Posts tagged ‘security’

Tesla Predictions Secured

I had dinner last night with my old college roommate Brink Lindsey and he even sort of rolled his eyes about my recent Tesla obsession, so I really really will try to make this the last post for a while.  However, I have to count coup on a few accurate predictions I made last week here and here.

First, I said, in reference to how Musk can bail himself out of his "funding secured" tweet when it has become clear this is not the case:

So what can Musk do?  Well, the first defense might be to release a statement like "when I said funding secured, I was referring to recent conversations with ______ [fill in blank, maybe with Saudis or the Chinese, call them X] and they told me that if we ever were looking for funds they would have my back."  This is probably the best he could do, and Tesla would try to chalk it up to naivete of Mr. Musk to accept barroom conversation as a firm commitment.  Naivite, but not fraud.   I don't have any experience with the Feds on this kind of thing but my guess is that the SEC would expect that the CEO of a $50 billion public company should know the rules and legally wasn't allowed to be naive, but who knows, the defense worked for Hillary Clinton with her email servers.

Today Musk writes:

Recently, after the Saudi fund bought almost 5% of Tesla stock through the public markets, they reached out to ask for another meeting. That meeting took place on July 31st. During the meeting, the Managing Director of the fund expressed regret that I had not moved forward previously on a going private transaction with them, and he strongly expressed his support for funding a going private transaction for Tesla at this time. I understood from him that no other decision makers were needed and that they were eager to proceed....

I left the July 31st meeting with no question that a deal with the Saudi sovereign fund could be closed, and that it was just a matter of getting the process moving. This is why I referred to “funding secured” in the August 7th announcement.

Of course the Feds probably expect "funding secured" to mean a signed term sheet (which does not exist) accompanied by an 8-K (which STILL has not been issued).  I then said in my prediction:

But this defense is MUCH MUCH better if, in the next day or so, Tesla can announce a deal with X on paper with signatures.  Then Musk can use the same defense as above but it has much more weight because he can say, see, they promised funding and I believed them when they said they had my back and here they have delivered.

And today we learn:

But was the funding really secured? Apparently not, because in the very next paragraph Musk writes that "following the August 7th announcement, I have continued to communicate with the Managing Director of the Saudi fund. He has expressed support for proceeding subject to financial and other due diligence and their internal review process for obtaining approvals. He has also asked for additional details on how the company would be taken private, including any required percentages and any regulatory requirements."

Hmmm.  So basically Musk had a chat with the Saudis that did not include any due diligence, any percentages, or anything about the structure of the transaction and nothing has been submitted formally to the Saudis for the required review and approval.  The Feds would never accept this BS from an unpopular CEO like, say, Jeff Skilling.  It remains to be seen whether they will really go after cultural icon Musk.

Finally, I predicted the odd and relatively unprecedented transaction that Musk likely envisioned:

Here is what I think Musk wants -- he wants an LBO without any actual change in ownership. Basically he wants to create Tesla New, which will be private and not trade on the markets. He is hoping that all his current fanboy shareholders will exchange a share of Tesla for a share of Tesla New. Musk has already said he will do this with his 20%. In the extreme case, if every current shareholder wants in on the new private company, then no capital at all is needed for the LBO. Musk might admit that perhaps a billion or two are needed to buy out the few recalcitrants at $420, and then all the Tesla fanboys can enjoy short-seller-free illiquidity

There was no way that Musk could expect to raise $70-$80 billion ($420 times the float) or to run an already cash-starved business with that much debt.  The only way to imagine this is if the buyout was only of a small percentage of owners.  And sure enough, here is Musk this morning:

Therefore, reports that more than $70B would be needed to take Tesla private dramatically overstate the actual capital raise needed. The $420 buyout price would only be used for Tesla shareholders who do not remain with our company if it is private. My best estimate right now is that approximately two-thirds of shares owned by all current investors would roll over into a private Tesla.

I won't comment on whether this is possible because I don't know enough about security laws.  I have been told that the SEC would likely frown on a private company with no public disclosures that has thousands or even millions of individual shareholders, but again, I don't know.

I find it amazing that anyone would want to stay in on this basis, but like Musk, the Tesla fan-boys seem to care more about burning the shorts than the quality of their own long investment in Tesla.  How can moving your small (percentage-wise) investment in Tesla from being exchange-traded to being locked up in a private company possibly be an improvement?  Today your investment has total liquidity (you can sell any time), it has massive 3rd party scrutiny and accountability, and it has real-time price discovery.  You would lose all of that in a private company.  You can only sell when Musk lets you sell and at the price he chooses to give you based on whatever company information he chooses to release.  Choosing the private option as a minority shareholder is like saying that you would rather hold non-refundable airline tickets than fully refundable ones.

Postscript:  I am new to the world of short-selling fights, as I am not really an active investor and just got sucked into watching Tesla because I found it interesting.  But wow, the tribalism of politics sure has leaked into the investment world!  In tribal politics, we see people more motivated by hatred of the other tribe than by making progress on their own tribe's goals.  This same kind of "reasoning" seems to dominate a lot of the Tesla long-short battle.

Update:  Here is a new prediction.  For a while Elon Musk has claimed he will not have to raise capital this year.  Everyone basically looks at his numbers and thinks he is nuts.  What's more, given his $50 billion equity valuation currently, he SHOULD be raising capital now while his stock is high and thus his cost of capital is low.

But one way to look at this is if he raises $20 billion in equity to buy out the 1/3 he thinks will want the cash rather than the new stock, he could easily just make that $22 billion so the company has an extra $2 billion in operating cash and thus raise capital this year without it looking like he violated his promise not to raise capital.

 

The Partisan Gap

It is always entertaining reading blogs from both sides of the political aisle.  Here are articles from the last day or so after the Saturday FBI document dump of the redacted FISA application

Scott Johnson at Powerline:  "DEVIN NUNES VINDICATED"

Kevin Drum at Mother Jones: "Now We Know For Sure: Devin Nunes Lied About Everything"

The hilarious part is that the vast majority of articles from both sides have a tone of, "well, this should put the question to rest."  LOL.

I really don't have an opinion about the Nunes memo, nor do I really care.  A few random thoughts

  • I have not read the FISA application, nor will I ever, but the Saturday evening drop time is not usually a marker of something an agency is proud of
  • I don't think the Carter Page surveillance likely did much harm, but it strikes me that the bar for starting a secret national security spying effort against members of an active Presidential campaign should be  a little higher. In fact, I have always felt the FISA bar should be higher for everyone.
  • Almost no matter the details, the handling by the Obama Administration of Russian spying allegations seems weirdly passive-aggressive -- both overly aggressive against minor figures like Carter Page and strangely silent and passive on the broader details.  It is strange to me that so many Obama administration officials can be so vocally worried about Russian spying after November 2016 and so silent and ineffective on it before that date, when they actually had power to do something about it.  I know Republican partisans will explain this with "because bias," and this may be the case, but without any direct knowledge I always prefer to default to incompetence.  Certainly screaming about it now on every cable talk show seems to have diverted attention from the question of what the f*ck they were dong when it was actually their job to tackle this kind of thing.

