Snippings

The former deputy Treasury secretary (and former Fed board member) Sarah Bloom Raskin was interviewed in The Banker earlier this year. She touched on the issue of US “soft power” exercised through the financial system. In view of the fact that the use of economic sanctions is a key part of this soft power, she had some really interesting and well-informed comments on their impact. She said that sanctions create a “a whole cascade of costs and actions that have to be taken not just by bankers but, obviously, by the businesses affected” and went on to observe that while historically these tools had been used carefully, their use has now “exploded”. Referring to the Trump administrations actions back in October 2019, where sanctions were imposed on Turkey and removed nine days later, she asks “How in the world is a firm supposed to plan… sanctions policy is something that has not been promoting resilience”.

Well. Indeed.

The role of new technology, and mobile phones in particular, to fight the COVID-19 pandemic is critical to getting things back under control and restoring the economy to some semblance of normality. The Economist made this point and described the three categories of tools being developed and deployed in the battle against the virus. The first is documentation: using technology to say where people are, where they have been or what their disease status is. The second is modelling: gathering data which help explain how the disease spreads. The third is contact tracing: identifying people who have had contact with others known to be infected.

In a modern society with near-complete smartphone penetration, these tools can be very effective. In China, to begin with the obvious case study, the authorities use algorithms to estimate the probability that a given neighbourhood or has exposure to the virus by matching smartphone location data against the known locations of infected individuals or groups. This information is then used to target limited medical resources more efficiently by, for example, directing tests for the virus to high-risk subjects identified by the artificial intelligence algorithm.

When it comes to contact tracing, it is obviously more effective to protect the population by using new technology rather than by relying on the memories and notes of people who test positive. Implementing a system to do this doesn’t have to be a Big Brother option. I think that through the miracles of cryptographic blinding, differential privacy and all sorts of other techniques that are actually quite simple to implement in the virtual world (but have no conventional analogues) we ought to be able to find ways to provide privacy that is a defence against surveillance capitalism or state invasion but also flexible enough to come to our aid in the case of national emergency. 

One of the first countries to go with a more privacy-sensitive approach was Singapore, for example, the Ministry of Health worked with the Government Technology Agency to launch an app for contact tracing. This app, called “TraceTogether”, was installed by more than 600,000 Singapore resident within the first week of its launch in March 2020. The app works by using Bluetooth signals between phones to detect other participating TraceTogether users in close proximity (ie, with 2m) for some time (originally for 30 minutes). Records of such encounters are stored locally on each person’s phone. If a person tests positive for the virus, then that person can consent to send the contact records from their phone up to the Ministry of Health, which can then message the people that the person was in contact with to suggest they get tested. That contact data is stored in encrypted form on the consumer device, is deleted after 21 days and has the person’s identity (and those of their contacts) pseudonymised. However, it remains a centralised identities could be de-anonymised relatively easily.]

Privacy, Please

In Europe, a collaborative effort called “Decentralized Privacy-Preserving Proximity Tracing” (D3PT) put forward a Bluetooth-based solution similar to TraceTogether but with a privacy-preserving architecture. At the heart of this architecture is an open protocol for proximity tracing using Bluetooth Low Energy (BLE) functionality on mobile devices that ensures personal data and stays entirely on an individual’s device. (It was produced by a core team of over 25 scientists and academic researchers from across Europe and open to wide scrutiny).

Under this more private approach, devices broadcast identifiers that change every hour (or day or whatever) and these “ephemeral IDs” (ephIDs) are stored by other nearby devices together with the duration the contact and a “coarse” timestamp (ie, to the nearest day). When someone is diagnosed with the diseases, their phone can upload all of the ephIDs that it broadcast while the person was infected to a health authority server somewhere. Everyone’s phone periodically checks this server to see if it had heard any of the ephIDs from an infected person and if so how long for, and can then calculate the risk and tell the user whether to go for testing or not. Since all the devices (and the health server) ever store is the ephIDs, no personal data can leak through the system.

One particularly attractive aspect of the D3pT approach is “graceful dismantling”, which means that the tracking system will dismantle itself when a pandemic ends because people will stop using the app and will top uploading their data to the central server (server data is removed after 14 days in the case of COVID-19 tracking, but with other diseases I can imagine that the time during which infected people can infect others might be different). This is a good basis to proceed. Someone who I always take seriously about this sort of thing is Gus Hosein, the executive director of Privacy International. Gus has said that he is “relatively relaxed about contact-tracing apps in which data is anonymised and well-regulated” and I agree. Although, of course, notions of what might constitute “well-regulated” might differ between stakeholders.

