Unmeddling Housing

For a great many years, US taxpayers have been able to deduct interest paid on a home mortgage from their taxes. That made owning property cost roughly 20% less than it otherwise would have (estimating a 25% tax rate on interest on 80% of a property). So everyone could afford 20% “more” house, which meant that property values inflated until things were in balance again.

It was a good deal for those who were in at the start. But we should also ask, who lost out? First, anyone renting who couldn’t take the deduction. Second, anyone who assumed that this state of affairs would go on forever. Because this week, the chair of the FDIC called for a re-examination of that policy.

Now, this week, Goldman Sachs predicted a 20% drop in Seattle home prices over the next two years, so as a renter, I get to feel a little schadenfreude. But more important, I think, is the chaos of unwinding 50 years of distortion in the housing market.

A great many people have taken the rise in home prices as a bankable truism. Conflating the rise in prices has been a massive increase in the size of houses and lots, underwritten by cheap oil and large highways, but I’m going to mostly set that aside, and focus on the impact of social policy.

Homeownership has a number of downsides. It locks up a tremendous amount of capital in an illiquid investment. It conflates investment and emotional concepts of home. It makes it hard to move when you need a new job.

Now, a government policy to encourage homeownership (uber alles) encourages homeownership. The trouble is, it does so in an unnatural way, and in a way which it now seems appears unsustainable to our bank regulators. That it’s unnatural and unsustainable was always obvious. It’s inherent in the fact that it’s being encouraged. At the margin, there are either people who buy because it’s encouraged, or the policy is an utter failure. So there are people who, without such a policy, would not be homeowners. And homes cost more than they otherwise would.

But after 50 years of meddling in the market, reducing the support for housing is going to be exceptionally complex and chaotic. And the chaos isn’t going to be evenly distributed. It’s going to be a matter of long, complex laws whose outcomes are carefully and secretly influenced. Groups who aren’t photogenic or sympathetic will lose out. (I’m thinking “DINKs” in gentrified urban areas.) Groups who aren’t already well-organized with good lobbyists will lose out. (See previous parenthetical.) Those who believed that the government housing subsidy would go on forever will lose.

Most of all, those of us who lived within our means are going to lose out as the taxpayer “helps cushion” the “unpredictable” changes.

The worst part is, government never needed to get involved.

[This was written in June, I forgot to hit post, so the dates are a little off.]

Israeli Draft, Facebook and Privacy

A senior officer said they had found examples of young women who had declared themselves exempt posting photographs of themselves on Facebook in immodest clothing, or eating in non-kosher restaurants.

Others were caught by responding to party invitations on Friday nights – the Jewish Sabbath. (“Israeli army uses Facebook to expose draft dodgers,” Wyre Davies, BBC)

What’s interesting to me about this story is that it illustrates how part of the cost of using Facebook is the occluded future. If you’d asked me if Facebook impacted on military draft, I’d have said no. Predictions are hard, especially about the future. And the young women in question probably didn’t think that their use of a social networking site would cause them to be drafted.

A second interesting aspect to this is that it indicates that one’s Facebook profile, in aggregate, is a religious identifier. That’s interesting because religious information is categorized specially under the Canadian privacy act (PIPED) and possibly also under European data protection laws. I haven’t seen this aspect covered in the analyses that I’ve read from those regulators. (Admittedly, I have not read all of those analyses.)

It’s not TSA’s fault

October 18th’s bad news for the TSA includes a pilot declining the choice between aggressive frisking and a nudatron. He blogs about it in “Well, today was the day:”

On the other side I was stopped by another agent and informed that because I had “opted out” of AIT screening, I would have to go through secondary screening. I asked for clarification to be sure he was talking about frisking me, which he confirmed, and I declined. At this point he and another agent explained the TSA’s latest decree, saying I would not be permitted to pass without showing them my naked body, and how my refusal to do so had now given them cause to put their hands on me as I evidently posed a threat to air transportation security (this, of course, is my nutshell synopsis of the exchange). I asked whether they did in fact suspect I was concealing something after I had passed through the metal detector, or whether they believed that I had made any threats or given other indications of malicious designs to warrant treating me, a law-abiding fellow citizen, so rudely. None of that was relevant, I was told. They were just doing their job.

