Information Processing

Just another weblog

Archive for December 2004

Faltering meritocracy in America

with 5 comments

Excellent article in the Economist. The data, though complex, seem to indicate that while income and wealth inequality are growing, social mobility has either not changed or decreased slightly. Also, the US does not seem to allow any more social mobility than european countries like Germany or Sweden.

Paradoxically, “…Members of the American elite live in an intensely competitive universe. As children, they are ferried from piano lessons to ballet lessons to early-reading classes. As adolescents, they cram in as much after-school coaching as possible. As students, they compete to get into the best graduate schools. As young professionals, they burn the midnight oil for their employers. And, as parents, they agonise about getting their children into the best universities. It is hard for such people to imagine that America is anything but a meritocracy: their lives are a perpetual competition. Yet it is a competition among people very much like themselves—the offspring of a tiny slither of society—rather than among the full range of talents that the country has to offer.

…America’s great universities are increasingly reinforcing rather than reducing these educational inequalities. Poorer students are at a huge disadvantage, both when they try to get in and, if they are successful, in their ability to make the most of what is on offer. This disadvantage is most marked in the elite colleges that hold the keys to the best jobs. Three-quarters of the students at the country’s top 146 colleges come from the richest socio-economic fourth, compared with just 3% who come from the poorest fourth (the median family income at Harvard, for example, is $150,000). This means that, at an elite university, you are 25 times as likely to run into a rich student as a poor one.”

Written by infoproc

December 30, 2004 at 7:31 pm

Posted in Uncategorized

Future investment returns

with 4 comments

Some nice discussion related to equity risk premia in the Economist. “…Despite the slump in prices in the three years to 2002, price-earnings (p/e) ratios still look a bit high, notably on American shares, and share valuations are unlikely to benefit from falling interest rates in future. Meanwhile, lower inflation means that the pace of profits growth will slow. Assume that America’s nominal GDP grows by 5% a year (3% in real terms, plus 2% for inflation). If the share of profits in GDP is constant, profits will grow at the same rate. However, profits could do much less well, because in America, Japan and the euro area their share of GDP is close to a record high. They might well be expected to fall.

Suppose, though, that profits do rise in line with GDP and that p/e ratios stay the same. Then, Mr Barnes estimates, the total nominal return on American shares over the next decade will average 6.8% (5% profits growth, plus dividends), half the figure for the past 20 years. If profit margins fall modestly and the p/e ratio reverts to its long-term average, returns will average 4.9%—well below investors’ expectations. Surveys suggest that individuals expect returns of more than 10%.

Could property instead lay the golden egg of the next decade? According to The Economist’s global house-price indices, housing has yielded double-digit returns (including rental income) in most countries over the past 20 years. But the peak may be close. In several countries house prices are at record levels relative to incomes and rents. At best, they are likely to flatten off over the coming years. Add in the sharp fall in rental yields, and the prospective total return on property over the next five years or so is poor.”

But, there is reason to believe that p/e ratios will remain higher than their historical average, due to investor confidence in the equity risk premium.

Written by infoproc

December 30, 2004 at 7:12 pm

Posted in Uncategorized

Google Suggest and phishing attack

with 2 comments

Google has a nice beta toy called Google Suggest, which guesses predictively as you enter search terms. What is interesting is the compact JavaScript on the page which communicates in real time with a Google server to generate the suggestions. The secret is the XMLHttpRequest object, used to communicate with a server and get new information or instructions without refreshing the page

I can see how such code could be used in a phishing attack: a phishing Web page, to which the user is directed via a fake email, can use similar JavaScript to transmit keystrokes to a remote server, even if the html post on the page submits the information (e.g., username and password) to the real authentication server. Anti-phishing technology which focuses on where the post data is sent (i.e., which is implemented on the firewall or TCP/IP level) will not detect a problem.

Anti-phishing technology like Whole Security’s Web CallerID works by looking at the URL from which the potentially fake page is loaded. However, using the trick I’ve outlined above and some cross-site scripting the page can be served up from any number of locations – the only static component is the remote server where the keystrokes are sent. For an anti-phishing agent to detect this hack it would have to parse and understand the JavaScript on the fake page. Actually Web CallerID is weak for another reason – a phisher can use JavaScript to modify the “chrome” on the browser, replacing the Web CallerID toolbar with a fake one that gives the OK signal. (This is true for any toolbar.)

For those who don’t follow Internet security, we are in the midst of a sea change right now. In the past, viruses and the like were built and released just for fun, for hackers to gain a reputation. We are now entering a period where much of the hacking is done by criminals for the purpose of financial gain. This means that the next virus on your machine may be more than just an annoyance – it may be watching while you log into your online banking account.

Written by infoproc

December 30, 2004 at 9:00 am

Posted in Uncategorized

Fannie Mae exits scandalous

with 2 comments

The generous packages offered to CEO Raines and CFO Howard are ridiculous. I think the biggest problem today in US corporate governance is the cozy relationship between directors and management. It is obvious that directors are not incentivized properly to look out for the best interests of the company, but rather to maintain good relationships with the chief executive. Not only has CEO compensation become decoupled from actual performance, but “caretaker” CEOs who inherit existing public companies with strong brands and product lines are being compensated like entrepreneurs who actually create value out of nothing (see Michael Eisner and Disney for a great example). I don’t see why a CEO should make $100M for anything short of a heroic turnaround – let alone lackluster performance.

For previous posts on Fannie, see here and here. Look for congress and OFHEO to claw back some of the largesse heaped on Raines.

