culture of cryptography that I commented on before. People usually write papers under deadline pressure — more the way a journalist writes than the way a mathematician does. And they rarely read other authors’ papers carefully. As a result even the best researchers sometimes publish papers with serious errors that go undetected for years.

That certainly resonates. When you spot an error, and it appears embedded in an academic paper, it stays for years. Consider a random paper on my desktop today, one by Anderson and Moore, "On Information Security -- and beyond." (Announced here.) It is exceedingly well-written, and quite a useful summary of economics thought today in academic security fields. Its pedigree is the best, and it seems unassailable.

Let us then assail. It includes an error: the "lemons" myth, which has been around for years now. Indeed, someone has pointed out the flaw, but we don't know who:

In some cases, security is even worse than a lemons market: even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

In detail, "lemons" only applies when the seller knows more than the buyer, this being one of the two asymmetries referred to in asymmetrical information theory. Other things apply in the other squares of the information matrix, and as with all such matrices, we have to be careful not to play hopscotch. The onus would be on Anderson and Moore, and other fans of citric security, to show whether the vendors even know enough to qualify for lemon sales!

Which all supports Koblitz's claims at least partially. The question then is why is it that the academic world of cryptography is so divorced? Again, Anderson and Moore hint at the answer:

Economic thinkers used to be keenly aware of the interaction between economics and security; wealthy nations could afford large armies and navies. But nowadays a web search on ‘economics’ and ‘security’ turns up relatively few articles.

Ironically, their very care and attention is reflected in the list of cited references at the end of the paper: one hundred and eight references !!! Koblitz would ask if they had read all those papers. Assuming yes, they must have covered the field, right?

I scanned through quickly and found three references that were not from reputable conferences, university academics and the like. (These 3 lonely references were from popular newspapers.)

What does a references section that only references the academic world mean? Are Anderson and Moore ignoring everything outside their own academic world?

I hasten to add, this is not a particular criticism against those authors. Many if not all academic authors, and conferences, and peer-review committee chairs would plead guilty of the same crime, proudly, even. By way of example, I have on my desk a huge volume called Phishing and Countermeasures, edited by Jakobsson and Myers. The list of contributors reads like a who's who of Universities, with the occasional slippage to Microsoft, RSA Laboratories, etc.

Indeed, Koblitz himself might be bemused by this attack. Why is the science-wide devotion to academic rigour a criticism?

Because it's security, that's why. Security against real threats is the point where scientific integrity, method and rigour unravels.

Consider a current threat, phishing. The academic world turned up to phishing relatively late, later than practically everyone else. Since arriving, they've waltzed around as if they'll solve it soon, just give them time to get up to speed, and proceeded to mark out the territory. The academics have presented stuff that is sometimes interesting but rarely valuable. They've pretty much ignored all the work that was done before hand, and they've consequently missed the big picture.

Why is this? One reason is above: academic work is only serious if it quotes other academic work. The papers above are reputable because they quote, only and fulsomely, other reputable work. And the work is only rewarded to the extent that it is quoted ... again by academic work. The academics are caught in a trap: work outside academia and be rejected or perhaps worse, ignored. Or, work with academic references, and work with an irrelevant rewarding base.

And be ignored, at least by those who are monetarily connected to the field. By way of thought experiment, consider how many peer-review committees on security conferences include the experts in the field? If you scan the lists, you don't find names like "Ivan Trotsky, millionaire phisher" or perhaps "John Smith, a.k.a. Bob Jones and 32 other aliases, wanted for tera-spamming in 6 states." Would we find "Mao Tze Ling, architect for last year's Whitehouse network shakedown?"

OK, so we can't talk to the actual crooks, but it's just a matter of duplicating their knowledge, right? In theory, it's just a matter of time before the academics turn the big guns onto the threat, and duplicate the work done outside academia. They can catch up, right?

Unfortunately not. Consider anoother of Koblitz's complaints, above where cryptography is

"influenced by the corporate world of high technology, with its frenetic rush to be the first to bring some new gadget to market."

Actually, there are two forces at work here, being the market and the attacker . In short, a real attack in this field migrates in terms of a month. Even with an accelerated paper cycle of 3 months to get the work peer-reviewed and into the next party for student quickies, to use Koblitz's amusing imagery, attacks migrate faster.

The academic world of security is simply too far away from their subject. Do they know it? No, it seems not. By way of example, those in the academic world of security and economics claim that the field started only recently, in the last few years. Nonsense! It has always been there, and received massive boosts with the work of David Chaum, the cypherpunks, Digicash, the Amsterdam hackers and many others.

What was not done was to convert this work into academic papers. The literature is there, but not in conference proceedings.

What was done was to turn the academic thought process into hugely beneficial contributions to security and society. All of the work mentioned above has led directly, traceably, to the inventions we now know as PayPal, ebay, WebMoney, gold community, and slowly moving through to the mass of society in the form of NFC, mobile and so forth. (The finance and telco sectors move slowly to accomodate these innovations, but do they move more slowly than the academic sector?)

The problem is that since the arisal of the net, the literature for fast-paced work has moved out of the academic sphere into other means of distribution: shorter essays, private circulations over email, business plans, open source experiments, focussed maillists and ... of course, blogs. If you are limiting yourself to conference proceedings on security, you are dead in the water, to take a phrase from naval security of a bygone age.

