Rational Risk, Part I
What Crime and Punishment can teach us about risk: MasterIdentity; Optionally Unmanned Intel; Chip Shortage; Ransom Notes; DevOops
“When reason fails, the devil helps!” he thought with a strange grin.
- Fyodor Dostoevsky
Risk Developments this letter:
MasterIdentity
Optionally Unmanned Intel
Chip Shortage
Ransom Notes
DevOops
Inaction In Action
On a bitingly cold day in December 22,1849, on Semyonovsky Square in St. Petersburg, Russia, a collection of authors, soldiers, translators and civil servants were sentenced to death for involvement in discussing, reading and distributing a letter from literary critic Vissarion Belinsky to author Nikolai Gogol. The first three, of sixty men, were tied to stakes in the square opposite the firing squad. The executioners raised their guns, aimed them at the doomed men and held them there for a full minute.
Next in line for execution was Fyodor Dostoevsky, who by that time was already the critically acclaimed author of “Poor Folk” and “The Double.” He had spent months in prison for his role reading the letter at gatherings and potentially planning to set up a publisher to distribute it. Why was a simple letter deemed such a threat to the state? In the letter Belinsky rebukes Gogol for harboring slavophile, christian and autocratic views, despite the widespread impression that Gogol’s critique of Russian social and political ills made him favor socialism and Western revolutionary ideals.
After waiting an agonizing sixty seconds, teetering on the brink of death, a drum roll sounded, signalling military retreat, and the executioners lowered their weapons. A representative of the Tsar announced that their sentences had been commuted and instead of death, they were to be exiled to Siberia where they would serve a sentence of hard labor. Following his time in the labor camps, Dostoevsky served in the military in Siberia, where he married his first wife. Upon being granted permission to return to European Russia, he fell deep into debts from his gambling addiction, had an affair with a cruel and haughty woman and outlived both his wife and his brother. In desperate need of financial, metaphysical and romantic recovery Dostoevsky wrote “Crime and Punishment”.
It was a smash success, attracting more than 500 new subscribers to the periodical it was published in and furthermore, led to Dostoevsky’s own recovery and falling in love. Why was “Crime and Punishment” at turning point for Dostoevsky, for Russia and for world literature and philosophy? What does this story have to say about risk, innovation and modernity? We will come back to these questions in future letters of The Refractor, but for now we will discuss the structure of the novel (minimal spoilers) and how it is situated in history.
“Crime and Punishment” is laid out in seven parts, two of which we’ll cover today, with seven main characters. In part one we meet the protagonist, Rodion Raskolnikov, a law school drop-out, working on a rationalist theory. His theory said that exceptionally strong and intelligent individuals have not only the right, but the obligation to commit moral and legal transgressions. Here it is helpful to know a bit about the Russian language and history. Rodion is a Russian name derived from Greek, roughly meaning hero or song of a hero, and he’s not the first Hiro we’ve discussed here. Raskolnikov comes from the Russian word for schism, and refers to the 17th century break in the Eastern Orthodox Church between the reactionary reformers and the old believers (raskolniks).
Following Rodion, we learn he plans to test his theory by murdering an old pawn broker, and on the way back from scoping out her apartment building, paralyzed by the inner conflict between his extreme rationalism and lack of will, he stops by a tavern for a drink. Inside he meets a drunk, Semyon Marmeladov, who continually impoverished his family with his drinking, to the point of forcing his daughter Sonya into prositution. Later we learn of Rodion’s own family drama, as his mother (a widow) has spent everything they had to put Rodion into law school, and is now forced to marry off his sister, Dunya, who has been working as a governess for a creepy old married man. Outraged at his sister’s sacrifice, his own inadequacy and the injustice of the world, he summons the will to commit murder, but in such an agitated state, he makes many mistakes while attempting the crime. After gaining access to the apartment, he kills the old lady with an axe, but forgets to lock the door, and while pilfering the pawned items, the old lady’s mentally handicapped half-sister walks in. Rodion, in a fit of uncertainty, kills her too and flees the scene haphazardly, almost getting caught as he runs down the stairs and out of the apartment complex. With a mounting illness and in a feverish pique, he returns home and clumsily covers his tracks before falling asleep.
The next day, Rodion is summoned to the police station by his landlord for unpaid debts, where he overhears discussion of the murder and faints. Having aroused suspicions, he leaves and, on a whim, visits his old university friend Dmitry Razumikhin (whose name roughly translates to “Mindful Demeter devotee”). After several days of delirium, Rodion wakes to a conversation between the doctor and Dmitry about the news of the muder case. Dunya’s fiancee interrupts the conversation and Rodion intentionally offends him and then kicks everybody out. He then sneaks out himself to revisit the scene of the crime and further draw attention to himself. As he wanders the streets pondering a confession, Rodion encounters a scene. The drunk from the tavern Semyon Marmeladov was run over by a carriage, and Rodion, taking Semyon in his arms comforts him as he dies and asks for forgiveness from his daughter Sonya.