It’s true. TSA employees are just doing their job, which is to secure transportation systems. The trouble is, their job is impossible. We all know that it’s possible to smuggle things past the nudatrons and the frisking. Unfortunately, TSA’s job is defined narrowly as a secure transportation system, and every failure leads to them getting blamed. All their hard work is ignored. And so they impose measures that a great many American citizens find unacceptable. They’re going to keep doing this because their mission and jobs are defined wrong. It’s not the fault of TSA, it’s the fault of Congress, who defined that mission.

It’s bad enough that the chairman of British Airways has come out and said “Britain has to stop ‘kowtowing’ to US demands on airport checks.”

The fix has to come from the same place the problem comes from. We need a travel security system which is integrated as part of national transportation policy which encourages travel. As long as we have a Presidential appointee whose job is transportation security, we’ll have these problems.

Let’s stop complaining about TSA and start working for a proper fix.

So how do we get there? Normally, a change of this magnitude in Washington requires a crisis. Unfortunately, we don’t have a crisis crisis right now, we have more of a slow burning destruction of the privacy and dignity of the traveling public. We have massive contraction of the air travel industry. We have the public withdrawing from using regional air travel because of the bother. We may be able to use international pressure, we may be able to use the upcoming elections and a large number of lame-duck legislators who feared doing the right thing.

TSA is bleeding and bleeding us because of structural pressures. We should fix those if we want to restore dignity, privacy and liberty to our travel system.

Money is information coined

In the general case, you are not anonymous on the interweb, but economically-anonymous, which I propose to label “enonymous”, and that’s not the same thing at all. If you threaten to kill the President, you will be tracked down, and the state will spend the money it takes on it. But if you call Lily Allen a a hereditary celebrity and copyright hypocrite (not my own views, naturally) then it’s not worth the state’s money to track you down. If Lily wants to spend her own money on tracking you down and taking a civil action for libel, then fair enough, that’s the English way of limiting free speech. If the newspapers want to spend their own money on it, fine.

I think this is an interesting approach, bringing friction into the definition. It resonates as related to an information-centric definition of anonymity. If we say that money is information coined, then we bring in Hayek. Which is always good fun.

The explicit introduction of money as a way to measure (a subset of) privacy invasions allows us to think about the erosion of privacy by the addition of technology. We know that the internet makes it easier, and perhaps money is that yardstick. What does it take to track down your property taxes? It’s gone from sending someone to the county records office to having someone with a browser. So Alice’s privacy with respect to Bob is not only lower, it’s no longer related to the cost of travel. We’ve zero’d out a term in the cost equation, and that leads to all sorts of chaos.

Anyone engaged in the NSTIC discussion should read and ponder the line of reasoning that Dave extracts over a long and chaotic set of sources. His post advances the discussion around NSTIC, and raises questions that must be answered if that work is to lead anywhere.

The NSTIC proposal places no value on anonymity; indeed, it evinces an apparent lack of understanding of what anonymity really means. It takes for granted the need for authentication (if we pay in cash, why does a merchant, much less a common carrier or government agency, need to know about us other than that our money isn’t counterfeit?) and confuses a policy that purportedly restricts disclosure of our identity with actual non-knowledge of our identity.
[From Papers, Please! » Blog Archive » Public says “No” to national cyberspace ID proposal]

If we in Europe decide to develop our own kind of European Strategy on Trusted Identites in Cyberspace (ESTIC) then I think it should not only include both conditional and unconditional anonymity but should strive to make it clear that, like pseudonymity, these types of online persona will be the norm, not the exception.

Databases or Arrests?

From Dan Froomkin, “FBI Lab’s Forensic Testing Backlog Traced To Controversial DNA Database,” we see this example of the mis-direction of key funds:

The pressure to feed results into a controversial, expansive DNA database has bogged down the FBI’s DNA lab so badly that there is now a two-year-and-growing backlog for forensic DNA testing needed to solve violent crimes and missing persons cases.

Civil libertarians call the database — which increasingly includes everyone convicted of every federal law, legally innocent people awaiting trial and non-citizens detained in the U.S. for any reason — unnecessary and unconstitutional.

And yet a review by the Department of Justice’s Inspector General released on Monday concludes that the need to analyze and upload some 96,973 or more DNA samples a year into that database is contributing to a backlog of forensic DNA cases that stood at 3,211 in March.

That translates into a delay of about 150 days to over 600 days for law enforcement agencies who need answers right away.

We need to defund the database and use that money for something more useful, like getting that 150 days down to 5 or 10 for active criminal cases.

