Banking after the kindness of strangers

Francesco Guerrera:

”Whoever you are, I have always depended on the kindness of strangers”. The last line of Tennessee Williams’ A Streetcar Named Desire – uttered by its desperate heroine to the doctor taking her to a mental asylum – is an apt summary of the US financial sector in 2009.



As the crisis abated, banks took maximum advantage of the kindness of taxpayers and regulators to return to their core business: making money for shareholders and employees.



Ultra-low interest rates, dwindling competition and pent-up demand for their services sparked a renaissance in profits and share prices of the financial institutions that emerged from the turmoil in reasonable shape.



The question is whether history will repeat itself, or even just rhyme, this year. Here are my ten, utterly personal and non-exhaustive, predictions for the year ahead in US finance.



1) Strangers will be a lot less kind. With banks boasting about their new-found health, regulators will pull the plug on most of the measures they introduced to drag the financial industry back from the brink. A host of acronyms (Tarp, Talf, PPIP, TLGP) will be forgotten but not missed.

The Inside Story of Wal-Mart’s Hacker Attack

Kim Zetter:

Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain’s point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe, Wired.com has learned.


Internal documents reveal for the first time that the nation’s largest retailer was among the earliest targets of a wave of cyberattacks that went after the bank-card processing systems of brick-and-mortar stores around the United States beginning in 2005. The details of the breach, and the company’s challenges in reconstructing what happened, shed new light on the vulnerable state of retail security at the time, despite card-processing security standards that had been in place since 2001.



In response to inquiries from Wired.com, the company acknowledged the hack attack, which it calls an “internal issue.” Because no sensitive customer data was stolen, Wal-Mart had no obligation to disclose the breach publicly.


Wal-Mart had a number of security vulnerabilities at the time of the attack, according to internal security assessments seen by Wired.com, and acknowledged as genuine by Wal-Mart. For example, at least four years’ worth of customer purchasing data, including names, card numbers and expiration dates, were housed on company networks in unencrypted form. Wal-Mart says it was in the process of dramatically improving the security of its transaction data, and in 2006 began encrypting the credit card numbers and other customer information, and making other important security changes.



“Wal-Mart … really made every effort to segregate the data, to make separate networks, to encrypt it fully from start to finish through the transmission, ” says Wal-Mart’s Chief Privacy Officer Zoe Strickland. “And not just in one area but across the different uses of credit card systems.”



Wal-Mart uncovered the breach in November 2006, after a fortuitous server crash led administrators to a password-cracking tool that had been surreptitiously installed on one of its servers. Wal-Mart’s initial probe traced the intrusion to a compromised VPN account, and from there to a computer in Minsk, Belarus.

The Best Summary (to date) of Taxpayer Funded Events that Lead to Goldman Sachs’ Survival and Recent Large Payouts

Joe Nocera:

A few weeks ago, shortly after Goldman Sachs reported its latest blowout quarter, the firm’s chief executive, Lloyd Blankfein, spoke at a Fortune magazine breakfast.


In normal times, Mr. Blankfein might have been forgiven for bragging a bit about the just-reported quarter — over $3 billion in profit on $12 billion in revenue. It had generated some $6 billion just in one division: fixed income. It had more than $160 billion in cash or cash equivalents on its balance sheet. And of course it had long since repaid, with interest, the $10 billion it had accepted from the Treasury Department during the darkest days of the crisis.


But of course those weren’t the numbers the media and the public had focused on in the wake of Goldman’s earnings. Instead, people were fixated on the $5.3 billion the firm had set aside for its executives’ year-end bonuses. Added to first and second quarter set-asides of $4.6 billion and $6.6 billion, the firm had put aside $16 billion so far this year for employee bonuses. Nearly 50 percent of the firm’s revenue was going toward compensation. And there was still one more quarter to go!



Was it fair, commentators kept asking, that barely a year after the taxpayers had essentially saved the financial system, this firm that took government capital should now be paying multimillion-dollar bonuses? Was it right? Which, not surprisingly, is what Fortune’s managing editor, Andrew Serwer, asked Mr. Blankfein within minutes of taking the stage.



In private, Goldman executives are scornful of the sentiment behind this question. Their view, in essence, is that they should be applauded for being able to pay such big bonuses, because it means their business is successful. People who want them to pay less, they believe, want them to fail.



But Mr. Blankfein, a charming, funny man who has been Goldman’s boss since 2006, is far too smart to say that out loud. Nonetheless, what he did say was revealing. Treasury’s original decision to use the Troubled Asset Relief Program to shore up the banks’ capital, Mr. Blankfein said, “was a sensible thing to do at the time.”

Flickr vs. Free Speech

Mike Arrington:

One thing I’ve learned over the years is this – screwing over your users while yelling “the lawyers made me do it!” rarely ends well. Particularly when the lawyers are just being lazy, and free speech rights are at stake.


Flickr really stepped in it this time. And they’ve sparked a free speech and copyright fascism debate that is unlikely to cool down any time soon.


Sometime last week they took down a photoshopped image of President Obama that makes him look like the Heath Ledger (Joker) character from The Dark Knight. The image was created and uploaded to Flickr by 20 year old college student Firas Alkhateeb while “bored over winter school break.” It was also later altered yet again by someone else and used to create anti-obama posters that went up in Los Angeles.