There are still five parts of the novel left, but most of the action has already happened by this point, and the title itself almost tells you how things will play out. While we are discussing the implications of language here, it is also worth mentioning that words “crime” and “punishment” are rendered, in English, from different, Latin roots than their Russian equivalents. The slavic roots of “crime” and “punishment” are to “over step” and to “tell upon” respectively. That gives the title a flavor more like “Transgression and Made an Example of.” Not as succinct, but more direct in its instruction.
Returning to the big questions above, about risk, innovation and modernity, we can already see the answers taking form. One big reason to read Dostoevsky, and “Crime and Punishment” in particular, is how frequently it is mentioned by other great writers. Both Albert Camus and Ernst Jünger cite the novel specifically (more on this later), and Rene Girard compulsively mentions Dostoevsky. In “Deceit, Desire and The Novel” he compares Proust and Dostoevsky:
The reader is ·supposed to recollect; it is not the author who does the remembering for him, as in Proust. The development of the novel can be compared to a game of cards. In Proust the game proceeds slowly; the novelist constantly interrupts the players to remind them of previous hands and to anticipate those to come. In Dostoyevsky, on the contrary, the cards are laid down very rapidly and the novelist lets the game proceed from beginning to end without interfering. The reader must be able to remember everything himself. (246)
Already we can begin to make out the implications. “Crime and Punishment” is a study in the extremes of rationality and the limits to scientific thought. It is this same psychological hubris that created “risk free” collateralized debt obligations and brought down the financial system in 2008. The sick innovation of a theory of rationism that permits murder is the equivalent to technology that can be used to dehumanize and destroy lives. The Kafkaesque bureaucracy (written two decades before Kafka was born), crushing student debt, strict system of social rank, urban-rural divide, information technology advancement (lithography) and ideological rebellious atmosphere all feel very modern. In the next two letters, we will discuss the five remaining parts of the novel and what we can learn about business, technology and geopolitical risk.
Risk Developments
MasterIdentity
MasterCard is acquiring digital identity firm Ekata for $850M. Ekata is not your traditional startup, but one that was spun out of WhitePages.com, a dotcom era startup founded as a side hustle. WhitePages was built by scraping phone numbers and selling ads against a searchable database. Often a new institution is built on a founding murder. Scraping unlimited business data you license for $5000 a month and selling ads against it isn’t exactly murder, but it’s at least a stab in the back. Still, it wasn’t always easy for WhitePages. When institutions are built on an original sin, sometimes a second founding murder occurs. When WhitePages’ two biggest customers cut their spending by two thirds, the founder mortgaged his home to buy out his investors and rebuilt the business model around fraud prevention.
With a trove of personal data, WhitePages could offer identity verification services to enterprises concerned about fraud. By using the mobile phone numbers they had collected as universal unique identifiers (UUIDs), they could sell a fraud prevention product that turned out to be a much more sustainable business than advertising. Eventually the business was split into two (actually three) parts, consumer identity verification (and caller ID) and enterprise identity verification. Now MasterCard is buying the enterprise identity verification business called Ekata. Its customers include big names such as Stripe, AliPay, Microsoft and AirBnB.
It seems like a good outcome for the founder, who made a gutsy call and took a big risk, but what about for Ekata and MasterCard? Ekata was already facing mounting lawsuits as data privacy laws increase, and their pivot away from an ads based model was a step away from sharing everybody and anybody’s personally identifiable information (PII) for free, but selling PII is only marginally better than selling ads. Being in the business of giving identities green or red lights is better yet, and as it turns out quite valuable. Now we’ll get to see whether it’s more valuable as an internal asset for MasterCard or as a stand alone business.
Optionally Unmanned Intel
BAE systems and General Dynamics have both submitted designs for the U.S. Army’s M2 Bradley tank replacement, a optionally manned fighting vehicle (OMFV), a $4.6B program over the next six years. Not all of that will go to defense contractors, but it’s still a pretty significant investment, and perhaps even more significant is the wide net the Army is casting when it comes to ideas for the optionally manned vehicles. One issue with innovation in the defense space is that legacy costs and coalitions eat up a big share of the budget, so innovation can really only be made with the marginal dollar added to the budget. With $2.32 billion (over the next 20 years) being awarded to Northrup Grumman for minuteman missile maintenance recently and $13.3 last fall on a system to replace the aging nuclear missiles, other defense spending on risky new ideas might not get as much support.