Automation, or Perhaps Not (At Least for a While)

I thought this letter from Dan Hanson to Tyler Cowen was really thought provoking:

I wonder how many of the people making predictions about the future of truck drivers have ever ridden with one to see what they do?

One of the big failings of high-level analyses of future trends is that in general they either ignore or seriously underestimate the complexity of the job at a detailed level. Lots of jobs look simple or rote from a think tank or government office, but turn out to be quite complex when you dive into the details.

For example, truck drivers don’t just drive trucks. They also secure loads, including determining what to load first and last and how to tie it all down securely. They act as agents for the trunking company. They verify that what they are picking up is what is on the manifest. They are the early warning system for vehicle maintenance. They deal with the government and others at weighing stations. When sleeping in the cab, they act as security for the load. If the vehicle breaks down, they set up road flares and contact authorities. If the vehicle doesn’t handle correctly, the driver has to stop and analyze what’s wrong – blown tire, shifting load, whatever.

In addition, many truckers are sole proprietors who own their own trucks. This means they also do all the bookwork, preventative maintenance, taxes, etc. These people have local knowledge that is not easily transferable. They know the quirks of the routes, they have relationships with customers, they learn how best to navigate through certain areas, they understand how to optimize by splitting loads or arranging for return loads at their destination, etc. They also learn which customers pay promptly, which ones provide their loads in a way that’s easy to get on the truck, which ones generally have their paperwork in order, etc. Loading docks are not all equal. Some are very ad-hoc and require serious judgement to be able to manoever large trucks around them. Never underestimate the importance of local knowledge.

I’ve been working in automation for 20 years. When you see how hard it is to simply digitize a paper process inside a single plant (often a multi-year project), you start to roll your eyes at ivory tower claims of entire industries being totally transformed by automation in a few years. One thing I’ve learned is a fundamentally Hayekian insight: When it comes to large scale activities, nothing about change is easy, and top-down change generally fails. Just figuring out the requirements for computerizing a job is a laborious process full of potential errors. Many automation projects fail because the people at the high levels who plan them simply do not understand the needs of the people who have to live with the results.

Take factory automation. This is the simplest environment to automate, because factories are local, closed environments that can be modified to make things simpler. A lot of the activities that go on in a factory are extremely well defined and repetitive. Factory robots are readily available that can be trained to do just about anything physically a person can do. And yet, many factories have not automated simply because there are little details about how they work that are hard to define and automate, or because they aren’t organized enough in terms of information flow, paperwork, processes, etc. It can take a team of engineers many man years to just figure out exactly what a factory needs to do to make itself ready to be automated. Often that requires changes to the physical plant, digitization of manual processes, Statistical analysis of variance in output to determine where the process is not being defined correctly, etc.

A lot of pundits have a sense that automation is accelerating in replacing jobs. In fact, I predict it will slow down, because we have been picking the low hanging fruit first. That has given us an unrealistic idea of how hard it is to fully automate a job.

Based on this I can still think of some labor-saving, but not labor-eliminating, automation roles in trucking.

  • Convoying, allowing one driver to lead multiple additional automated trucks
  • Reduction in team driving.  Currently Federal rules (e.g. for rest breaks and maximum driving times) have created incentives for teams of two drivers to move priority freight that needs to be moving constantly and not parked while the driver sleeps.  Automation might allow one person plus the automated driver to keep trucks moving continuously and safely.

One thing not mentioned by Mr. Hanson is the role of regulation.  Safe automated trucks will likely exist LONG before Federal regulatory changes will occur to allow them much use.  This is not just because there is some delay with regulators getting comfortable with the safety aspects, but because affected groups with political pull who wish to keep the status quo will use safety concerns, real or imagined, to hold up the regulatory process.

If you think I am being too pessimistic, here is a story.  The typical steam engine of the 1930's needed a driver and a fireman -- the latter's job was to make sure the furnace was correctly fueled and operating well.  When diesel locomotives came along, one benefit among many was that the fireman was no longer needed.  Seeing this on the horizon, the fireman's union was ready to dig in their heals.  They actually, boldly, took the position NOT that a diesel locomotive needed a fireman, but that it should be required to have 2 firemen!  This was partially a subject for union negotiation, but in the dysfunctional world of railroad labor regulation, it also required some regulatory changes  (as the first industry with large workforces, the government took its first shot at labor regulation in a railroad-specific manner and the result was largely dysfunctional; fortunately for the rest of industry it did a better job with labor regulation later for everyone else).  It took years to totally eliminated fireman from diesel engines.  In fact, nearly every railroad labor saving technology like this (e.g. automatic brakes rather than men on roofs turning break wheels) led to regulatory foot-dagging that allowed the new technology but resisted the reduction in personnel.

OK, So Why Won't Government Employees Admit Even the Smallest Error?

I got some attention with a post the other day about an example of something I see constantly -- government employees unwilling to admit even the smallest error.

One reason is that even as someone who runs a company that partners with government agencies frequently, I am still an outsider and a member of the general public.  And government agencies train everyone in their organizations never to give any information to the public that is not fully vetted and controlled.  Government agencies have had their training budgets slashed, but the one training everyone still gets (along with diversity training) is training on how to reveal (or really, not reveal) information to the public.

But I think there is a more important reason for this behavior, and it is one I want to spend a bit of time on in part because it is one of my favorite business topics: incentives.   There is nothing in an organization that is harder to get right than incentives.  And this is doubly true of government agencies because most government agencies don't have, or don't choose to measure, any output variables.

What do I mean by output variables?  Organizations tend to measure both what I call input and output variables.   Let's consider a sales person.  An output variable is a business result, e.g. number of units sold, number of new customers added, revenue of products or services sold, gross margin of products sold, satisfaction rating from customers.  An input variable is a measure of how well process steps leading to that sale were completed, e.g. percent conformance to pricing guidelines, number of sales calls made, number of quotes produced.  If well selected, input variables tend to lead to the output variables but they don't in themselves pay the rent.

Because I am most familiar with them, I am going to use government recreation agencies like a state parks organization as an example.  I have yet to find a government recreation agency that measures its employees primarily on output variables, e.g. customer satisfaction of park visitors, fee revenue collected at park, net income of the park, change in deferred maintenance accounts, etc.  Instead their metrics are -- at best -- based on conformance to process, e.g. was the budget completed on time, was the planning process done right, was all necessary reporting done on time, etc.  I say "at best" because most government agencies have no formal performance metrics at all.  And this is where I get to my favorite incentives / metrics topic of all -- informal performance metrics.