This privacy-enhanced approach to contact tracing received a significant boost when Google and Apple announced that they would work together to deliver a similar solution for the mass market. They published a specification for just such a privacy-enhancing proximity contact tracking app and APIs for health organisations to use. Even more interestingly, in a coming version of the system (planned for June) Apple and Google say they will add the functionality as the operating system level so that users can enable contact-tracing even without an app installed although I can see some potential problems arising here as it appears that Big Tech will decide who can and cannot use this service. The row has already broken out in France, where the Minister for Digital Things, Cedric O (who I had the great pleasure of meeting at lunch at the Paris Fintech Forum this year) says he wants Big Tech to “lift the technical hurdle to allow us to develop a sovereign European health solution”.

(I note that both the Austrian and Swiss health authorities have said that they will implement the D3PT system running over the Apple/Google APIs. I said that I thought there was a workable compromise coming here: that is, Big Tech will allow Bluetooth running in the background so long as the data stays on the devices as per D3PT. More evidence to support this view has arrived from Germany, which has now decided to down this route with Reuters reporting that “Apple’s iPhone would under the proposed setup only work properly with decentralized protocols such as DP-3T”.)

There remains the question of who will maintain the database of ephermal IDs. In the UK, there is an obvious answer, which is the NHS. And indeed, this is what is happening. The Health Minister, Matt Hancock, announced that just such an app would be deployed. NHSX, the NHS’ new technology unit, has been working on the app in the hope that it can help alleviate lockdown by tracking infections, although whether it will use D3PT or the Apple/Google APIs in the future is, at the time of writing, not clear. Anyway, my point is that the privacy of these applications is important, because detailed modelling shows that were an attacker to compromise such an app on the phones of only 1 in 100 people, that attacker would be able to track the location of half of the population of a big city such as London.

Now, these apps will only have an impact if a significant fraction of the population use them. It is outside my field of expertise to speculate as to what fraction will be required, but in the case of Singapore only around a fifth of population used the apps (when the authorities had been hoping for three-quarters) and this was insufficient to stave off lockdown. However, I am optimistic: if a privacy-enhanced contact tracing capability is standard on smartphones and people can be encourage to turn it on once every few years when a pandemic sweeps through, we can make progress against these diseases.

(Even if it arrives too late to help with COVID-19, it will be a useful capability to have in place for the next pandemic.)

Papers, Please

There’s a fourth category of tool not mentioned in that Economist article: demonstrating that people have the COVID-19 antibodies and are thus no longer susceptible to infection. Bill Gates has been talking about issuing digital certificates to show “who has recovered or been tested recently or when we have a vaccine who has received it” and in this, as in so many other things, he is certainly correct. The problem of getting such a certificate is hardly new, by the way. Here is Daniel Defoe writing in his “Journal of the Plague Year” about his experiences in London in 1665, noting that “there was no getting at the Lord Mayor’s door without exceeding difficulty; there were such pressing and crowding there to get passes and certificates of health for such as travelled abroad, for without these there was no being admitted to pass through the towns upon the road, or to lodge in any inn”. 

Now, we might imagine that the certificate that you need to present to the Woking Holiday Inn on check in might now be on a mobile phone rather than on paper, lovingly hand scribe by the Mayor of Woking in person, but you get the point. Other countries are proceeding with similar plans. Germany, for example, plans to test 100,000 people at a time, issuing documentation to those who have built up an immunity. Here in the UK, there are similar calls for action, asking for members of the public to be issued with “an all-clear ‘certificate’ allowing them out of lockdown“.

There certificates must be secure, of course. The national emergency of the pandemic does not prevent the unscrupulous or downright criminal from attempting to obtain advantage. I was surprised, but hardly shocked, to read that Amazon and eBay had to remove NHS lanyards from sale because of worries that non-NHS people would buy them in order to gain access to supermarkets during time set aside for key workers to shop. I must mention that my good friends over at Yoti have created a mobile version of the NHS ID that should put a stop to this abuse. But as a general point, as Anderson points out, compulsory services (as for quarantine) face threats.  If you need a certificate to get into the cinema, then people will pay for bogus certificates or otherwise try to game the system (which is why it needs to be built on a proper, privacy-enhancing digital identity infrastructure and not hacked up on top of something knocked up in a crisis).

