There’s a fascinating story in the New York Times, “Profits on Carbon Credits Drive Output of a Harmful Gas“:
[W]here the United Nations envisioned environmental reform, some manufacturers of gases used in air-conditioning and refrigeration saw a lucrative business opportunity.
They quickly figured out that they could earn one carbon credit by eliminating one ton of carbon dioxide, but could earn more than 11,000 credits by simply destroying a ton of an obscure waste gas normally released in the manufacturing of a widely used coolant gas. That is because that byproduct has a huge global warming effect. The credits could be sold on international markets, earning tens of millions of dollars a year.
That incentive has driven plants in the developing world not only to increase production of the coolant gas but also to keep it high — a huge problem because the coolant itself contributes to global warming and depletes the ozone layer.
Writing good regulation to achieve exactly the effects that you want is a hard problem. It’s not hard in the “throw some smart people” at it sense, but hard in the sense that you’re generally going to have to make hard tradeoffs around behavior like this. Simple regulations will fail to capture nuance, but as the regulation becomes more complex, you end up with more nooks and crannies full of strange outcomes.
We as people and as a society need to think about how much of this we want. If we want to regulate with a fine-toothed comb, then we’re going to see strange things like this. If we want to regulate more broadly, we’ll likely end up with some egregious failures and frauds like Enron or the mortgage crisis. But those failures are entirely predictable: companies occasionally fake their books, and bankers will consistently sell as much risk as they can to the biggest sucker. For example, Bush administration’s TARP program or Seattle taking on $200 million in risk from a hedge fund manager who wants to build a new sports stadium. At least that risk isn’t hidden in some bizarre emergent effect of the regulation.
That aside, long, complex regulations are always going to produce emergent and chaotic effects. That matters for us in security because as we look at the new laws that are proposed, we should look to see not only their intended effects, but judge if their complexity itself is a risk.
I’m sure there’s other emergent effects which I’m missing.