Michael Chertoff Makes the Case against Back Doors

One of the more interesting comments at the Aspen Security Forum (one that has, as far as I’ve seen, gone unreported) came on Friday when Michael Chertoff was asked about whether the government should be able to require back doors. He provided this response (his response starts at 16:26).

I think that it’s a mistake to require companies that are making hardware and software to build a duplicate key or a back door even if you hedge it with the notion that there’s going to be a court order. And I say that for a number of reasons and I’ve given it quite a bit of thought and I’m working with some companies in this area too.

First of all, there is, when you do require a duplicate key or some other form of back door, there is an increased risk and increased vulnerability. You can manage that to some extent. But it does prevent you from certain kinds of encryption. So you’re basically making things less secure for ordinary people.

The second thing is that the really bad people are going to find apps and tools that are going to allow them to encrypt everything without a back door. These apps are multiplying all the time. The idea that you’re going to be able to stop this, particularly given the global environment, I think is a pipe dream. So what would wind up happening is people who are legitimate actors will be taking somewhat less secure communications and the bad guys will still not be able to be decrypted.

The third thing is that what are we going to tell other countries? When other countries say great, we want to have a duplicate key too, with Beijing or in Moscow or someplace else? The companies are not going to have a principled basis to refuse to do that. So that’s going to be a strategic problem for us.

Finally, I guess I have a couple of overarching comments. One is we do not historically organize our society to make it maximally easy for law enforcement, even with court orders, to get information. We often make trade-offs and we make it more difficult. If that were not the case then why wouldn’t the government simply say all of these [takes out phone] have to be configured so they’re constantly recording everything that we say and do and then when you get a court order it gets turned over and we wind up convicting ourselves. So I don’t think socially we do that.

And I also think that experience shows we’re not quite as dark, sometimes, as we fear we are. In the 90s there was a deb — when encryption first became a big deal — debate about a Clipper Chip that would be embedded in devices or whatever your communications equipment was to allow court ordered interception. Congress ultimately and the President did not agree to that. And, from talking to people in the community afterwards, you know what? We collected more than ever. We found ways to deal with that issue.

So it’s a little bit of a long-winded answer. But I think on this one, strategically, we, requiring people to build a vulnerability may be a strategic mistake.

These are, of course, all the same answers opponents to back doors always offer (and Chertoff has made some of them before). But Chertoff’s answer is notable both because it is so succinct and because of who he is: a long-time prosecutor, judge, and both Criminal Division Chief at DOJ and Secretary of Homeland Security. Through much of that career, Chertoff has been the close colleague of FBI Director Jim Comey, the guy pushing back doors now.

It’s possible he’s saying this now because as a contractor he’s being paid to voice the opinions of the tech industry; as he noted, he’s working with some companies on this issue. Nevertheless, it’s not just hippies and hackers making these arguments. It’s also someone who, for most of his career, pursued and prosecuted the same kinds of people that Jim Comey is today.

Update: Chertoff makes substantially the same argument in a WaPo op-ed also bylined by Mike McConnell and William Lynn.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Was Chrysler’s Vehicle Hacking Risk an SEC Disclosure Reportable Event?

[photo: K2D2vaca via Flickr]

[photo: K2D2vaca via Flickr]

Remember the data breach at JPMorgan Chase, exposing 76 million accounts to “hack-mapping“? Last October, JPMorgan Chase publicly disclosed the intrusion and exposure to investors in an 8-K filing with the Securities and Exchange Commission. The statement complied with the SEC’s CF Disclosure Guidance: Topic No. 2 – Cybersecurity.

Other companies whose customers’ data have been exposed also disclosed breaches in 8-Ks, including Target, TJX Companies, Heartland Payment, EMC and Google. (Firms NASDAQ, Citigroup and Amazon have not.)

Disclosure of known cybersecurity threats or attacks with potential material risks allows investors to make informed decisions. Stock share pricing will fluctuate and reflect the true market value once risk has been factored by investors — and not remain artificially high.

Fiat Chrysler America (FCA; NYSE:FCAU) has known for nearly a year about the risk that Chrysler vehicles could be hacked remotely, according to Fortune magazine Thursday.

Yet to date no filing with the SEC has been made, disclosing this specific cyber risk to investors, customers, and the public.

The SEC’s Disclosure Guidance, though, is just that — guidance. There aren’t any firm rules yet in place, and the guidance itself was published in October 2011. A lot has happened and changed about technology and cybersecurity risks since then; the guidance has not reflected the increasing threats and attacks to business’ data.