But there’s no reason why your certificate to show you are recovered from the virus should give up any other personal information. And this, to me, is a very interesting example of how technology can be used in ways that enhance privacy if the decision is made to go in this direction.

(The technology could go further, of course. In China, the authorities check records of medicine purchases to track down people who have attempted to get out of quarantine. In South Korea, the authorities link mobile phone location records, payment card purchases records and so on to make an effective tracking and tracing routine.)

Dealing with the pandemic has brought issues of security and privacy to the fore and made many of us rethink some of the issues. It is time for serious and informed national debate about building a digital identity infrastructure that will support not only government and business but also society in an interconnected age. It is more important than HS2. We wouldn’t have wanted it this way, but we must not let the coronavirus catastrophe go to waste.

I came across an odd and anachronistic story in the Financial Times, concerning a woman who lost her purse or had it stolen. She points out that the purse held her Oyster card (the London transit card), her driving licence and and her debit card. She borrowed some money from a friend and went about her day but then goes on to complain that using cash in London “is a problem”. This is because many merchants in London are cash free and, in particular, buses are cash free (I guess she didn’t know you don’t need an Oyster card or a debit card because you can pay on buses with Apple Pay or Google Pay and have been able to do such for several years). 

Now, however, we discover that contactless payments are not simply a matter of taste but of survival! Cash is a dangerous vector of communicable disease, including the COV-19 virus that is the cause of the current pandemic and lockdown. There have been all sorts of stories in the newspapers about disinfecting cash and so on, and a great many people are refusing to touch the stuff.

This is not a new meme. In fact, I talked about this years later in one of the first ever Consult Hyperion blog posts, called “End the cash menace now!”. From time to time over the years, I’ve brought this up as one of my general and persistent complaints about cash. But it isn’t just the cash that is filthy. ATMs in the UK are also reservoirs of pestilence. And sadly, so are plastic cards (in fact, in a spirit of scientific enquiry, I should report that one study in London found a higher percentage of contaminated cards!). It seems as if a lot of things, in the UK at least, are absolutely filthy.

Unfortunately, I don’t think the dirty money meme plays into my pro-electronic money hands as much I’d like. After all, it is mobile phones that are going to get rid of cash and here the news is not good. The average mobile phone is even dirtier than the bank notes! It’s not hard to see why because in the UK faecal bacteria are present on 26% of hands, 14% of banknotes and 10% of credit cards. One in six mobile phones are dirtier than toilet seats, although as my colleague Neil McEvoy points out, you don’t generally pay for things using other people’s mobile phones.

Nevertheless, in the UK the figures coming through are clear. Contactless card use is booming and mobile wallet use growing with it. The same is true in Australia, where Commonwealth Bank of Australia’s latest figures show a surge in CBA Tap & Pay, Apple Pay, Google Pay, Samsung Pay, Fitbit Pay, and Garmin Pay device transactions (up 17% on this month last year) as consumers reach for their phones to avoid touching PIN pads during the Coronavirus outbreak.

Anyway, while the use of cash has been collapsing in the pandemic (in fact it fell by half in the first few days of the lockdown), the fact is that use of physical currency was in decline in the UK long before the government halted commerce to slow the spread of  coronavirus, there was also concern about using chip and PIN cards. The press was full of stories (such as “GP reveals you should be disinfecting your bank card once a week because it could be contaminated from previous users all touching the same reader amid coronavirus outbreak” from The Daily Mail). In response to all of this, the UK’s spending limit for contactless card payments went up £45.

Now, whether cash or PIN pads are actually a threat to public health isn’t the point. People think they are. And much as the SARS epidemic in the Far East undoubtedly accelerated the move to QR code mediated points of service, so the fear of contamination will mean a fundamental shift in behaviour. We have long advised our clients that the strategic direction in the mass market will be a shift from “check out” models to “check in” models and these models depend on the quick and accurate recognition of consumers in order to deliver hyper-personalised and localised services to their benefit. My colleague at Consult Hyperion, Tim Richards, summed this up nicely on a recent call by saying that we shouldn”t be advising people to go contactless, but “contact free”. In other words, while “tap and go” dominates the thinking right now, it is only a step towards a much bigger change away from the “traditional” way to pay where the customer approaches a point of sale in order to complete payments, whether by cash, cheque, chip and PIN, contactless, QR code or cowrie shells.