So much so that when you add up all these factors, the conclusion suggested is that the academic world will possibly never be able to deal with security as a science. Not if they stick to their rules, that is. Is it possible we now live in a world where today's academia cannot practically and economically contribute to an entire sector of science? That's the claim, let's see how it pans out.

Some criticisms also apply to Koblitz. Maybe mathematics is so conveniently peaceful as to support an academic tradition, but why is it that on the first page, he waxed longingly and generously on the invention of public key cryptography, but without mentioning the authors of the paper? He might say that Diffie and Hellman did not include any mathematics in their paper, but I would say "tosh!"

Posted by iang at 02:17 PM | Comments (5) | TrackBack

August 27, 2007

Open Governance - Vini Vidi Vici (Second Life, BAWAG)

Some are skeptical that open governance can change things. I say, they just haven't seen it in action, and haven't really dug deep into the popular but less efficacious regulated alternative.

Two examples: Over on Second Life, a pretty obvious ponzi scheme called Ginko crashed and burned. It didn't do very quickly, but it did so with *plenty* of warning, so the lesson is there. Open governor Benjamin Duranske wrote:

Two weeks ago, when I started paying close attention to Ginko (full coverage here), a Second Life blogger (who I won’t name) emailed me this:
Ultimately, all do-gooders like yourself have to ask yourself what can be done *when Linden Lab itself will do nothing.*

That sounded like a challenge, and one that was worth taking up. And the answer to that question, it turns out, is “quite a bit.” Ginko is no more.


But what really opened depositors’ eyes? What caused the internal gears at Ginko to start turning a different direction? Talking to people. One to one. Day after day. We weren’t a few writers, we were hundreds of people ranging from newbies to three and four year residents, from bilingual users translating questions into their own language for fellow depositors with little English, to economics professors at major universities talking about issues that were over my head. We covered every segment of the Second Life populace. Some knew what was happening early, some figured it out later on, but all of us asked hard questions at the ATMs, pushed the hard issues to the front of the public’s attention, and didn’t accept lies — even well intentioned ones — as truths.

Over in BAWAG-struck Austria, Helga Seeliger sits in court and reads the law of open governance over the biggest scandal in Austrian finance. (No URL, the translation is mangled directly from a newspaper snippet from Der Standard):

On one seat, by the side of journalists, is a 67 year old Viennese woman who has not missed one day of proceedings, and that's the way it shall be until the verdict is delivered. Her name is Helga Seeliger.

She was the first pensioner in March to demand that the OeGB (Federation of Austrian Unions) continue to pay the enterprise pension that had been cancelled. For 25 years Seeliger was a union representative. For more than 10 years, she was a manager at the Union. Since April 2005, she was a pensioner. She started studying law in the 2000, and finished in 2005. Her favourite: business law.

She writes down all the questions, and all the answers. She writes it in shorthand. If asked, she explains her interest in BAWAG as being a stakeholder. "These testimonies, about how easily the union money was offered, are important for our process."

After the BAWAG crisis, the unions cancelled all the additional pensions for ex-workers, and offered them a single final payment that, depending on their age, was between 2.2 and 8.8 annual salaries. Those who didn't accept, didn't get anything.

The unions paid with this solution 60m euros. For Seeliger and her co-workers, this was too little. "You should not call it the BAWAG scandal, you should call it a union scandal."

When, on Monday, Judge Claudia Bandion-Ortnera will call the "Elsner and others" case, Seeliger will be sitting in the front row and will take her notebook out of her black briefcase and continue her work.

What does this achieve? It locks the court's options down, it preserves the justice. If a convenient settlement offers to emerge, it will only survive, knowing that someone who really cares will see all, record all, and tell all.

Open governance is that: In today's networked world, we can use many small observers to watch, write and share the information. All we need is the latin phrase to capture that, and we're set to conquer the world of governance.

(There is a Cartoon in der Standard by Oliver Schopf but it is not on his website as yet.)

Posted by iang at 07:52 PM | Comments (1) | TrackBack

August 08, 2007

Microsoft asserts itself as an uber-CA

In the PKI ("public key infrastructure") world, there is a written practice that the user, sometimes known as the relying party, should read the CPS ("certificate practice statement") and other documents before being qualified to rely on a certificate. This would qualify as industry practice and is sensible, at least on the face of it, in that the CA ("certificate authority") can not divine what you are going to use the cert for. Ergo, the logic goes, as relying party, you have to do some of the work yourself.

However, in the "PKI-lite" that is in place in x.509 browser and email world, this model has been simplified. Obviously, all of us who've come into contact with user software and the average user know that the notion of a user reading a CPS is so ludicrous that it's hardly worth discussing. Of course, we need another answer.

There are many suggestions, but the one that is in effect is that the browser, or more precisely, the software vendor, is the one who reads the CPS, on behalf of the users. One way to look at this is that this makes the browser the relying party by proxy, as, in making its assessment, it reads the CPS, measures it against own needs, and relies on audits and other issues. (By way of disclosure, I audit a CA.)

Unfortunately, it cannot be the relying party because it simply isn't a party to any transaction. The user remains the relying party, but isn't encouraged to do any of the relying and reading stuff that was mentioned above. That is, the user is encouraged to rely on the certificate, the vendor, the CA and the counter-party, all on an article of blind faith in these people and processes she has never heard of.

