February 13th, 2013
It turns out that we might have a new culprit to whom we can apportion a share of the blame for the financial meltdown of 2007/8. After the investment banks, the credit ratings agencies, ineffective regulators, politicians who preferred to look the other way and a section of the public that was in thrall to the idea that living on credit was a good idea, bring on Microsoft, for making Excel so temptingly easy to use any time you need to juggle some numbers. James Kwak takes up the tale:
I spent the past two days at a financial regulation conference in Washington (where I saw more BlackBerries than I have seen in years – can't lawyers and lobbyists afford decent phones?). In his remarks on the final panel, Frank Partnoy mentioned something I missed when it came out a few weeks ago: the role of Microsoft Excel in the "London Whale" trading debacle.
The issue is described in the appendix to JPMorgan's internal investigative task force's report. To summarize: JPMorgan's Chief Investment Office needed a new value-at-risk (VaR) model for the synthetic credit portfolio (the one that blew up) and assigned a quantitative whiz ("a London-based quantitative expert, mathematician and model developer" who previously worked at a company that built analytical models) to create it. The new model "operated through a series of Excel spreadsheets, which had to be completed manually, by a process of copying and pasting data from one spreadsheet to another." The internal Model Review Group identified this problem as well as a few others, but approved the model, while saying that it should be automated and another significant flaw should be fixed. [...] After the London Whale trade blew up, the Model Review Group discovered that the model had not been automated and found several other errors. [...]
Truth be told, this isn't really Excel's fault. If Lotus 123 for Windows and the rest of the IBM/Lotus SmartSuite had won out in the early/mid 1990s against Microsoft's Office bundle, they'd be saying exactly the same thing about Lotus 123 in that report. The real issue is that spreadsheets by their very nature just beg to be used as a quick, interactive tool for iterating your way to a solution that's 'good enough'. As various commentators at the associated Hacker News thread explain, the difficulty is that – unlike a formal programming environment used by someone who has learned the hard way that all programs have bugs so you need to test for them – spreadsheets provide almost no real framework for testing and debugging unless the user (who as often as not knows nothing of programming beyond creating Excel spreadsheets and has a worryingly elevated view of their own competence) implements one for themselves.
The two articles are fascinating; I'm going to be following some of the links in that Hacker News thread for days to come. I had no idea there was such a thing as a European Spreadsheet Risks Interest Group, but there's no denying that there absolutely should be one.
[Via The Browser]
July 4th, 2012
In the wake of what's turned out to be an … interesting … week for the UK banking industry, a reminder from Yes, Prime Minister that this is by no means a 21st century phenomenon:
SIR DESMOND GLAZEBROOK
They've broken the rules.
What, you mean the insider trading regulations?
SIR DESMOND GLAZEBROOK
Oh. Well, that's one relief.
SIR DESMOND GLAZEBROOK
I mean of course they've broken those, but they've broken the basic, the basic rule of the City.
I didn't know there were any.
SIR DESMOND GLAZEBROOK
Just the one. If you're incompetent you have to be honest, and if you're crooked you have to be clever. See, if you're honest, then when you make a pig's breakfast of things the chaps rally round and help you out.
If you're crooked?
SIR DESMOND GLAZEBROOK
Well, if you're making good profits for them, chaps don't start asking questions; they're not stupid. Well, not that stupid.
So the ideal is a firm which is honest and clever.
SIR DESMOND GLAZEBROOK
Yes. Let me know if you ever come across one, won't you.
[Via Flip Chart Fairy Tales]
May 24th, 2012
Designing the mobile wallet – A case study. Slide 59 is a particular delight, but this entire presentation by Tim Caynes is worth a look.
April 16th, 2012
I Want a Tank.
[Via Barry Freed, commenting at Blood & Treasure]
January 23rd, 2012
It turns out that former chairman of the US Federal Reserve Alan Greenspan was laughing all the way to the (run on the) banks:
[Following the release of the minutes of the meetings of the Federal Open Market Committee's meetings for 2001-2006...]
It makes for quite a fun read if you get past all the boring economic analysis parts. In fact, if the stenographer was accurate, the Committee broke into laughter 45 times in just the January meeting! That's at least 45 jokes (some didn't get laughs – if only we knew the quality of each laughter!). I would have guessed that would be a lot relative to other meetings, right? I mean how funny would it be if the top of the housing market was also when the FOMC was telling the most jokes in their meetings?
Well, being a data nerd with nothing better to do on a Thursday night, I looked into it. To be precise, I went back for just the last six years (2001-06) and searched for how many times the stenographer's notation for laughter appeared in the released transcripts of each FOMC meeting.