For an example of this shift in practice, take a look at what the world’s biggest retailer, Walmart, is doing. It is introducing no-contact payment for customers using the Walmart Pay app. The app isn’t new, it’s part of a long-running programme to transform the in-store experience. Until now customers had to select a payment method by touching a screen on its self-checkouts when using Walmart Pay. However, the check-out process has now been revised so the customers who have the app can scan a QR code at the POS and pay completely free of contact. We discussed where this is going in our recent Tomorrow’s Transactions webchats (Week 5, with Jeremy Nicolds from JudoPay) and concluded that there are some pretty significant implications of the transition to the contact-free future (and these extend beyond payments). One of the more obvious ones is that the potential to introduce new payment options is greatly enhanced when it means additional in-app options but no change at POS.

None of us would have wanted it this way, but the virus is accelerating the trends we have been working on for years. If you want to explore how to use technology to deliver that better service to your customers, give us a call.

xxx

GP reveals you should be disinfecting your bank card once a week because it could be contaminated from previous users all touching the same reader amid coronavirus outbreak

From Expert reveals you should be disinfecting your bank card  | Daily Mail Online:

xxx

Many years ago while visiting the executive floor in Barclays Bank’s Canary Wharf headquarters, I came across a glass display case containing a ring that belonged to Sir Thomas Gresham, Queen Elizabeth I’s banker and is in many ways the father of the modern City of London. Sir Thomas is best known to scholars of financial markets for the eponymous maxim, “bad money drives out good” (although it should be noted that he was far from the first person to understand the principle). In other words, rational actors will attempt to trade away debased and worthless coinage in return for goods and services but will keep the good stuff under the mattress. Thus, over time, the money in the marketplace goes bad.

But he should be known for more than that. Sir Thomas was badass, and really should be on a plinth in Trafalgar Square for his imagination, skill and gangster use of finance to disrupt in the phase transition between economic systems. In the year 1540, he set out to evade the capital controls (half a millennium before crypto-bros in Latin America) that were in place on the continent and the time and smuggled the equivalent of some $40 million in today’s money from Antwerp to Calais on behalf of King Henry VIII. Nowadays he would have used bitcoins and run them through a few mixers, but due to the technological limitation of Tudor money transfer, he was forced to use 25 bags of gold and silver coins.

(In fact, you’d think most people would use bitcoins instead of gold for money transfer today but apparently not: see the of the 3Kg of gold that someone forgot on a train in Switzerland recently.)

Anyway, as John Guy notes in his superb biography of Sir Thomas, for this highly risky cross-border transfer he was paid around $40,000 which means that the cost to the King was one basis point. That’s less than Wise charged me to transfer money from the US to the UK last week, although to be fair it did take Sir Thomas a month to get Henry’s loot to him and he did run the risk of being executed.

(It does make you wonder. Since Sir Thomas’ escapades, we have invented laser beams and transistors: so how come it costs so much money to send money around? According to the World Bank, while remittances to low and middle-income countries reached a record high last year, the average transaction cost remains around seven percent. That’s quite a lot more than it cost Henry VIII. How can sending some photons cost so much more than sending a horse and cart?)

I have long argued that, as the father of not only British banking but our financial services sector as a whole, Sir Thomas should be on our banknotes rather than the Queen, who really has nothing much to do with money. He used financial services to save the nation from invasion and subjugation (I even started a petition to Parliament on the subject but sadly did not get enough signatures to cause a debate in Parliament). As the Wall Street Journal review of a new book about the great man (John Guy’s “Gresham’s Law”) puts it, his astonishing career made him, “a harbinger of a world to come: one in which national sovereignty is answerable to the machinations of the market to whose imperatives crowned and elected heads alike would eventually have to bow”. And this is not hyperbole, it’s realistic appraisal of a man who changed the course of our history.

Freedom Fighter

In his wonderful and indispensable “A History of Money: From Ancient Times to the Present Day”, the late professor Glyn Davies tells how Thomas learned about borrowing, lending and foreign exchange while living in Antwerp. He mastered the black arts of finance and set the City of London on a path the global domination so successful that in 1587 their financiers “cornered” bills of exchange drawn on Genoan banks so effectively that that were able to disrupt the build-up of resources for Phillip II’s Great Armada, demonstrating how sophisticated economic warfare had become by the 1580s.

