Buffett Vs Paulson

I was listening to Joseph Stiglitz on NPR this morning, and he had a very interesting comparison. (Quoting from an op-ed in the Guardian):

For all the show of toughness, the details suggest the US taxpayer got a raw deal. There is no comparison with the terms that Warren Buffett secured when he provided capital to Goldman Sachs. Buffett got a warrant – the right to buy in the future at a price that was even below the depressed price at the time. Paulson got for the US a warrant to buy in the future – at whatever the prevailing price at the time. The whole point of the warrant is so we participate in some of the upside, as the economy recovers from the crisis, and as the financial system starts to work.

The Paulson plan responded to Congress’s demand to have something like a warrant, but as a matter of form, not substance. Buffett got warrants equal to 100% of the value of what he put in. America’s taxpayers got just 15%. Moreover, as George Soros has pointed out, in a few years time, when the economy is recovered, the banks shouldn’t need to turn to the government for capital. The government should have issued convertible shares that gave the right to the government to automatically share in the gain in share price.

He also mentioned (as I recall) that Buffett got an end to dividend payments during the crisis and a higher deferred payment than Paulson imposed.

Interesting listening.

The Costs of Secrecy

Security continues to be crippled by a conspiracy of silence. The ongoing costs of not talking about what’s going wrong are absolutely huge, and today, we got insight into just how huge.

Richard Clayton and Tyler Moore of Cambridge University have a new paper on phishing, “The consequence of non-cooperation in the fight against phishing.” In it, they look at how phishing sites are taken down, and estimate how much faster it would be if there were better sharing of data. From their blogpost:

Since extended lifetimes equate to more unsuspecting visitors handing over their credentials and having their bank accounts cleaned out, these delays can also be expressed in monetary terms. Using the rough and ready model we developed last year, we estimate that an extra $326 million per annum is currently being put at risk by the lack of data sharing. This figure is from our analysis of just two companies’ feeds, and there are several more such companies in this business.

I haven’t had time to read the paper in depth, but I have a lot of respect for both Richard and Tyler. Have you read the paper? Impressions? (Here or on their blog.)

Investing in the finance crisis

The Wall Street domino has toppled just about everything in sight: U.S. stocks large and small, within the financial industry and outside of it; foreign stocks; oil and other commodities; real-estate investment trusts; formerly booming emerging markets like India and China. Even gold, although it has inched up lately, has lost 10% from its highs earlier this year. Not even cash seems entirely safe, as money-market funds barely averted a “run on the bank.”

So reads the Wall St Journal’s “Intelligent Investor” for September 30th. Me, I’ve paid off my car loan–I figure JPMorganChaseLehmanWashigtonMutual could really use some more cash, and it’s a guaranteed 6% for me.

But that was my last debt, which means that I have no other safe returns. As I think about the crisis, one element that jumps out is how poorly the financial sector has matched money to risk. But I figure I might be able to do better. So I started looking at the well-publicized Kiva, to make loans, but it seems that these loans are all of the ‘feel-good’ variety, which is to say there’s no premium or return. And while I might place some money through Kiva for feel-goodness, I don’t want my best outcome for investing to be “and I don’t lose money.” So I’m looking at organizations like Prosper or Zopa (personal loans) or Fynanz (student loans).

I like the dis-intermediation aspects of these services and their chaotic and libertarian nature. Do any of our readers have experience with these, or services like them? Should I instead look to loan to people I know?

It seems that as the entire financial system of the US is consolidated into three institutions, there’s room and demand for some interesting and new structures to emerge from the chaos.

Elections Are Done For Me

I Think I Voted

Forty Percent of California voters are “permanent absentee” voters. Oregon runs entirely by mail-in votes. Other US states have some sort of mail-in or absentee status that people can assign themselves to.

For those people, including me, elections are a slice of time that ends on election day. This isn’t new, until relatively recently, it all worked that way. You couldn’t expect everyone to all be in town on that one day. It is only urbanization that allows us to have elections be an event rather than a process. I sat down last night and waded through the whole mass of offices, measures, and initiatives. I have now completed my civic duty.