Thomas Hawk has a good overview of some of the other details, but the short version is the image was removed by Flickr sometime last week due to “due to copyright-infringement concerns.”



People are angry over the takedown. There are lots of pictures mocking President Bush on a Time Magazine cover on Flickr that haven’t been removed. And of the Heath Ledger Joker character.

On Locational Privacy, and How to Avoid Losing it Forever

EFF:

Over the next decade, systems which create and store digital records of people’s movements through public space will be woven inextricably into the fabric of everyday life. We are already starting to see such systems now, and there will be many more in the near future.



Here are some examples you might already have used or read about:

  • Monthly transit swipe-cards

  • Electronic tolling devices (FastTrak, EZpass, congestion pricing)
  • Cellphones
  • Services telling you when your friends are nearby
  • Searches on your PDA for services and businesses near your current location
  • Free Wi-Fi with ads for businesses near the network access point you’re using
  • Electronic swipe cards for doors
  • Parking meters you can call to add money to, and which send you a text message when your time is running out

These systems are marvellously innovative, and they promise benefits ranging from increased convenience to transformative new kinds of social interaction.


Unfortunately, these systems pose a dramatic threat to locational privacy.

I’ve Seen the Future, and It Has a Kill Switch

Bruce Schneier:

It used to be that just the entertainment industries wanted to control your computers — and televisions and iPods and everything else — to ensure that you didn’t violate any copyright rules. But now everyone else wants to get their hooks into your gear.
OnStar will soon include the ability for the police to shut off your engine remotely. Buses are getting the same capability, in case terrorists want to re-enact the movie Speed. The Pentagon wants a kill switch installed on airplanes, and is worried about potential enemies installing kill switches on their own equipment.
Microsoft is doing some of the most creative thinking along these lines, with something it’s calling “Digital Manners Policies.” According to its patent application, DMP-enabled devices would accept broadcast “orders” limiting capabilities. Cellphones could be remotely set to vibrate mode in restaurants and concert halls, and be turned off on airplanes and in hospitals. Cameras could be prohibited from taking pictures in locker rooms and museums, and recording equipment could be disabled in theaters. Professors finally could prevent students from texting one another during class.
The possibilities are endless, and very dangerous. Making this work involves building a nearly flawless hierarchical system of authority. That’s a difficult security problem even in its simplest form. Distributing that system among a variety of different devices — computers, phones, PDAs, cameras, recorders — with different firmware and manufacturers, is even more difficult. Not to mention delegating different levels of authority to various agencies, enterprises, industries and individuals, and then enforcing the necessary safeguards.

NSA’s Domestic Spying Grows As Agency Sweeps Up Data

Siobhan Gorman:

Five years ago, Congress killed an experimental Pentagon antiterrorism program meant to vacuum up electronic data about people in the U.S. to search for suspicious patterns. Opponents called it too broad an intrusion on Americans’ privacy, even after the Sept. 11 terrorist attacks.
But the data-sifting effort didn’t disappear. The National Security Agency, once confined to foreign surveillance, has been building essentially the same system.
The central role the NSA has come to occupy in domestic intelligence gathering has never been publicly disclosed. But an inquiry reveals that its efforts have evolved to reach more broadly into data about people’s communications, travel and finances in the U.S. than the domestic surveillance programs brought to light since the 2001 terrorist attacks.

Prosecutor Over-Reaching

Dee Hall covers an issue vital to our democracy – over zealous prosecutors:

A Wisconsin State Journal investigation, however, found instances in which court records and transcripts back up his critics’ claims that he has crossed ethical lines. Stretching back to the early 1990s, Humphrey has been the subject of criticism accusing him of ethical lapses, poor judgment and unreasonably aggressive tactics. Critics have included defendants, defense attorneys, judges and three of the four district attorneys who’ve supervised him.
The State Journal examined more than 2,000 pages of documents, including records from Humphrey’s office files obtained under the open-records law. The newspaper also interviewed more than two dozen attorneys, judges, defendants, legal experts and law-enforcement officials.
The newspaper’s investigation found that the veteran prosecutor:
— Wrongfully kept a young man in the Dane County Jail for a month, even after he was repeatedly notified of the error.
— Made false or misleading statements in affidavits, in correspondence and in court hearings to advance his case or to cover up mistakes.
— Charged two witnesses and had a third arrested for failing to show up for trials that had been cancelled — a tactic his boss had warned him was “an abuse of your authority.”
— Aggressively pursued seven felony charges against a bankrupt father who was $2,846 behind in child support — a prosecution the judge said should “make one wonder about the integrity of (the) justice system.”
— Twice pursued vehicular-homicide charges using speed estimates his own experts told him were inflated.
One of those cases was Humphrey’s failed prosecution of Adam Raisbeck, a 17-year-old from Marshall. Humphrey’s actions in the case prompted a blunt reprimand from his boss, and the misconduct findings that are headed to the Supreme Court.

US District Judge Lewis Kaplan recently expressed concern over “prosecutor’s expansive power”.