Adam Anderson, writing in 1787, says that the defeating of the Armada “does equal honour to commerce” which I think is a wonderful phrase. He went on to quote Bishop Burnet on the system created by our man in Antwerp that delayed the departure of the Spanish fleet: “At so small a price, with so skilful management, was the nation saved at that time!”.

(You can read it about this in more detail in Neil Hanson’s superb “The Confident Hope of A Miracle: The True History of the Spanish Armada”, which I cannot recommend highly enough.)

Gresham was a man who truly understood money. He encouraged Elizabeth I to rebase the coinage (that had been debased by her father) by melting it down and reissuing it with a higher base metal content and to pay down her debts and to balance her books. He was a Royal Agent in Antwerp and through some financial engineering that would put Blythe Masters to shame he managed to up the value of the pound sterling from 16 to 22 Flemish shillings to assist with the repayment of the Crown’s debts. Later, when Carols V placed a ban on the export of bullion from the Netherlands, Gresham adroitly moved into smuggling gold and silver.

For these actions I long ago suggested that he be revered more widely as the Patron Saint of Fintech. Never mind changing the world by making it easier for you to find better credit card rewards using an app, he invented a kind of guerrilla financial warfare and shaped a merchant company that helped to defeat what was then Europe’s greatest empire with some financial jiggery-pokery 400 years before credit default swaps and mortgage-backed securites. While I worship Sir Thomas for those acts of economic terrorism in the service of Merry England, his contribution to the City of London should also be celebrated: he founded the Royal Exchange. The story is nicely told by Lambert in his 1806 “History of London and its Environs from the Earliest Period to the Present Time” and rather than paraphrase the eloquent narrative I will quote directly:

Sir Thomas Gresham, an opulent merchant of London, actuated by a laudable desire to facilitate commercial transactions, made a noble offer to the corporation, of erecting, at his own expence, a convenient bourse or exchange, for the accommodation of merchants, to meet and negociate their business in; if a proper situation was provided for him. The city accordingly purchased fourscore houses, which composed two alleys leading out of Cornhill into Threadneedle-street, called new St. Christopher’s, and Swan alleys, for 3532 pounds. They sold the materials of these houses for 478 pounds and Sir Thomas Gresham, with some of the aldermen, laid the first bricks of the new building, June 7, 1566, each alderman laying one, with a piece of gold for the workmen: and the work was pursued with such alacrity, as to be roofed in by the month of November, in the following year. The queen would not have it called, as in other countries, the Bourse; but, when it was finished, came and dined with the founder, and with the heralds at arms, by found of trumpets, proclaimed it by the name, of the Royal Exchange.

In building the Royal Exchange, Sir Thomas created England’s first specialist commercial building. For the first hundred years or so, the space was used for the exchange of goods only. Stockbrokers were not allowed in, not because of some principled stand against the trading of assets but because their manners were considered too poor. However, the barrow boys were eventually admitted and in the eighteenth century it also housed the Lloyds’ insurance market.

Sir Thomas is reputed to have died of apoplexy. I am genuinely concerned that this might become my fate if I read one more article about the how the blockchain is the biggest innovation in the history of finance.

xxx

Amazon and eBay remove NHS lanyards from sale amid fears people are buying them to impersonate the key workers and enter supermarkets during protected shopping hours

From NHS lanyards removed from eBay and Amazon amid fears people use them to enter supermarkets | Daily Mail Online:

xxx

xxx

Mr. Powell noted in the letter that “while the Federal Reserve fosters the safety and efficiency of the payment system by offering interbank payment services, direct provision of payment services to households and businesses would represent a major change.”

From Powell Says Fed Has No Plans to Create Digital Currency – WSJ:

xxx

xxx

This opens up the door to widespread, illegal discrimination by racist, sexist, homophobic or transphobic bar staff, whose blacklistings will ripple out to many other establishments (Patronscan has captured scans from 200,000,000 people in sixty countries).

From Patronscan wants cities to require bars to scan your ID with its service so it can maintain a secret, unaccountable blacklist / Boing Boing:

xxx

xxx

Detectives believe they were selling ‘customers’ the Class A drug cocaine after they found boric acid, a cutting agent, inside the house.

Other items seized include burner phones, diaries, credit card payment machines, sex toys and paraphernalia associated with bondage. A bag filled with bank cards was also found concealed behind paneling in a toilet.

Other receipts suggested some using the brothel were paying between £80 and £100 for a gram of cocaine.

From Lawrence Dallaglio’s credit card ‘used in London brothel’, court hears:

xxx