Category Archives: Economics

Wet Economics and Digital Security

A student once unwittingly asked a physicist, “Why did the chicken cross the road?” Immediately, the physicist retreated to his office to work on the problem.

Some days later, the physicist emerged and told the student, “I have a model that explains the chicken’s actions, but it assumes the road is frictionless and that the chicken is both homogeneous and spherical…”

In the last 50 years, economics has increasingly tied its models to frictionless decisions and homogeneous, spherical employees. These employees are as interchangeable with each other as are the widgets a company mass-produces. They show up to work at a certain wage and, since perfect competition in the labor market makes these models work, there is an assumption that the cost of labor is at a point where the market clears – no need to offer any more or less than that going wage rate.

As the world economy moved from regionalization to globalization and digital technologies made employees’ locations no longer tied to where a firm was legally chartered, the idea that costly labor in one market could be replaced with cheaper labor in another market fit well with the notion that employees were homogeneous, spherical physical bodies making frictionless decisions.

The biggest problem with the economic models that have dominated economic thought over the last 50 years is that, while they are great for predicting normal ups and downs in periods of relative calm, they are useless in times of massive upheaval. Put another way, they are like weather forecasting models that see category 5 hurricanes as “an increased chance of rain” or massive blizzards as “snowfall predicted for the weekend”. These models go blind in such unanticipated crises and are particularly useless for crises precipitated out of massive fraud and abuse. We saw the flaws of the models first in 1998, then in 2001, and again in 2008. We may soon see another round of flaw-spotting very soon, what with unease afflicting a number of major banks in germany and Italy…

But the second-biggest problem with the economic models is less obvious, and that’s because it involves the one thing everyone seems to leave out of their thought processes: security. Because the employees are not interchangable spheres and their decisions frequently involve friction, we can see security issues arising out of our reliance on those economic models.

The first is that employees are not widgets to be had at the lowest price: changing out a skilled veteran with many years at a firm even for someone with the same amount of experience from another firm involves a loss of institutional knowledge that the veteran had. The new person will simply not know many of those lessons until they are learned the hard way. In security, that can be costly, if not fatal.

It’s even worse if the new employee has significantly less experience than the veteran. I shudder whenever I hear about “voluntary early retirement” because it means all those people with many, many years at the firm are about to be replaced by people of vastly less experience. Because that experience is not quantified in the models used, it has no value in the accounting calculations that determined cutting the payroll to be the best path to profitability.

Then there’s the matter of the new employees – especially if they’re outsourced – not having initiative to fix things proactively. That lack of initiative, in fact, may be specified in the support contract. Both parties may have their reasons for not wanting to see initiative in third-party contractors, but the end result is less flexibility in dealing with a fluid security issue.

Remember the story of the Little Dutch Boy that spotted a leak in the dike and decided to stop it with his finger, then and there? What sort of catastrophe would have resulted if the Little Dutch Boy was contracted by the dike owners to monitor the dike, to fill out a trouble ticket if he spotted a breach, for the ticket to go to an incident manager for review, then on to a support queue with a 4-hour SLA to contact the stakeholders, so that they could perform an incident review and assess the potential impact before assigning it the correct priority? There would be a good chance that the incident would resolve itself negatively by the time it was graded as a severity one incident and assigned a major incident management team to set up a call bridge.

Security needs flexibility in order to succeed, and that kind of flexibility has to go along with the ability to exercise initiative. Full-time employees, costly though they may be, are more likely to be authorized to exercise initiative – and, if they’re experienced, more likely to use it.

On the matter of those decisions with friction… at any time, an employee can make an assessment of his or her working conditions and decide that they are no longer optimal. Most employees will then initiate either a job search process or a program of heavy substance abuse to dull the pain brought on by poor life and career choices, but others will choose different paths. It is those others that will create the security issues.

These others may decide that the best thing to do in their particular position is to get even with their employer for having created an undesirable situation. In the film “Office Space”, three of the main characters chose that path and created a significant illegal diversion of funds via their access to financial system code. They also stole and vandalized a laser printer, but that had less impact on their employer than the diversion of funds. In the same film, a fourth employee chose to simply burn down the place of business. Part of the popularity of the film stemmed from the way those acts of vengeance, in particular the vandalism of the printer and the sabotage of the financial system, rang true with the people in the audience.

