Month: June 2013

by

Education Is Not The Answer

Yesterday was catching up on Krugman day:

The McKinsey Global Institute recently released a report on a dozen major new technologies that it considers likely to be “disruptive,” upsetting existing market and social arrangements. Even a quick scan of the report’s list suggests that some of the victims of disruption will be workers who are currently considered highly skilled, and who invested a lot of time and money in acquiring those skills. For example, the report suggests that we’re going to be seeing a lot of “automation of knowledge work,” with software doing things that used to require college graduates. Advanced robotics could further diminish employment in manufacturing, but it could also replace some medical professionals.

So should workers simply be prepared to acquire new skills? The woolworkers of 18th-century Leeds addressed this issue back in 1786: “Who will maintain our families, whilst we undertake the arduous task” of learning a new trade? Also, they asked, what will happen if the new trade, in turn, gets devalued by further technological advance?

And the modern counterparts of those woolworkers might well ask further, what will happen to us if, like so many students, we go deep into debt to acquire the skills we’re told we need, only to learn that the economy no longer wants those skills?

Education, then, is no longer the answer to rising inequality, if it ever was (which I doubt).

by

Profits in the Intangible Economy

Not clear where Krugman is going in his blog today, and neither is he, but it looks to be somewhere interesting.

But there is at least one important respect in which the 21st-century economy is different in a way that ought to have a significant effect on macroeconomics: the much larger role of rents on intangible assets. This isn’t an original insight, but I haven’t been finding systematic analyses of the point.

What do I mean by the role of rents? Consider the changing identity of the most valuable company in America. For a long time, it was GM, then Exxon, then IBM. These were companies with huge visible production activities: GM had more than 400,000 employees, which was amazing when you consider that the overall national work force was much smaller than the one we have today, Exxon had oil refineries. IBM was an information technology company, but it still had many of the attributes of an old-style manufacturing giant, with many factories and a large, well-paid work force.

But now it’s Apple, which has hardly any employees and does hardly any manufacturing. The company tries, through fairly desperate PR efforts, to claim that it is indirectly responsible for lots of US jobs, but never mind. The reality is that the company is basically built around technology, design, and a brand identity.

There was an old Dilbert in which the pointy-haired boss explained that the company had discovered that despite its slogan, people weren’t its most important asset — money was, and people only came in at #8 or something. Actually, in Apple’s case market position is its most important asset.

There are a couple of obvious implications from this change in the nature of corporate success. One is that profits are no longer anything remotely resembling a “natural” aspect of the economy; they’re very much an artifact of antitrust policy or the lack thereof, intellectual property policy, etc. Another is that a lot of what we consider output is “produced” at low or zero marginal cost.

This jumps out at me.  When an economy moves toward where “intangible” assets are the economic driver, the level of reward is tied immensely to the regulatory rules of the reward which limit or allow competition.  So, for Apple, most would probably disagree that anyone could completely copy the iPhone from design to software to icon to Apple logo.  We might call that theft, and from an economic perspective, it would drive profits to zero and would reduce any incentive to come up with iPhone.

On the other end of the spectrum, many would probably disagree that by coming up with the iPhone, no one else was allowed to see a smartphone with a touchscreen, apps, etc.  From an economic perspective, this would make Apple’s profits even larger.

The current situation lies somewhere in between. The rules of the road that govern this are antitrust and intellectual property, as well as some other legal rules.  The push and pull determines where we end up in the wide spectrum between those poles.

One question that follows then from Krugman’s question and my analysis is whether it make sense for the same antitrust and IP rules that governed when tangible assets were the key driver to today’s world of intangible assets.

Maybe, maybe not.

by

Putin Jacks Up Kraft

Vladimir Putin responds to the notion that he gives a crap about such small loot such as a NE Patriots Super Bowl ring:

You know, I don’t remember either Mr. Kraft, or the ring. But if it is such a big treasure for Mr. Kraft and the team – I remember some souvenirs were being presented – I have a suggestion.

I will ask a jewelry firm to make a really good and big thing, so everyone will see it is a luxury piece, made of quality metal and with a stone, so this piece will be passed from generation to generation in the team whose interests are represented by Mr. Kraft.