This is probably a good idea, as many of the issues with voting and counting votes and securing them have in their model that it has to be done on one day, and as quickly as possible after the polls close. It improves security and accountability to allow and encourage people to vote over an interval of a few weeks.

Security is an Empirical and Social Science

In reading Mordaxus’ post “Quantum Crypto Broken Again,” I was struck by his comment:

It is a serious flaw because one of the main arguments about quantum cryptography is that because it is “physics” based as opposed to “computer” based, that it is more secure than software cryptography.”

Firstly, security is almost always an outcome of the combination of science, engineering and the socio-legal context in which the engineering is deployed. Let’s assume that the science and engineering on the SUX-8000 Quantum Key Distributor are perfect, and the SUX has t three lights: power, carrier and tampering. When the tampering light starts blinking, one of two things can happen. First, Alice will continue to use the bits, because her operations manual doesn’t say what to do. Alternately, she’ll call Bob and say “Hey Bob, is your SUX blinking red?” At this point, we’re out of the realm of unobservable spin (or perhaps not–quantum crypto does seem to involve a tremendous of spin which is hard to interact with). But then we’re out of the realm of particle spins and into the realm of human activity which gives meaning and relevance to the physics.

I’m not going to delve into the physics of it. I know enough to know that I don’t play there. But I can listen and understand people who play at the engineering level. There are issues with the orientation or changes in orientation of the mirrors, or with bursts of unexpected photons down the fiber, and these lead to a whole slew of attack vectors which may or may not be practical. The quantum cryptographers call these cheating. I call them security engineering.

Finally, on the socio-legal level, what action Alice and Bob take is first determined by their personal relationship. If they’re husband and wife, they might have some spare bits available from last time they were in the same place. If they’re co-workers, perhaps they have a boss who can help them get secure bits. But maybe Alice works at a stock exchange, and Bob at a bank. There might be some urgency, and there might also be economic or legal consequences to shutting down the communication lines.

This is one of the key points Andrew and I made in the New School: that the technology is embedded in a human context, and we need to examine it as such. That idea is embodied in a paper by my friends Sarah Blankinship, Tomasz Ostwald and Jon Pincus, “Computer Science is a Social Science.” (Link points to a draft, a fuller version is forthcoming.)

Claims that a technology is secure absent the social and legal contexts which give security meaning are no longer just irksome: they actively detract from progress in the field.

Emergence Emerges

This paper, “More Really is Different,” may be one of the most important papers of the last half-millenium. It argues that P.W. Anderson’s concept of “emergence” is provable. It may have even proved it.

The idea of emergence, from whence this blog gets its name is the opposite of reductionism. It is the idea that a complex system acquires properties that the underlying parts cannot predict. It’s nothing more and nothing less than a formalization of the adage, “The whole is more than the sum of its parts.”

The authors, Mile Gu, Christian Weedbrook, Alvaro Perales, and Michael A. Nielsen, argue directly that this may mean that a “Theory of Everything” may therefore be impossible.

This is big, big news. Read the paper. Read the commentary in The New Scientist, “Why nature can’t be reduced to mathematical laws.”

If they are right, this goes to the core of the philosophical underpinnings of the way we understand the world. It may help explain everything from weather prediction to the origins of life to whether souls exist. I might even be engaging in understatement rather than hyperbole on that last bit. You may think it’s a long way down to the chemist’s, but this is big.

While you’re at it, expect some highly entertaining debate, and pseudo-scientific whackos of every stripe to start quoting this. Maybe the next Kuhnian revolution has begun.

Death Penalty Protestors are Terrorists

The Washington Post reports upon the further cheapening of the word “terrorism” in, “Md. Police Put Activists’ Names On Terror Lists.”

The fifty-three people with “no evidence whatsoever of any involvement in violent crime” who were put on a list of terrorists include anti-death-penanty protestors.