Nor does the SEC’s guidance distinguish between cybersecurity threats to service products (like banking services), versus hardlines or manufactured goods (like automobiles which offer software as an additional, non-essential feature). The software industry’s chronic security patching confuses any distinction; should software companies likewise include all security patches in their SEC filings, or continue as they have without doing so? It’s easy to see how revelations about Adobe Flash after Hacking Team was hacked have materially hurt Adobe and all companies relying on Flash — yet Adobe hasn’t released a statement at its website. (Only a statement addressing the 2013 threat to customer accounts is posted.)

Are financial services firms any more obligated than software firms? Are automobile companies, which claim ownership of on-board software, any more obligated than software companies? Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

John Carlin Complains that ISIL Is Targeting Same Youth FBI Long Has Been

I’m reviewing some of the videos from the Aspen Security Forum. This one features DOJ Assistant Attorney General for National Security John Carlin and CIA General Counsel Caroline Krass.

I’m including it here so you can review Carlin’s complaints in the first part of the video. He explains to Ken Dilanian that ISIL’s recruiting strategy is different from Al Qaeda’s in that they recruit the young and mentally ill. He calls them children, repeatedly, but points to just one that involved a minor. 80% are 40 and under, 40% are 21 and under. In other words, he’s mostly complaining that ISIL is targeting young men who are in their early 20s. He even uses the stereotype of a guy in his parents’ basement, interacting on social media without them knowing.

Carlin, of course, has just described FBI’s targeting strategy for terrorist stings, where they reach out to young men — many with mental disabilities — over social media, only then to throw an informant or undercover officer at the target, to convince him to press the button that (the target believes) will detonate a bomb — though of course the bomb is an FBI-supplied inert bomb. He should know this, because before the end of the panel, he invokes Mohamed Osman Mohamud, the Portland youth convicted for pressing a button who was first targeted by FBI’s informant when he was 16 or so (and whose father asked FBI for help, only to have them target his son).

I’m not contesting the truth of Carlin’s claims. But if this is a new strategy — essentially adopting the strategy the FBI has used since 9/11 (and especially since 2009) — one that Carlin deems especially outrageous, then it ought to reflect back on FBI’s practice. If it is outrageous for ISIL to target young and in some cases mentally unstable men because they are so vulnerable because they’re not yet old enough to resist, then it should also be considered outrageous for FBI to do the same to fluff their terrorism conviction rates. Plus, Carlin’s depiction of this as a new strategy suggests all those earlier targeted young men may not have been recruited by core al Qaeda.

Not to mention, the vulnerability of this population ought to point to a different way of combatting terrorism (and domestic terrorism, which has been a bigger problem in recent weeks): to make this community less vulnerable.

 

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

In Political Press, Hillary Clinton Gets Subjected to the Thomas Drake and Jeffrey Sterling Standard

clintonpodium_600_1[First posted at ExposeFacts.org]

The political press is abuzz with news that the State Department (State IG) and Intelligence Community Inspectors General (ICIG) have asked the Department of Justice to review whether the Department’s handling of the personal email from Hillary Clinton was proper. The story was first reported in sensational fashion by the New York Times, revised somewhat overnight, and then reported in more measured form — making it clear that Clinton herself is not being investigated — by the Associated Press this morning.

The report has put the practice of retroactive classification of information — of the type that convicted Jeffrey Sterling and DOJ tried to use to convict Thomas Drake — at the forefront of presidential politics.

The referral to DOJ arises out of State IG’s review of the use of private emails and the response to Freedom of Information Act requests for Clinton’s email. After consulting with the ICIG, State IG reported that a number of the emails reviewed so far, including one released to the public, included classified information. The ICIG criticized State for using retired foreign service officers with extensive FOIA experience to review Clinton’s email before release, rather than conducting an interagency process (though according to a response from Patrick Kennedy, the CIA and ODNI had already approved the arrangement).

The referral pertains to State’s actions, not Clinton’s. “[T]he referral doesn’t suggest wrongdoing by Clinton herself,” AP noted. None of the emails in question were marked as classified when she sent them and one of them — pertaining to the FBI’s investigation of the Benghazi attack — was not classified at time she received it. Nevertheless, this news has led to a flurry of stories implicating Clinton in a potential DOJ investigation.

Clinton supporters are dismissing this as election year frenzy. The former DOJ Director of Public Affairs, Matt Miller, even tweeted, “If you examined the entire email [account] of any senior official, someone in [government] would later argue something was classified. Absurd standard.”

But Clinton is not the first this has happened to. After all, DOJ attempted to use five retroactively classified documents to convict Thomas Drake on Espionage charges; once DOJ had to admit that fact, their case against Drake fell apart.