An organization never has no performance metrics at all. They may have no formal, written standards, but every organization has to evaluate and promote talent.  If there are no formal standards, there have to be some informal or unwritten standards that are applied.  And I would argue from my experience that even when formal standards do exist, there may still be informal standards that are more important.

One informal incentive that exists naturally in almost every organization is "don't get caught in a mistake."  On its face this is one of those incentives that seem good -- sure, I would love to have an organization where no one makes mistakes.   But many companies have found that in competitive markets, allowing this informal incentive to become powerful can spell a company's doom.  It has at least two negative effects:  it limits honest communications, because people start hiding their mistakes which in turn keeps information from the rest of the organization that may need it; and it limits risk-taking, which is necessary for most companies to survive in competitive markets, because almost everything a company does to improve contains risks.  Powerful formal performance systems are one way to limit counterproductive informal incentives like this.  But many companies also put a lot of work into their communications and culture to help employees be more open to taking risks and making mistakes.   A vast portion of my communication with my own managers and employees are on this topic.  We try to make very clear the subset of mistakes that are career fatal and where we DO want risk aversion (e.g. racism, harassment, abuse, etc) and treat everything else as a learning exercise.  My response to one of my manager's mistakes is very likely to be, "sorry, that was my fault, I did a bad job of training you (or preparing you, or whatever) for that issue."

Recognize though that all of these corporate steps to head off problems with the informal incentive "don't get caught making a mistake" have largely been lessons of the marketplace.  Time warp back to the 1950's when American companies were fat and happy and not yet really faced with scrappy global competition, and you might well have found highly risk-adverse cultures where people were afraid of being caught in a mistake.  I do not have experience at companies like GM, but I would not be surprised at all to learn that risk aversion dominated the culture and that faced with market extinction, it has spent much of the time since the 1970's trying to purge this risk aversion from its culture.

But in large part, a government organization doesn't face these market corrective forces.  If an agency becomes weak and senescent, it does not get competed into oblivion, it simply goes on and on.  Maybe it gets more tax money to make up for its inefficiency, or maybe it cuts somewhere (such as deferred maintenance in public parks) to make ends meet.   Which means that in most government agencies I have worked with, informal incentives -- particularly "don't get caught in a mistake" -- are extremely powerful.

Most people are familiar with the fact that the default government answer to anything new is "No".  But did you ever wonder why?  I have heard a lot of folks say that it is because government employees are jerks or lazy under-performers or have evil intentions.  But that is really not the case.  With just a couple of small exceptions**, people who enter government are no different than people who enter private organizations.  If they do things that seem bad, it is not because they are bad people but because their information and incentives cause them to do things we perceive as bad.  Take the case of saying "No".  Without any output metrics, most government employees have no incentive to say "yes".  There is no incentive to, say, generate 20% more visitor revenue in parks so there is no incentive to approve new visitor facilities or services that might generate that revenue.  And there is every reason so say "no".  "No" is almost always safe, particularly if one does not actually say "No" but instead say something like, "well, that is an interesting idea but we need to do X, Y, and Z intensive 20-year studies first."  There is virtually no way for any government employee to get caught in a mistake saying that.  So that is the answer most of us get from the government.

Coming back to the original question, I hope this helps explain why agency employees who don't admit error act the way they do -- they are not bad people, they are normal people reacting to a bad incentive.   Imagine in my business if I, say, reversed two numbers on one of the 25 state and local sales tax returns we file each month.  When pointed out to me, I have no problem admitting the mistake because I know it is easily correctable and that it has little to do with my true performance.  But in the government world, things are completely different.  They don't have output variables.  Executives can have full successful careers running parks where the infrastructure is allowed to fall apart, the headquarters become bloated, and visitation stagnates.  But they can be fired for getting something wrong in the process.  Not very often, but just enough pour encourager les autres, particularly in an environment where there are really no other formal metrics to override this fear.

 

**postscript:  I have found two ways that people who enter government are different from people who enter private business  (people are more different at the end of their careers after they have been shaped by the incentives and culture for a long period of time, but I am talking about upon entry into work).  First, people who enter government tend to prioritize security (e.g. good benefits, difficult to fire) over other aspects of employment.  Note that this just tends to reinforce the risk aversion to making or admitting a mistake even more.  Second, people who enter government tend to be more confident of government solutions to problems and more skeptical of private solutions than people who enter private business.  This latter is another reason why my company, that offers private solutions for traditional government functions, hears "no" a lot.

 

Bank of America's Absurd Telephone Security

So I called Bank of America to send a new credit card to me (the chip was screwed up, which has now happened to three of my cards).  The automated system asked me for the card number and zip code (the latter being a good idea since it is information not on the card itself).  The automated system then gave me some information, trying to head off standard phone requests I suppose.  It told me my current balance, my total credit limit, and my available credit.

I then jammed "0" and said "agent" over and over until I could get a real person.  Once I got a real person, they asked me my name, and then said they had to ask me a security question.  So they asked me ... what is the credit limit on my card.  LOL, their system just told me the number.  Had it not, I probably would not have even known the number.  I asked her how in the world this could possibly be a reasonable security question when their system just told me the answer.  I got a sort of "I just work here" answer and gave up and got my new card.

Towards Better, More Reliable Home Wifi -- Ditch the Products Meant for the Home

For years I have been struggling with a variety of commercial home wifi products.  I have been plagued by issues -- either they had poor range or they had to be reset every day or so or they did not play well with various extenders I needed to cover my house.  I have a one story house that sort of sprawls all over the place and is hard to cover, particularly since our internet connection to Cox Cable is all the way at one end of the house and some of the house has a cinderblock core just to make signal transmission even harder.

So my company had a contractor wiring up a customer location we manage and they were using a commercial product from Ubiquiti Networks.  I wondered why a commercial product would not work just as well in my home.  This Ars Technica article discussed how much better he thought the commercial products from Ubiquiti were than most consumer grade products.  I figured maybe the problem would be cost, but perusing the Unifi product line on Amazon, it seemed priced a bit higher than consumer products but not unreasonably so (also compare the Amazon star ratings for the Unifi products to consumer alternatives -- you will not see ratings this high).

I was a little intimidated that the setup would be hard but it was manageable if you know even a little bit about network addresses and how they work. And this video is absolutely fabulous -- I can tell you that if you follow along with this guy your system will work at the end of it.  Once it was running, the software is way easier to navigate than my old consumer products.

So several months ago I installed a Unifi system in my house with 6 access points (including on my patio and in my garage), a security gateway (the router, I think), a main switch, a couple of satellite switches, and the cloudkey which helps manage the whole thing.  I paid extra for the PoE switches (power over ethernet) so I could run the access points without having to plug them into an outlet and so in the future I could add PoE video.