This dilemma is better structured as multi-tiered authorities: The CA is the authority on the certificates and their "owners." The software vendor is the authority on the CAs, by means of their CPSs, audits, etc.

Such a re-drawing of the map has fairly dramatic consequences for the PKI. The widespread perception is that the CA is highly liable -- because that's the "trust" product that they sell -- and the browser is not. In principle, and in contract law, it might be the other way around, as the browser has an agreement with the user, and the CA has not. Where the perception might find comfort is in the doctrine of duty of care but that will generally limit the CA's liability to gross negligence. Either way, the last word on this complicated arrangement might need real lawyers and eventually real courts.

It has always been somewhat controversial to suggest that the browser is in control, and therefore may need to consider risks, liabilities and obligations. But now, Paul Hoffman has published a rather serious piece of evidence that Microsoft, for its part, has taken on the R/L/O more seriously than thought:

If a user running Windows XP SP2 in its default configuration removes a root certificate that is one that Microsoft trusts, Windows will re-install that root certificate and again start to trust certificates that come from that root without alerting the user. This re-installation and renewed trust happens as soon as the user visits a SSL-based web site using Internet Explorer or any other web browser that uses the Cryptographic Application Programming Interface (CAPI) built-in to Windows; it will also happen when the user receives secure email using Outlook, Microsoft Mail, or another mail program that uses CAPI, as long as that mail is signed by a certificate that is based on that root certificate.

In effect, the user is not permitted by the software to make choices of reliance. To complete the picture, Paul was careful to mention the variations (Thunderbird and Firefox are not effected, there is an SP2 feature to disable all updates of roots, Vista has the same problem but no override...).

This supports the claim, as I suggested above, that the effective state of play -- best practices if you'll pardon the unfortunate term -- is that the software vendor is the uber-CA.

If we accept this conclusion, then we could conceivably get on and improve security within these limitations, that the user does little or nothing, and the software manufacturer decides everything they possibly can. OK, what's wrong with that? From an architectural position, nothing, especially if it is built-in up-front. Indeed this is one of the core design decisions of the best-of-security-breed applications (x9.59, Skype, SSH, Ricardo, etc. Feel free to suggest any others to the list, it's short and it's lonely.)

The problem lies in that software control is not stated up-front, and it is indeed denied by large swathes of securityland. I'd not be surprised if Microsoft themselves denied it (and maybe their lawyers would be right, given the rather traumatic link between phishing and mitm-proof-certificates...). The PKI state-of-denial leaves us in a little bit of a mess:

  • uber-CAs probably have some liability, but will likely deny it
  • users are supposed to read the CPS, then rely. But don't or won't, and do.
  • CAs claim to the users as if they have the liability, but write the CPS as if they have none.
  • developers read from the PKI practices book, and write code according to uber-policy...
  • (We can add many other issues which lead PKI into harm, but we are well past the average issue saturation point already.)

To extract from this mess probably takes some brave steps. I think I applaud Microsoft's practice, in that at least this makes that little part clearer.

They are in control, they are (I suggest) a party with risks, liabilities and obligations, so they should get on and make the product as secure as possible, as their primary goal. This includes throwing out bits of PKI best practices that we know to be worst practices.

They are not the only ones. Mozilla Foundation in recent years has completed a ground-breaking project to define their own CA processes, and this evidences great care and attention, especially in the ascension of the CA to their root list. What does this show other than they are a party of much power, exercising their duty of care?

Like Microsoft, they (only) care about their users, so they should (only) consider their users, in their security choices.

Will the CAs follow suit and create a simpler, more aligned product? Possibly not, unless pushed. As a personal remark, the criteria I use in auditing are indeed pushing dramatically in the direction of better care of risks, liabilities and obligations. The work to go there is not easy nor trivial, so it is no wonder that no CA wants to go there (and that may be an answer to those asking why it is taking so long).

Even if every CA stood forth and laid out a clear risks, liabilities and obligations statement before their relying parties, more would still need to be done. Until the uber-CAs also get on board publically with the liability shift and clearly work with the ramifications of it, we're still likely locked in the old PKI-lite paper regime or shell game that nobody ever used nor believed in.

For this reason, Microsoft is to be encouraged to make decisions that help the user. We may not like this decision, or every decision, but they are the party that should make them. Old models be damned, as the users surely are in today's insecurity, thanks in part to those very same models.

Posted by iang at 07:14 AM | Comments (4) | TrackBack

May 21, 2007

Choose your hatchet: when governance models collide

As mentioned, I advised e-gold on governance models way back when, and now we can see how the company deals with its relationship to the US government. Someone has posted a video over on YouTube of some 2006 testimony before Senate hearings on child pornography, wherein governance models are much discussed.

The video looks like hatchet job versus hatchet job, as governance of Internet child pornography collides with governance over payment integrity.

There is a wide-spread belief that the case against e-gold is likely to be fought on a battle ground of public opinion and regulated insiders, rather than that of law and public policy. Same as it ever was, perhaps, but a wider question for future FCers is what to do about it?

The governance models that were provided to e-gold were relatively sound, albeit incompletely implemented. No matter the incompleteness, the models were strong enough to preserve the gold for many years, at least to the extent that the recent seizure by the courts was able to complete. That's by way of a proof that some gold existed, although the victims of the seizure will have other choice words.

But those governance models are designed in general to deal with routine fraud of an inside nature. They are not designed to deal with the sort of difficulties facing e-gold. How then to do better in the future?