Suffice it to say the data is funny…
Sadly, the minutes of meetings of the Bank of England's Monetary Policy Committee are written in a rather dry, formal style, so there doesn't seem to be much scope for a similar analysis of economic policymakers' behaviour over here.
[Via The Morning News]
August 4th, 2011
Possibly the Stupidest Bank in the World?
Essentially, my bank is asking me to install is a keylogger. Just so they can warn me not to use the same password on suntrust.com and playboy.com.
[Via The Tao of Mac]
May 7th, 2011
Ian Cowie, the Daily Telegraph's personal finance editor, suggests a real alternative vote:
Why don't we restrict votes to people who actually pay something into the system? No, I am not suggesting a return to property-based eligibility; although that system worked quite well when Parliament administered not just Britain but most of the world. Today, income would be a much better test, setting the bar as low as possible; perhaps including everyone who pays at least £100 of income tax each year.
That minimal requirement would include everyone who gets out of bed in the morning to go to work and could easily be extended to include, on grounds of fairness, several other groups. For example, all pensioners – because of the fiscal contributions to society they are likely to have paid earlier – and mothers – because of their contribution to defusing the 'demographic time-bomb' of an ageing population.
This modest proposal would, however, exclude large numbers of people who have no 'skin in the game' and who may even comprise the majority of voters in some metropolitan areas today. Their contribution is not just negative in financial terms – they take out more than they put in – but likely to be damaging to the decisions taken by democracies.
Cowie then trots out the old saw about democracies being doomed once their electorates realise that they can vote themselves ever-increasing benefits and the credit crunch proves this point. At the end of the article, he suggests at the end that this is all "a joke, on the basis that you don't need to be solemn to make a serious point". The trouble is, the assumptions that underpin his "serious point" are neither amusing nor accurate.
- It wasn't unemployed people having the vote that caused the banking sector to engage in gambling on an epic scale.
- For a lot of people right now, being unemployed is a consequence of the bankers' behaviour, and has nothing to do with whether they had 'skin in the game' the last time they were in a voting booth.
- The unemployed pay taxes too: VAT on their purchases.
- Those who have had jobs in the past have made contributions to society in the form of taxes they paid on their income while in work. Why should someone who had worked and paid taxes for twenty years and was made redundant as at 31 March 2011 have been denied a vote in last week's local elections just because they hadn't found a new job yet?
The ones who don't have 'skin in the game' are the extremely rich, the ones who have accumulated sufficient wealth that they don't have to use the NHS or state schools or public transport.
[Via Blood & Treasure]
April 16th, 2011
It turns out that having your life savings exist solely as a bunch of ones and zeros in a bank's database might just be a good thing after all:
OFUNATO, Japan – There are no cars inside the parking garage at Ofunato police headquarters. Instead, hundreds of dented metal safes, swept out of homes and businesses by last month's tsunami, crowd the long rectangular building.
Any one could hold someone's life savings.
Safes are washing up along the tsunami-battered coast, and police are trying to find their owners – a unique problem in a country where many people, especially the elderly, still stash their cash at home. By one estimate, some $350 billion worth of yen doesn't circulate.
There's even a term for this hidden money in Japanese: "tansu yokin." Or literally, "wardrobe savings." [...]
Worse yet, according to the article under Japanese law any monies not claimed after three months become the property of the finder (presumably, in this case, the state.) Imagine that you'd survived the tsunami and returned to where your home used to stand only to find a pike of damp rubble. You've got another two months now to figure out out which police station your safe washed up nearest to before you lose your title to the safe's contents – if it even washed up at all.
I'm guessing that there might be some pressure on the Japanese government not to start enforcing that '3-month rule' any time soon.
[Via Bruce Schneier]
December 26th, 2010
Professor Ross Anderson's response to a request by the UK Cards Association that the university take down an MPhil thesis published by a student that included information about the No-PIN attack and "give [the UK Cards Association] comfort about [the university's] policy towards future disclosures." may not be as pithy as the best reply ever committed to paper, but it's equally robust:
Your letter of December 1st to Stephen Jolly has only this week been passed to me to deal with. I'm afraid it contains a number of misconceptions and factual errors.
First, your letter was not correctly addressed. The University of Cambridge is a self-governing community of scholars rather than a corporate hierarchy. [...] Omar's work was not 'published by the university' as you claim but by him. If you wanted him to take his thesis offline, you should have asked him.
However, given that the material on the No-PIN attack appears on my page as well as Omar's and Steven's, and given that Mr Jolly passed the matter to me to deal with, I expect that I can save us all a lot of time by answering directly.