It’s really hard to keep from laughing about this. Are we going to see next, Terrorism With Intent to Kill, so as to differentiate it from Terrorism With Intent to Stop Killing? Whatever your feelings about the death penalty, this ain’t terrorism, guys.

The Post reports a number of things Police Superintendent Thomas Hutchins said that he’ll be ashamed of once the meds kick in.

After “stunned” state senators called him to task about the spying, Hutchins said:

I doubt anyone who has used that term has ever met a spy … What John Walker did is spying.

Please don’t make me paste in dictionary definitions, Mr Hutchins. Quoting the dictionary is the last refuge of two-bit pedants and I’m at least a sixty-four-bit pedant. The Maryland committee you embarrassed yourself in front of has in fact seen a spy. If you need help, I recommend a mirror.

Hutchins also said that some of the names might have been shared with the NSA as well. Might have. That’s “might” meaning “definitely,” I presume. If you’re going to spy on peaceful protestors, but them on terrorist lists, and share that with the intelligence agencies, have the courage to say so.

Here’s a final quote from the Post:

Two senators noted that they had been arrested years ago for civil disobedience. Sen. Jennie Forehand (D-Montgomery) asked Sheridan, “Do you have any legislators on your list?” The answer was no.

That’s how we know they knew it was wrong.

Identity Manglement

It was Dopplr that drove me over the edge on this rant. I almost feel bad for starting off with them, because as you will see, they’re just the bale of hay that broke the camel’s back.

I was updating my travel schedule, which included a trip to St. Louis. It told me that by coincidence, one of my connections would also be there, and would I like the web site to send a message, because, you know, we might want to meet up or something.

To which I thought, “Yes, you scrofulous maroon, she’s going to be there at the same time as me. It’s not a coincidence, it because I’m married to her. And thank you for the offer to relay a message, but not only do I have her on speed-dial, but she’ll be sitting in the window seat next to me, which means she’s going to arrive at quite nearly the same time as I do.”

That pretty much sums it up. You can’t swing a tweet around here anymore without having it mashed up into some new social network, and none of them have even a junior-high school clue about human relationships. You can have friends and secretly rank them by how good a friend they are, but not indicate the relationship that is by definition a public declaration. You can say you’re in a relationship and not looking for dates, but you can’t put in a link to whom. You can give testimonials, but you can’t use a joint checking account in two PayPal accounts.

This is all laughable, but not particularly funny. There are huge, gaping privacy issues all throughout these social networks, and who one is married to is something that is on the public record. You might be secretly married, but you can’t be privately married. And the nigh universal absence of marriage from social networks makes the term risible.

How did this miss the requirements documents? Do all the product managers come from an alternate universe where there are only studio apartments with dorm beds? Do Javascript programmers think that only classes can have dependance, that only objects have hierarchies?

It can’t be that they’re all kids living in their parents’ house, can it? I mean, surely not all their parents are divorced.

Why doesn’t Dopplr ask, “Hey, I notice that you live in the same city, seem to end up in the same city at the same time when you travel. I don’t mean to pry or anything, but, umm, is there a thing between you? Something social? Should I do anything?

The Identity Management people are just as bad, if not worse. They want to set up Identity Frameworks, but it’s pretty obvious that while Infocardia begins and ends with a vowel, it is not a community property state. (It’s also a land where no one ever hires a personal assistant, either. Mentioning this lack in the system will get you the most amazing dirty looks. Higginsopolis is a shiny egalitarian meritocracy where no one actually hires anyone else, because that’s merely slavery by the hour.) There’s no health insurance except for individuals, either, there.

Having constructed a system that is social but for some other culture than the one human beings live in, they wonder why there’s been no Identity Big Bang, and ponder deep ponderings about why after having build it, people aren’t flocking to it. I think I’m with you, Brain, but what if the chicken won’t wear the nylons?

