I have news for you people: your data ain’t worth nuthin’:
I was ready to call it quits—unless, that is, my proceeds reeled me back in. I tallied up my fiat (that’s money, to the rest of us): 162 WIB, 1 DAT, 0 NRN. My earnings, while eclectic, were worth approximately 0.3 cents.
That is from a recent Wired article by Gregory Barber, who tried to sell his data in the open market. Yet data can be worth a good deal in the aggregate — just ask some of the major tech companies. The economics here are a bit like the economics of voting. If it were legal, and you tried to sell your vote and your vote alone, you might not get much more than 0.3 cents. That vote is unlikely to prove decisive. Yet average and marginal value do not coincide. If someone could buy a whole block of votes, which in turn could swing an election, the price could be much higher.
The upshot is that giving individuals ownership of their data, so they can sell it, is unlikely to yield much, unless of course you think widespread consumer collusion will prove feasible.
For the pointer I thank the excellent Samir Varma.
Yesterday, I warned that double spend attacks were cheap and particularly likely for smaller coins using standard hash algorithms. Coincidentally (?) later that day there was this:
We can confirm that there was a successful 51% attack on the Ethereum Classic (#ETC) network with multiple 100+ block reorganization. We recommend all services to closely monitored the chain and significantly increase required confirmations.
— Bitfly (@etherchain_org) January 7, 2019
It’s not entirely clear whether that is true or if there is an alternative explanation. Coinbase, however, says that approximately $500,000 was double spent. You can find a good discussion on Hacker News. You can also find an interesting calculation of the cost of renting enough hashing power to 51% dominate various networks here. It’s cheap. The costs given are underestimates in one respect since they don’t include block rewards but overestimates in another as renting may not always be possible.
Here’s some back of the envelope calculations on the cost of the ETC attack. If I am reading the blockchain stats correctly, ETC has a block time of about 15 seconds and the chain was reorganized almost to a depth of 100 blocks or 1500 seconds, i.e. 25 minutes. The cost of dominating the ETC hasing power for an hour is around $5000. Thus, this attack could have been very profitable, even adding in substantial setup costs. Feel free to write in the comments if these numbers look wrong.
As I mentioned yesterday, it’s not surprising that this is happening now because with massive falls in prices in most cryptocurrencies there is an excess supply of computation. Expect more stress testing this year.
Hat tip: The excellent Jake Seliger.
I spent part of the holidays poring over Eric Budish’s important paper, The Economic Limits of Bitcoin and the BlockChain. Using a few equilibrium conditions and some simulations, Budish shows that Bitcoin is vulnerable to a double spending attack.
In a double spending attack, the attacker sells say bitcoin for dollars. The bitcoin transfer is registered on the blockchain and then, perhaps after some escrow period, the dollars are received by the attacker. As soon as the bitcoin transfer is registered in a block–call this block 1–the attacker starts to mine his own blocks which do not include the bitcoin transfer. Suppose there is no escrow period then the best case for the attacker is that they mine two blocks 1′ and 2′ before the honest nodes mine block 2. In this case, the attacker’s chain–0,1′,2′–is the longest chain and so miners will add to this chain and not the 0,1… chain which becomes orphaned. The attacker’s chain does not include the bitcoin transfer so the attacker still has the bitcoins and they have the dollars! Also, remember, even though it is called a double-spend attack it’s actually an n-spend attack so the gains from attack could be very large. But what happens if the honest nodes mine a new block before the attacker mines 2′? Then the honest chain is 0,1,2 but the attacker still has block 1′ mined and after some time they will have 2′, then they have another chance. If the attacker can mine 3′ before the honest nodes mine block 3 then the new longest chain becomes 0,1′,2′,3′ and the honest nodes start mining on this chain rather than on 0,1,2. It can take time for the attacker to produce the longest chain but if the attacker has more computational power than the honest nodes, even just a little more, then with probability 1 the attacker will end up producing the longest chain.
As an example, Budish shows that if the attacker has just 5% more computational power than the honest nodes then on average it takes 26.5 blocks (a little over 4 hours) for the attacker to have the longest chain. (Most of the time it takes far fewer blocks but occasionally it takes hundreds of blocks for the attacker to produce the longest chain.) The attack will always be successful eventually, the key question is what is the cost of the attack?
The net cost of a double-spend attack is low because attackers also earn block rewards. For example, in the case above it might take 26 blocks for the attacker to substitute its longer chain for the honest chain but when it does so it earns 26 block rewards. The rewards were enough to cover the costs of the honest miners and so they are more or less enough to cover the costs of the attacker. The key point is that attacking is the same thing as mining. Budish assumes that attackers add to the computation power of the network which pushes returns down (for both the attacker and interestingly the honest nodes) but if we assume that the attacker starts out as honest–a Manchurian Candidate attack–then there is essentially zero cost to attacking.