Still, defense budgets are up substantially and the OMFV numbers are pretty big, especially for the concept stage. Unmanned, if not autonomous, weaponized vehicles, are an exciting advancement, but also potentially terrifying. Thinking through the implications of a war without boots on the grounds seems both utopian and dystopian at the same time. The recent Armenian-Azerbaijani conflict may be the closest we have to a case study in unmanned warfare. One must be careful not to apply an overly rational lens to such a war, imagining a return to pitched battles between drones.
One good reason not to be overly optimistic is the importance of an integrated attack and the use of the information space. Not only did Azerbaijan control the skies with drones, but they effectively coordinated attacks using legacy hardware and managed to fend off information warfare attempts by Armenia. While Armenia was clearly unprepared for kinetic action, the information response blunted the damage, and the real winner was their historical ally, Russia, who positioned peace keeping forces and claimed a diplomatic victory.
Turning back to autonomous vehicles, maybe the real story is in the information space. Just a few days after news broke that BAE had submitted its design, Twitter users began to piece things together, summarized in the article here. Between cheap open source intelligence and the the equalizing effect of information warface, those legacy defense budgets may not prove as big an advantage as some hope. It’s almost just as Rodion experienced, the physical violence is the easy part, but getting away with it is harder.
Chip Shortage
The chip shortage continues to play out in slow motion, and in a way it feels like a (much less awful) repeat of watching the pandemic unfold in slow motion. So far the financial impact on big tech has been minimal, in part due to the priority chip manufacturers place on their best customers. In operations class in business school you learn about the bullwhip effect, the phenomenon where imperfect forecasting along long supply chains results in systematically over and undershooting. This is a consequence of complexity, where each stage assembles a product that requires inputs that they have to accurately forecast as well, compounding forecasting errors.
When protective equipment was scarce in the early stages of the pandemic, there was a brief panic followed by a pretty strong response by the market. Unfortunately for the semiconductor industry, chip manufacturing is among the most complex human endeavors ever attempted, making both the number of dependencies high and the number of firms that can bring a product to market low. All of this has resulted in only marginally increasing output, despite some rather impressive efforts.
One lesson here is that in a complex enough domain, process knowledge, institutional inertia and know-how can be an effective moat, even if rationally it may appear that any smart and well funded competitor could enter the space, given a big enough incentive. The other lesson is that if complexity is your advantage, it could also prevent you from capturing the upside. As Rodion found out, it’s not just the plan that is necessary, but the courage to carry it out.
Ransom Notes
Perhaps not since the ransom of Julius Caesar has there been such a failure of the ransom markets to clear correctly. Illegal though it might be, a sort of equilibrium is usually found throughout various periods of ransom. During the crusades ransom was so common that a set of norms developed around the practice. Modern kidnapping and ransom insurance, while not as big and stable a business as property and casualty, has found a pricing equilibrium that offers insurers a favorable loss ratio of 34%.
Cyber insurance on the other hand may have to take more dramatic steps to curb the recent spate of attacks or suffer the continued losses. Apple supplier Quanta was recently with a $50M ransom and balked at the payment. Now the attackers are threatening Apple. The combination of third parties and a wild ransom market is especially pernicious, and Quanta isn’t the only recent victim. Japanese manufacturer Hoya also fell prey to ransomware recently.
This and other recent attacks have prompted the U.S. Department of Justice to form a taskforce. With attribution so difficult in cyberspace, making an example of the perpetrator through punishment doesn’t seem likely. They intend to “pursue and disrupt” the attackers, which makes it sound like they’ll attempt to hack back. This poorly thought out strategy does not seem any more promising than attacking an old pawn broker. There’s plenty of internal work that the DoJ could be doing to make sure our own house is in order, and the cyber insurance industry is going to play a key role in driving that change, but will they be able to without the DoJ focused on the equivalent of car chases on the information superhighway?
DevOops
Lastly this week, another software supply chain breach is posing correlated risks across customer networks. CodeCov, a code testing software company, was hacked in January and some of its 29,000 customers could be affected. As with physical supply chains above, complexity kills, and the number of third party libraries, tools, applications and suppliers is a structural feature at this point. Cynically, one might just write off security as a cost center and try to survive long enough for the headlines to pass, or naively one might hope to only have good suppliers. Realistically, all organizations are going to need to be a lot more mindful about software supply chain security.
Gratitude
Big thanks to Michael Gibson for providing the motivation to finish “Crime and Punishment,” Helena Schrader for an interesting tangent about ransoms during the crusades and Jon Hawkes, Damian Ratka and Ronkainen for the open source intelligence.