Prof. Jayanth R. Varma's Financial Markets Blog

Photograph About
Prof. Jayanth R. Varma's Financial Markets Blog, A Blog on Financial Markets and Their Regulation

© Prof. Jayanth R. Varma
jrvarma@iima.ac.in

Subscribe to a feed
RSS Feed
Atom Feed
RSS Feed (Comments)

Follow on:
twitter
Facebook
Wordpress

October
Sun Mon Tue Wed Thu Fri Sat
       
2017
Months
Oct
2016
Months

Powered by Blosxom

Sun, 22 Oct 2017

Bitcoin as a way to short bad things

Many people are perplexed that there is no asset underlying Bitcoin. One answer is that there is nothing underlying fiat money either. But, it is more interesting to think about Bitcoin not as being long something good but as being short something bad. Bitcoin is short untrustworthy/incompetent banks/politicians.

Bitcoin has soared in value as trust in G7/G10/G20 politicians has eroded. Capital flight from untrustworthy peripheral countries has historically been to core country safe havens like the US dollar. But when trust in the core is eroded, where does one go? Traditionally, money poured into gold, and to some extent it still does, but today's technology utopians see gold as Luddite and medieval. Bitcoin has many of the key attributes of gold (most importantly, it is beyond the control of politicians), but it is modern and futuristic.

So one way to think about Bitcoin as an investment is to ask yourself whether you are optimistic about today's G7/G10/G20 politicians in terms of trustworthiness and competence. If your answer is yes, you should probably forget about Bitcoin, but if your answer is negative, Bitcoin deserves some serious consideration. In the latter case, you would think of Bitcoin (and Ethereum and the rest) as the way to reinvent capitalism so as to make it less dependent on bad/stupid politicians and their crony capitalists.

In this vein, I have been thinking about two episodes separated by a quarter century. In September 1992, the UK government was battling the Hungarian, and in order to defend the British pound, the Bank of England raised interest rates an unprecedented second time on the same day (the first hike at 11:00 am was from 10% to 12%, while the second hike at 2:15 pm was from 12% to 15%). For the first few minutes, the London stock market fell sharply in response to this shock and awe strategy. At that time, the stock market was essentially short the politicians: if the politicians won, the UK economy would suffer from an overvalued currency and the high interest rates required to sustain it: stocks would fare badly. If the politicians lost, then lower interest rates and a weaker currency would propel the economy and the stock market higher. So the initial response of the market was one of dejection: the politicians seemed to be winning at the cost of inflicting even more damage to the economy.

But within minutes, the London stock market began to rally furiously as it realized that the second rate hike in the day was a sign not of strength but of despair. The market was now convinced that the politicians would lose, and so it turned out. The pound crashed out of the ERM and the second rate hike was canceled before it came into force. Jeremy Siegel tells the whole story quite nicely in his book Stocks for the Long Run (in the section on Stocks and the Breakdown of the European Exchange-Rate Mechanism).

Twenty five years later, in September 2017, a few weeks before the five-yearly Congress of the Communist Party of China, the Chinese government launched a crack down on crypto currencies including Bitcoin. Clearly, the thought of people investing in an asset beyond the control of the state and the party was anathema to the Chinese rulers. Again the initial response of the market was that the politicians would win this fight and Bitcoin dropped about 30% very quickly. It took a couple of weeks for the market to realize that (like the Bank of England's second rate hike), the Chinese crackdown on Bitcoin too was the outcome not of strength but of despair. The ban would only reduce the influence of China in the growing global Bitcoin ecosystem. Bitcoin began to rebound and the centre of Bitcoin trading shifted out of China to elsewhere in the world. When the party Congress began in mid October, Bitcoin was trading at record highs well above the pre ban levels.

It is possible that the Chinese crackdown would come back to haunt them. China's geopolitical rivals (US, Japan, India and others) are surely reflecting on this episode and wondering whether Bitcoin could be the Achilles' heel of the Chinese state's control over their economy. At the same time, Russia and China are probably wondering whether Bitcoin is the Achilles' heel of the US control of the global payment system.

So if you believe that the world is run by somewhat honest and tolerably competent politicians, you could bet that Bitcoin is just a passing fad that we would all be laughing at in a few years' time. If you want to short this rosy view, Bitcoin beckons: it is now too big and strong to be shut down by untrustworthy/incompetent politicians.

PS: I have recently started referring to the man who broke the Bank of England simply as the Hungarian because of the current Hungarian government's extreme hostility to him.

Posted at 12:39 on Sun, 22 Oct 2017     View/Post Comments (0)     permanent link


Fri, 20 Oct 2017

Building credit bureaus that have no personal information

In two blog posts (here and here), I have argued that in an era of widespread hacking, the credit bureau’s business model is unsustainable because it requires storing enormous amounts of confidential information on tens of millions of individuals who are not even its customers.