It’s often said that Bitcoin creates security with math. That’s only partially true. The security behind avoiding the double spend attack is not cryptographic but economic, it’s really just the cost of coordinating to achieve a majority of the computational power. Satoshi assumed ‘one-CPU, one-vote’ which made it plausible that it would be costly to coordinate millions of miners. In the centralized ASIC world, coordination is much less costly. Consider, for example, that the top 4 mining pools today account for nearly 50% of the total computational power of the network. An attack would simply mean that these miners agree to mine slightly different blocks than they otherwise would.
Aside from the cost of coordination, a small group of large miners might not want to run a double spending attack because if Bitcoin is destroyed it will reduce the value of their capital investments in mining equipment (Budish analyzes several scenarios in this context). Call that the Too Big to Cheat argument. Sound familiar? The Too Big to Cheat argument, however, is a poor foundation for Bitcoin as a store of value because the more common it is to hold billions in Bitcoin the greater the value of an attack. Moreover, we are in especially dangerous territory today because bitcoin’s recent fall in price means that there is currently an overhang of computing power which has made some mining unprofitable, so miners may feel this a good time to get out.
The Too Big to Cheat argument suggests that coins are vulnerable to centralized computation power easily repurposed. The tricky part is that the efficiencies created by specialization–as for example in application-specific integrated circuits–tend to lead to centralization but by definition make repurposing more difficult. CPUs, in contrast, tend to lead to decentralization but are easily repurposed. It’s hard to know where safety lies. But what we can say is that any alt-coin that uses a proof of work algorithm that can be solved using ASICs is especially vulnerable because miners could run a double spend attack on that coin and then shift over to mining bitcoin if the value of that coin is destroyed.
What can help? Ironically, traditional law and governance might help. A double spend attack would be clear in the data and at least in general terms so would the attackers. An attack involving dollars and transfers from banks would be potentially prosecutable, greatly raising the cost of an attack. Governance might help as well. Would a majority of miners (not including the attacker) be willing to fork Bitcoin to avoid the attack, much as was done with The DAO? Even the possibility of a hardfork would reduce the expected value of an attack. More generally, all of these mechanisms are a way of enforcing some stake loss or capital loss on dishonest miners. In theory, therefore, proof of stake should be less vulnerable to 51% attacks but proof of stake is much more complicated to make incentive-compatible than proof of work.
All of this is a far cry from money without the state. Trust doesn’t have the solidity of math but we are learning that it is more robust.
Hat tip to Joshua Gans and especially to Eric Budish for extensive conversation on these issues.
Addendum: See here for more on the Ethereum Classic double spend attack.
That is the topic of my latest Bloomberg article, here is one excerpt:
I’d like to suggest a simple trilemma. When it comes to private platforms and speech regulation, you can choose two of three: scalability, effectiveness and consistency. You cannot have all three. Furthermore, this trilemma suggests that we — whether as users, citizens or indeed managers of the platforms themselves — won’t ever be happy with how speech is regulated on the internet.
There is much more at the link.
I interview Marc Andreessen and Ben Horowitz, not a Conversation but nonetheless a conversation, they were both in top form. Here is the link.
The problem with this paper is that it excludes, entirely, individuals and businesses who use Facebook as a (or The) e-commerce channel for their commercial activities. That’s a common mistake, especially in the US and Europe, where the platform is widely viewed as a means for non-commercial social interaction. But elsewhere in the world – especially Africa and India – it’s also viewed as a crucial commercial and trading platform (that Facebook is trying to leverage). Ask a Nigerian secondhand goods trader how much he’d accept to give up his account, and I’m pretty sure it’ll be more than $1k! Anyway, I touched on some of this back in April, here: https://www.bloomberg.com/opinion/articles/2018-04-19/emerging-markets-can-t-quit-facebook
That is from Adam Minter.
Facebook, the online social network, has more than 2 billion global users. Because those users do not pay for the service, its benefits are hard to measure. We report the results of a series of three non-hypothetical auction experiments where winners are paid to deactivate their Facebook accounts for up to one year. Though the populations sampled and the auction design differ across the experiments, we consistently find the average Facebook user would require more than $1000 to deactivate their account for one year. While the measurable impact Facebook and other free online services have on the economy may be small, our results show that the benefits these services provide for their users are large.
A peckish parrot has been caught ordering strawberries, a watermelon and even a water boiler through his foster owner’s electronic personal assistant.