We all knew an employer that, in our minds, deserved something like what happened in the movie. When I read recently of a network administrator deleting configurations from his firm’s core routers and then texting all his former co-workers that he had struck a blow on their behalf, I saw that such sentiments were alive and seething in more than one mind. As options for future employment in a region diminish as the jobs that once sustained that region go elsewhere, that seething resentment will only increase, resulting in ever-bolder acts of defiance, even if they result in the self-destruction of the actors initiating them.

But then there are the others that take even more thought about their actions and see a ray of hope saving them from self-destruction in the form of criminal activity. Whether they sell their exfiltrated data for money or post it anonymously on WikiLeaks. The first seeks to act as a leech off of his employer, the second has a motive to make the truth be known. Both actually prefer that the employer’s computer systems be working optimally, so as to facilitate their data exfiltration.

In economic models, this should not be happening. People should be acting rationally and either accept lower wages or retrain for other jobs. In real life, people don’t act rationally, especially in times of high stress. So, what can firms do about this in order to improve security?

The answer lies in the pages of Machiavelli’s “The Prince”. Give them a stake in the enterprise that requires their loyalty in order to succeed, and then honor that loyalty, even if it means payroll costs don’t go down. It won’t eliminate criminals 100%, but it will go a long way towards not only limiting the number of criminals in one’s firm, but also will maximize the incentive for loyal employees to notice, report, and react to suspect behaviors. If a firm was once again a place where people could be comfortable with their job prospects for the years ahead, it would be less of a target in the minds of the unhomogeneous, unspherical employees whose decisions always come with friction. It would be a firm that would have better retention of institutional knowledge and expertise in dealing with incidents.

Now, will boards and c-level executives see things this way? Not likely, given that the economic models of the past 50 years dominate their thinking. Somehow, the word has to get out that econometric models are not the path to security. Security is not a thing, but a system of behaviors. If we want more security, we then have to address the behaviors of security and give employees a reason to embrace them.

Market Failure

In Economics, “Market Failure” is a term that refers to when the free market isn’t able to provide a proper allocation of resources necessary to resolve a problem. Neoliberal economists say that there’s no such thing, that a proper market, without government interference, can solve any issue of resource allocation. I disagree. Neoliberal economists are great for when there are no disasters, but their models fail the instant the expected rain turns out to be a hurricane. Or a blizzard. Or a tornado spawns. Or an earthquake hits. Or a war is declared. Or a pandemic enters the scene.

I am living through a pandemic right now. I assume that most of my readers are contemporary and are living through it, as well. We are all witness to how governments’ responses to the COVID-19 pandemic have fallen into one of several categories:

  1. Quick response, firm response – nations like South Korea, Japan, Taiwan, and Singapore had experience from SARS and MERS and knew what to do. As soon as the reports started to trickle out of China in January about a possible new coronavirus outbreak, they got their plans together.
  2. Slow response, firm response – Germany did not react as quickly as the nations cited above. As a consequence, the number of per-capita cases in Germany is much higher than in the nations cited above. But because the Germans had a firm response to the pandemic, they have been able to keep the fatality rate remarkably low, relative to other nations that responded late.
  3. Slow response, lax response – Italy was the first, but the USA (so far) is the worst. Both high case numbers as well as high fatality rates, this clearly wasn’t the right way to go.

So, what were factors in the USA’s response being incoherent and uncoordinated? Alas, there are many, including those stemming from a leadership focused more on its own status and media perception than on the actual pandemic, as well as those that originated about that same leadership encouraging talking points that downplayed the severity of the pandemic or which promoted unproven claims of various stripes – all to distract from the failures of that leadership. In a full report on the failure of the USA to deal as appropriately with COVID-19 as did South Korea, Japan, Taiwan, and Singapore – or even Germany – those reasons must be explored in greater detail. For this article, I want to focus on the market failures.