I see three lessons here for FCers at the governance layer.

1. A lot depends on the contract Ivan has with his users. We might say that an issuer should have a clear contract with its users. And, in that contract we might expect to find certain relationships with governments, law enforcement, regulators and other interested parties.

The question then would be to see whether these relationships were sustainable, stable and reasonable. In the case of e-gold, they were somewhat unbalanced at least due to its nominal offshore status, so e-gold ended up serving two or three jurisdictions instead of one. Complication, not simplification, without any offsetting protection.

2. Normal business process is to arbitrage existing structures and regulatory postures, but this is not to say that sustainable business includes simply facilitating crime. There is some grave doubt as to whether child pornography was more severe within the e-gold system than in classical banking, but there is much less doubt about ponzi schemes and pyramids. e-gold seems to have permitted these to a far greater extent than desirable, and that was unlikely to make friends in the long run.

Then, the need might be interpreted as to create a business process that delivers an overwhelming good without delivering an overwhelming bad. Truly a matter of judgement, but an easy call might be to keep clear of the more popular crimes.

3. Finally, a reasonable and sustainable dispute system is required. Neither Paypal nor e-gold achieved this, and indeed the banks are widely criticised for it (or its absence). The only payment system that seems to have achieved this is WebMoney, although the story takes on fairy tale proportions due to the lack of english documentation.

Either way, the e-gold dispute resolution system is coming in for a hammering, so this aspect should be noted well by FC community. As a matter of record, alternative dispute resolution (ADR) was well studied by the e-gold founders, who gave speeches at conferences on subjects such as arbitration, but study did not apparently transfer to implementation.

Posted by iang at 10:02 AM | Comments (0) | TrackBack

May 11, 2007

US government seizes the gold in frozen acounts

As discussed earlier, the US government, in cases against e-gold and presumably yet-to-be-charged account holders, has apparently completed seizure of some part of the gold:

In an unprecedented move on or just before Wednesday May 9th, 2007, the United States of America has forced Omnipay et al E-gold to redeem all the gold backing the 58 previously frozen accounts owned by e-gold, 1mdc, icegold and a handful of other exchangers and customers to be liquidated effective immediately to a us dollar account owned by the federal government. ...

MoneyNetNews has learned from a reliable source that e-gold has been ordered to hand over a fresh copy of the customer database when the redemption is completed.

Bear in mind this is unconfirmed at this stage. HT-RAH! I'll update this article if anything more comes to hand.

Posted by iang at 10:34 AM | Comments (3) | TrackBack

May 10, 2007

Leadership, the very definition of fraud, and the court of security ideas

It's been a bad week for security leaders. Bruce Schneier has been lambasted for asking whether we need a security industry at all, Ross Anderson published an article "commissioned by the Federal Reserve" that was riddled with errors, and now the chief security researcher of one of the leading security firms, Mikko Hyponnen, proposes a lame duck idea.

I feel very conflicted. On the one hand, I applaud these people for airing some opinions -- we need open discussion and new ideas. On the other hand, there is a serious difference between conjecturing in a scientific sense, in order to spark some serious debate, and selling snake oil.

The latter is often the result of moral hazard. As Ross Anderson complains about banks, when we sell a false statement such as "our systems are secure, so it must be your fault," then our own standards slip due to our own beliefs, and eventually we get the reverse of what we are selling.

Fair enough, but this moral hazard also applies to the writer of security ideas. I feel very strongly about this, as ordinary users are paying for this! When someone gets phished, they lose a lot. Of time, reputation, credit, etc etc. Sometimes money, and at least someone loses the money in a successful phish.

Maybe Schneier is really saying "With leadership like this, you'd be better off without a security industry?"

When a company starts selling "security" ... or merely writing about it ... then maybe we need to consider the liability for this. Class action suits are already in play, and I think it is only a matter of time before software vendors also find themselves responsible for their fraudulent sales by one means or another.

Maybe it is time to call a spade a spade. Forget snake oil. Call it fraud!

The very definition of fraud is discussed by Joseph T. Wells, perhaps America's most voluble presenter on the subject:

Under common law, three elements are required to prove fraud: a material false statement made with an intent to deceive (scienter), a victim’s reliance on the statement and damages.

I'd suggest that you read the entire article.... Several times! Meanwhile, let's cast the definition of fraud over one of the ideas facing us today, the suggestion of a .bank TLD.

Do we have a material false statement?

The Internet Corporation for Assigned Names and Numbers, the body that creates new top-level domains, should create a new, secure domain just for this reason—something like “.bank,” for example.

What is false about that? Specifically, a .bank TLD does not give any vestige of security at all, as discussed earlier. That's one tick in the box.

Showing "intent" is harder it seems, so let's refer to JTW again:

There is no such thing as an accidental fraud. What separates error from fraud is intent, the accidental from the intentional. Assume [the] statements contain material false statements: Were they caused by error or fraud? The problem with proving intent is that it requires determining a person’s state of mind. As a result, intent usually is proven circumstantially. Some of the ways we can help prove intent by circumstantial evidence include
  • motive, ...
  • opportunity, ...
  • repetitive acts, ...
  • witness statements, ...
  • concealment. ...

Only the last is clearly not present, as publication of the idea in foreign policy is pretty much out in the open :) Motive is clearly present:

Registering new domains under such a top-level domain could then be restricted to bona fide financial organizations. And the price for the domain wouldn’t be just a few dollars: It could be something like $50,000—making it prohibitively expensive to most copycats. Banks would love this. They would move their existing online banks under a more secure domain in no time.

