20 December 2016

Democracy and Hacking

The New York Times has published a long analysis of the effects of the hacking of Democratic Party organisations and operatives in the 2016 election campaign.

The article is obviously trying to appear a balanced view, eschewing the "OMG we are at war with Russia" hyperbole and questioning the value of different pieces of evidence. It does slip here and there, for instance jumping from the involvement of "a team linked to the Russian government" (for which there is considerable evidence) to "directed from the Kremlin" without justification.

The evidence that the hackers who penetrated the DNC systems and John Podesta's email account are linked to the Russian Government is that the same tools were used as have been used in other pro-Russian actions in the past.

*Update 4th Jan 2017: that is a bit vague: infosec regular @pwnallthethings goes into very clear detail in a twitter thread)

One important consideration is the sort of people who do this kind of thing. Being able to hack systems requires some talent, but not any weird Hollywood-esque genius. It also takes a lot of experience, which goes out of date quite quickly. Mostly, the people who have the talent and experience are the people who have done it for fun.

Those people are difficult to recruit into military or intelligence organisations. They tend not to get on well with concepts such as wearing uniforms, turning up on time, or passing drug tests.

It is possible in theory to bypass the enthusiasts and have more professional people learn the techniques. One problem is that becoming skilled requires practice, and that generally means practice on innocent victims. More significantly, the first step in any action is to work through cut-out computers to avoid being traced, and those cut-outs are also hacked computers belonging to random victims. That's the way casual hackers, spammers and other computer criminals work, and espionage hackers have to use the same techniques. They have to be doing it all the time, to keep a base of operations, and to keep their techniques up to date.

For all these reasons, it makes much more sense for state agencies to stay arms-length from the actual hackers. The agencies will know about the hackers, maybe fund them indirectly, cover for them, and make suggestions, but there won't be any official chain of command.

So the hackers who got the data from the DNC were probably somewhat associated with the Russian Government (though a comprehensive multi-year deception by another organisation deliberately appearing to be Russian is not completely out of the question).

They may have had explicit (albeit off-the-record) instructions, but that's not necessary. As the New York Times itself observed, Russia has generally been very alarmed by Hillary Clinton for years. The group would have known to oppose her candidacy without being told.

"It was conventional wisdom... that Mrs. Clinton considered her husband’s efforts to reform Russia in the 1990s an unfinished project, and that she would seek to finish it by encouraging grass-roots efforts that would culminate with regime change."

Dealing with the product is another matter. It might well have gone to a Russian intelligence agency, either under an agreement with the hackers or ad-hoc from a "concerned citizen": you would assume they would want to see anything and everything of this kind that they could get. While hacking is best treated as deniable criminal activity, it would be much more valuable to agencies to have close control over the timing and content of releases of data.

So I actually agree with the legacy media that the extraction and publication of Democratic emails was probably a Russian intelligence operation. There is a significant possibility it was not, but was done by some Russians independent of government, and a remote possibility it was someone completely unrelated who has a practice of deliberately leaving false clues implicating Russia.

I've often said that the real power of the media is not the events that they report but the context to the events that they imply. Governments spying on each other is completely normal. Governments spying on foreign political movements is completely normal. Governments attempting to influence foreign elections by leaking intelligence is completely normal. Points to Nydwracu for finding this by William Safire:

"The shrewd Khrushchev came away from his personal duel of words with Nixon persuaded that the advocate of capitalism was not just tough-minded but strong-willed; he later said that he did all he could to bring about Nixon’s defeat in his 1960 presidential campaign."

The major restraint on interference in foreign elections is generally the danger that if the candidate you back loses then you've substantially damaged your own relations with the winner. The really newsworthy aspect of all this is that the Russians had such a negative view of Clinton that they thought this wouldn't make things any worse. It's been reported that the Duma broke into applause when the election result was announced.

The other thing that isn't normal is a complete public dump of an organisation's emails. That's not normal because it's a new possibility, one that people generally haven't begun to get their heads around. I was immediately struck by the immense power of such an attack the first time I saw it, in early 2011. No organisation can survive it: this is an outstanding item that has to be solved. I wouldn't rule out a new recommended practice to destroy all email after a number of weeks, forcing conversation histories to be boiled down to more sterile and formal documents that are far less potentially damaging if leaked.

