Wrap-up of this year’s WEIS

This year’s Workshop on the Economics of Information Security (WEIS2010) enlightened us about Identity, privacy, and the insecurity of the financial payment system, just to name a few presentaitons.

Every year I attend a conference called the Workshop on Economics of Information Security (WEIS), and every year I learn quite a bit from the experience. This year was no exception. The conference represents an interdisciplinary approach to Cybersecurity that includes economists, government researchers, industry, and of course computer scientists. Run by friend and luminary Bruce Schneier, Professor Ross Anderson from Cambridge University, and this year with chairs Drs. Tyler Moore and Allan Friedman, the conference includes an eclectic mix of work on topics such as the cyber-insurance (usually including papers from field leader Professor Rainer Böhme, soon of University of Münster), privacy protection, user behavior, and understanding of the underground economy, this year’s conference had a number of interesting pieces of work. Here are a few samples:

Guns, Privacy, and Crime, by Allesandro Acquisti (CMU) and Catherine Tucker (MIT), provides an insight into how addresses of gun permit applicants posted on a Tennessee website does not really impact their security one way or another, contrary to arguments made by politicians.
Is the Internet for Porn? An Insight Into the Online Adult Industry – Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda and Christopher Kruegel provides a detailed explanation of the technology used to support the Internet Porn industry, in which it claims provides over $3,000 a second in revenue.
The password thicket: technical and market failures in human authentication on the web – Joseph Bonneau and Sören Preibusch (Cambridge) talks about just how poorly many websites manage all of those passwords we reuse.
A panel on the credit card payment system, together with a presentation that demonstrated that even credit cards with chips and pins are not secure. One of the key messages from the presentation was that open standards are critically important to security.
On the Security Economics of Electricity Metering – Ross Anderson and Shailendra Fuloria (Cambridge) discussed the various actors in the Smart Grid, their motivations, and some recommendations on the regulatory front.

The papers are mostly available at the web site, as are the presentations. This stuff is important. It informs industry as to what behaviors are both rewarding and provide for the social good, as well as where we see gaps or need of improvement in our public policies, especially where technology is well ahead of policy makers’ thinking.

Poor Bank Executives Aren’t Getting Their Millions

I know it’s not American when the government limits pay for anyone, but that is precisely what they are doing for executives of banks that required bailouts. After all, they only lost $1.2 trillion worldwide, bringing on the worst world recession since at least 1991. And really, why should the American people control wages of people who had to borrow from us in order to stay afloat? Why don’t these people deserve their $10 mansions, yachts, and airplanes? Oh wait. They get to keep all of that? And they get to keep their jobs? Perhaps there are no qualified people to replace them, although one would think that with over 10% unemployment out there, someone would like to try. Surely the American people would do this for my industry too, so I should be quiet, right? Oh wait. Our industry did have a downturn in 2001. But unlike our industry that brought such hits as pets.com, none of this was the banks’ fault, right? Oh wait. didn’t this start with subprime loans that couldn’t be repaid because the banks were handing money to just about anyone? And weren’t the banks offering housing loans for only 5% down payment where the mortgage didn’t pay back principle? And these people still get to keep their jobs? And they’re complaining about a salary limitation?

How about this: pay back the money we lent you and then you can choose your salaries. Either that or let me buy your mansions and not pay for them.

More abut the financial mess

We’ve already talked about how banking deregulation contributed to the current debacle. Now comes a story from The Register which discusses how naked shorts might have caused as much of a problem for the big brokerage houses. What is particularly sad about the story is that there was at least one person who raised the red flag and wasn’t allowed to publish an editorial in the Wall Street Journal.

This raises yet another concern for me. For me, the Wall Street Journal has long been the paper of record, when it comes to financial news. I have never thought much of their editorials, as they always seem to get it wrong. When they clamor for regulation and beat their fists against the desk, the sound is just a bit hollow to me, having read their constant anti-regulation protests.

Now with the purchase of the paper by right-wing media tycoon Rupert Murdock, I expect things to get worse. The web site has certainly already deteriorated in its new redesign. This leaves another open question. If the Wall Street Journal is deteriorating, where can one find a good daily market news source that has some amount of decent analysis to go with? I’m stumped.

Another question: did banks have substantial numbers of naked shorts that contributed to this mess? Was the firewall between their investment and banking arms sufficient? Certainly the failure of WaMu and others leads one to think the answer is “no”.

What Caused This Crisis?

I am sure I’m not that different from many others when I ask the simple question, what happened? How did the banks get into such a mess? What didn’t they see, and what regulation failed? Was the reserve ratio that the federal reserve demands too low? Did debt move from regulated to unregulated, and if so, why would that have caused a failure of regulated banks? How is it that the vast amount of debt went unrecorded until recently? And what are we doing wrong now?

The New York Times offers a new insight into what had happened. According to this article, a decision in 2004 by the SEC, headed by William Donaldson at the time, permitted banks to exceed the reserve ratio in their investment houses, and money seemingly flew freely between the two. There was meant to be oversight of the banks’ health at the time, but that oversight never happened.

Why did the banks seek this change in 2004? They did not believe they could compete against the large investment houses with so much money tied up in case of a credit crunch. Put another way, we forgot some of the lessons of the 1920s.

And so it’s now obvious to all. President Bush has not only presided over the worst financial debacle since the Great Depression, but he and his team failed to learn from the mistakes of that era, making him worse than President Hoover, in my book.

What do we need to do to fix the problems? Some of it has already happened. Banks have become very conservative, and perhaps are leaning too far: it’s very hard to tell when the country is teetering on a recession. Some of that conservative nature needs to be codified by reversing the 2004 decision or requiring investment houses to meet the reserve ratio. In order to figure out which we have to question whether or not we can let a large investment house fail. If we cannot, then more regulation is appropriate. One way to split the baby is to require regulation of total assets and debt above a certain number, say the $5 billion talked about in the article.

Tax & Spend Administration?

Last night Secretary Paulson announced that the U.S. would seize control of Fanny & Freddy Mae, the two largest loan corporations in America. Those two are so large that they could not fail, and yet there was the distinct possibility. And so the government stepped in. The terms of the seizure are not yet clear, but it’s sure to cost tax payers a bundle, although it will surely be less than if the loan system failed.

The administration probably did the responsible thing at this point in the game, by acting to see that chaos didn’t prevail in the loan market. However, all of their protestations of keeping government small should be taken with a very very very small grain of salt, given that this administration will have spent more money and placed America in more debt than the previous two administrations combined (and perhaps the 2nd Reagan administration). Also, stricter regulation of the loan market would have prevented such silliness in the first place, proving that some regulation actually saves us money.

So when Republicans say they’re for smaller government, be sure to ask who’s paying the bill for Fanny and Freddy.