Second, you seem to think that we might censor a student's thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values. [...]
[Via James Nicoll]
December 9th, 2010
An Irishman abroad tells it like it is !! :-).
It started out as a pretty straightforward (if somewhat sweary) crowd-pleaser of a man-on-the-street interview about Ireland's financial troubles, with the interviewee blasting the bankers, property developers, regulators and the government for thirty years of mismanagement and greed.
Then we got to the last five seconds or so. The interview went in an entirely unexpected direction, and I spent a good minute after the video ended laughing so hard I forgot to breathe.
Edited 12 Dec 2010, 22:50 GMT to add: As it turns out, the interviewer wasn't a reporter: he was a Canadian comedian by the name of Tony Quinn. For what it's worth, the interviewee, Denis Ryan, grew up in Ireland and stands by the views he expressed in the interview. [Via MeFi user maudlin, posting here.]
August 17th, 2010
Contemplating the difficulties of spotting ATM skimmers, Khoi Vinh suggests that to a large degree the issue is a design problem:
Ask yourself: what exactly are all of those oddly proportioned boxes, varying planes, bizarre joins and strange angles that describe nearly every automated teller machine on the planet? Who among us who uses cash machines actually understands the purpose of all those expertly yet randomly fused-together shapes that are somehow intended to constitute a trustworthy money dispensing device?
May 1st, 2010
Laszlo Thoth is determined to have some fun with the secret questions and answers he supplies to his bank:
A real live human operator always asks the question and waits for a real live answer. This measure has the potential to not just improve my account security but add entertainment value as well:
Q: The Penis shoots Seeds, and makes new Life to poison the Earth with a plague of men.
A: Go forth, and kill. Zardoz has spoken.
[Via Waxy.org Links]
March 6th, 2010
Not the sort of message you want to see when you walk up to an ATM.
February 12th, 2010
February 1st, 2010
Ross Anderson on how the banks and credit card companies have pulled a fast one by pushing customers to use the 3D Secure system to 'protect' their online purchases:
Online transactions with credit cards or debit cards are increasingly verified using the 3D Secure system, which is branded as "Verified by VISA" and "MasterCard SecureCode". This is now the most widely-used single sign-on scheme ever, with over 200 million cardholders registered. It's getting hard to shop online without being forced to use it. In a paper I'm presenting today at Financial Cryptography, Steven Murdoch and I analyse 3D Secure. From the engineering point of view, it does just about everything wrong, and it's becoming a fat target for phishing. So why did it succeed in the marketplace? [...]
Surprisingly enough, it's got very little to do with security and a great deal to do with shifting liability for losses onto customers.
[Via Bruce Schneier]
October 6th, 2009
Perhaps it would be best if we just shut down all online banking systems now:
New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim's dwindling balance by rewriting online bank statements on the fly, according to a new report.
The sophisticated hack uses a Trojan horse program installed on the victim's machine that alters html coding before it's displayed in the user's browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances. [...]
Alternatively, and more realistically, banks need to start routinely requiring confirmation of transactions via some means not involving the user's web browser: ringing the user on a preset phone number to confirm that they authorised any transaction to a new recipient, or any transaction over a certain value.
[Via Bruce Schneier]
May 26th, 2009
In the midst of a lengthy description of the roots of the current financial crisis, John Lanchester just couldn't help but lapse into sarcasm:
All of this [i.e. Lanchester's account of the history of the Royal Bank of Scotland and the series of takeovers and mergers that made them Too Big To Fail.] makes RBS's corporate report for 2007, published just weeks before the bank had to go back to the markets for more capital, a document of unusual interest. Northrop Frye somewhere defines 'irony' as involving a state of affairs in which words have a different meaning from their apparent sense. This can be achieved by the audience's knowing something the speaker doesn't: so the speaker is saying one thing but we are understanding another. The RBS corporate report is like that. (So are their slogans: 'Make it happen.' Make what happen? A Â£100 billion tab for the taxpayer?) The section on corporate citizenship at the beginning is particularly good value. The firm is involved in plans to increase general levels of financial education. 'When people have been educated about money and how to work with financial services firms they are more likely to make the right decisions and to avoid difficulties.' That's true, but you can also just rob post offices. 'RBS is a responsible company. We carry out rigorous research so that we can be confident we know the issues that are most important to our stakeholders and we take practical steps to respond to what they tell us. Then occasionally, we blow all that shit off, fire up some crystal meth, and throw money around with such crazed abandon that it helps destroy the public finances of the world's fifth biggest economy.' See if you can guess which of those sentences is not in the report.