It is just about possible for an organisation to be able to adequately secure their corporate data, but that's both a technical problem and a management problem. However, the first impression you get is of the DNC is one of amateurism. That of course is not a surprise. As I've observed before, if you consider political parties to be an important part of the system of government, their lack of funding and resources is amazing, even if American politics is better-funded than British. That the DNC were told they had been hacked and didn't do anything about it is still shocking. Since 2011, this is something that any organisation sensitive to image should be living in fear of.



This is basically evidence-free speculation, but it seems possible that the Democratic side is deficient in actual organisation builders: the kind of person who will set up systems, make rules, and get a team of people to work together. A combination of fixation on principles rather than practical action, and on diversity and "representativeness" over extraordinary competence meant that the campaign didn't have the equivalent of a Jared Kushner to move in, set up an effective organisation and get it working.

Or possibly the problem is more one of history: the DNC is not a political campaign set up to achieve a task, but a permanent bureaucracy bogged down by inferior personnel and a history of institutional compromises.  Organisations become inefficient naturally.

Possibly Trump in contrast benefited from his estrangement from the Republican party establishment, since it meant he did not have legacy organisations to leak his secrets and undermine his campaign's efficiency. He had a Manhattan Project, not an ITER.

The task of building--or rebuilding--an organisation is one that few people are suited to. Slotting into an existing structure is very much easier. Clinton's supporters particularly are liable to have the attitude that a job is something you are given, rather than something you make. Kushner and Brad Parscale seem to stand out as people who have the capability of making a path rather than following one. As an aside, Obama seems to have had such people also, but Clinton may have lacked them. Peter Thiel described Kushner as "the Chief Operating Officer" of Trump's campaign. Maybe the real estate business that Trump and Kushner are in, which consists more of separate from-scratch projects than most other businesses, orients them particularly to that style.

12 December 2016

Actually Existing Capitalism

Something that's cropped up a few times with recent discussion of neocameralism as a concept is the role of shareholders in existing firms.

Conflicts of interest between principals and agents are one of the most significant forces acting on the structure of any kind of organisation, so it is essential when discussing how to apply structures from one kind of organisation to another, to have a feel of how the conflicts are playing out in existing structures and organisations.

In particular, I have seen more than one person on twitter put forward the idea that present-day joint-stock companies totally fail to resolve the conflict of interest between shareholders and managers, with the result that shareholders are powerless and managers run companies purely in their own interest:

In discussion of this piece by Ron Carrier from November 24th the author said on twitter,

"Because they are non-contractual, shares are a useful way of financing a company without ceding control.... Contrary to shareholder theory, power in the corporation is actually located in mgmt. and the board of directors."

More recently (December 9th), Alrenous followed the same path: from the suggestion that dividend payments from public companies are in aggregate very low, he draws the conclusion that stocks are "worthless" and that those who buy them are effectively just giving their money away for managers to do what they want with.

I'm sure Alrenous understands that the theory is that a profitable company can be delivering value to shareholders by reinvesting its profits and becoming a more valuable company, capable of returning larger amounts of cash in future. And of course I understand that just because someone believes that a company has become more valuable in consequence of reinvested profits, doesn't mean it is necessarily true.

Discussions like this among people not involved with investment professionally carry a risk of being based on factoids or rumour. In particular, mainstream journalists are fantastically ignorant of the whole subject. But in the end everything to do with public companies is actually public, if you can find the information and not misunderstand it. (Note that I am not including myself among the professionals, though I've worked with them in the past in an IT role).

At any rate, here is a publication dealing with aggregate dividends across the NY stock exchange. factset.com

"Aggregate quarterly dividends for the S&P 500 amounted to $105.8 billion in the second quarter, which represented a 0.8% increase year-over-year. The dividend total in Q2 marked the second largest quarterly dividend amount in at least ten years (after Q1 2016). The total dividend payout for the trailing twelve months ending in Q2 amounted to $427.5 billion, which was a 7.1% increase from the same time period a year ago."

So, that's getting on for half a trillion dollars in dividends paid out by the S&P 500 over the last year. Throwing numbers around without any indication of scale is another media trope, but that's about 2-3% of US GDP, which seems like the right sort of scale.