That's an invitation for someone to make some easy money if ever I saw it. That looks like the sort of rewards only seen in crime.

Opportunity is generally open but hard, in that anyone can submit a proposal to ICANN and create a TLD, in theory. Repetitive acts ... would depend on who is doing this, and as this is simply an idea being floated, we can't pinpoint anyone. Witness statements are also dependent on the idea turning into practice.

I would then call "intent" a cautious positive. If this idea was turned into reality, we can suggest motive and opportunity.

Next, JT Wells says "a victim's reliance on the statement." Well, that seems a slam dunk, if you've ever worked with banks. As a quick generalisation, they are only capable of doing security thinking in the most extreme of contexts, and they frequently rely on outside companies with a reputation in security sales to advise them.

Finally, damages will follow in due course, in any actual phishing attacks. It isn't necessary for us to predict these, simply to say that if they occurred , the rest of the discussion will complete the claim.

This isn't a court of law, and even if it were, we are unlikely to find an idea fraudulent. However, it seems plausible that we can apply the same test that the lawyers do. In that sense, it seems that the idea of a .bank TLD, if it were taken forward as a security proposal, would run the risk of being ruled as fraud.

Posted by iang at 04:26 PM | Comments (10) | TrackBack

May 04, 2007

US moves to seize the gold

Someone pointed out that the indictment unsealed last week against e-gold, etc includes this clause:

78. As a result of the offenses alleged in Counts One and Three of this indictment, the defendants E-GOLD, LTD., GOLD & SILVER RESERVE, INC., DOUGLAS JACKSON, REID JACKSON, and BARRY DOWNEY shall forfeit to the United States any property, real or personal, involved in, or traceable to such property involved in money laundering, in violation of Title 18, United States Code, Section 1956, and in operation of an unlicensed money transmitting business, in violation of Title 18, United States Code, Section 1960; including, but not limited to the following:

(a) The sum of money equal to the total amount of property involved in, or traceable to property involved in those violations. Fed.R.Crim.P. 32.2(b)(1).

(b) All the assets, including without limitation, equipment, inventory, accounts receivable and bank accounts, of E-GOLD, LTD., and GOLD & SILVER RESERVE, INC., whether titled in those names or not, including, but not limited to all precious metals, including gold, silver, platinum, and palladium, that "back" the e-metal electronic currency of the E-GOLD operation, wherever located.

If more than one defendant is convicted of an offense, the defendants so convicted are jointly and severally liable for the amount derived from such offense. By virtue of the commission of the felony charged in Counts One and Three of this indictment, and and all interest that the defendant has in the property involved in, or traceable to property involved in money laundering is vested in the United States and hereby forfeited to the United States pursuant to Title 18, United States Code, Section 982(a)(1).

(My emphasis. I included the whole clause, intending to allow each to form their own opinions. Of course, you and I should read the whole thing...)

A little background. In the gold community, it is dictum that the US is no respecter of property rights. Twice in the 20th century, the financial rebels will point out, the US seized the gold of its private citizens, generally as a result of its own bad management of the currency, and trying to stop people from fleeing the over-inflated dollar.

In this case, the US government is seeking to seize all of the gold held within the system as reserves to the currency, without due regard to the operation of property rights for the rest of the user base. It would seem an over-broad reaching by the government, but sadly, expected and unsurprising to the digital currency community.

Whatever one thinks of e-gold, its operators and their actions, this is likely to reinforce the reputation of complete and utter disrespect that the US has for property rights around the world.

Unfortunately, this is no isolated case, but is in fact a concerted and long-lived programme by the US government to undermine property rights the world around. The US-invented Anti Money Laundering (AML) regime stretches back 20 years or more to Ronald Reagan's war on drugs, and is now sufficiently strong to destroy the effect of property laws, which latter are nothing if not strong.

AML takes implementing countries backwards in time and history. Although England and its former colonies inherited strong property rights from the days of the Magna Carta, it is as well to realise that the English experiment may have been more an exception than the rule. Consider Russia as counterpoint:

Since only the Tsar or the Party had property, no individual Russian could be sure of long-term usage of anything upon which to create wealth. And it is the poor to whom the property right matters most of all because property is the poor man's ticket into the game of wealth creation. The rich, after all, have their money and their friends to protect their holdings, while the poor must rely upon the law alone.

"The Rape of Russia" was not ancient history according to Williamson's 1999 testimony before the US House of Representatives, but living times: during the decade of the 1990s, the same group conspired with Russians to launder much of the residual value of the Russian people.

One would hope that the court is a little wise to the fact that if e-gold Ltd's system was used for crimes, then there was also use for good purposes; that is, it was the operators and some users that were responsible. Normally we would expect the system to be placed under administration, and then a wholesale cleanout of any "bad" accounts to occur, under court supervision.

If not, the author above warned the US Congress what will happen to those who dismantle what property rights there are:


In the absence of property, it was access - the opportunity to seek opportunity - and favor in which the Russians began to traffic. The connections one achieved, in turn, became the most essential tools a human being could grasp, employ and, over time, in which he might trade. Where relationships, not laws, are used to define society's boundaries, tribute must be paid. Bribery, extortion and subterfuge have been the inevitable result. What marks the Russian condition in particular is the scale of these activities, which is colossal. Russia, then, is a negotiated culture, the opposite of the openly competitive culture productive markets require.