As it became clear that we were entering into a public health emergency, stocks of personal protective equipment (PPE), including masks, gowns, gloves, and eye protection, began to move sharply up in price. In a pure market, this is to be expected. Demand for the widget is higher and supply is at present inelastic, so the price of the widget must go up. Simple exercise, time to move on to the next textbook section… except, in this case, the widget is needed to save lives and the limits on production of said widgets means that the producers can engage in competition against the customers, in this case, the states and their hospitals.

Competition against a customer is when the makers of a product all raise their prices, one after the other. They need not communicate such a plan in so many words. That would be illegal collusion if they did. Rather, all one has to do is raise prices and the others follow that “price leadership” to match. The customer has nowhere else to turn and has to pay a profiteer’s premium in order to purchase that good. Competition against customers also takes the form of a bidding war. In that, a producer doesn’t treat each transaction as contractually binding, but makes a deal with one state that is conditional that no other state offers a higher price. When a higher price is offered, the original deal is off the table. When the federal government shows up to bid, it invariably offers the highest price and the states are left in a quandry. Not only do they not have their desired goods, but the market-clearing price is now magnitudes above what it once was.

So far, the federal government has yet to truly put the provisions of the Defense Provisioning Act (DPA) into motion in order to provide for more PPE at cheaper, fixed prices to the state and federal buyers. The federal government has also not been transparent about how it plans to use its stockpile – but that is for another, more in-depth analysis of the USA’s failures in responding to COVID-19. The DPA exists precisely for conditions such as we are experiencing, where price leadership and bidding wars are driving up prices for scarce goods. We could have a federal response that dictates a fixed price and that also instructs manufacturers of PPE to expand capacity.

Had the DPA been invoked in January – right around the time we could all sense this was going to be a huge thing – capacity would be expanded as of now and we would not be dealing with PPE shortages of the sort we see now. We see far too many cases of medical professionals unable to procure their own PPE, let alone get it issued from their hospital, so they have to make do with second-rate supplies that go against all best practices for proper use and disposal. This places their lives in needless jeopardy and, by extension, the lives of their patients.

The next market failure is the matter of the USA’s health system being dependent upon employer-provided private insurance, with zero transparency or consistency regarding pricing. While the President has declared that certain areas of care will be either covered by insurers or paid for by the federal government, we have only those declarations and no actual, actionable law or executive order to point to as a reference when dealing with insurance companies. Consequently, as a matter of corporate survival in a pandemic, insurance companies are invoking every loophole possible in a rearguard action to avoid breaking themselves over COVID-19 claims.

At which point, we must all ask, why do we have health insurance companies in the first place if they’re unable to properly lay out in times of catastrophe? We’re depending upon them to pay the bills – that’s why we pay our premiums – but if they up sticks and disappear when things are really, REALLY bad, then what use are they?

Given that many insurance companies already have a massive deductible and next to zero coverage only underlines my question – what use are they? The properly-funded public health systems in South Korea, Japan, Taiwan, Singapore, and Germany provided and continue to provide life-saving care for all their citizens. Meanwhile, the morgues and even cemeteries are overwhelmed in New York City, where some of America’s finest hospitals are overwhelmed. And, at those overwhelmed hospitals, there are patients who are going to be told that the care they thought was going to be 100% covered actually won’t be covered to that extent… and they will be looking at bankruptcy-inducing expenses as a consequence.

Maybe a policy here requires two positive test results to confirm COVID-19 and a patient received only one or none and was a presumed COVID-19 patient. Maybe the patient died before being tested and the cause of death was just “pneumonia” and not actually connected to COVID-19. Maybe the treatment specific to COVID-19 is covered, but not the ambulance, anesthesia, X-ray or other imaging analysis, or the final care arrangements. There are all kinds of ways to think of loopholes, and I’m sure the experts have already come up with others.

Back to the employer-provided insurance. What of the mounting wave of unemployed Americans? While possibly a huge save for insurance companies that no longer have to pay out for people they *used* to cover, who pays for the care they receive? Do they even go in to get tested or treated, out of fear over how much it will cost? Maybe something comes along to guarantee the federal payment for COVID-19 treatments other than the words of a pathological liar, but until then, there’s nothing to promise a free treatment for COVID-19 victims that don’t have insurance. And even with that federal guarantee, should it materialize, what happens when a person is brought to the emergency room for trouble breathing, but it’s only common-or-garden emphysema? We’re back to the bankruptcy gamble.