What I like:

  • Reasonable cost
  • Setup not difficult if you follow the video
  • Rock-solid reliability
  • It reaches everywhere, with a single SSID so it acts as one seamless large wifi zone.
  • Ability to access the system remotely to check on status
  • Access points work via PoE so they mount on the wall or ceiling really cleanly and look great
  • Really good information about my network, not only every device and its IP and status, but also its bandwidth use and exactly how it is connected in the network tree (ie via such and such switch).

The only problem I have had so far is a moderately arcane one that took me a while to diagnose.  I use this system with my Sonos music system and I have a number of Sonos boxes around the house.  Most of these are wired, and so do not use the Sonos wired peer-to-peer mesh.  However, the Sonos boxes were trying to create wireless network amongst themselves that essentially created loops in my network where storms of traffic ran in circles.

This is where I had a learning opportunity.  Apparently network equipment has something called Spanning Tree Protocol (STP).  Basically through a priority and cost system, it allows you to specify preferred pathways and prevent data from looping.  But Sonos uses a really old version of this that does not play well with Unifi.  I will say that this is not just a Unifi problem as I had this exact same problem at another location with Sonos and the Google mesh wifi system.  At least with Unifi, there were STP settings I could play with (Google mesh wifi is a nice little plug and play product but forget it if you want to tweak anything at all).   As is usual nowadays for any known problem, the Internet has a bunch of articles on Unifi and Sonos compatibility issues.  Eventually by tweaking the STP priorities of the Unifi switches and simply turning off the wifi in Sonos units where I did not need the mesh wifi capability (a nearly undocumented feature that is revealed here) I got it all playing nice together.   I will add that though Sonos is a product I love (because my wife can actually reliably use it), their tech support never identified this problem -- they said they saw evidence of loops but would not admit that the Sonos peer-to-peer networking was helping to cause them.

Orren Boyle Smiles

I just cannot understand how politicians can be called "populist" for favoring a few hundred thousand domestic steel workers and steel company equity holders over 300 million domestic consumers who depend on low-cost steel for their jobs or buy steel products.  But there seems to be something about the steel industry that causes folks who normally would scream about corporate welfare to just roll over.

At noon, Donald Trump will sign an executive order calling for a probe whether imports of foreign-made steel are hurting U.S. national security. The order will revive a decades-old, rarely used law to explore imposing new barriers on steel imports, in this case aimed loosely at China.

Trump will sign the memorandum related to section 232 of the Trade Expansion Act of 1962 at an event in the White House that will include leadersd of several U.S. steel companies; the law will allow the president to impose restrictions on imports for reasons of national security. Trump’s directive will ask Ross to conduct the probe “with all deliberate speed and deliver the results to the president with his recommendations."

An official cited by Reuters sad that there are national security implications from imports of steel alloys that are used in products such as the armor plating of ships and require a lot of expertise to create and produce.

Why do I suspect the national defense argument is a total sham?

Update:  “For every steelworker, there are 60 workers in steel-using industries,” said Lewis Leibowitz, a Washington attorney who has worked on trade cases involving steel in the past. “You need competitive steel prices for those industries to be competitive and to export.”  source:  WSJ

When Government Picks Winners, It Mostly Chooses Losers

In an article for Cato mocking the Obama Administration for creating energy technology forecasts that run to the year 2300, Pat Michaels wrote:

Consider the case of domestic natural gas. In 2001, everyone knew that we were running out. A person who opined that we actually would soon be able to exploit hundreds of years’ worth, simply by smashing rocks underlying vast areas of the country, would have been laughed out of polite company.

Energy statists on the Left today are trying to get rid of coal-fired electricity generation in this country (due to climate concerns).  But one thing that few people remember is that a significant reason we have so much coal-fired electricity generation in this country is that energy statists on the Left in the 1970's mandated it.  I kid you not:

The Powerplant and Industrial Fuel Use Act (FUA) was passed in 1978 in response to concerns over national energy security. The 1973 oil crisis and the natural gas curtailments of the mid 1970s contributed to concerns about U.S. supplies of oil and natural gas. The FUA restricted construction of power plants using oil or natural gas as a primary fuel and encouraged the use of coal, nuclear energy and other alternative fuels. It also restricted the industrial use of oil and natural gas in large boilers.

As a further irony, and absolutely typical of government regulation, this regulation banning oil and gas fired plants because oil and gas seemed to be running out was really trying to fix a problem caused by another regulation.   The government had caps on oil and gas prices through the 1970's that artificially reduced supplies.  Once these price regulations were removed, we suddenly had an oil and gas glut in the 1980's and the FUA was eliminated in 1987.  Watching regulators chase their tails in energy policy over the last 40 years would be comical if the effects of their repeated mistakes were not so dire.

The Terrorists Have Won

Security wall going up around the Eiffel Tower

The city of Paris is planning to build a permanent barrier around the Eiffel Tower and its two adjacent ponds in order to beef up security, replacing temporary protective structures that had been up as a result of recent terror attacks. It’s estimated that the structure, which will be bulletproof and able to stop vehicles, will cost the city 20 million euros (about $22 million). ...

Work on the perimeter is scheduled to start this fall, although plans are subject to approval. Once the project is complete, you’ll no longer be able to stroll leisurely under the massive steel tower, as you’ll first have to pass through a security checkpoint involving a metal detector and ID check before you can get up close to the base.

Nothing more romantic than a moonlight stroll under the Eiffel tower... and getting frisked by the French equivalent of the TSA.

By the way, if the Conservatives in this country need a better euphemism for their Mexican wall, here is a suggestion from the French:

While reports have said the wall be made of glass, Paris‘ deputy mayor Jean-François Martins wouldn’t confirm that to be true in a press conference last week — however, Martins did say, “It’s not a wall, it’s an aesthetic perimeter,”

If only the East Germans had been so clever with words, they might have won the Cold War.

My Favorite Description To Date of the Problems and Appeal of Trump

Scott Alexander has a great article on the problems with Trump's approach to economics.  I want to begin, though, with an analogy he uses at the end because it is the best single framework I have seen about understanding Trump's appeal:

Suppose you’re a hypercompetent billionaire in a decaying city, and you want to do something about the crime problem. What’s your best option? Maybe you could to donate money to law-enforcement, or after-school programs for at-risk teens, or urban renewal. Or you could urge your company full of engineering geniuses to invent new police tactics and better security systems. Or you could use your influence as a beloved celebrity to petition the government to pass laws which improve efficiency of the justice system.

Bruce Wayne decided to dress up in a bat costume and personally punch criminals. And we love him for it.