As an aside, if some of these companies hold shares in others, the dividends are effectively double-counted: one company in the set is paying out to another, which may or may not then be paying out to its shareholders. I would assume this is not more than a few percent of the totaleven investment companies like Berkshire Hathaway are likely to invest more in private companies than other S&P 500 membersbut it's an indication of the pitfalls available in this sort of analysis.

In addition to dividends, as I pointed out, share buybackswhere a company purchases its own shares on the open marketare economically equivalent to dividends: the company is giving cash to its own shareholders. If every shareholder sells an equal proportion of their holdings back to the company, then the result is that each shareholder continues to hold the same fraction of the company's outstanding shares, and each has been paid cash by the company. Of course, some will sell and some not, but the aggregate effect is the same. The choice of whether to take cash by selling a proportion of one's holding, or whether to simply hold shares, thereby effectively increasing one's holding as a fraction of the company, enables shareholders to minimise their tax liability more efficiently, which is apparently why share buybacks have become more significant compared to dividends.

Alrenous found this article from Reuters, which says "In the most recent reporting year, share purchases reached a record $520 billion.". That's not the same period as the one I found for aggregate dividends, so adding them together might be a bit off, but it looks like we can roughly double that 3% of GDP. As I said on twitter, as a general rule, large companies are making profits and paying shareholders.

The reason neocameralism makes sense is that joint-stock companies basically work.

That is not to suggest that the principal-agent conflicts are insignificant. They are always significant, and managing the problem is a large part of any organisational practice. That is what the bulk of corporate law is there to deal with.

I picked up a recent article in Investor's Chronicle in which Chris Dillow suggests that management is simply overpaid:

"...bosses plunder directly from shareholders by extracting big wages for themselves. The High Pay Centre estimates that CEOs are now paid 150 times the salary of the average worker, a ratio that has tripled since the 1990s - an increase which, it says, can't be justified by increased management efficiency."

However, Dillow also links other source with other suggestions: the 1989 Harvard Business Review article by Michael Jensen is particularly fascinating.

Jensen claims that regulation brought in after the Great Depression had the effect of limiting the control of shareholders over management:

"These laws and regulations—including the Glass-Steagall Banking Act of 1933, the Securities Act of 1933, the Securities Exchange Act of 1934, the Chandler Bankruptcy Revision Act of 1938, and the Investment Company Act of 1940—may have once had their place. But they also created an intricate web of restrictions on company 'insiders' (corporate officers, directors, or investors with more than a 10% ownership interest), restrictions on bank involvement in corporate reorganizations, court precedents, and business practices that raised the cost of being an active investor. Their long-term effect has been to insulate management from effective monitoring and to set the stage for the eclipse of the public corporation.

"...The absence of effective monitoring led to such large inefficiencies that the new generation of active investors arose to recapture the lost value. These investors overcome the costs of the outmoded legal constraints by purchasing entire companies—and using debt and high equity ownership to force effective self-monitoring."

A quarter of a century on from Jensen's paper, the leveraged buyout looks not so much like an alternative form of organisation for a business, but rather an extra control mechanism available to shareholders of a public joint-stock company. The aim of of a buyout today is, as Jensen describes, to replace inefficient management and change the firm's strategy, but today there is normally an exit strategy: the plan is that having done those things the company will be refloated with new management and a new strategy.

The "Leveraged" of LBO obviously refers to debt: that takes us to the question of debt-to-equity ratio. A firm needs capital: it can raise that from shareholders or from lenders. If all its capital is shareholders', that limits the rate of profit it can offer them: the shares become less volatile. If the firm raises some of its capital needs from lenders, the shares become riskier but potentially more profitable.

Under the theory of the Capital Asset Pricing Model (CAPM), the choice is arbitrary: leverage can be applied by the shareholders just as by the company itself. Buying shares on margin of a company without debt is equivalent to buying shares of a leveraged company for cash. However, this equivalency is disrupted by transaction costs, and also by tax law.

There is considerable demand in the market for safe fixed-income investments. A large profitable company is exceptionally well-placed to meet that demand by issuing bonds or borrowing from banks, and therefore can probably do so much more efficiently than its shareholders would be able to individually, were it to hold its cash and leave shareholders to borrow against the more expensive shares.