We can’t even post a price list for treatments because such a list does not exist. That’s why it’s a bankruptcy gamble. What if you have COVID-19, your insurer promises to cover it 100%, and you go to an in-network hospital and see an in-network physician? So far, so good. Now enter a specialist who assists that physician who’s not in-network. All bets are off, now, and it’s likely this patient is going to pay dearly for the fact that nobody knows exactly what combination of specialists is going to be in-network or out.

The President and his most ardent supporters have made much noise about “getting America back to work again.” Their fears are real – if Americans can’t pay the rent, then they go bankrupt when they can’t service their loans that depend upon those rent payments. But sick Americans can’t work and dead Americans can’t pay the rent, so they’re really unable to get America back to work again in the midst of a pandemic and come out all right. Without some sort of government fiat ruling, they face the market’s failure to accommodate some slack for times of extreme duress. On a side note, bankrupt Americans also don’t pay the rent and are more likely to try and fight out their squatters’ rights in costly court proceedings, so maybe those ardent supporters might want to take a look at actually fixing the health care system and not breaking out in a rash whenever the topic comes up. But a president empowered with the DPA can also take it upon the nation’s best interests to suspend loans, mortgages, and rents for the duration of the crisis. Other nations have done so, but the USA lacks a leader with the fortitude or foresight to enact such a policy – and the banking system hangs all the more precariously without such a policy to support it.

The markets have failed. PPE, health coverage, and rents/mortgages/loans are all in a quandry in the USA and the President and his most ardent supporters have failed to address these issues in a timely or realistic fashion. There have been multiple calls to address the issues from a very early date, but the President and his most ardent supporters rejected those calls. Because of the failures of the President and his most ardent supporters, the USA faces a disproportionate toll in terms of persons infected with COVID-19, with persons who died because of COVID-19, and with economic impact from the COVID-19 outbreak.

Some Working with Numbers…

Some work with numbers to prove why it’s a very good idea to wash hands and to keep a goodly distance from others… It starts out grim, with fatality statistics, but we can nevertheless find some hope in those numbers, so do bear with me.

CDC data for 2017 shows there were 2,813,503 deaths in the USA that year. The top ten causes were:

Heart disease: 647,457
Cancer: 599,108
Accidents (unintentional injuries): 169,936
Chronic lower respiratory diseases: 160,201
Stroke (cerebrovascular diseases): 146,383
Alzheimer’s disease: 121,404
Diabetes: 83,564
Influenza and pneumonia: 55,672
Nephritis, nephrotic syndrome, and nephrosis: 50,633
Intentional self-harm (suicide): 47,173
A comment on “Influenza and pneumonia”. That’s a heavy emphasis on “and pneumonia”. When we look at the breakout of those numbers, just less than a fifth are influenza – about 10,500. The rest are “and pneumonia.” So when we talk about influenza’s mortality, it needs to be decoupled from “and pneumonia” to get a truer sense of influenza’s mortality.

Now take the number of deaths and divide by 365, one gets 7708. That’s about how many deaths per day we have normally in the USA. We had an additional 1000+ yesterday, a 13% increase over the normal rate.

When we divide 100,000 by 2,813,503, we get 0.0355, or 3.55%. That means, every 100,000 deaths is an increase of our annual mortality rate by 3.55%. Put another way, every 28,135 deaths is an increase in the USA’s annual mortality rate by 1%.

So, with a little back-of-the-hand math, a low-end death toll of 100,000 would make COVID-19 the 7th leading cause of death in the USA, ahead of diabetes. 200,000 COVID-19 fatalities would make it the 3rd leading cause of death in the USA. You can see a pretty close cluster between 3rd and 6th place, but it’s a big gap to reach cancer and heart disease. That being said, it’s not impossible if we don’t, all of us, take this pandemic seriously. Death tolls of 1-2,000,000 are possible if we do not wash hands constantly and keep our distance from others of at least 6ft / 2m.