Via Michael Froomkin, “FBI Prefers Building DNA Database to Solving Crimes

Mobile Money for Haiti: a contest

This is cool:

The Bill & Melinda Gates Foundation is using its financial clout to push the Haitian marketplace toward change by offering $10 million in prizes to the first companies to help Haitians send and receive money with their cell phones…

The fund will offer cash awards to companies that initiate mobile financial services in Haiti. The first company to launch a mobile money service that meets certain criteria in the next six months will receive $2.5 million. The second operator to launch and reach these benchmarks within 12 months will receive $1.5 million. Another $6 million will be awarded as the first 5 million transactions take place, divided accordingly between those operators that contributed to the total number of transactions.

For more details, see the press release.

It’s Hard to Nudge

There’s a notion that government can ‘nudge’ people to do the right thing. Big examples include letting people opt-out of organ donorship, rather than opting in (rates of organ donorship go from 10-20% to 80-90%, which is pretty clearly a better thing than putting those organs in the ground or crematoria). Another classic example was participation in 401k retirement accounts, but somehow after the market meltdown, that’s getting less press.

A smaller example is how telling people they’re using more power than others, their power consumption declined. Awesomeness, right? Conservation is the easiest, freest power you can get. Remember that a 150 watt lightbulb consumes twice as much power as your laptop. And most of that goes to waste heat, but I digress. Let’s go back to that nudge study, described in this Slate article:

In a study evaluating the program’s effectiveness, Opower researchers compared power use before and after the HERs began arriving, and further compared this change with a group of control households that never received the reports. On average, the HER households reduced their consumption in the months that followed by a little less than 2 percent. Not bad, but probably not enough to save the planet.

and also:

One problem with this approach is that we all define “better” differently, as a new study emphasizes. UCLA economists Dora Costa and Matthew Kahn analyzed the impact of an energy-conservation program in California that informed households about how their energy use compared with that of their neighbors. While the program succeeded in encouraging Democrats and environmentalists to lower their consumption, Republicans had the opposite reaction. When told of their relative thrift, they started cranking up the thermostat and leaving the lights on more often. … One explanation is that many conservatives don’t believe that burning energy harms the planet, so when they learn that they’re better than average, they become less vigilant about turning the lights off. That is, they’re simply moving closer to what they now know is the norm.

People are complex. It’s hard to know what matters to people, and it’s hard to know what additional information will do to a market. As Hayek pointed out, this is why central planning fails. The planners can’t know all.

And when we start nudging people, lots more chaos will emerge. Planners don’t become better by giving people opt-outs from their planning. And while nudging is better than authoritarianism, it’s still worse than a government which does only what it needs to do.

In the case of energy consumption, a market is emerging to help people see what drives their energy consumption and environmental impact. Better to let a thousand startups bloom, and let the creativity of engineers and those who care deeply help people drive down their electricity use. Everyone else will pay for their long-burning lights, and if electricity is fairly priced, then that’s their choice.

The paper is at “Energy Conservation “Nudges” and Environmentalist Ideology: Evidence from a Randomized Residential Electricity Field Experiment,” National Bureau of Economic Research.

Women In Security

Today is Ada Lovelace Day, an international day of blogging to celebrate the achievements of women in technology and science.

For Lady Ada Day, I wanted to call out the inspiring work of Aleecia McDonald. In a privacy world full of platonic talk of the value of notice and consent, Aleecia did something very simple: she figured out how long it would take for consumers to do what the Direct Marketing Association recommends: read privacy policies.

She then multiplied that by an estimate of how much it would cost, and demonstrated pretty conclusively what we all intuitively knew: the current scheme is a massive wealth transfer because of transaction costs. (I’m interpreting her results here; I believe she would be more conservative in the interpretation.)

Her work also prefigures Cormac Herley‘s recent work “So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users.”

So Aleecia McDonald is my choice for a woman in science and technology who’s inspiring me to think about the economics of security and privacy in new ways.

PS: I have an another choice over at The New School blog. Hey, two blogs, two choices.

Some Chaotic Thoughts on Healthcare

Passage of this bill is too big for my little brain, and therefore I’ll share some small comments. I’m going to leave out the many anecdotes which orient me around stupid red tape conflicts in the US, how much better my health care was in Canada (and how some Canadian friends flew to the US for optional procedures), etc.

I am glad that some of the worst elements of the American health care system are getting reined in. I can think of few worse ways to accomplish that goal, and many better ones. People thinking as I do are why the system perpetuated in the form that it did.