And the only hard evidence DOJ presented that Jeffrey Sterling had improperly handled classified information were documents seized from his home that had nothing to do with the nuclear program he was accused of leaking. When the government introduced three of those documents under a silent witness rule limiting what Sterling’s lawyers could ask about them, CIA’s top classification official admitted they had not been classified as secret at first.

“When originally classified were these documents properly classified as secret,” the prosecution asked of the three documents.

“They weren’t,” [CIA Chief of Litigation Support Martha] Lutz responded.

“But they are now properly classified secret?”

“Yes,” Lutz answered.

The defense team made statements revealing that these documents offered instructions on how to dial rotary phones to call into CIA headquarters, hardly a cutting edge secret. Nevertheless, those documents were a key piece of evidence used to send Sterling to prison for 42 months.

Clinton deserves a good deal of criticism for using personal email that has made it more difficult to access via FOIAs. But retroactively classified information should no more be used to prosecute her — in reality or in the press — than Drake and Sterling.

When asked about the double standard via email, Drake did not join the frenzy. Rather, he described “having really bad flashbacks” given the calls to criminally investigate the former Secretary of State because release of the emails put “unauthorized classified information … in adversaries’ hands.”

Perhaps there’s room for agreement here. Via email, Miller noted, “the entire classification system is a mess: overly complex, riddled with ambiguity, and used at times for inappropriate reasons. And because of that you get perverse outcomes.”

Secretary Clinton surely should have made her emails more secure and accessible, via the formal FOIA process, by using official email. But that doesn’t mean retroactively classified information should be used against her anymore than it should be used against Drake and Sterling.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

OLC Undermines DOJ Inspector General Independence

For over a year, DOJ’s Inspector General has been trying to ensure it got ready access to things like grand jury materials (this has been pertinent in the Fast and Furious investigation and how DEA and FBI use the latter’s dragnet, among other things). As part of this effort, the IG asked OLC to weigh in on whether it should be able to access this information, or whether it needed to ask nicely, as it has been forced to do.

Here’s the opinion. Here’s the key passage:

In particular, Title III permits Department officials to disclose to OIG the contents of intercepted communications when doing so could aid the disclosing official or OIG in the performance of their duties related to law enforcement, including duties related to Department leadership’s supervision of law enforcement activities on a programmatic or policy basis. Rule 6(e) permits disclosure of grand jury materials to OIG if a qualifying attorney determines that such disclosure could assist her in the performance of her criminal law enforcement duties, including any supervisory law enforcement duties she may have. And FCRA permits the FBI to disclose to OIG consumer information obtained pursuant to section 626 if such disclosure could assist in the approval or conduct of foreign counterintelligence investigations, including in the supervision of such investigations on a programmatic or policy basis. In our view, however, Title III and Rule 6(e) forbid disclosures that have either an attenuated or no connection with the conduct of the Department’s criminal law enforcement programs or operations, and section 626 of FCRA forbids disclosures that have either an attenuated or no connection with the approval or conduct of foreign counterintelligence investigations.

And here’s OIG’s response.

Today’s opinion by the OLC undermines the OIG’s independence, which is a hallmark of the Inspector General system and is essential to carrying out the OIG’s oversight responsibilities under the Inspector General Act. The OLC’s opinion restricts the OIG’s ability to independently access all records in the Justice Department’s possession that are necessary for our audits, reviews, and investigations, and is contrary to the principles and express language set forth in the Inspector General Act.

The opinion also finds that, in adopting Section 218 of the Department of Justice’s FY 2015 Appropriations Act, Congress’ intent was not sufficiently clear to support independent OIG access to all records in the Department’s possession. The OLC’s opinion reaches this conclusion even though Congress passed Section 218 “to improve OIG access to Department documents and information” following the Department’s failure to independently and timely provide all responsive records to the OIG, and Section 218 explicitly provides that the Department may not use appropriated funds to withhold records from the OIG for reasons other than as expressly provided in the Inspector General Act.

As a result of the OLC’s opinion, the OIG will now need to obtain Justice Department permission in order to get access to important information in the Department’s files – putting the agency over which the OIG conducts oversight in the position of deciding whether to give the OIG access to the information necessary to conduct that oversight. The conflict with the principles enshrined in the Inspector General Act could not be clearer and, as a result, the OIG’s work will be adversely impacted.

The OIG will immediately ask Congress to pass legislation ensuring that the OIG has independent access to the information it needs for its work. The Attorney General and the Deputy Attorney General have each expressed their commitment to join the OIG in this effort.