This would be the smartest solution partners can ever achieve while tackling such a complicated international problem.

by

Hiring Humility

It’s refreshing to see Google being so upfront about their past mistakes in hiring philosophy:

On the hiring side, we found that brainteasers are a complete waste of time. How many golf balls can you fit into an airplane? How many gas stations in Manhattan? A complete waste of time. They don’t predict anything. They serve primarily to make the interviewer feel smart.

One of the things we’ve seen from all our data crunching is that G.P.A.’s are worthless as a criteria for hiring, and test scores are worthless — no correlation at all except for brand-new college grads, where there’s a slight correlation. Google famously used to ask everyone for a transcript and G.P.A.’s and test scores, but we don’t anymore, unless you’re just a few years out of school. We found that they don’t predict anything.

What’s interesting is the proportion of people without any college education at Google has increased over time as well. So we have teams where you have 14 percent of the team made up of people who’ve never gone to college.

After two or three years, your ability to perform at Google is completely unrelated to how you performed when you were in school, because the skills you required in college are very different. You’re also fundamentally a different person. You learn and grow, you think about things differently.

Another reason is that I think academic environments are artificial environments. People who succeed there are sort of finely trained, they’re conditioned to succeed in that environment. One of my own frustrations when I was in college and grad school is that you knew the professor was looking for a specific answer. You could figure that out, but it’s much more interesting to solve problems where there isn’t an obvious answer. You want people who like figuring out stuff where there is no obvious answer.

by

Thumbtack

Thumbtack’s business model seems to be:

Scraping -> Database -> Client Lead -> Referral fees

While they weren’t the first to notice that people have “bought and sold local services in the same ways for the last 50 years,” as Swanson puts it, their twist was to develop software, instead of using salespeople, to scour the Web for service professionals and invite them to join Thumbtack’s database. From there, the workers are vetted by the company’s 30 U.S. employees and some 200 full-time contractors based in the Philippines.

Thumbtack says it gets about 2 million monthly visitors who request referrals and provide their Zip Code. It sends each request to relevant workers in its system, who pay up to $15 each time to have their names appear in the particular customer’s list of referrals. The company likens the fees to Google’s AdWords, which sells ad space to the right of search results for desired words and phrases. (Yelp is ad-supported; Angie’s List charges users for subscriptions.)

If its database doesn’t include a qualified service to meet the customer’s needs, Thumbtack’s software crawls the Web to find one. “The hard part is finding the right service professional who is trusted and is available at the right time and at the right price,” says Bryan Schreier, a Sequoia Capital partner who is leading the investment. “That is the art of Thumbtack.”

 

by

Too Busy Making Plans

Fred’s view, today:

If you can’t get product right nothing else matters

I have seen brilliant strategic plans wasted with terrible product execution

I’ve lost too much money investing in brilliant plans

And I’ve made fortunes investing in brilliant products that had no plan

Both products and plans essential, but former has an edge if choosing one at inception.

by

Nationalism Has Survived Globalization

Remarkable journalism by Bloomberg today:

Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence, four people familiar with the process said.

Many of these same Internet and telecommunications companies voluntarily provide U.S. intelligence organizations with additional data, such as equipment specifications, that don’t involve private communications of their customers, the four people said.

Makers of hardware and software, banks, Internet security providers, satellite telecommunications companies and many other companies also participate in the government programs. In some cases, the information gathered may be used not just to defend the nation but to help infiltrate computers of its adversaries.

Microsoft Corp., the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.

Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn’t ask and can’t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.

….

Some U.S. telecommunications companies willingly provide intelligence agencies with access to facilities and data offshore that would require a judge’s order if it were done in the U.S., one of the four people said.

In these cases, no oversight is necessary under the Foreign Intelligence Surveillance Act, and companies are providing the information voluntarily.

The extensive cooperation between commercial companies and intelligence agencies is legal and reaches deeply into many aspects of everyday life, though little of it is scrutinized by more than a small number of lawyers, company leaders and spies. Company executives are motivated by a desire to help the national defense as well as to help their own companies, said the people, who are familiar with the agreements.