From today’s WSJ editorial by J. Stewart: “After pledging before Congress to hold himself personally accountable for any accounting errors, news reports suggest he embarked on a strenuous campaign to save his own job, huge salary and perks. Even after the Securities and Exchange Commission faulted the accounting and said Fannie Mae had misstated $9 billion in profits, Mr. Raines’s benefit included an astonishing $1.4 million-a-year pension for life, not to mention a multimillion-dollar array of other goodies. Mr. Raines already is immensely wealthy; he earned more than $17 million from Fannie Mae in 2002 alone. I’m sorry, but harvesting a massive payoff for $9 billion in accounting irregularities doesn’t constitute accepting responsibility for the errors.

This is all beginning to smell like the Richard Grasso pay and severance scandal at the New York Stock Exchange, with the massive payouts and cozy relationships between management and directors. There, too, a quasipublic institution lavished unseemly benefits on its top officer and is still embroiled in litigation and reform efforts meant to regain public trust.

Like the NYSE, the Fannie Mae affair goes to the heart of a serious problem, which is that a quasipublic institution that enjoys protection from the usual risks of the market, in the name of public service, has insisted on treating its top officers like their most highly paid peers in the far-riskier private sector.”

Written by infoproc

December 29, 2004 at 9:01 am

Posted in Uncategorized

Equity risk premium

with 5 comments

In theory, stocks should provide a greater return than safer investments like Treasury bonds. The difference is called the equity risk premium: it is the additional return that you can expect from the overall market above a risk-free return. The historical value of this risk premium is about 4%. Currently, TIPs yields are about 2%, so one would expect real equity returns of about 6% going forward.

A paradoxical aspect of this risk premium is the following: once people realize that equity returns dominate bond returns, why should they continue to demand a premium for owning equities (assuming they have long time horizons)? Over the last 20 years, it has become conventional wisdom that one should own stocks, rather than bonds, for the long run (“stocks for the long run”,”buy and hold”, even “buy on the dips”). Nothing wrong with this conclusion, as the data certainly support it. But as more investors accept this wisdom, the more the price of equities gets bid up, leading to large P/E ratios and, eventually, a smaller risk premium. To me, this is the most plausible explanation for recent secular increases in P/E ratios. However, it also implies that equity returns in the near future should lag the historical average.

The equity risk premium plays an important role in discussions of social security privatization – the particular value assumed makes all the difference in future projections. But we should remember that equities are like any other scarce resource subject to supply and demand. If demand for shares increases, their prices will also increase, even if there is no change in the “intrinsic value” = sum of future dividend payments. Eventually the supply of shares can increase, as perhaps the rate of business formation speeds up. But, it seems obvious that the growth in capitalization of the broadest index of equities cannot exceed GDP growth for any length of time, so it would be surprising if this rate of value creation could accelerate drastically.

From this perspective, it seems that social security privatization is likely to bid up equity prices and depress their future returns. Imagine the following analogy: one day, foreign investors wake up and decide to increase their portfolio allocation to US equities. The result may be a buoyant stock market, but to what extent does this increase real value creation in our economy? Does it create enough value (i.e. future earnings and dividend growth) to justify the amount by which prices are bid up? (An even simpler analogy: I have a chicken, which produces eggs at a fixed rate. Demand for egg-laying chickens increases, driving up the price of my chicken. Will it lay eggs any faster as a result of its increased price?)

Written by infoproc

December 28, 2004 at 3:20 am

Posted in Uncategorized

Man in the middle phishing attacks

with 3 comments

I posted before about phishing being the next big security problem, after viruses, worms and spyware. Protecting against viruses and worms has become a billion dollar a year industry, and now anti-spyware companies are being snapped up by Microsoft and other acquirers. I mentioned before that there is no easy solution to the phishing problem. This NYTimes article describes some anti-phishing measures being tested by banks, such as RSA’s SecurID key fob. SecurID uses a cryptographic one-time password (OTP), which is synchronized between the chip on the fob and the algorithm running on the authentication server.

But, this method has an obvious vulnerability. The fake bank site that the phisher redirects the user to could easily proxy the real site:

User —— phish proxy —— real bank site

in which case, the OTP is simply passed through when the user types it in. Once the authentication is complete the phisher drops the connection to the user and continues with the banking session. The only drawback is that the phisher has to execute this attack in real time – he sits by his machine, which beeps when a new account is compromised. He has only one login session to do his dirty work, since he can only get the OTP by proxying.

Written by infoproc

December 26, 2004 at 9:11 am

Posted in Uncategorized

Buffet bearish on dollar

with 5 comments

This is old news, but I found the March 2004 letter from Warren Buffet to Berkshire Hathaway shareholders, from which the following is excerpted. Buffet anticipated in 2002 the sentiment only now becoming conventional wisdom among US investors. However, he does note the tendency for people who bet against the US economy to get burned 🙂

During 2002 we entered the foreign currency market for the first time in my life, and in 2003 we enlarged our position, as I became increasingly bearish on the dollar. We have – and will continue to have – the bulk of Berkshire’s net worth in US assets. But in recent years our country’s trade deficit has been force-feeding huge amounts of claims on America to the rest of the world. For a time, foreign appetite for these assets readily absorbed the supply. Late in 2002, however, the world started choking on this diet, and the dollar’s value began to slide against major currencies. Even so, prevailing exchange rates will not lead to a material letup in our trade deficit. So whether foreign investors like it or not, they will continue to be flooded with dollars. The consequences of this are anybody’s guess. They could, however, be troublesome – and reach, in fact, well beyond currency markets. As an American, I hope there is a benign ending to this problem.

Then again, perhaps the alarms I have raised will prove needless: Our country’s dynamism and resiliency have repeatedly made fools of naysayers. But Berkshire holds many billions of cash-equivalents denominated in dollars. So I feel more comfortable owning foreign-exchange contracts that are at least a partial offset to that position.

Written by infoproc

December 26, 2004 at 9:02 am

Posted in Uncategorized