Rocco, an African Grey, requested the items through an Alexa device while his minder was out of the home. Luckily, due to a parental lock, none of his attempted purchases went through.
Rocco, who lives with Marion Wischnewski in Berkshire, U.K., has attempted to order everything from kites and lightbulbs through Alexa since moving to her home. He also gets the device to tell him jokes and play his favorite tunes.
“I’ve come home before and he has romantic music playing,” Wischnewski told The Times of London. “He loves to dance and has the sweetest personality.”
Here is the list of the second set of winners, in the order the grants were made, noting that the descriptions are mine not theirs:
Kelly Smith has a for-profit project to further extend a parent-run charter school system in Arizona, using Uber-like coordinating apps and “minimalist” OER methods.
Andrew L. Roberts, Northwestern University, a small grant to further his work on how sports relates to politics.
Stefan de Villiers, high school student, to create podcasts on the decisions of other high school students and how/why they become successful.
Brian Burns is working (with Samo Burja) on the history of mathematics and career networks, with special attention to the blossoming of innovation in 18th century Göttingen: “The secret to producing flourishing mathematical and scientific traditions may lie in a careful study of institutions. I will undertake this investigation and in the process uncover lost mathematical knowledge.” Gauss, Riemann, and Hilbert!
Can Olcer is one of the two entrepreneurs behind Kosmos School, a K-12 school that exists only in virtual reality, a for-profit enterprise with an emphasis on science education.
Anonymous, working on a board game for ten years, aimed at teaching basic economics, including supply and demand and the core ideas of Ronald Coase. The grant is for marketing the game.
Sophie Sandor is a 23-year-old Scottish film-maker making films with “noticeable themes [of] rational optimism, ambition and a rejection of the victimhood notion that millennials are prone to.” She is also interested in making documentaries in the education space.
Nicholas Dunk has a for-profit to bring voice recognition/machine transcription to the daily tasks of doctors. The goal is to solve paperwork problems, free up doctor time, encourage better record-keeping, and improve accuracy, all toward the end of higher quality and less expensive health care.
U.S. government investigators increasingly believe that Chinese state hackers were most likely responsible for the massive intrusion reported last month into Marriott’s Starwood chain hotel reservation system, a breach that exposed the private information and travel details of as many as 500 million people…
Story here. And:
Armed with a rich array of personal data, an intelligence agency can also tailor an approach to a person to see whether the individual can be recruited as a spy or blackmailed for information. The passport data, which is not often collected in data breaches, probably was a particularly valuable find for the hackers.
You will note that no one is trying to sell the data. And this:
The report, citing two people briefed on the investigation, reported China had launched an intelligence-gathering campaign which included hacking into health insurance companies and hacking security clearance files of millions of people living in the U.S. The New York Times reported the hackers are believed to be employed by the Ministry of State Security, which is China’s spy agency. The paper noted that the revelation that China was behind the Marriott hack comes as the U.S. government is gearing up to launch actions against China’s trade that include indicting Chinese hackers that work for the government. The New York Times noted the Marriott hacking isn’t expected to be part of the indictments but does add a sense of urgency to the moves the White House was mulling.
The Trump administration is also planning on declassifying intelligence reports that show China had been trying to create a database of American executives and government officials that have security clearances, reported The New York Times.
I could go on. I am genuinely unsure what are the economic costs of these mischievous activities, but would note simply that it is sometimes necessary to punch back. The choice is not free trade vs. protectionism (I strongly suspect Scott and I agree on the economics of trade), but rather a partial return punch now vs. a worse situation much later on.
A syndicated article published in the September 5, 1988, edition of the Press and Sun-Bulletin newspaper in New York talked with a number of experts about what the jobs of tomorrow would look like. The article first quotes S. Norman Feingold, a clinical psychologist and career counselor who died in 2005.
From the 1988 article:
Feingold envisions a range of exotic careers: Ocean hotel manager, wellness consultant, sports law specialist, lunar astronomer and even robot trainer.
The piece also quotes the George Tech engineering professor Alan Porter who gave his opinion on the future of fast food.
He predicts such innovations as “the Autoburger,” a fast-food dispensary something like McDonald’s, but without human workers.
And the article ends with a mixed bag of good and bad predictions:
Marvin Cetron, a technological forecaster, looks at the year 2000 and predicts a 32-hour work week. “The only job a woman won’t be holding is Catholic priest,” he said.
Cetron said college students of the future will study enzyme research and genetic and robot engineering.
Here is the piece, via Tim Harford. The broad lesson I think is that bets on computers were basically right, and will be for some time to come, and other bets are either obvious or stupid, in retrospect.
