Issue 117

FBI plot hatched over beers

Delivered on 21 June 2021 by Justin Pyvis. About a 3 min read.

Over 800 suspected criminals were arrested across the world earlier this month "after being tricked into using an FBI-run encrypted messaging app". The plot was concocted back in 2018 while Australian authorities and the FBI were knocking back a few cold ones (no doubt celebrating Australia's new Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018), "when they hatched a plan to exploit the communications network for their own ends: by surreptitiously taking control of AN0M and using it as window into criminal activities".

"I wasn't there," Australia's federal police commissioner Reece Kershaw told reporters on Tuesday, "but as you know some of the best ideas come over a couple of beers."

The full details, for obvious reasons, are scant. But the fact that Australian authorities were heavily involved is probably because it has the worst digital privacy laws in the world. The Assistance and Access Bill 2018 cited above allows authorities to compel individuals or companies to do one or more specified 'acts or things' necessary to assist agencies, without judicial oversight.

While the Assistance and Access Bill 2018 has never been used for anything terrorism related (the original justification for the bill), the Australian Federal Police (AFP) confirmed that the global sting was only possible because of it, although it was "not in a position to elaborate further due to legislative requirements within the relevant acts".

Should we care that a bunch of criminals were busted by an elaborate honeypot? No. This isn't the first time the US government has built a product from the ground up with the aim of spying on criminals and foreign governments: Crypto AG, a Swiss communications and information security company that operated from 1970 until 2018, was created by the CIA to sell backdoored products.

Indeed, the stupidity of these so-called crime bosses is staggering:

Ayik is the founding member of the "Aussie Cartel" – a syndicate formed by some of Australia's most wanted crime bosses that smuggles an estimated $1.5 billion AUD worth of drugs into the country each year – and is currently Australia’s most wanted priority target. He recommended AN0M to criminal associates, who would purchase mobile devices that had been preloaded with the app on the black market.

These phones could not make calls or send emails, and could only send messages to another device that had the same app, according to a statement by the AFP. Criminals needed to know a criminal to get a device. They would then use the encrypted messaging software to send messages, distort messages and take videos.

High-profile organised crime figures vouched for the app’s integrity – and by the time authorities swooped more than 10,000 people were using AN0M devices across the world, including more than 1,600 in Australia.

Encryption is trustworthy. Random, invite-only closed source apps are not. You would think that given their threat model, hardened criminals might at a minimum use something that has had its source code audited by a trusted party. Better yet, a messaging app that's completely open source. Or keep it simple by using PGP with a key they themselves created and distributed. It would literally take a minute to set up.

The fact that these 'high-profile organised crime figures' vouching for the app's integrity blindly trusted a secretive, closed-source app suggests they would probably have been caught eventually anyway.

But what we should care about is Australia's involvement in all of this. The laws used to arrest a few hundred suspected criminals (the first 50 'beta testers' were already under surveillance) "have undermined international trust in Australia's digital services and their cybersecurity, increased business uncertainty, and hurt the brand image of Australian providers internationally", with costs "measurable in the multiple billions of dollars".

According to Digital Rights Watch executive director Lucie Krahulcova:

It seems the FBI would not have been able to conduct this operation without the AFP. And that's because we have essentially one of the most invasive, most broad anti-encryption legislation in the world right now.

Law Council of Australia president Jacoba Brasch QC said that under the Assistance and Access Bill 2018, there is "no judicial involvement in the issuing process for orders compelling communications providers to render assistance".

You can be sure that following the success of this honeypot (which only came to an end after a blogger did some analysis on a device and revealed it to be a scam), every country in the world will soon be knocking on the AFP's door trying to get some judicial-free, backdoor surveillance action (well maybe not China).

The message from Australia's politicians is clear: if you want to start a digital company and need any kind of data security or user privacy, do not do it in Australia, a place where individual and enterprise trust in digital services no longer exists.

Issue 116

Regulating crypto

Delivered on 14 June 2021 by Justin Pyvis. About a 3 min read.

The Basel Committee on Banking Supervision is gearing up to regulate banks that hold cryptocurrency, as "the growth of crypto assets and related services has the potential to raise financial stability concerns and increase risks faced by banks". Unfortunately its proposed regulations completely miss the mark. According to the FT:

All other [non-stablecoin] crypto assets, including bitcoin and ethereum, would go into the new, more strenuous regime. The Basel committee proposed a risk weight of 1,250 per cent, in line with the toughest standards for banks' exposures on riskier assets.