The transaction costs the other way, the ones caused by corporate indebtedness, come through bankruptcy. Bankruptcy is essential to capitalism, but it involves a lot of expensive lawyers, and can be disruptive. For an extreme example, see the Hanjin Shipping case in September. It's clearly in the interest of the owners of the cargo to get the cargo unloaded, but the international complications of the bankruptcy of the shipping line means that it's unclear who is going to end up paying for the docking and unloading. If Hanjin had a capital structure that gave it spare cash instead of debt, all this expensive inconvenience would be avoided.

Aside from transaction costs, the argument in Jensen's paper is that the management of a company with spare cash is better able to conceal the company's activities from shareholders. In his account, once the company has been bought out and restructured with debt, any expansion in the cost base has to be directly justified to shareholders and creditors, since capital will have to be raised to pay for it. This improvement in the monitoring of the management is part of what produces the increased value (in his 1980s figures, the average LBO price was 50% above the previous market value).

A quarter of a century later, we frequently read the opposite criticism, that pressure from investors makes management too focused on short-term share prices, which is a bad thing. I linked this article by Lynn Stout, and while I think the argument is very badly stated, it is not entirely wrong. The problem in my opinion is not with the idea of managing in order to maximise shareholder value: that is absolutely how a company should be managed. The problem is with equating shareholder value to the price at which a share of the company was most recently traded. Though that is most probably the best measure we have of the value of the company to its shareholders, it is, nonetheless, not a very accurate measure. Given that the markets have a relatively restricted view of the state of the company, maximising the short-term share price relies on optimising those variables which are exposed to view: chiefly the quarterly earnings.

If outside shareholders had perfect knowledge of the state of the company, then maximising the share price would be the same as maximising shareholder value. Because of the information assymetry, they are not the same. Value added to the company will not increase the share price unless it is visible to investors, and some forms of value are more visible than others. Management are certainly very concerned by the share price. As I mentioned on twitter, "in any company I worked for, management were (very properly) terrified of shareholders"

But this is a well-known problem. There are various approaches that have been tried to improve the situation. Where a company has a long-established leadership that has the confidence of investors, shareholding can be divided between classes of shares with different voting rights, so that the trusted, established leadership have control over the company without owning a majority of the equity. This is the situation with Facebook, for instance, where Mark Zuckerberg owns a majority of the voting shares, and most other shareholders hold class B or C shares with reduced or zero voting rights. Buying such shares is an act of faith in Mr Zuckerberg, more than owning shares in a more conventionally structured business. The justification is that it allows him to pursue long-term strategy without the risk of being interrupted by a takeover or by activist investors.

In fact, this year Zuckerberg increased the relative voting power of his holding, by introducing the non-voting class C shares. That has been challenged in court, and is the subject of ongoing litigation.

In summary, the arrangements of public companies consist of a set of complex compromises. There are many criticisms, but they tend to come in opposing pairs. For everyone who, like Alrenous, claims that shares are worthless because companies do not pay dividends, there are some like the Reuters article he found which complain that companies pay out all their profits and do not invest enough in growth. For everyone who, like Chris Dillow, complains that managements are undersupervised and extract funds for self-aggrandizement and private gain, there are others like Lynn Stout who complain that managements are over-constrained by short-term share price moves and unable to plan strategically.

The arrangements which implement the compromises between these failings are flexible: they change over time and adapt to circumstances. A hundred-year-old resource extraction business like Rio Tinto is not structured in exactly the same way as a web business like Facebook. The point of Chris Dillow's article is that fewer businesses are publicly traded today than in the past (though even that is difficult to measure meaningfully).

The joint-stock company is not a magic bullet, it is a range of institutional forms, evolved over time, and part of a large range of institutiontal forms that make up Actually Existing Capitalism. They are ways of coping with, rather than solving, the basic conflict-of-interest and asymmetric-information issues that are fundamental to everything from a board of directors appointing a CEO to a coder-turned-rancher hiring a farm hand.

My worry is that Moldbug's form of Neocameralism is an inflexible snapshot of one particular corporate arrangement, which only works as well as it does because it can be adapted to meet changing demands. That's why I tend to think of it as one item on a menu of management options (including hereditary monarchy!)