Inspector General Michael E. Horowitz stated:

“I strongly disagree with the OLC opinion. Congress meant what it said when it authorized Inspectors General to independently access ‘all’ documents necessary to conduct effective oversight. Without such access, our Office’s ability to conduct its work will be significantly impaired, and it will be more difficult for us to detect and deter waste, fraud, and abuse, and to protect taxpayer dollars. We look forward to working with the Congress and the Justice Department to promptly remedy this serious situation.”

[This post has been updated to add the opinion.]

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

The Bullshit Excuses for Not Retaliating for OPM

A handful of anonymous sources have given Ellen Nakashima some bullshit explanations for why the Administration is not retaliating against China for the OPM hack.

Most laughable is that they’re willing to retaliate for “economic” spying but not “political” spying. While also mentioning the Sony example, Nakashima points to the DOJ case against Chinese hackers for eavesdropping on discussions about trade disputes from the steel industry.

As a result, China has so far escaped any major consequence for what U.S. officials have described as one of the most damaging cyber thefts in U.S. government history — an outcome that also appears to reflect an emerging divide in how the United States responds to commercial vs. traditional espionage.

Over the past year and a half, the United States has moved aggressively against foreign governments accused of stealing the corporate secrets of major U.S. firms. Most notably, the Justice Department last year filed criminal charges against five Chinese military officers accused of involvement in alleged hacks of U.S. Steel, Westinghouse and other companies.

Nakashima doesn’t say whether her sources made this connection or she did, but it’s an inapt example. As I pointed out at the time, spying on trade negotiation adversaries is precisely the kind of “commercial” spying we embrace. We do this all the time. DOJ chose to indict on those trade dispute discussions but not on a never-ending list of hacks against more sensitive targets — like the F-35 development team — that fit more comfortably (though still not entirely) in the kind of “economic” spying we fancy others do but we don’t; DOJ probably made that choice because both the target and the evidence was segregable from more sensitive issues (the Chinese government and our clusterfuck of DOD contracting cyberdefense). In other words, it is not (as Nakashima claims uncritically) an example of the split between political and economic spying we claim to adhere to. That indictment is far better understood as us indicting Chinese hackers for something we not only do but also falls into what is considered acceptable spying internationally — that is, us trying to subject the rest of the world to our legal system — but doing so in an area where we won’t have to give any secrets away to prosecute.

The rest of the WaPo story focuses on another nonsensical explanation for not going after China: to avoid revealing sources and methods.

“We have chosen not to make any official assertions about attribution at this point,” said a senior administration official, despite the widely held conviction that Beijing was responsible. The official cited factors including concern that making a public case against China could require exposing details of the United States’ own espionage and cyber capabilities.

Again, this is nonsensical and should not have been repeated uncritically.

The FBI and everyone else has been happy to blame North Korea for the Sony hack. But we’ve gotten no more proof there than we have that China is behind the OPM hack. Rather than exposing sources and methods to prove attribution, the government simply said, “trust us.” There’s no reason they couldn’t do the same here (indeed, that’s what they have been saying in secret). The Sony hack is proof that the government doesn’t feel like it needs to offer proof before it blames another country for a hack.

There are two far more likely reasons we’re not retaliating against China in this case (though the fact that we do this kind of stuff to China all the time — and they could happily point to proof of that to demonize us in response — is one of them).

First, we simply don’t “retaliate” against countries that are big enough to fight back (as Nakashima’s other example, of the Russian hack of State for which we haven’t retaliated, makes clear). It’s one thing to go after a group of hackers from which China can claim some plausible deniability. It’s another to go after China itself.

Finally, Nakashima alludes to what is probably the real reason we’re going to remain quiet about this hack.

The government also is pursuing an array of counter-intelligence measures aimed at guarding against the Chinese government’s ability to use the stolen data to identify federal workers who might be induced to spy for Beijing.

China has much of our intelligence community — and many other easily embarrassed types, including politicians — by the nuts right now. It knows who our spooks are, where they are, what they might know, what their fingerprints are, and what extramarital affairs they’ve admitted to. When someone has you by the nuts like that, it’s usually a good idea to extract your nuts before you start trying to throw punches. It’s going to take a long time for the US to do that.

Which strongly suggests that the more laughable excuses for not retaliating — the claim we’re not blaming China because of sources and methods and some split between economic and political spying that we don’t really follow — serve no other purpose than to avoid admitting how much China does have us by the nuts.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

DEA’s One Minute Confidential Source Vetting Process

I’m still reading this report on DEA’s informant program, which shows that DEA operated by its own rules, sometimes resulting in DEA having high level informants that didn’t comply with the Attorney General’s guidelines, at other times resulting in informants engaging in unreviewed otherwise illegal activity, and generally showing inadequate vetting and paperwork.