It is fairly clear that the e-gold operation was presented to the world and operated as a property rights operation. Although not without shenanigans, the very basis of the digital gold community has been a joyful expression of the right of property, and what good it can do when it is left to run free.

Unfortunately, the US government may have learnt too much from the Russian experience. The substantial crime in the indictment is "property rights without a licence" and the fine for that is "seizing all the property." Welcome to the world of tribute; bribery, extortion and subterfuge to follow.

Posted by iang at 07:54 AM | Comments (9) | TrackBack

May 02, 2007

more Tipping Point evidence - POS vendors sued

I wrote a week or so back about the failure of liability sharing and the consequent failure in market information. In that case, it circulated around the expectation that the banks have to back up the consumer every time something goes wrong. Is the TJX case enough to trigger the long awaited pass-on of liability to the other parties who share some responsibility?

Chris at EC points to Storefront:

Following lawsuits in February against some of the nation's largest retailers for illegally revealing too much credit card information on printed receipts, two of those retailers are now suing their POS vendors.

In the initial lawsuits filed early this year, some 50 of the nation's top retailers... were accused of printing full credit numbers and expiration dates on printed customer receipts, violating a provision of the Fair and Accurate Credit Transactions Act (FACTA) ...

In the last couple of weeks, two of those retail defendants—Charlotte Russe and Shoe Pavillion—have sued their POS vendors, saying that the retailer relied on them and if the retailer is liable, then the POS vendor should pay for it.

Is this a good thing? I think, yes. The alternates are not good: the vendor has no liability for actions, a law is passed that suits nobody, and things get worse.

Nick commented "Let the suing begin!" Better to suck up some court time and create an environment where -- no matter how small -- a vendor of security stuff has to work *with the customer's and the end-customer's risk model* and also take on some of the liability when it goes wrong.

Posted by iang at 11:24 AM | Comments (1) | TrackBack

April 30, 2007

e-gold responds -- denies Criminal Charges

Ordinarily I wouldn't follow the course of a case in such detail, contenting to only pick out the big picture and the important messages for Financial Cryptography readers. However, because of the 'special circumstances' in the e-gold case, I'll post the full response by Dr Jackson on the indictment from last week.

e-gold® Founder Denies Criminal Charges
April 30, 2007
Melbourne, FL

On April 24, 2007, a Federal Grand Jury handed down an indictment charging e-gold Ltd., Gold & Silver Reserve, Inc., and the Directors of both companies with money laundering, operating an unlicensed money transmitter business, and conspiracies to commit both offenses.

Dr. Douglas Jackson, Chairman and Founder of e-gold, speaking on behalf of his fellow Directors and both companies vigorously denies the charges, taking particular exception to the allegations that either company ever turned a blind eye to payments for child pornography or for the sale of stolen identity and credit card information.

Dr. Jackson states, "With regard to child pornography, the government knows full well that their allegations are false, yet they highlight these irresponsible and purposely damaging statements in order to demonize e-gold in the eyes of the public. During the Inquisition, accusations of witchcraft and heresy were used to sanctify torture and seizures of property. In post 9-11 America, child porn and terrorism serve as the denunciations of choice. e-gold, however, as a matter of incontrovertible fact, is the most effective of all online payment systems in detecting and interdicting abuse of its system for child pornography related payments. e-gold Ltd. is a founding member of the National Center for Missing and Exploited Children's (NCMEC) Financial Coalition to Eliminate Child Pornography. e-gold is the only member institution to demonstrate with hard, auditable data a dramatic reduction of such payments to virtually zero, while billions of child porn dollars continue to flow through other (heavily regulated) payment systems. [Most members, that is, all the banks and credit card associations are utterly unable to even provide an estimate of the volume of such payments processed by their systems. eBay's PayPal subsidiary, who may have the ability to make such a determination, has refused to do so and has indicated they destroy payment records after two years.] What is worse, until August 2005 when NCMEC courageously broke ranks with US law enforcement agencies and began directly notifying e-gold of criminal sites via the CyberTipline, component agencies of the US Department of Justice purposely concealed their knowledge of child pornography abuses from e-gold's investigators, subordinating actual crime fighting to a policy agenda designed to dirty up e-gold."

In December 2005, the Secret Service (USSS) deceived a Federal
Magistrate judge with bogus testimony in order to obtain search and
seizure warrants authorizing the government to seize the US bank
accounts of Gold & Silver Reserve, Inc. The seizure, which netted the
government about $ 0.8 million, was designed to put e-gold out of
business without due process, since G&SR serves as the contractual
Operator of the e-gold system. At a subsequent emergency hearing, the
government made no effort to defend their (sealed) allegations of
lurid criminality, falling back to a position that their action was
warranted because of a licensure issue. At the hearing, G&SR described
its ongoing dialog with the Department of Treasury, initiated by
formal request of the company in Spring 2005, to determine a possible
basis for regulating the company's activities, since it was patently
clear to competent authorities that G&SR's exchange service was not
encompassed within any existing regulatory rubric [subsequently
re-confirmed by experts at the Federal Reserve]. The US Attorney for
the District of Columbia, responsible for the prosecution, was
completely unaware of this orderly proceeding, as well as Treasury
reports issued the same week that acknowledged e-gold as an innovation
not meeting definitions of a money services business or a money

Since this time, the government has been confronted with overwhelming
evidence that the USSS had made a horrible mistake in its attack on
the e-gold system and its repeated defamatory claims in the media that
e-gold is anonymous, untraceable, and inaccessible to US law
enforcement. They have concealed the fact that Dr. Jackson had
personally arranged to come to USSS headquarters to train the USSS
cybercrime squad in December 2004 (along with agents of the UK's
National High Tech Crime Unit, and the Australian Federal Police) on
advanced techniques, particularly in the area of efficient interaction
with e-gold's in-house investigative staff, but was prevented when
senior USSS management learned of the initiative and forbade the
training on the grounds of a policy declaring e-gold as their
designated boogey man.