Most of the arrangements are so sensitive that only a handful of people in a company know of them, and they are sometimes brokered directly between chief executive officers and the heads of the U.S.’s major spy agencies, the people familiar with those programs said.


If necessary, a company executive, known as a “committing officer,” is given documents that guarantee immunity from civil actions resulting from the transfer of data. The companies are provided with regular updates, which may include the broad parameters of how that information is used.

The information provided by Snowden also exposed a secret NSA program known as Blarney. As the program was described in the Washington Post (WPO), the agency gathers metadata on computers and devices that are used to send e-mails or browse the Internet through principal data routes, known as a backbone. That metadata includes which version of the operating system, browser and Java software are being used on millions of devices around the world, information that U.S. spy agencies could use to infiltrate those computers or phones and spy on their users.

U.S telecommunications, Internet, power companies and others provide U.S. intelligence agencies with details of their systems’ architecture or equipment schematics so the agencies can analyze potential vulnerabilities.

“It’s natural behavior for governments to want to know about the country’s critical infrastructure,” said Chisholm, chief security officer at Irvine, California-based Cylance Inc.

Even strictly defensive systems can have unintended consequences for privacy. Einstein 3, a costly program originally developed by the NSA, is meant to protect government systems from hackers. The program, which has been made public and is being installed, will closely analyze the billions of e-mails sent to government computers every year to see if they contain spy tools or malicious software.

Einstein 3 could also expose the private content of the e-mails under certain circumstances, according to a person familiar with the system, who asked not to be named because he wasn’t authorized to discuss the matter.

So, regardless of how much US companies make outside the US, loyalties remain to their home countries.  This is why we know better than allowing Huawei into this country’s telecommunications networks.

by

You Are Not Worth Much

I’ve said again and again that we undervalue how much we are unmoored from traditional and historic notions of privacy.

The undervaluing is clear when one looks at some data that the FT has collected on how much it costs to buy info about you and me.

Cost of buying a list per thousand people:

$260 – people with cancer

$85 – identifying new parents

$85 – new house owners

$3 – movie choices

$2.11 – people looking to buy a car

$1.85 – TV viewing data

$1.35 – past purchases

$.50 – age or location

Over a decade of collecting this info by hundreds of players has driven down prices so much, and yet governments around the world have barely started thinking about the question.

In other words, there is now very little cost to buy information that violate your privacy.  Where market prices don’t reflect social costs, the government often steps in to correct the externality.

Basic economics; basic policy.

 

by

Booz’s Law versus Moore’s Law

It’s amazing how defense/intelligence technology and “Silicon Valley” technology travel on completely parallel highways.

Last year, I wrote about how the former was driven by contractor economics rather than effectiveness, while the latter took advantage of Moore’s Law.  The results, such as the trillions of dollars in overruns with the F-35 are stunning.

That same distinction is being replicated in the cyber defense world as the contractors try to get their piece of the pie.

Compare these descriptions of two approaches in Wired:

The Contractors:

What’s good for Alexander is good for the fortunes of the cyber-industrial complex, a burgeoning sector made up of many of the same defense contractors who grew rich supplying the wars in Iraq and Afghanistan. With those conflicts now mostly in the rearview mirror, they are looking to Alexander as a kind of savior. After all, the US spends about $30 billion annually on cybersecurity goods and services.

In the past few years, the contractors have embarked on their own cyber building binge parallel to the construction boom at Fort Meade: General Dynamics opened a 28,000-square-foot facility near the NSA; SAIC cut the ribbon on its new seven-story Cyber Innovation Center; the giant CSC unveiled its Virtual Cyber Security Center. And at consulting firm Booz Allen Hamilton, where former NSA director Mike McConnell was hired to lead the cyber effort, the company announced a “cyber-solutions network” that linked together nine cyber-focused facilities. Not to be outdone, Boeing built a new Cyber Engagement Center.

The Silicon Valley way:

One of the most secretive of these contractors is Endgame Systems, a startup backed by VCs including Kleiner Perkins Caufield & Byers, Bessemer Venture Partners, and Paladin Capital Group..