However, these bureaus serve a useful function of aggregating information about an individual from multiple sources and condensing all this information into a credit score that measures the credit worthiness of the individual, An individual has credit relationships with many banks and other agencies. He might have a credit card from one bank, a car loan from another bank and a home loan from a third; he may have overdue payments on one or more of these loans. He might also have an unpaid utility bill. When he applies for a new loan from a yet another bank, the new bank would like to have all this information before deciding on granting the loan, but it is obviously impractical to write to every bank in the country to seek this information. It is far easier for all banks to provide information about all their customers to a central credit bureau which consolidates all this information into a composite credit score which can be accessed by any bank while granting a new loan.

The problem is that though this model is very efficient, it creates a single point of failure – a single entity that knows too much information about too many individuals. What is worse, these individuals are not customers of the bureau and cannot stop doing business with it if they do not like the privacy and security practices of the bureau.

We need to find ways to let the bureaus perform their credit scoring function without receiving storing confidential information at all. The tool required to do this (homomorphic encryption) has been available for over a decade now, but has been under utilized in finance as I discussed in a blog post two years ago.

Suppose there is only one bank

To explain how a secure credit bureau can be built, I begin with a simple example where the bureau obtains information only from one bank (or other agency) which has the individual as a customer. I will then extend this to multiple banks.

Extension to Multiple Banks

In general, the credit bureau will need information from many (say m) banks (or other agencies).

Allowing the individual to verify all computations

How does an individual detect any errors in the credit score? How does an external auditor verify the computations for a sample of individuals?

The individual k would be entitled to receive a credit report from the credit bureau that includes (a) the unencrypted total credit score (total_scorek), (b) the encrypted disguised_subscorekj for all j, (c) the encrypted modified weights vji for all i and j and (d) sum_rk. Actually, (b), (c) and (d) should be publicly revealed by the credit bureau on its website because they do not leak any information.

The individual k would also be entitled to get two pieces of information from bank j: (a) the attributes xjki for all i and (b) the random number rkj.

With this information, the individual k can verify the computation of the encrypted disguised_subscorekj for all j (using the same homomorphic encryption method used by the banks). The individual can also verify sum_rk by adding up the rkj. Using the public key of the credit bureau, the individual can also encrypt total_scorek - sum_rk and compare this with the encrypted sum obtained by adding up all the disguised_subscorekj homomorphically.

The same procedure would allow an auditor to verify the computation for any sample of individuals.

The careful reader might wonder how the individual can detect an attempt by a bank to falsify rkj. In that case, sum_rk will not match the sum obtained by adding up the rkj, but how can the individual determine which bank is at fault? To alleviate this problem, each bank j would be required to construct a Merkle tree of the rkj (for all k) and publicly reveal the root hash of this Merkle tree. Individual k would then also be entitled to receive a path of hashes in the Merkle tree leading up to rkj. It is then impossible to falsify any of the rkj without falsifying the entire Merkle tree. Any reasonable audit procedure would detect a falsification of the entire Merkle tree. Depending on the setup, the auditor might also be able to audit (a sample of) the secure multi party computation of rkj directly by verifying a (sub) sample of the secret shares.

Conclusion

At the end, we would have built a secure credit bureau. A Equifax scale hacking of such a bureau would be of no concern to the public; it would be a loss only for the bureau itself. Mathematics gives us the tools required to do this. The question is whether we have the good sense and the will to use these tools. The principal obstacle might be that the credit bureau would have to earn its entire income by selling credit scores; it would not be able to sell personal information about the individual because it does not have that information. But this is a feature and not a bug.

Posted at 16:20 on Fri, 20 Oct 2017     View/Post Comments (0)     permanent link


Mon, 16 Oct 2017

Credit bureaus as fundamentally dangerous businesses

I received a lot of push back against my suggestion that Equifax should be shutdown in response to the massive data hack that has been described as the worst leak of personal info ever. Many people thought that this was too drastic: one comment was that it “would shake the ground under capitalism.” Some thought that all computers can get hacked and we cannot keep shutting down a company whenever this happens.

I think of this in terms of the standard legal maxim of “strict liability” which is described for example here:

A strict liability tort holds a person or entity responsible for unintended consequences of his actions. In other words, some circumstances or activities are known to be fundamentally dangerous, so when something goes wrong, the perpetrator is held legally responsible.

I regard credit bureaus as fundamentally dangerous businesses that ought not to exist in their current form. When something goes wrong in these businesses, the liability should be absolute and punitive. What has happened in Equifax is so bad that imposition of a reasonable liability would simply put them out of business. Simultaneously, we start building modern, safer alternatives to this fundamentally dangerous business.

I see the past, present and future of credit bureaus as follows:

  1. Past: Credit bureaus were first formed more than a century ago in the age of paper records and manual systems, and the business was relatively safe at that time. Society therefore encouraged the growth and development of these institutions.

  2. Present: With the emergence of the internet, the business has rapidly become a systemic risk to the entire financial system, but till now we have tolerated them because there seemed to be no viable alternatives.

  3. Future: Recent advances in cryptography today provide much safer alternatives to the credit bureaus in their current form.

We are today at the cusp of the transition from the second to the third stage:

I plan to write a separate blog post on how homomorphic encryption can solve the problems that plague current credit bureaus.

Posted at 16:44 on Mon, 16 Oct 2017     View/Post Comments (0)     permanent link