But here’s an awesome table showing that before 2012, DEA was spending less than a minute reviewing its use of sources.

Screen Shot 2015-07-21 at 11.07.16 AM

The report explains:

Based on the aforementioned risks involved with long-term sources, the oversight of these long-term confidential sources is critical to the overall management of the DEA’s Confidential Source Program. Further, the importance of the long-term confidential source reviews requires that the [Sensitive Activity Review Committee] members, including any DOJ representatives, invest an appropriate amount of time and effort evaluating the benefits and risks of the continued use of each long-term confidential source.

[snip]

We reviewed the DEA’s documented meeting minutes for the SARC meetings conducted specifically for the review of long-term confidential sources that occurred between 2003 and 2012 and found that between 2003 and 2012, the DEA SARC’s reviews of long-term confidential sources appear to have been inadequate and infrequent. The DEA held only 7 SARC meetings during that 9-year period. Moreover, between its meeting in October 2009 and its most recent meeting in July 2014, a nearly 5-year timespan, the SARC met only once, in February 2012.

[snip]

Although the minutes reflect that starting in 2006, headquarters’ confidential source files were available for SARC members during the formal meetings, there is no indication that any SARC members actually reviewed any of these files. According to this information, between 2003 and 2012, during these formal meetings the SARC devoted what we calculated to be an average of just 1 minute per confidential source to consider the appropriateness of the source’s continued use.

As the table notes, there weren’t always DOJ people present for the review either.

The longer review process reflected in the 2012 meeting reflects a new review process, so hopefully this has been improved (to a whopping 6 minute review of DEA’s long-term relationships with sources).

But for years before that, DEA was spending as little as 13 seconds reviewing the appropriateness of its use of sources.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Why Apple Should Pay Particular Attention to Wired’s New Car Hacking Story

This morning, Wired reports that the hackers who two years ago hacked an Escape and a Prius via physical access have hacked a Jeep Cherokee via remote (mobile phone) access. They accessed the vehicle’s Electronic Control Unit and from that were able to get to ECUs controlling the transmission and brakes, as well as a number of less critical items. The hackers are releasing a report [correction: this is Markey’s report], page 86 of which explains why cars have gotten so much more vulnerable (generally, a combination of being accessible via external communication networks, having more internal networks, and having far more ECUs that might have a vulnerability). It includes a list of the most and least hackable cars among the 14 they reviewed.

Screen Shot 2015-07-21 at 8.37.22 AM

Today Ed Markey and Richard Blumenthal are releasing a bill meant to address some of these security vulnerabilities in cars.

Meanwhile — in a remarkably poorly timed announcement — Apple announced yesterday that it had hired Fiat Chrysler’s former quality guy, the guy who would have overseen development of both the hackable Jeep Cherokee and the safer Dodge Viper.

Doug Betts, who led global quality at Fiat Chrysler Automobiles NV until last year, is now working for the Cupertino, Calif.-based electronics giant but declined to comment on the position when reached Monday. Mr. Betts’ LinkedIn profile says he joined Apple in July and describes his title as “Operations-Apple Inc.” with a location in the San Francisco Bay Area but no further specifics.

[snip]

Along with Mr. Betts, whose expertise points to a desire to know how to build a car, Apple recently recruited one of the leading autonomous-vehicle researchers in Europe and is building a team to work on those systems.

[snip]

In 2009, when Fiat SpA took over Chrysler, CEO Sergio Marchionne tapped Mr. Betts to lead the company’s quality turnaround, giving him far-reaching authority over the company’s brands and even the final say on key production launches.

Mr. Betts abruptly left Fiat Chrysler last year to pursue other interests. The move came less than a day after the car maker’s brands ranked poorly in an influential reliability study.

Note, the poor quality ratings that preceded Betts’ departure from Fiat Chrysler pertained especially to infotainment systems, which points to electronics vulnerabilities generally.

As they get into the auto business, Apple and Google will have the luxury that struggling combustion engine companies don’t have — that they’re not limited by tight margins as they try to introduce bells and whistles to compete on the marketplace. But they’d do well to get this quality and security issue right from the start, because the kind of errors tech companies can tolerate — largely because they can remotely fix bugs and because an iPhone that prioritized design over engineering can’t kill you — will produce much bigger problems in cars (though remote patching will be easier in electric cars).

So let’s hope Apple’s new employee takes this hacking report seriously.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Mankiw’s Principles of Economics Part 3: Rational People Think At The Margin

The introduction to this series is here.
Part 1 is here.
Part 2 is here.