That would mean banks would in effect have to hold capital equal to the exposure they face, and be prepared if the value of the asset were worthless. A $100 exposure in bitcoin would result in a minimum capital requirement of $100, Basel said.

The standards would apply to assets created for decentralised finance (DeFi) and non-fungible tokens (NFTs), but potential central bank digital currencies were outside the scope of the consultation, it added.

I get that the regulator is concerned about stability, but the effect of these capital requirements will be to kick crypto to the curb – including the very promising DeFi – where it will be embraced by non-bank entities.

We've seen how excessive regulation can lead to growth in problematic shadow banking – well soon we may see a growing shadow crypto sector. A far better approach would be to update the rules to incorporate crypto, rather than kneecap it to the point that the only place it can thrive is outside of the traditional banking system.

There is a legitimate need to develop a proper, global regulatory framework that would allow institutions to access new DeFi services through the banking system. It really shouldn't be that difficult – most cryptocurrencies are actually more traceable than cash, given that they provide an open, immutable record of all transactions.

Then again, if the five Big Tech-busting bills released for review in the US last week are any indication (see below), perhaps proper regulation of crypto is indeed impossible.

Those five antitrust bills

US House Democrats on Friday unveiled five separate bills aimed at breaking up Big Tech. If you were to put several politicians in a room who knew nothing about technology and asked them to devise some new regulations... well this is close to what you would get:

  • American Choice and Innovation Online Act, to prohibit discriminatory conduct by dominant platforms, including a ban on self-preferencing and picking winners and losers online.
  • Platform Competition and Opportunity Act, to prohibit acquisitions of competitive threats by dominant platforms, as well acquisitions that expand or entrench the market power of online platforms.
  • Ending Platform Monopolies Act, to eliminate the ability of dominant platforms to leverage their control over across multiple business lines to self-preference and disadvantage competitors in ways that undermine free and fair competition.
  • Augmenting Compatibility and Competition by Enabling Service Switching Act, to promote competition online by lowering barriers to entry and switching costs for businesses and consumers through interoperability and data portability requirements.
  • Merger Filing Fee Modernization Act, to update filing fees for mergers for the first time in two decades to ensure that Department of Justice and Federal Trade Commission have the resources they need to aggressively enforce the antitrust laws.

At least we finally get a definition out of this. Big Tech (i.e. companies covered by these Acts) are defined as those with 50 million US-based monthly active users, 100,000 US-based monthly active business users, or possessing a market capitalisation of more than $US600 billion. Right now that would include Google, Facebook, Microsoft, Alphabet (the parent company of Google), Amazon, Apple, Netflix and maybe even Snapchat (which has close to 50 million US-based monthly active users). None of the metrics are indexed to population or inflation, meaning over a sufficient period of time they could become all-encompassing.

One important variable that isn't defined is "data", which will be provided "6 months after the date of enactment". So these Acts will go into force, require Big Tech to ensure things such as "all data must be portable", and "enable the secure transfer of data to a user", but not provide a definition of data?!

Not to mention that mandating data portability generally requires an assumption that the current way of doing things is the only way: will some future Facebook competitor be required to ensure its data are portable and interoperable with whatever today's regulators come up with? Surely not, but that's what will happen. The effect will be to lock-in some kind of standard and force every future entrant to comply accordingly, which would likely have the opposite effect to the stated goal: it would help Big Tech maintain its dominance and stymie innovation.

Then there's the effective prohibition on all mergers and acquisitions, with M&A disallowed for any Big Tech company that might "compete with the covered platform... constitute nascent or potential competition to the covered platform... enhance or increase the covered platform operator's market position... or maintain its market position". Really?

There's plenty more nastiness inside each, feel free to read them all here. But essentially a handful of US companies will be regulated differently to every other business – without evidence of consumer harm – in a process that, if passed, will probably destroy many products consumers actually enjoy. 🙄👏

Issue 115

A big success

Delivered on 08 June 2021 by Justin Pyvis. About a 3 min read.

The Australian government's attack dog has given itself a big pat on the back for successfully shaking down Google and Facebook with its News Media and Digital Platforms Mandatory Bargaining Code:

Rod Sims, chair of the Australian Competition and Consumer Commission, told the Financial Times on Tuesday that the country's world-first news media bargaining code had forced big technology platforms to the negotiating table to agree deals with publishers.