I worry that Trump’s plan for his administration is to dress up in a President costume and personally punch people we don’t like, while leaving policy to rot. And I worry it’s going to work.

Basically, Trump is acting like a small state governor, focusing his economic efforts on getting the Apple factory to come to town

So based on these two strategies, we are in for four years of sham Trump victories which look really convincing on a first glance. Every couple of weeks, until it gets boring, another company is going to say Trump convinced them to keep jobs in the United States. The total number of jobs saved this way will never be more than a tiny fraction of the jobs that could be saved by (eg) good economic policy, but nobody knows anything about economic policy and Trump will make sure everybody hears about Ford keeping jobs in the US. Every one of these victories will actively make the world worse, in the sense that these big companies will get taxpayer subsidies or favors they can call in later to distort government priorities, but nobody’s going to notice these either.

It seems appropriate to end this with a bit of Bastiat:

In the economic sphere an act, a habit, an institution, a law produces not only one effect, but a series of effects. Of these effects, the first alone is immediate; it appears simultaneously with its cause; it is seen. The other effects emerge only subsequently; they are not seen; we are fortunate if we foresee them.

There is only one difference between a bad economist and a good one: the bad economist confines himself to the visible effect; the good economist takes into account both the effect that can be seen and those effects that must be foreseen.

Yet this difference is tremendous; for it almost always happens that when the immediate consequence is favorable, the later consequences are disastrous, and vice versa. Whence it follows that the bad economist pursues a small present good that will be followed by a great evil to come, while the good economist pursues a great good to come, at the risk of a small present evil.

Bank of America is Protecting Merchants Who Lose Credit Card Data By Hiding Their Names

My small business has a Visa account with Bank of America so that our managers can have the ability to charge small expenses.  My personal corporate card is part of that account.  At least twice a year, I get the dreaded call from the bank telling me my card number was part of a data breach and I have to get a new card.  And then I have to spend hours and hours updating a zillion online accounts with new numbers, and I face weeks and months of past due notices from accounts I forgot to change.

I am willing to accept Bank of America's explanation that some merchant outside their system caused the breech.  So each time I ask the obvious question, "who was the merchant so I can stop doing business with them?"  And every single time Bank of America refuses to tell me.  For reasons beyond my reckoning, Bank of American and apparently the Visa system have a vow of Omerta in which they protect security-deficient retailers from scrutiny.  It is infuriating.  In a free society, we should not need the government to hold merchants accountable for data privacy, we should be able to do it ourselves as customers.  Apparently I am not the only one who is similarly frustrated by this.

Does anyone know of any Visa issuers that are more transparent about the sources of data breaches?  Is Amex better on this than the Visa/MC system?

Update:  From a Senior Fraud Analyst at Bank of America:

I am responding to an email you sent to us regarding the data compromise situation that keeps happening with your corporate card.

I do understand the frustration you experience.  We are not provided specific details about where the compromise occurred.  The compromise could have happened sometime in the past and it may not be limited to one specific merchant or processing center.  I do understand that  you not wanting to use the card at the site of the compromise, but keep in mind that when a merchant or processing center is compromised they likely took measures to improve their security, the continued compromises could be coming from different processing centers or merchants and not the same place each time.

My email back in response:

This is how banks invite regulation on themselves.  If Visa and the large credit card issuing banks were more transparent with customers about retailers that create data breaches, customers could take their own action to police irresponsible parties by taking their business elsewhere.  Ditto merchant processors -- we businesses could easily shift our merchant processing accounts.  But instead, by creating this sort of rule of Omerta where you protect the irresponsible party from public disclosure, people feel helpless.  It is in that environment that folks like Elizabeth Warren can create so much havoc with regulation.

By the way, please do not tell me to be comfortable that the offending merchants have already tightened up their security.  It has been nearly 18 months after the requirements that merchants accept chip cards to avoid extra liability and half the stores I visit still have the chip card slot on their credit card machines disabled.  No retailer is going to stop being irresponsible until you banks stop protecting the bad ones.  Look what happened at Target - they got a lot of bad publicity from their breach but you can be damn sure they were one of the first that were accepting chip cards.

Are You In Control of Electronic Payments from Your Checking Account?

If your business is like mine, a lot of folks to whom I owe money are insisting on the ability to automatically remove the money I owe them each month from our checking account (via an electronic process known as ACH, which is slower but much cheaper and easier to use than the old wire transfer method).  At first, any loan I took out insisted that the lender be able to automatically withdraw my payments.  Then my workers compensation company.  Then certain vendor accounts.  And of course my merchant processing companies are constantly shoving money in and out of my bank accounts.

In retrospect, I was far too sanguine about this situation.  What finally caused me to abandon my sense of security was a libel lawsuit filed by one of my vendors over a bad review I wrote of their product [I won't mention the name here but I am sure anyone can figure it out with a simple search].  Anyway, I realized that this company, who was suing me for untold bazillions of dollars, actually had the right to freely jack whatever they wanted out of my checking account.  What is worse, this same company is being sued by many companies for trying to take an arbitrarily high final payment out of their accounts at contract termination.  Eeek!  And this does not even include the possibility of outright fraud.  I have ACH tools where if I have your bank's name and your account number, I could pull out money from your account without your ever knowing about it until you see it missing.  I presume criminals could do the same thing.

Something had to be done, and it turned out that my bank, Bank of America, has something called ACH positive pay wherein nothing gets ACH'ed out of my accounts without my first approving the payments.   I check a screen each morning and in 60 seconds can do the approvals for the day.  They also have a very easy to use rules system where one can set up rules such that payments to certain vendors or for certain amounts don't need further daily approvals.

I presume most major banks have a similar product.  It cost me some money but I feel way safer and encourage you to look into it if you are in the same situation.

Thank God We Have Unionized Government Workers and Not Some Damn Private Company

The TSA, which apparently stands for Theater of Security Absurdity, apparently is completely useless:

According to a report based on an internal investigation, "red teams" with the Department of Homeland Security's Office of the Inspector General were able to get banned items through the screening process in 67 out of 70 tests it conducted across the nation.

The test results were first reported by ABC News, and government officials confirmed them to CNN. Mark Hatfield, acting deputy director, will take over for Melvin Carraway until a new acting administrator is appointed. It was not immediately clear Tuesday where Carraway would be reassigned.

Fortunately, the TSA has been successful in creating accountability-free sinecures with stupendous pension and benefit plans for thousands of people who apparently learned the security trade from Sargent Schultz.

My Friend Jon is Having a Bad Week

$10 million in diamonds get accidentally thrown away, then stolen out of the trash by the security guard.  