Mankiw’s third principle: Rational People Think At The Margin. His definition is:

Rational people systematically and purposefully do the best they can to achieve their objectives, given the available opportunities.” Principles of Macroeconomics 6th Ed. at 6

He defines marginal change: a small incremental adjustment to a plan of action. He teaches that rational people often compare the results of marginal changes to make decisions. Finally we get to his major premise:

A rational decision maker takes an action if and only if the marginal benefit of the action exceeds the marginal cost.

The first example is dinner. The choice, Mankiw says, is not between fasting and eating like a pig, but whether to eat another spoonful of mashed potatoes. At exam time, the choice is not blowing them off versus pulling all-nighters, but whether to put in an hour on your notes or goof off for that hour. His next example is seat prices for airplanes. The airline should sell seats at the price above the marginal cost of flying the passenger. Then we get the water/diamonds example. Water is essential for life, but it’s cheap. Diamonds are an extravagance, but they are very expensive.

All of this is in support of a central element of neoliberal and mainstream economics, that economies can be modeled by treating them as made up of rational agents. This idea fits neatly into Mirowski’s commandments of neoliberalism, specifically number 6: Thou Shalt Become The Manager Of Thyself. This means that individuals must learn to act rationally to decide upon a set of investments in themselves and changes in their behavior that will improve your appeal to people with money so they will give you money to work for them.

The food example is straight-forward enough, but how is the choice made? Some people are raised to clean their plates, and they do even if they could have skipped the last few forkfuls. Some people feel differently about meat than about French fries or carrots. Some people are abstemious, and always leave food. Others make the choice at the outset, by serving themselves a fixed amount and then eating all of it. Suppose the person would prefer to eat the last few bites of pork chop and skip dessert? If all these are rational choices for individuals, what possible generalization about eating is there? What, if anything, can this principle predict? How would Mankiw use that idea to model eating dinner?

The study example is fascinating. I remember my college days, and I ‘m sure I didn’t rationally choose whether to goof off with my friends or to study for finals. I chose, but it was random. And how would you calculate the benefit of one hour of study versus one hour of relaxing? Is that a real possibility?

The airline example is obvious to anyone familiar with basic business principles. It certainly isn’t an indication of “rationality” in the sense Mankiw is using the term. It merely requires an understanding of the difference between fixed costs and variable costs.

Then there’s the water/diamonds example. Here’s Mankiw’s explanation, so you won’t think I’m being snarky:

The reason is that a person’s willingness to pay for a good is based on the marginal benefit that an extra unit of the good would yield. The marginal benefit, in turn, depends on how many units a person already has. Water is essential, but the marginal benefit of an extra cup is small because water is plentiful. By contrast, no one needs diamonds to survive, but because diamonds are so rare, people consider the marginal benefit of an extra diamond to be large.

So water is cheap because people have a lot of it? Of course, there is plenty of water in most parts of the country, in our commonly held lakes, rivers, underground acquifers, and water run-off. As a commonly-owned asset, it’s free, if you could get it. But it has to be cleaned, delivered, and disposed of. That means the real question is why do we have a lot of clean water at the tap and few diamonds? The real reason is that our ancestors decided to make sure we all had clean water to drink, and explicitly chose to keep the “free market” out of it.

There are plenty of diamonds, though they are hard to find and dig up. The diamond business is controlled by a monopoly that artificially restricts the supply. Our ancestors made sure that didn’t happen to water. To see this clearly, think about the price of a bottle of water at the movies. There we have artificial scarcity, produced by the theater’s policy against bringing in snacks. Just ask yourself whether you want to buy your water from a profit-maximizing monopoly, say the Comcast or the DeBeers of water. Maybe you’d like to buy your water from the private company that didn’t have a system in place to detect the foul chemicals in the water supply of Charleston, WV?

So now let’s see how this rationality principle works in practice. Consider retirement savings. What would it mean operationally to say that people act rationally when making decisions about saving and preparing for retirement? What does this principle tell them to do? How should they invest? What should they do to protect themselves against losing big in those investments? What happens if they are hurt and can’t work, or if their spouse gets hurt and they need to quit work to take care of them? How do you calculate the value of a dollar today against the value of that dollar in retirement? For a short lesson in the prevalence of financial literacy, look at this paper, or this site.

Finally, it isn’t just one choice. There is a chain of choices in life, each one eliminates other choices and creates new choices and possibilities, each with its own probability of success. In the retirement example, you might have a 75% chance of correctly guessing at how much to save, a 95% chance of getting an honest financial adviser, a 60% chance that the investments will be very successful, and related chances of less good outcomes. Your chances of getting the best result are about 43%, and that’s before you consider the general state of the economy when you need money, continued good health, unexpected possible current uses for your money, good relations with your partner and your partner’s success in contributing, and all the other variables. That tells you that most people will be somewhat successful, a few will be wildly successful, and a fair number will crash and burn. The reality is that most families have very little success, and are dependent on Social Security and Medicare for a decent retirement. Even people who do reasonably well need those social arrangements to secure a good retirement.