"We are on track for deals all around. It's been a big success," Sims said in an interview. "We are just about there and the media companies are happy — and that's the key point."

The word "deal" is a generous use of the English language, which defines it as "an arrangement for mutual advantage". These deals are only mutually advantageous to the extent that the legislation allows Australia's Treasurer to arbitrarily "designate a digital platform as being under the news media bargaining code", unless a deal is struck resulting in "no need for designation under the code".

In other words, the costs being "designated" by the Code are so significant that it's in Google and Facebook's interest to agree to a completely one-sided deal to avoid having to "bargain" in the ACCC's kangaroo court. There's a serious lack of transparency: no details of any of the "deals" have been made public, although they're each rumoured to be in the tens of millions.

Essentially Facebook and Google have to pay a secret 'protection fee' to Australia's archaic, highly concentrated media companies or the government will beat them down with a big stick known as the News Media and Digital Platforms Mandatory Bargaining Code. The public is completely in the dark, the media companies are unaccountable to the taxpayer and any potential entrant must now compete against these dinosaurs plus the extra tens of millions of dollars with which they're now being subsidised.

No doubt a lucrative advisory gig at one of the legacy media companies awaits ACCC chair Rod Sims when his term expires in July 2022.

Solar policy and unintended consequences

A few days ago Bloomberg published a good piece summarising the demise of the US solar industry. It's a warning for fans of so-called industrial policy, with good intentions ruined by unintended but entirely predictable consequences.

The [solar] industry failed to take root in the U.S. despite billions of dollars in government incentives and nearly two decades of pledges from presidents, starting with George W. Bush, that the nation would be a clean-energy superpower.

In the early 2000's China was emerging as a major solar competitor to the US. So successive Presidents – before the 'Tariff Man' Donald Trump even came to power – whacked them with tariffs, with Obama raising them "as high as 249%", which... "spurred retaliation instead of a manufacturing renaissance":

Manufacturers responded by moving operations out of China, but they didn't head to the U.S. Instead, large manufacturers skirted the U.S. tariffs by building facilities to assemble solar cells and modules across Southeast Asia.

But it gets better:

Making matters worse, China retaliated by imposing its own duties of up to 57% on imports of U.S.-made polysilicon -- tariffs that crippled U.S. producers of the conductive material used in solar panels.

Instead of affordable, Chinese-taxpayer subsidised solar panels that made "solar as cheap as coal", the US raised the domestic price of solar, did not save the industry, and accidentally managed to kill off its thriving polysilicon industry, going "from making 50% of the world's polysilicon in 2007 to less than 5% today".

Unintended consequences from poorly conceived policy strike again. What's the saying about good intentions again?

Issue 114

Facebook's data problem

Delivered on 31 May 2021 by Justin Pyvis. About a 2 min read.

Facebook is a data leviathan, gobbling up anything and everything it can on its users and non-users alike. It does that for a reason – Facebook is not a social network but an advertising company. It needs as much data as it can get because it's competing with the likes of Google, Amazon and even traditional media for a limited number of advertising dollars.

Facebook has to prove that its adverts are better targetted than the competition – that its adverts are "useful and relevant", i.e. properly directed at the desired audience, generating more useful clicks. It has done a pretty good job of that over the past decade:

Over 97% of Facebook's revenue comes from advertising.
Over 97% of Facebook's revenue comes from advertising.

But recently the tide has started to turn and Facebook finds itself with a data problem.

The first blow was the immense backlash to Facebook's attempt to capture even more data from its messaging subsidiary, WhatsApp, which it acquired for around $US16 billion in 2014 but hasn't been able to monetise. That forced the company into two backflips: it delayed the planned February change to 15 May, then last week it announced that "we will not limit the functionality of how WhatsApp works for those who have not yet accepted the update".

In other words, WhatsApp users will still have to opt-in for Facebook to have access to their WhatsApp images and metadata (WhatsApp is likely end-to-end encrypted so the messages themselves are useless), limiting the number of users it can data mine.

The second blow was Apple's IOS 14.5 update, which starting rolling out to users in late April:

Since the update went live last month iPhone owners have been opting out of data tracking in their droves. According to Flurry Analytics, 85 per cent of worldwide users clicked 'ask app not to track' when prompted, with the proportion rising to 94 per cent in the US.