To me, this proves that crazy stuff can happy to anyone.  Jon is as bright and hard-working as anyone I know.  He is also entirely trustworthy and honorable in a business that often lacks these qualities.  The thief apparently sold one large stone, about 10 ct., to someone in the same building** who then cut it down to 9 ct. and resold it.  There would be no reason for a dealer to cut down an already cut stone, since it substantially reduced the value, unless he knew the stone to be stolen and was purposely trying to disguise the stone for resale.  Its like a thief robbing your house and selling your TV to your neighbor, who changes the label so you won't recognize it when you come over.

 

** all of the major diamond dealers in New York seem to work in just 2 buildings on Fifth Avenue.

Dear Conservatives: This Is Why We Hate All Your Civil Rights Restrictions in the Name of Fighting Terror

Because about 5 seconds after they are passed, government officials are scheming to use the laws against non-terrorists to protect themselves from criticism.

Twenty-four environmental activists have been placed under house arrest ahead of the Paris climate summit, using France’s state of emergency laws. Two of them slammed an attack on civil liberties in an interview with FRANCE 24....

The officers handed Amélie a restraining order informing her that she can no longer leave Rennes, is required to register three times a day at the local police station, and must stay at home between 8pm and 6am.

The order ends on December 12, the day the Paris climate summit draws to a close....

Citing the heightened terrorist threat, French authorities have issued a blanket ban on demonstrations – including all rallies planned to coincide with the climate summit, which Hollande is due to formally open on Monday.

This justification is about as lame as them come:

AFP news agency has had access to the restraining notices. It says they point to the “threat to public order” posed by radical campaigners, noting that security forces “must not be distracted from the task of combating the terrorist threat”.

Note that the police had absolutely no evidence that these folks were planning any violence, or even that they were planning any particular sort of protest.  This was a classic "round up the usual suspects" dragnet of anyone who had made a name for themselves protesting at green causes in the past.

Postscript:  Yes, I know that these protesters and I would have very little common ground on environmental issues.  So what?  There is nothing more important than supporting the civil rights of those with whom one disagrees.

And yes, I do have the sneaking suspicion that many of the very same people caught up in this dragnet would cheer if I and other skeptics were similarly rounded up for our speech by the government.  But that is exactly the point.  There are people who, if in power, would like to have me rounded up.  So it is important to stand firm against any precedent allowing the government to have these powers.  Else the only thing standing between me and jail is a single election.

Update:  Think that last bit is overly dramatic?  Think again.  I can guarantee you that you have some characteristic or belief that would cause someone in the world today, and probably many people, to want to put you up against the wall if they had the power to do so.  As proof, see:  all of history.

Even at the Margin With Capital Charges Sunk, Light Rail Economics are Awful

A reader and frequent contributor sent me this:

When 120,000 people head to downtown Orlando for the big July 4 fireworks show at Lake Eola, none will be getting on SunRail.

It’s not running.

Central Florida’s $1 billion commuter-rail line usually only operates Monday through Friday, and while a few special weekend events in recent months have booked the train, one of the biggest gatherings of the year won’t.

Fireworks at the Fountain, in addition to the sky show, will feature more than 25 vendors, live music and children’s activities.

But Orlando city staff researched the addition of SunRail service, but found it wouldn’t work, said Cassandra Lafser, the city’s public information officer.

“Several factors contributed to this decision, including safety, availability and costs,” Lafser said in a prepared statement.

“The city’s concerns included: total train capacity, safety and security, hours of operation, pedestrian wayfinding and transport operations between the downtown stations and Lake Eola, and funding availability.”

So, even in a situation where capital costs are sunk and can be ignored, an incremental decision to operate the train on a very heavy commuter day makes no economic sense.  You want to know why?  Because it makes no economic sense Monday through Friday either.  Light rail never pays back any of its capital costs, but the vast majority of light rail loses money operationally at the margin as well.

Question: Name An Activity The Government is Better At Than the Private Actors It Purports to Regulate

I am serious about this.  We saw in an earlier story that the government is trying to tighten regulations on private company cyber security practices at the same time its own network security practices have been shown to be a joke.  In finance, it can never balance a budget and uses accounting techniques that would get most companies thrown in jail.  It almost never fully funds its pensions.  Anything it does is generally done more expensively than would be the same task undertaken privately.  Its various sites are among the worst superfund environmental messes.   Almost all the current threats to water quality in rivers and oceans comes from municipal sewage plants.  The government's Philadelphia naval yard single-handedly accounts for a huge number of the worst asbestos exposure cases to date.

By what alchemy does such a failing organization suddenly become such a good regulator?

Update:  On the topic of cyber security competence or lack thereof, there is this:

In mid-May, the Federal Bureau of Investigations lost control over seized domains, including Megaupload.com, when the agency failed to renew a key domain name of its own. That domain, which hosted the name servers that redirected requests for seized sites to an FBI Web page, was purchased at auction—and then used to redirect traffic from Megaupload.com and other sites to a malicious site serving porn ads and malware. Weeks later, those sites are still in limbo because somehow, despite a law enforcement freeze on the domain name, the name servers associated with Megaupload.com and those other seized sites were changed to point at hosts associated with a domain registered in China.

Yep, that is the lead government agency tasked with investigating hacking and cyber security breaches.

Your Government At Work

Statists believe in a kind of alchemy.  They will say that individual citizens cannot be trusted with, say, selecting their own health plan.  This must be entrusted to a government official who gained such lofty powers by ... being selected by the self-same citizens that couldn't be trusted to choose a health plan.  How is it that schlubs who cannot be trusted can be elected by the mass of schlubs who cannot be trusted, placed into a monopoly with guns and no competition, and miraculously suddenly be trusted?

As you probably know, the institution that demands ever more power because of external threats to our security and constantly bashes private companies for not being careful enough with privacy had most of its employee data  stolen by a group of Chinese hackers. After the hack was made public, the government claimed the hack was discovered due to their diligent internal security efforts.  This turns out not to be the case, and the reality is pretty damn funny:

At the time, OPM said the breach was discovered as the agency “has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks.”

But four people familiar with the investigation said the breach was actually discovered during a mid-April sales demonstration at OPM by a Virginia company called CyTech Services, which has a networks forensics platform called CyFIR. CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network. Investigators believe the hackers had been in the network for a year or more.

Update:  Extra points for this one:

The breach has expedited plans by the Senate to vote on cybersecurity legislation, with Majority Leader Mitch McConnell (R., Ky.) saying Tuesday a vote now could be held in the coming days.

Mr. McConnell said he planned to use an annual defense policy bill currently on the Senate floor to advance the cybersecurity measure, which is aimed at responding to a growing prevalence of data breaches at large U.S. companies.

So the government gets breached because it is using outdated software major private companies have long-ago replaced or patched, and the reaction is to...place new demands on private companies?