The Department of Justice has had to determine whether to continue to
stand behind their component agency. Their decision to close ranks has
directly resulted in a gross misallocation of resources, with the
result that vicious criminals who might have been brought to justice
remain at large. An example of this is the Shadowcrew investigation,
hyped by the USSS as a major success in disrupting international
credit card thieves. The USSS did not subpoena records from e-gold at
any time in their investigation, or engage with e-gold's superb
in-house investigative staff, with the result that the sophisticated
hierarchy of the ring was unmolested and probably strengthened while
the USSS hauled in the low hanging fruit, "a dime a dozen and
relatively easy to track down and pop".

Similarly, there is compelling evidence that the international cartel
of commercial vendors of child pornography continues to operate
because the FBI Innocent Images Unit and Special Agents within the
Immigration and Customs Enforcement Agency have been forbidden to
follow investigative protocols developed by Dr. Jackson, apparently
for fear of further belying the party line that e-gold is itself a
nefarious operation.

With regard to allegations of money laundering, Dr. Jackson notes
"G&SR's online exchange service, OmniPay, has for years followed
stringent customer identification procedures and an absolute policy of
only accepting money payments by bank wire. If bank wires aren't
already "clean" then what is? Furthermore, e-gold Ltd. can scarcely be
construed as a money launderer since it does not accept money payments
from anyone in any form and has never owned a single dollar, yen, euro
or any other brand of legacy money. As far as the possibility of a
criminal successfully obfuscating a money trail, e-gold is a closed
system. The only way to obtain e-gold is by receiving a transfer from
someone who already has some. e-gold is also the only payment system
accessible by the public that maintains a permanent record of all

On April 27, 2007, the government served seizure warrants on G&SR
ordering it to freeze, liquidate and turn over to the government the
operating e-gold accounts of G&SR and e-gold Ltd. The value seized,
about $762 thousand worth of e-gold from e-gold Ltd. and about $736
thousand worth of e-gold from G&SR [on top of the $0.8 million seized
from G&SR in 2005, and the approximately $1 million spent by G&SR so
far in its defense] constitutes the bulk of the liquid assets of both
companies. Perplexingly, a post-indictment restraining order states
"Nothing in the provisions of this restraining order shall be
construed as limiting the e-gold operation's ability to use its
existing funds to satisfy requests from its customers to exchange
e-gold into national currency, or its ability to sell precious metals
to accomplish the same once approval has been obtained." Having taken
virtually the entire operating funds of G&SR and e-gold Ltd., that is,
the e-gold in both companies' own e-gold accounts, it is unclear if
the government has even a basic grasp of the operations it has been
investigating for three years at a taxpayer expense in the millions.

The most remarkable element of the restraining order is that the US
government deputizes e-gold with plenipotentiary powers to act as
judge, jury and executioner against any account user e-gold itself has
deemed to be a criminal: "It is further ordered that upon receipt of
this order the defendants are required to freeze, that is, not conduct
or allow any further transactions in e-gold accounts that the e-gold
operation itself has identified as being used for criminal activity".
Although not accompanied by an outright letter of marque, this
commission (the financial equivalent to double ought status?) would
appear to be an acknowledgement that e-gold's 'Know Your Customer'
prowess far exceeds that of any regulated financial institution, who
would be obliged to rely on court orders or other legal writs to
determine if freezing an account is warranted.

Concurrent with this latest attempt to knock e-gold Ltd. and G&SR out
of business and thereby effectively deny them due process, the
government also attacked other prominent exchange services that deal
in e-gold; IceGold, The Bullion Exchange, Gitgold, Denver Gold
Exchange, AnyGoldNow, and Gold Pouch Express, plus a sophisticated and
secure alternative payment system called "1MDC". All of the listed
exchange services also follow stringent Customer Identification
Programs congruent with what would be required of a currency exchange
business, if the law supported such a classification. Two of the
services, IceGold and AnyGoldNow, are located in Europe and deal
primarily with non-US customers. As a direct and immediate result of
the seizures, these companies, all of who had built a reputation for
honoring their obligations to customers in a timely fashion, have been
disrupted, and, at least in the case of Gitgold, checks to customers
issued in fulfillment of exchanges have bounced. This is a repeat of
what happened to G&SR as a direct result of the 2005 seizure, when
over 200 checks to customers bounced and refunds had to be sorted out
with severely crippled liquidity and without a US bank account.

It must not be overlooked that the search warrant obtained by
misrepresentations before a magistrate judge in 2005 resulted in the
government helping themselves to the financial records of hundreds of
thousands of American citizens [plus citizens of virtually every other
country] who had not been accused of any wrongdoing. Since the initial
raid, the prosecutor has caused the Grand Jury to order complete dumps
of the e-gold data base on three additional occasions.