Now to be clear, Apple is no saint. It has been accused of using forced labour in Xinjiang and has been more than willing to sell its Chinese users down the river:

Mr. Cook [Apple CEO] often talks about Apple's commitment to civil liberties and privacy. But to stay on the right side of Chinese regulators, his company has put the data of its Chinese customers at risk and has aided government censorship in the Chinese version of its App Store. After Chinese employees complained, it even dropped the "Designed by Apple in California" slogan from the backs of iPhones.

Apple's attack on Facebook via the data tracking opt-out is not an act of benevolence but a strategic move designed to cripple a major competitor. If Facebook can't track Apple iPhone users (over 1 billion in use worldwide), it can't sell targeted adverts to them as easily. How can Facebook continue to pump development dollars into the likes of WhatsApp if they can't be monetised?

The short answer is it can't, which is why Facebook has a data problem. In an effort to offset Apple's move, Facebook recently increased the number of internal commerce products it offers, such as Facebook Shops and Instagram Shops ('other' revenue in the chart above). It has also been begging Apple users to "show you ads that are more personalised", to "keep Facebook free of charge".

But would anyone actually pay for Facebook? 🤔

Issue 113

Bubble risks

Delivered on 24 May 2021 by Justin Pyvis. About a 3 min read.

Bloomberg published an article on Sunday looking at asset bubbles in China:

Home prices are soaring, prompting officials to revive the idea of a national property tax. A surge in raw material prices spurred pledges to increase domestic supply, toughen market oversight, and crack down on speculation and hoarding.

The rapid gains are challenging the central bank's ability to restrain inflation without hiking borrowing costs or making a sharp turn in monetary policy – something the People's Bank of China has said it will avoid. The risk is the government's attempts to curb price increases won’t be enough, forcing the central bank's hand at a vulnerable time for domestic consumption.

Bubbles – particularly in assets – are blowing up everywhere, not just in China. Demand surged on the back of record-low interest rates and gargantuan fiscal stimulus in response to the coronavirus pandemic, despite the fact that it was a supply shock, not a deep demand shock (as after, say, a financial crisis).

There is a reasonable risk that the observed asset price inflation eventually flows through to consumer price inflation, forcing rate hikes and a destruction of company valuations. It's already showing up in China's producer prices – the price of raw materials and goods leaving its factories – which will squeeze the margins of consumer goods vendors, unless they also start to raise prices.

China's bond market isn't concerned about inflation.
Source: Bloomberg

While China's financial markets are "pricing in a relatively benign scenario", and the "10-year government bond yield has fallen to the lowest level in eight months", it's important to remember that bond markets have never actually predicted future inflation but instead move concurrently with inflation, sometimes even with a lag.

There is no evidence to suggest that bond markets are good predictors of inflation.
Source: Peterson Institute for International Economics

We made a prediction of sorts back in December 2020:

Central bankers have been very vocal about suppressing interest rates for, in some cases, up to three years. Whether they'll be able to achieve that stated goal is another question, but you can be sure they'll try for far longer than they should.

But the sheer amount of demand stimulus being injected into the global economy can't go on forever and when it turns, it'll turn quickly. As Hemingway wrote in The Sun Also Rises, you go bankrupt in two ways: "Gradually, then suddenly." That's probably how the latest global debt adventure will also unfold: first with asset price inflation, then with the wealth effect pushing up consumer price inflation, then finally with a sudden crisis as markets, central bankers and governments eventually realise their errors (far too late).

Unfortunately, the madness may continue for much longer than you expect (such is the nature of credit booms).

Asset price inflation, check. We're now starting to see some consumer price inflation – which central banks are claiming is "transitory" – but there's still pressure to come given that the savings rate remains elevated and growth in bank deposits only started to decelerate in mid-March.

However, supply chains are already under pressure from COVID-restrictions and the swathe of order cancellations last year and subsequent investment and production cuts mean prices could respond relatively quickly to additional consumer demand.

Google searches for inflation are back where they were during the global financial crisis.
Source: Google Trends

We don't pretend to know when the music will stop but the recent volatility in equity, commodity and crypto markets, along with rising web searches for inflation, suggests we're not alone in worrying about bubble risks.

View more