I am pessimistic that the system proposed will achieve its broader goals. The Massachusetts model is cumbersome and ineffective. Optimistic ideas about how prices would fall in a regulated market did not come to pass. The likely next step is a government run health system with supplemental insurance available. I expect this will come to pass in 10-20 years. Medicare seems reasonably well run for an American government program.

The Republican failure to push a coherent and principled alternative will haunt them. Going into the next election cycles, 32 million people will have some idea that the Democrats gave them bread and circuses health care. David Frum describes it as a Waterloo. I’m hopeful but not optimistic that the Tea Bagger Party will follow in the tradition of the Know Nothings and just fade away. I used to be hopeful that the Libertarians would split from the Republicans, but they’ve failed to. I would not be surprised to see the Republican minority shrink in 2010 and 2012, and I think some (but not all) of the shrillness I hear is people who fear that outcome is now inevitable.

I do expect that removing the health care impediment to entrepreneurship will be very positive for smaller companies. I wish we’d apply that same thinking to health care, enable people to make choices for themselves, and let the government own the residual risks, as it does today. But no one offered a credible way to un-couple employment and insurance that would let people keep their doctors, short of nationalization.

Anyway, there’s my negative 8 cents on the bill.

Please keep comments civil.

“We can’t circumvent our way around internet censorship.”

That’s the key message of Ethan Zuckerman’s post “Internet Freedom: Beyond Circumvention.” I’ll repeat it: “We can’t circumvent our way around internet censorship.”

It’s a long, complex post, and very much worth reading. It starts from the economics of running an ISP that can provide circumvention to all of China, goes to the side effects of such a thing (like spammers using it), and then continues to ask why we want circumvention anyway.

Take some time and go read “Internet Freedom: Beyond Circumvention.”

Ignorance of the 4 new laws a day is no excuse

Code-of-Hammurabi.jpgThe lead of this story caught my eye:

(CNN) — Legislatures in all 50 states, the District of Columbia, Guam, the Virgin Islands and Puerto Rico met in 2009, leading to the enactment of 40,697 laws, many of which take effect January 1.

That’s an average of 753 laws passed in each of those jurisdictions. At 200 working days in a year, which is normal for you and me, that’s nearly 4 laws per day.

Now, there’s a longstanding principle of law, which is that ignorance of the law is no excuse. That goes back to the day when laws, like the code of Hammurabi, were inscribed at a rate of about 4 letters per day. The laws were posted in the city center where both of the literate people could read them.

Joking aside, at what point does knowledge of the law become an unreasonable demand on the citizenry? Civil rights lawyer Harvey Silvergate has a new book, “Three Felonies a Day: How the Feds Target the Innocent. I haven’t read it, but as I understand, it’s largely about the proliferation of vague laws, not the sheer numbers.


A few years back, Aleecia McDonald and Lorrie Cranor calculated the cost of reading and understanding the privacy policies of the sites you visit. It was $365 billion. It might be interesting to apply the same approach to the work of legislatures.

768-bit RSA key factored

The paper is here.

The very sane opening paragraph is:

On December 12, 2009, we factored the 768-bit, 232-digit number RSA-768 by the number field sieve (NFS, [19]). The number RSA-768 was taken from the now obsolete RSA Challenge list [37] as a representative 768-bit RSA modulus (cf. [36]). This result is a record for factoring general integers. Factoring a 1024-bit RSA modulus would be about a thousand times harder, and a 768-bit RSA modulus is several thousands times harder to factor than a 512-bit one. Because the first factorization of a 512-bit RSA modulus was reported only a decade ago (cf. [7]) it is not unreasonable to expect that 1024-bit RSA moduli can be factored well within the next decade by an academic effort such as ours or the one in [7]. Thus, it would be prudent to phase out usage of 1024-bit RSA within the next three to four years.

It’s an interesting read if factoring fascinates you.

Some thoughts on the Olympics, Chicago and Obama

So the 2016 Olympics will be in Rio de Janeiro. Some people think this was a loss for Obama, but Obama was in a no-win situation. His ability to devote time to trying to influence the Olympics is strongly curtailed by other, more appropriate priorities. If he hadn’t gone to Copenhagen, he would have been blamed for not caring. If he went, he’s blamed anyway. In reality, he does have some control over what happened. He could have fixed the “harrowing experience” we show the world under the ironic words “Welcome to the United States:”

In the official question-and-answer session following the Chicago presentation, Syed Shahid Ali, an I.O.C. member from Pakistan, asked the toughest question. He wondered how smooth it would be for foreigners to enter the United States for the Games because doing so can sometimes, he said, be “a rather harrowing experience.” (New York Times, “Rio Wins“)

Ironically, the President has experienced harrowing nonsense at borders, see “US Senators Detained In Russia.” He should put someone on fixing the Customs and Immigration service before it costs us even more.