This case has nothing to do with criminal activity, at least not on
the part of e-gold Ltd., G&SR, the named individuals or these other
exchange services of high reputation. It is about a Department of
Justice that is out of control, cognizant of having made a horrible
mistake but determined at all costs to preserve its turf. In a meeting
at the US Attorney's office in Washington on December 29, 2006, a
Chief Assistant US Attorney told us that the United States knew we
weren't "bad guys" and that the United States had no interest in
sending any of us to prison or causing e-gold to go out of business.
This was in virtually the same breath as proposing that the current
defendants plead guilty to Federal felony charges.

The plain fact is that the repeated statements and actions of the
government since 2001, especially the USSS, are directly responsible
for crippling e-gold's ability to market its service to mainstream
businesses and consumers, slowing [but fortunately not stopping]
e-gold's continuous development of advanced anti-crime capabilities,
subordinating US law enforcement's cybercrime fighting efforts to the
forlorn hope of destroying e-gold, driving market share to non-US
based alternative payment systems and making the US law enforcement
community the laughingstock of competent cybercrime fighting agencies
worldwide because of its obstinate inability to back down from the
USSS's longstanding e-gold vendetta.

All inquiries should be directed to the law offices of:

Posted by iang at 05:08 PM | Comments (2) | TrackBack

April 28, 2007

e-gold founders indicted

Bob Hettinga found and forwarded the press release from the Washington DC courts:

A federal grand jury in Washington, D.C. has indicted two companies operating a digital currency business and their owners on charges of money laundering, conspiracy, and operating an unlicensed money transmitting business, Assistant Attorney General Alice S. Fisher of the Criminal Division and U.S. Attorney for the District of Columbia Jeffrey A. Taylor announced today.

The four-count indictment, handed down on April 24, 2007, and unsealed today, charges E-Gold Ltd; Gold & Silver Reserve, Inc.; and their owners Dr. Douglas L. Jackson, of Satellite Beach, Fla.; Reid A. Jackson, of Melbourne, Fla.; and Barry K. Downey, of Woodbine, Md., each with one count of conspiracy to launder monetary instruments, one count of conspiracy to operate an unlicensed money transmitting business, one count of operating an unlicensed money transmitting business under federal law and one count of money transmission without a license under D.C. law.

(Or here.) This is the next chapter in a long running saga. The e-gold investigation started sometime around 2002, with three primary agencies involved: IRS, FBI and USSS. The latter, the US Secret Service, has the original mission of protecting the currency, and hence their interest in money.

The actual charges are curiously not that interesting. Obviously, it is a money operation so there will always be a charge of Money Laundering, which in today's US courts is guilty by naming. Slightly less obviously, the charge of conspiracy just implies something else criminal was done by people acting together: and of course there are several people involved. So that charge simply succeeds if the others do, else it fails by definition.

Which leaves operating an unlicensed money transmitting business. This is the core charge. As we recall, this law came in in the aftermath of 9/11, when a Hawala was found to have transmitted one of the payments needed to finance the terrorist attack (the vast majority of the funds went through normal bank transfers). This then started a war on Hawalas, and the regulations were put in place * with a clear offer: license yourself as a money transmitter or face the consequences.

e-gold declined the offer. I recall that they argued they were not a money transmitter business because e-gold was not money, and the sales operation of Omnipay just used the banks to transmit the dollars back and forth. (This is from memory, these arguments were made in public in either the press or the mailing lists. ... Addendum: read Dr Jackson's response for more details on the position taken.)

I don't know about you, but that was a ludicrous position to take then, and now. It was pretty clear that the point was, come in from out of the wild wild west, or well go and hunt you down. To argue on a technicality like that was just insane, as courts will ignore such nonsense on the basis of a "reasonable man" test.

Is e-gold more or less in the money transmitting business? A reasonable man will say yes.

This characterises the extraordinary levels of arrogance of the e-gold founders. Because they had built a business that had seemingly escaped from the jaws of defeat and the evils of the banking cartel, they were right, God-blessed and destined to change the world. From their dramatic successes around 2000, there was a persistent belief in the righteousness of their mission, and an equal belief in the willingness of the courts to defend them. Because they were right!

Such hubris has to go down. Whatever we think about David versus Goliath stories, the US Government isn't happy to be taunted that way, and the competitors aren't going to let the USG proudly ignore the taunts. Consider all the banks in the US, and all the (licensed) money transmitters. And if that isn't enough, recall all the other countries in the world that suffered, and still suffer, the indignities of Ronald Reagan's war on drugs: every time there is a criticism about money laundering, all these players are going to keep banging the table about e-gold.

"Sort out your own house, first!" There is only one end to this story. A bad end.

Disclosure: I myself was closely engaged with e-gold in the years 1998 to 2000, and locked in court battles with them from 2001 to 2003. Before those battles, however, I argued that they should take no position that puts them up against (the, any) government. Luckily, e-gold filed my arguments in court, as evidence against me.

* Footnote on Law on Money Transmitters: historically the Hawala episode was just the excuse needed. The draft law had been circulating for some time, and had been inspired directly by the success of Paypal and e-gold in bypassing the normal banking regulations.

Posted by iang at 12:12 PM | Comments (8) | TrackBack