The Problem with Email is That It's Free

Yeah, I know, free is always supposed to be better.  But the problem of spam is caused entirely by its being free.   Here is an example:

According to the indictments, between 2009 and 2012 Nguyen and Vu hacked at least eight email service providers -- the companies that collect your data under slightly more legitimate circumstances -- to steal marketing data containing over a billion email addresses. After that, they worked with Da Silva to profit from the addresses by sending spam with affiliate links for a company he controlled, Marketbay.com.

At least according to the DoJ, all of that work netted around $2 million in affiliate marketing fees.

We don't have any idea how many emails they sent to each of these billion addresses.  But let's say they sent 10 spams to each (probably a low guess).  That is 10 billion spam emails for a net revenue of $2 million, or around $.0002 per email sent in revenue.

Long ago I proposed that (and I am not sure how to do this technically) emails should cost $0.001, or a tenth of a cent, to send.  For you and I, say if we sent 200 emails a day (an email copied to 5 people would be 5 emails for this purpose) it would cost us 20 cents a day or about $75 a year, not much more than we pay for security software and updates.  But if you could make it work, spam would be reduced drastically.  No way there is any profit in sending an email for $.001 for an expected return of $.0002.

I have no idea in the current structure of the Internet how one would even do this.  The charge would have to come from the receiving end, somehow refusing to deliver it if it does not get payment information.  However, anyone who is going to steal a billion email addresses could likely hack the payment system.

I was going to call this tragedy of the commons, but that is not really quite right.  Tragedy of the commons is sort of related to free public resources, but is more of an issue of lack of property rights than of the zero price.

@kevindrum Finds Absolutely Ubiquitous Feature of Regulation to be Mysterious

Kevin Drum simply does not understand why Wall Street might be piling into broadband stocks despite proposed "tough new regulations."  He posits a number of hypotheses -- that Wall Street expected the rules to be worse than they turned out to be.  But this can't be it because the hundreds of pages of rules are still a secret.  He also hypothesizes there might be some nefarious secret loophole buried in the rules Wall Street knows about but we don't.

This is crazy!  How can a reasonably bright person like Drum who writes about the political economy not understand the issue of regulatory capture?  Seriously, I have always figured that the Left, which has a seemingly infinite appetite for regulation, must favor regulation because they find the benefits to out-weight the crony-ist downsides.  Is it really possible Drum is unfamiliar with the downsides altogether, or is he just being coy?

Here is what regulation, particularly utility-style regulation, tends to do -- it locks in current business models and competitors.  It makes it really hard for new entrants to challenge incumbents with innovative new business models or approaches, because regulations have been written based on the old business model and did not take the new one in account.  So a new entrant must begin business by getting regulators to allow their new model, which never happens because by this time incumbents have buildings full of lobbyists aimed at the regulatory process.  Go ask Tesla and Uber and Lyft about how easy it is to enter a heavily regulated business even with a superior new business model.

This is particularly true in the technology world.  The biggest threat to incumbency is someone with a new technology or approach to the technology.  Don't believe me?  I suggest you go to the offices of Netscape or AOL or Lycos or Borders or Circuit City or Radio Shack and interview them about the security of their multi-billion dollar businesses in the face of new online technologies.  At best, regulators put a huge speed bump in the way of competitors, costing them time and money to get their alternative business model approved.  At worst, regulators block new competitors altogether.

I will give you a thought experiment.  Let's say these exact same rules were adopted in the year 2000, when AOL and Earthlink dial-up ruled the internet access world.  Would cable and satellite and DSL have grown as quickly?  I can see the regulators now -- "hey, all the rules specify phone dial up.  There's nothing here about cable TV.  Sorry [Cox, Comcast, whoever] you are going to have to wait until we can write new rules.

The other thing that happens with utility-style regulation is that companies in the business tend to get their returns guaranteed.  Made a bad investment in a competitive market?  Well good luck getting customers to pay extra to bail you out from your bad decision when they have other options.  But what happens when your local power company wastes $10 billion on a nuclear plant that never opens -- it gets built into your rate base!

In the cast of broadband, they are locked in what business school students would see as a classic supply chain battle.  Upstream companies like Netflix supply content via downstream broadband companies.  Consumers are only willing to pay a certain amount for this content, so the upstream and downstream fight a lot over who gets what share of that consumer $.    This happens everywhere in the business world, from Cable TV to oil refining to selling TV's at Wal-Mart.  There is a real danger that broadband will lose this fight in the future -- but not now.  Regulated industries never die, they appeal to their regulators for help.

As of yesterday, Wall Street is looking at broadband companies and realizing that they are now largely immune from competition and some level of minimum returns are likely now gauranteed forever.  Consumers should hate this, but what's not to love for Wall Street?

Postscript:  Kevin Drum describes the new regulation this way:  "Basically, under Wheeler's proposal, cable companies would no longer be able to sign special deals to provide certain companies with faster service in return for higher payments."  This is a bit like describing the Patriot Act as a law to force people to take their shoes off at the airport.  Yes, it does that narrow thing, but it does a LOT else.  The proposal is hundreds of freaking pages long.  It does not take hundreds of pages to do the narrow little niche thing Drum (like most neutrality supporters) wants.

This Administration has cleverly taken this one tiny concern people have and have used it as an excuse to do a major regulatory takeover of the Internet.  This is a huge Trojan Horse. But I have already ranted about the details of that and you can read that here.

Thinking of the Gracchi Brothers Today

It is with mixed emotions that I greet this day.  Frequent readers will know that I long for a system of much more open immigration.  I don't think that the US Government should be limiting who can and cannot seek work or live within the US borders (setting rules for citizenship and receipt of benefits are different matters).  So I would like to see many long-time immigrants legalized today (and in fact I likely have friends and acquaintances who will benefit, though it's always been a bit awkward to ask them about immigration status).

However, I would MUCH rather see a rational process implemented than these once a decade amnesties we seem to go in for instead.

I also worry that Obama is taking these actions for all the wrong reasons, seeking to add 5 million Democratic voters rather than trying to help 5 million people who are seeking prosperity.  The reason I suspect this is that he is also seeking higher minimum wages that will likely make it harder for these folks to find work, likely something he has promised to his union allies so they won't freak out.  I have always said that Republicans want immigrants to work but not vote and Democrats want immigrants to vote but not work.

But I am much more worried about the un-Constitutional process that is going to be followed.  Of course, this is not the only Executive power grab over the last two presidencies, but it is a big one and one of the first where the President has admitted he doesn't have the power but is going to do it anyway.