This analysis shows that the margin plays little or no role in the lives of ordinary humans. It’s just a construct used to simplify human life in a way that permits economists to justify their use of calculus.

Here are some possible conclusions:

1. This principle makes sense when considered in the very short run, like the mashed potatoes example. For any longer term, it feels more or less random, mostly because there is no way to determine the probabilitiies. Some people get lucky and win the game of life. Others don’t get lucky. The number of things that seem perfectly rational at a point in time either work, or they don’t, and the results are unpredictable. That accords with my understanding of markets as minute by minute affairs. In the longer run, investment and housing markets are a real threat to the marginal thinking of Mankiw’s rational people.

2. We all want to think we are pursuing their goals systematically and purposefully, Mankiw’s definition of rational people. We want to believe our success is the result of their personal skill, and many people apparently feel justified in looking down on, and even punishing, the losers. I’d say the reality is that it’s better to be lucky than rational.

2. By deciding that the economy is full of rational people, the door opens to armchair speculation. Hmmm, says Mankiw, if I were faced with a bowl of mashed potatoes, here’s how I’d decide how much to take. I’m rational, so that means everyone would act that way. So, I’ll model mashed potato eating based on purely rational me. In exactly the same way, they figure out how they prepare for retirement, and draw conclusions about the way rational people act and build that into their models. No.

3. I do not think this is the definitive discussion of the role of rationality in human decision making. The entire subject of rational agents has been subjected to criticism on philosophical and practical grounds, and I hope to get to it at some point.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

WikiLeaks Reveals Steinmeier Intercepts, 2 Years before Helping Condi Look Unconcerned by Kidnapping Liabilities

In its latest release on the individual intercepts the NSA collected on top German officials, WikiLeaks revealed that Foreign Minister Frank-Walter Steinmeier had been a priority 2 target in NSA’s monitoring of German political affairs.

Screen Shot 2015-07-20 at 12.19.41 PM

The actual intercept released with today’s list of targets pertains to Steinmeier’s first visit to DC as Foreign Minister in November 2005.

The intercept described how Steinmeier was pleased to have gotten a non-committal answer from Condi Rice when he asked her whether the CIA had run rendition flights through Germany.

(TS//SI//NF) New German Foreign Minister Pleased With First Official  Visit to Washington

(TS//SI//NF) Frank­-Walter Steinmeier seemed pleased on 29 November  with the results of his first visit to Washington as the new German Foreign Minister. Steinmeier described the mood during his talks with U.S. officials as very good, but feared that the most difficult part was still ahead. He seemed relieved that he had not received any  definitive response from the U.S. Secretary of State regarding press reports of CIA flights through Germany to secret prisons in eastern  Europe allegedly used for interrogating terrorism suspects. Steinmeier remarked that Washington is placing great hope in his  country’s new government. In this connection, he is looking for areas where bilateral cooperation can be strengthened and is considering  the southern Caucasus as one possible area.

This would have been of particular concern for Steinmeier as he was Chief of Staff in German’s Chancellery, in charge of intelligence. If German intelligence did know about the flights, he would be complicit. So he might be particularly happy to report that the US — that Condi Rice — was officially giving a non-answer to the question of whether or not the CIA was using Germany as a base for its kidnapping flights.

Better to officially not know.

Now, I actually am not at all troubled that NSA is wiretapping foreign officials. They’re surely doing the same to our equivalents. So while I’m interested in what these WikiLeak releases say about our NSA activities, I’m not critical of these activities.

But I am interested that Steinmeier was wiretapped for this reason.

As a State cable released by WikiLeaks back in 2010 showed, in 2007, Steinmeier and Condi met to discuss the recent arrest warrants issued by a German court. Steinmeier came out of the meeting and said publicly that Condi had told him she and the US would have no problem with the issue of arrest warrants for 13 US agents. After Steinmeier created that impression in the press, the Deputy Chief of the Mission to Germany corrected that impression, making it clear that the US had a very big problem with the planned arrest of its agents for kidnapping.

Just as the German prosecutor issued arrest warrants for 13 CIA personnel, Condi Rice and Germany’s Foreign Minister Frank-Walter Steinmeier met in DC for a discussion of Mideast peace efforts. After they met, Steinmeier told the German press that Condi had assured him that the arrest warrants wouldn’t affect German-US relations.