There are, however, a few rays of hope. American Airlines does a pretty good job. In my profile, there’s a place to put another person, and when I buy two tickets it automatically fills out the second one for her. Even better, when she buys two tickets, it shows up in my profile, and I can dink the seating chart. It isn’t particularly intrusive either, as the relationship is tacit. It’s just set up so that there are defaults. If I buy a second ticket, it fills it out with her details.

While It is by no means perfect, we both like aisle seats, so it has this tendency to put us across the aisle rather than together. They need to improve this. It’s okay, we’re safe to sit together. We might get in each other’s space, but you won’t have to pull the plane over.

I know it’s hard to figure out what to do with relationships. Sometimes it’s easy. Dopplr could, for example, like the airline give people who travel a lot together the ability to declare for both. Sometimes it’s hard to know what to do, but if it’s any social web site that lets you say that you’re in a relationship ought to have a protocol for saying you’re in a relationship with a person. You can one-plus this to people as well as I can, for the Muslims and polyamorous.

And yeah, there are other shudder-to-think rough edges. What do you do about the guy or gal who is married and has someone on the side whom it’s not exactly talked about but everyone knows? This is indeed a hard problem, but hey, if it were easy, they’d be coding this up in India. Oh, right, they are coding it up in India. Silly me. If this were easy, they’d be doing the requirements documents in India.

I realize that it might not be good for the monitization model to admit to the existence of either Muslims or polys on your social network, but Jesus Haploid Christ, Second Life lets you have a marriage, although they charge to break it up rather than create it.

Rough edges aside, why the heck can’t I put the joint checking account on two PayPal accounts? It’s not like you can’t verify the names on the account. It’s because — it’s because — it’s because you have no social skills. You don’t understand people, those aren’t really your friends, and your mother dresses you funny. Admit it.

“No evidence the data was misused”

The next time you read a statement that a breached entity has found no evidence of data misuse, remember this: data may have been misused even though entities are unaware of it.

Tim Wilson of Dark Reading provides a current example of why entities should inform customers, this one involving the T-Mobile breach that affected 17 million customers. The company found no evidence of data misuse and based on the recovery of the device and their own investigation, never informed the customers in 2006. But…

For the rest, you’ll have to click over to PogoWasRight.

Researchers Two-Faced over Facebook Data Release

[Update: Michael Zimmer points out that it wasn’t Facebook, but outside researchers who released the data.]

I wanted to comment quickly on an interesting post by Michael Zimmer, “ On the “Anonymity” of the Facebook Dataset.” He discusses how

A group of researchers have released a dataset of Facebook profile information from a group of college students for research purposes, which I know a lot of people will find quite valuable.


Of course, this sounds like an AOL-search-data-release-style privacy disaster waiting to happen. Recognizing this, the researchers detail some of the steps they’ve taken to try to protect the privacy of the subjects, including:

  • All identifying information was deleted or encoded immediately after the data were downloaded.
  • The roster of student names and identification numbers is maintained on a secure local server accessible only by the authors of this study. This roster will be destroyed immediately after the last wave of data is processed.

In the comments, Jason Kaufman implies that the data really isn’t that private, asking what could go wrong, and why would someone post it to Facebook expecting it to remain private.

I have just one question on all of this. If the data isn’t private, why did they attempt to anonymize it?

I believe they attempted to anonymize it because it’s fairly obvious that the data is private, and releasing it with names obviously attached would be pretty shocking. As Michael Zimmer says, “we really need to keep working on a new set of Internet research ethics and methodologies.”

Also, don’t miss Michael Zimmer’s followup post, “More on the anonymity of the Facebook dataset: It’s Harvard College.”

What’s in a name(less)?


I had a great time in a conversation with Dennis Fisher which is now up on his nameless security podcast: Adam Shostack on privacy, data breaches and “The New School of Information Security”

Check it out.

Update: Amazon seems to be having trouble keeping The New School in stock. (Thank you!!!) Addison Wesley has the New School in stock, if you’d like to buy it now.

And really, thank you! You don’t know how happy it makes me that the emergent behavior of readers (and listeners) have wreaked chaos on Amazon’s prediction algorithms.