Around 1,340,000 American soldiers died in combat, accident, or disease in all of our nation’s wars and conflicts. If we wash and distance, we need not face down that awful milestone.
We want to take pains to avoid being in the statistics for heart disease and cancers – we diet, we exercise, we change what we do to beat those diseases. It’s the same with COVID-19: change what you do, and you beat that disease. Don’t change, and you risk becoming a sad part of a larger statistic. The good news is that you *can* change.

Finally, remember that if you’re reading about these numbers, look at them as golf scores – we have to play this out over many days, weeks, and months, but if we come out with a low score, we do all right. Stay indoors, and you’ll come out all right, most likely.

I’ll close with a quote from Mel Brooks:”Hope for the best, prepare for the worst. Life is a play, and we’re unrehearsed!” Don’t feel bad if this caught you flat-footed. You’re reading this, so you can take control of your own health and breathing, even if other things are spinning around you. You can own this, you can command this aspect of your life.

Now I’ll really close with a quote from Mel Brooks’ good friend Carl Reiner: “I read the obituaries every morning. If I’m not in them, I have breakfast!”

Municipal Bonds – Underlying Weakness

I want to call attention to the shakiness in municipal bond markets. Cities are having trouble meeting budgets due to unanticipated revenue losses while having to expand essential services – overtime pay for police, fire, and medical workers. Higher costs and less revenue mean wider budget gaps. Even with laying off other workers – which itself puts a burden on state unemployment systems, more on those later – city governments have to borrow money to stay operational.

Enter the current financial crash. Cities have to spike up their yields in order to meet investor demands for return on risk. Interest rates are moving into “expected default” territory for municipalities, where investors hope to recoup their invested capital and a small return through high interest rates before the borrower defaults.

Mutual funds have already dropped over $10 billion in muni bond investments, and that continues to increase.

The Fed can intervene to buy short-term muni bonds, but cannot buy long-term bonds. It would need legislation passed in Congress and signed by the President to get that ability.

But the Fed may have to also move soon to aid the states. Recall my reference to unemployment. States are looking to lay off employees in order to have enough money to pay unemployment claims… and there is also the issue with unemployment insurance funds’ solvency. 22 states are below Department of Labor recommended funding levels – and big states like New York, California, Texas, Illinois, Ohio, Massachusetts, and Pennsylvania are all below that recommended minimum. TX, NY, and CA are the three lowest in their ratios.

With 3.3 million unemployed last week and another big number expected this week, even properly solvent funds will be strained. The Fed will have to step in to provide liquidity for states to meet those unemployment insurance demands, as those are not discretionary spending items.

As I mentioned before, getting out of a financial crisis requires increasing national debt by a very large amount. The $2 trillion package is only the start – expect about $15-21 trillion more. And then the question to follow on to that is this – will the Fed get enough solvency itself to cover the state budgets? If not, I’d expect high inflation as a means of balancing the books. Would that be fair? Of course not. Would it be necessary to prevent a national bankruptcy? That’s very much a possibility.

How to Have a Financial Collapse

It’s easy. Get rid of the regulations that keep the banks from doing insane stuff. It’s easy, and Trump is getting underway with that very action. The process is simple. It’s known as the Minsky Cycle, which is then followed by the Fisher Cycle. The Minsky Cycle describes how things get completely out of hand and, in the middle of a euphoric bacchanal brought on by deregulation and speculation, a moment arrives at which investors panic and the economy collapses. At that point, the Fisher Cycle describes the resulting depression and how it persists in spite of efforts by the government to make things better.

The sad thing is that while those two cycles are some of the most accurate models to emerge from modern economics, they fly in the face of the grand beliefs of the neoliberal economists that believe only free trade and the gold-plated anarchy of deregulation will save the world. Since those neoliberals are also running the world’s major private banks as well as the central banks, they’re always promoting policies to further their ideological views, even when those views always end in tears. Their battle cry is “This time is different!” as they pilot financial machines toward the abyss.

That President Trump has chosen a Goldman Sachs banker for his treasury secretary came as no surprise to me. His speed in junking banking regulations, as well, is no surprise. With markets at all-time highs and debt structures in Europe ready to collapse, the ensuing financial collapse will also be no surprise.

Protip: If you want to make a nation great, keep its banks on a tight leash. Letting them run free never ends well.