However, it’s really unclear if the “loss” is a loss. “No Games Chicago” was a citizens group advocating against destroying Chicago’s parks and budget for the Olympics, and according to CNN, 45% of the city’s residents didn’t want the games. And as the AP documents in “Olympics Aren’t Necessarily an Economic Bonanza,” the outlandish “economic benefit” numbers that Olympic advocates usually throw around are based on a “multiplier effect” of around 3. Me, I know what an Olympics event costs–Montreal taxpayers paid off the ’76 Olympics in 2006.

So congratulations, Rio. I hope you don’t bulldoze the less waelthy neighborhoods, and I hope you’re all paid off by 2030 or so.

Rebuilding the internet?

Once apon a time, I was uunet!harvard!bwnmr4!adam. Oh, harvard was probably enough, it was a pretty well known host in the uucp network which carried our email before snmp. I was also harvard!bwnmr4!postmaster which meant that at the end of an era, I moved the lab from copied hosts files to dns, when I became adam@bwnmr4.harvard…wow, there’s still cname for that host. But I digress.


Really, I wanted to talk about a report, passed on by Steven Johnson and Gunnar Peterson, that Vint Cerf said that if he were re-designing the internet, he’d add more authentication.

And really, while I respect Vint a tremendous amount, I’m forced to wonder: Whatchyou talkin’ about Vint?


I hate going off based on a report on Twitter, but I don’t know what the heck a guy that smart could have meant. I mean, he knows that back in the day, people like me could and did give internet accounts to (1) anyone our boss said to and (2) anyone else who wanted them some of this internet stuff and wouldn’t get us in too much trouble. (Hi S! Hi C!) So when he says “more authentication” does that mean inserting “uunet!harvard!bwnmr4!adam” in an IP header? Ensuring your fingerd was patched after Mr. Morris played his little stunt?


But more to the point, authentication is a cost. Setting up and managing authentication information isn’t easy, and even if it were, it certainly isn’t free. Even more expensive than managing the authentication information would be figuring out how to do it. The packet interconnect paper (“A Protocol for Packet Network Intercommunication,” Vint Cerf and Robert Kahn) was published in 1974, and says “These associations need not involve the transmission of data prior to their formation and indeed two associates need not be able to determine that they are associates until they attempt to communicate.” That was before DES (1975), before Diffie-Hellman (1976), Needham-Schroeder (1978) or RSA. I can’t see how to maintain that principle with the technology available at the time.

When setting up a new technology, low cost of entry was a competitive advantage. Doing authentication well is tremendously expensive. I might go so far as to argue that we don’t know how fantastically expensive it is, because we so rarely do it well.

Not getting hung up in easy problems like prioritization or hard ones like authentication, but simply moving packets was what made the internet work. Allowing new associations to be formed, ad-hoc, made for cheap interconnections.

So I remain confused by what he could have meant.

[Update: Vint was kind enough to respond in the comments that he meant the internet of today.]

Make the Smart Choice: Ignore This Label

smart-choices-bad-for-you.jpg

He said the criteria used by the Smart Choices™ Program™ were seriously flawed, allowing less healthy products, like sweet cereals and heavily salted packaged meals, to win its seal of approval. “It’s a blatant failure of this system and it makes it, I’m afraid, not credible,” Mr. Willett said.

[…]
Eileen T. Kennedy, president of the Smart Choices™ board and the dean of the Friedman School of Nutrition Science and Policy at Tufts University, said the program’s criteria were based on government dietary guidelines and widely accepted nutritional standards.

She said the program was also influenced by research into consumer behavior. That research showed that, while shoppers wanted more information, they did not want to hear negative messages or feel their choices were being dictated to them.
“The checkmark means the food item is a ‘better for you’ product, as opposed to having an x on it saying ‘Don’t eat this,’ ” Dr. Kennedy said. “Consumers are smart enough to deduce that if it doesn’t have the checkmark, by implication it’s not a ‘better for you’ product. They want to have a choice. They don’t want to be told ‘You must do this.’ ” (“For Your Health, Froot Loops™“)

Yes, every single one of these is a better choice than a petri dish full of salmonella. Guaranteed, or your money back.

I’ve added ™ marks where I think the New York Times™ should have included them.

Via JWZ.