Steinmeier told the Welt am Sonntag newspaper that he had raised the issue with US Secretary of State Condoleezza Rice, who “assured me there would be no negative impact on German-American relations.”

Steinmeier, whose remarks were released a day ahead of publication on Sunday, said he told Rice the warrants could only be served in Germany at present, but the government expected the court to issue international warrants at some stage.

The cable describes a February 6, 2007 meeting in which the Deputy Chief of Mission of the US Embassy in Germany, John Koenig, “corrected” the impression that Steinmeier had gotten from his meeting with Condi the week before.

In a February 6 discussion with German Deputy National Security Adviser Rolf Nikel, the DCM reiterated our strong concerns about the possible issuance of international arrest warrants in the al-Masri case. The DCM noted that the reports in the German media of the discussion on the issue between the Secretary and FM Steinmeier in Washington were not accurate, in that the media reports suggest the USG was not troubled by developments in the al-Masri case. The DCM emphasized that this was not the case and that issuance of international arrest warrants would have a negative impact on our bilateral relationship. He reminded Nikel of the repercussions to U.S.-Italian bilateral relations in the wake of a similar move by Italian authorities last year.

Koenig goes on to note that the government would have political problems in the US if the Germans issued the international arrest warrants.

The DCM pointed out that the USG would likewise have a difficult time in managing domestic political implications if international arrest warrants are issued.

[snip]

[T]his was obviously a hastily called meeting in response to Steinmeier’s quotation of Condi’s assurances the warrantswouldn’t cause a problem. Note the specific language Koenig uses:

The DCM noted that the reports in the German media of the discussion on the issue between the Secretary and FM Steinmeier in Washington were not accurate, in that the media reports suggest the USG was not troubled by developments in the al-Masri case.

He’s not telling the Germans that Steinmeier was wrong, that he mis-quoted Condi. Rather, Koenig’s simply saying that the content–what Condi had said–was wrong.

While the cable makes it clear that Koenig was emphasizing the stance of the USG, it’s still not clear whether Condi just lied to Steinmeier about USG concern, using that as cover for the kidnapping that she, who was National Security Advisor during the kidnapping, would have been implicated in, or whether Steinmeier knowingly put disinformation into the press that State subordinates could correct in secret. That is, it’s not clear how knowingly Steinmeier served as a stooge in US disinformation that ultimately protected Condi.

But I do find the continuity of Steinmeier’s happiness about pretending there was no kidnapping going on in Germany to be notable. I also find it notable that Condi and her friends would have had very detailed understanding of Steinmeier’s opinions and activities from the interim period.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Emptywheel Twitterverse

emptywheel @attackerman @20committee Of those, 4 had mishandled classified information. So there are alleged leakers, privileged insiders, & Clintons
1mreplyretweetfavorite
emptywheel @attackerman @20committee To be fair they are VERY selective abt how they raid. Several potential sources in Sterling trial never searched.
2mreplyretweetfavorite
JimWhiteGNV RT @KingstonAReif: Sen Kaine to Sen Corker on anytime/anywhere inspections in Iraq: We bought those inspections w/Gulf War I. Dont want war…
11mreplyretweetfavorite
emptywheel This sounds impressive (it is!!) but I still wonder whether every millennial just used opportunity to send "A Fax" https://t.co/8kcIshTJzA
13mreplyretweetfavorite
emptywheel @nickmanes1 I just don't do it. was looking to Sunday Brunch as a new opportunity but a truck! @p2wy
20mreplyretweetfavorite
emptywheel @nickmanes1 But if they want the taco truck to drive around the neighborhood w/a jolly song like an ice cream truck, all the better @p2wy
23mreplyretweetfavorite
emptywheel @nickmanes1 But if there's a way to get tacos as I walk the dog past, I'm all for it. @p2wy
24mreplyretweetfavorite
emptywheel @nickmanes1 To be fair, that corner is getting awfully crowded. Sounds like they may landscape more tables in but still. @p2wy
25mreplyretweetfavorite
emptywheel @nickmanes1 Yeah, sounds like a persistent taco truck--but somehow they need approval (bc no parking lot?) Neighborhood council email @p2wy
31mreplyretweetfavorite
emptywheel @nickmanes1 @p2wy Apparently Donkey wants to have a pick-up van (and entertainment?) down at the corner? They should just buy up block now.
34mreplyretweetfavorite
JimWhiteGNV So now, I get afternoon heat cutting up the huge branch that just missed the house in yesterday's storm. #ChainsawWarning
39mreplyretweetfavorite
July 2015
S M T W T F S
« Jun    
 1234
567891011
12131415161718
19202122232425
262728293031