Around 133BC, Tiberius Gracchus was ticked off that the Roman Republic would not consider necessary land reform.  I am going to oversimplify here, but in their conquests the Romans had grabbed a lot of new territory and by law that land was supposed to be parceled in small sections to lots of individual land holders.  Instead, powerful men (many of whom were in the Senate) grabbed the lion's share of this land for themselves in huge estates.   Gracchus rightly saw this as unfair and a violation of law, but it was also a threat to the security of the nation, as independent landowners who bought their own weapons were the backbone of the Roman army.  The shift of agriculture to huge estates staffed with slaves was not only forcing a shift in the makeup of the army (one which would by the way contribute to the rise of despotic generals like Sulla and Caeser), but also was creating social problems by throwing mobs of unlanded poor on the cities, particularly Rome.

Anyway, the short version is that Tiberius Gracchus had good reason to think these reforms were important.  But traditionally they would have to be considered by the Senate first, and he was too impatient to wait that process out, and besides (probably rightly) feared the Senate would find a way to kill them.   He was so passionate about them that he violated the (unwritten) Roman Constitution by ignoring the Senate and setting new precedents for using his position as Tribune to pass the new laws.  It was absolutely the prototype for a well-intentioned bypassing of the Constitution.  I won't go into detail, but Tiberius was killed at the behest of some Senators, but his brother picked up his mantle 10 years later and did some similar things.  Which is why we talk of the Gracchi brothers.

In the near term, the results were some partial successes with land reform.  However, in the long-term, their actions really got the ball rolling on what is called the Roman Revolution.  A hundred years later, the Republic would be gone, replaced with a dictatorship.  Step by step, the precedents often set initially with only the best intentions, were snatched up and used by demagogues to cement their own power.  In later years, what gave emperors their authority was a package of powers granted to them.  One of the most important was "tribunition" power.  In essence, the tribunition power included many of the powers first exercised aggresively by the Gracchi brothers.  More than just starting the ball rolling on the Revolution, they pioneered the use of powers that were to be the core of future emperors' authority.

Sorry for the Downtime

Had some sort of attack running all weekend against one of my more minor web sites.  Hostgator found the attack and changed our security rules, and for now we should be fine.  Sort of violating the security through obscurity rule of thumb since this was a very obscure site they were attacking.

Site Issues

Well, we had just a mess of problems here.  We have had off and on DOS attacks for a week or so, and then last night I managed to embed some oddball code in a quotation in one of yesterdays posts that caused other heartache.

After a lot of debugging, I am hoping all is well again.  I have changed the caching and security options at Incapsula, which I use as a gateway for traffic.  For many of you, you will see substantial performance improvements but at the cost of some caching which may delay your comments showing up by 10 minutes or so.

The Real Money in the Climate Debate

I have yet to meet a skeptic who reports getting any money from mysterious climate skeptics.  A few years ago Greenpeace had a press release that was picked up everywhere about how Exxon was spending big money on climate denialism, with numbers that turned out to be in the tens of thousands of dollars a year.

The big money has always been in climate alarmism.  Climate skeptics are outspent a thousand to one.  Here is just one example

It sounds like the makings of a political-action thriller. The National Geospatial Intelligence Agency (NGA) has awarded Arizona State University a five-year, $20 million agreement to research the effects of climate change and its propensity to cause civil and political unrest.

The agreement is known as the Foresight Initiative. The goal is to understand how climate-caused disruptions and the depletion of natural resources including water, land and energy will impact political instability.

The plan is to create visually appealing computer models and simulations using large quantities of real-time data to guide policymakers in their decisions.

To understand the impacts of climate change, ASU is using the latest advances in cloud computing and storage technologies, natural user interfaces and machine learning to create real-time computer models and simulations, said Nadya Bliss, principal investigator for the Foresight Initiative and assistant vice president with ASU's Office of Knowledge and Development.

I can tell you the answer to this study already.  How do I know?  If they say the security risks are minimal, there will be zero follow-up funding.  If they say the security risks are huge, it will almost demand more and larger follow-up studies.  What is your guess of the results, especially since the results will all be based on opaque computer models whose results will be extremely sensitive to small changes in certain inputs?

Postscript:  I can just imagine a practical joke where the researchers give university officials a preview of results.  They say that the dangers are minimal.  It would be hilarious to see the disappointment in the eyes of all the University administrators.  Never in history would such a positive result be received with so much depression.  And then the researchers would say "Just kidding, of course it will be a catastrophe, it will be much worse than predicted, the badness will be accelerating, etc."

AZ Corporation Commission's Completely Inadequate Response to My Critique on their Site Security

A while back I wrote about my concerns about the total absence of any security at all in the Arizona corporate annual reporting system

I started the annual reporting process by just typing in the name of my company and getting started.  There was no password protection, no identity check.  They had no way of knowing I had anything to do with this corporation and yet I was answering questions like "have you been convicted for fraud."  The potential for mischief is enormous.  One would have to get the timing right (an annual report must be due before one can get in) but one could easily open the site on January 1 and start entering false information in the registrations for such corporations as Exxon and Wal-Mart.

See for yourself.  .

I showed how one could open and file the report for a company like Wal-Mart, changing all their officers names, and confessing to all sorts of imagined corporate crimes

Again, note what I am saying.  This is not the result of hacking.  This is not lax security I figured out how to evade.  This is the result of no security whatsoever.  I simply went to the link above, clicked on the Wal-Mart Associates link, and then clicked on the annual report link.  I know from doing my own registration that there is a signature page at the end, but all you do is type in the name of an officer and a title -- data that is right there on the site.  It's like asking you for a password after the site just listed all the valid passwords.

The head of the Arizona Corporation Commission wrote me back. Here is here email in its entirety:

Dear Mr. Meyer:

Thank you for your email regarding the Corporations Division.  The Arizona Corporation Commission is the repository for all business formation documents for corporations and limited liability corporations.  We are in full compliance with state statutes.

Submitting false documents to alter another’s corporate structure or status is a crime and carries a Class 4 or Class 5 penalty.  The Commission or the aggrieved business entity may refer the false filing to the Attorney General’s office for prosecution.  Additionally, the individual business entity may pursue a civil cause of action.  The Commission only accepts on-line charges for a few services such as name reservation or to order a certificate of good standing, and the online payment process is completely secure.

Even though the Commission’s existing security measures comply with the state law and are similar to most other states and other Arizona governmental entities like the County Treasurer’s Office, the Commission is looking at implementing new technology to allow for the online submission of additional services – such as the filing of original Articles of Organization and Articles of Incorporation.  We do intend to provide password protected security features when that new technology is offered to the public.

J. Jerich

Executive Director

Arizona Corporation Commission

I had no doubt that submitting a false annual report for Wal-Mart would be illegal.  Duh.  However, it is just incredibly naive that this is the sole extent of the Commission's security, to prosecute people once the damage is done.  Can you imagine if Amazon had the same security policy - "we are getting rid of passwords because it would be illegal for you to buy something from someone else's account."  I wonder if the commissioners leave their doors unlocked at night, trusting in the threat of future prosecution to deter burglary and mayhem in their homes?