Given further data on the stunning performances of AlphaZero, Charles Murray asked me that on Twitter. And for now the answer surely seems to be yes: just let AlphaZero rip, and keep the human at bay. It’s a bit like the joke about the factory: “The dog is there to keep the man away from the machines, and the man is there to guard the dog.” (Or is it the other way around?)
But here’s the thing: right now there is only one AlphaZero, and AlphaZero does not play like God (I think). At some point there will be more projects of this kind, and they will not always agree as to what is the best chess move. Re-enter the human! Imagine a human turning on AlphaZero and five other such programs, seeing where they disagree, and then querying the programs further to find a better answer. It is at least possible (though not necessary) that a human will be better at doing this than will a machine.
Keep in mind, the original role in the human in Advanced [man-machine] Chess was not to substitute human chess judgment for machine chess judgment in any kind of discretionary fashion. It was to adjudicate disagreements across programs: “Rybka has a slightly better opening book. Fritz is better in closed endgames. Houdini is tops at defense.” And so on. The human then sided with one engine over the others, or simply spent more engine time investigating some options rather than others.
It could possibly run the same way for neural net methods, once we have a general sense of the strengths and weaknesses of different projects. So yes, man-machine cooperation in chess is a loser right now, but it may well come back. And there is a broader economic lesson in that, namely that automation may eliminate jobs, but it does not necessarily eliminate them permanently.
Here is the audio and transcript, Paul was in top form and open throughout. Yes economic growth, blah blah blah, but we covered many related topics too:
COWEN: And you also think we should simplify the English language. Right?
ROMER: [laughs] Well, there’s two parts to that. One is, in writing and communication, there should be a very high priority on clarity. It’s hard to know what’s the mechanism that enforces that. There are variants on English, like the English used to write the manuals people use to service airplanes, where there’s a very restricted vocabulary. The words are chosen so that you can’t have any ambiguity because you don’t want somebody servicing a plane to get confused. So there are some things you could do on writing, word choice, vocabulary, exposition.
There’s a separate issue, which is that amongst the modern languages, English has the worst orthography, the worst mapping between spelling and sounds of any of the existing languages. And it’s a tragedy because English is becoming the universal second language.
The incidence of people who don’t learn to read is substantially higher in English than in other languages. People have known for a long time, it takes longer to learn to read in English because of the bad orthography. But what hasn’t gotten enough attention is that there’s an effect on the variance as well. There are more people who never get over this hurdle to actually learning to read.
If there were a way to do in English what they’ve done in other languages, which is to clean up the orthography, that could make a huge difference in the variation associated with whether or not people can learn to read English.
COWEN: Can a charter city work if we import good laws from the outside world but not the appropriate matching culture?
ROMER: You’ve zeroed right in on the connection. The real motivation that I had for charter cities was exactly this one that you can see in the US versus New Zealand. You can think of a charter city exercise . . .
This is actually the story of Maryland: We’re going to create laws, and we’re going to guarantee freedom of religion in Maryland, and it’s in the laws; it’s in the institution somehow. That didn’t turn out very well. Maryland had a Catholic elite but then large numbers of Protestant indentured servants or workers. And this kind of commitment to freedom of religion was not stable in Maryland at all.
The case that’s worth trying to copy is Pennsylvania, where William Penn recruited large numbers of people who actually believed in freedom of religion. The word charter comes from the charter that Penn wrote for Pennsylvania, but it wasn’t the document that mattered. What mattered was that there were a bunch of people in the founding population who were committed to this idea of a separation of church and state and religious freedom. And that’s what made it durable in Pennsylvania in a way it wasn’t in Maryland.
ROMER: …Moses was of this generation that was too enamored of the car, and this is where I think Jacobs had a better intuition. But the challenge, the dichotomy I would pose would be Jane Jacobs versus Gouverneur Morris.
Morris was the guy who drew the grid that laid out the rectangular street map for Manhattan.
We also discussed music, including Hot Tuna, Clarence White, and Paul’s favorite novel, dyslexia, what Paul has learned about management, and much more. Self-recommending, if there ever was such a thing.
Parents who give up their phones during dinner will be rewarded with free meals for their kids at one U.K.-based restaurant chain. For the first week of December, Frankie & Benny’s is running its “no-phone zone” campaign in an attempt to improve family interactions at the dinner table.
The promotion was announced following a study that the Italian restaurant chain ran earlier this year, where they studied the dinner table behavior of over 1,500 people. And the results were staggering—almost a quarter of the parents admitted to not only using their phones during mealtime but that they did so while their kids were talking about their day.
Here is the full story, via Tadd Wilson.