Perhaps for good reason: According to news reports, Endgame is developing ways to break into Internet-connected devices through chinks in their antivirus armor. Like safecrackers listening to the click of tumblers through a stethoscope, the “vulnerability researchers” use an extensive array of digital tools to search for hidden weaknesses in commonly used programs and systems, such as Windows and Internet Explorer. And since no one else has ever discovered these unseen cracks, the manufacturers have never developed patches for them.

Thus, in the parlance of the trade, these vulnerabilities are known as “zero-day exploits,” because it has been zero days since they have been uncovered and fixed. They are the Achilles’ heel of the security business, says a former senior intelligence official involved with cyberwarfare. Those seeking to break into networks and computers are willing to pay millions of dollars to obtain them.

According to Defense News’ C4ISR Journal and Bloomberg Businessweek, Endgame also offers its intelligence clients—agencies like Cyber Command, the NSA, the CIA, and British intelligence—a unique map showing them exactly where their targets are located. Dubbed Bonesaw, the map displays the geolocation and digital address of basically every device connected to the Internet around the world, providing what’s called network situational awareness. The client locates a region on the password-protected web-based map, then picks a country and city— say, Beijing, China. Next the client types in the name of the target organization, such as the Ministry of Public Security’s No. 3 Research Institute, which is responsible for computer security—or simply enters its address, 6 Zhengyi Road. The map will then display what software is running on the computers inside the facility, what types of malware some may contain, and a menu of custom-designed exploits that can be used to secretly gain entry. It can also pinpoint those devices infected with malware, such as the Conficker worm, as well as networks turned into botnets and zombies— the equivalent of a back door left open.

One approach eats up the cash; the other delivers results.

by

Tit for Tat (CyberWarfare edition)

No commentary, other than Cyberwarfare is asymmetric and empowering of the weaker party.  From a great piece in Wired:

Us:

The cyberweapon that came to be known as Stuxnet was created and built by the NSA in partnership with the CIA and Israeli intelligence in the mid-2000s. The first known piece of malware designed to destroy physical equipment, Stuxnet was aimed at Iran’s nuclear facility in Natanz. By surreptitiously taking control of an industrial control link known as a Scada (Supervisory Control and Data Acquisition) system, the sophisticated worm was able to damage about a thousand centrifuges used to enrich nuclear material…

n 2006, the Department of Defense gave the go-ahead to the NSA to begin work on targeting these centrifuges, according to The New York Times. One of the first steps was to build a map of the Iranian nuclear facility’s computer networks. A group of hackers known as Tailored Access Operations—a highly secret organization within the NSA—took up the challenge.

They set about remotely penetrating communications systems and networks, stealing passwords and data by the terabyte. Teams of “vulnerability analysts” searched hundreds of computers and servers for security holes, according to a former senior CIA official involved in the Stuxnet program. Armed with that intelligence, so-called network exploitation specialists then developed software implants known as beacons, which worked like surveillance drones, mapping out a blueprint of the network and then secretly communicating the data back to the NSA. (Flame, the complex piece of surveillance malware discovered by Russian cybersecurity experts last year, was likely one such beacon.) The surveillance drones worked brilliantly. The NSA was able to extract data about the Iranian networks, listen to and record conversations through computer microphones, even reach into the mobile phones of anyone within Bluetooth range of a compromised machine.

Them:

Sure enough, in August 2012 a devastating virus was unleashed on Saudi Aramco, the giant Saudi state-owned energy company. The malware infected 30,000 computers, erasing three-quarters of the company’s stored data, destroying everything from documents to email to spreadsheets and leaving in their place an image of a burning American flag, according to The New York Times. Just days later, another large cyberattack hit RasGas, the giant Qatari natural gas company. Then a series of denial-of-service attacks took America’s largest financial institutions offline. Experts blamed all of this activity on Iran, which had created its own cyber command in the wake of the US-led attacks. James Clapper, US director of national intelligence, for the first time declared cyberthreats the greatest danger facing the nation, bumping terrorism down to second place. In May, the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team issued a vague warning that US energy and infrastructure companies should be on the alert for cyberattacks. It was widely reported that this warning came in response to Iranian cyberprobes of industrial control systems. An Iranian diplomat denied any involvement.