Comments on the Interim Report of the Royal Commission into Misconduct in the Banking, Superannuation, and Financial Services Industry

October 26, 2018

  1. The following remarks are informed by discussions during a by-invitation-only roundtable on October 19 that was organized by the UNSW Business School research networks on Cyber Security and Data Governance and Behavioural Insights for Business and Policy. It was attended by a judicious mix of 14 legal academics and (behavioural, experimental, and financial) economists as well as representatives of behavioural insights units from government and firms in the banking industry. The roundtable took part under the Chatham House Rule and was meant to facilitate an open discourse about the issues identified in the Royal Commission’s Interim Report, especially its chapter 10 and therein pages 327 – 342 and pages 345 – 7, as well as other chapters (namely 1, 8 and 9).
  2. While my comments draw on those discussions, the following comments reflect my opinion only. Importantly, my opinion below does not necessarily reflect my employer’s view.
  3. Kudos first to Commissioner Hayne and the senior counsels assisting (namely Rowena Orr and Michael Hodge) for a job well-done in uncovering plenty of misconduct when, in the run-up, representatives of the government du jour repeatedly argued, and strenuously so, that there was nothing to see here, that the call for a Royal Commission (RC) was a populist whinge, and that an RC would endanger economic growth by undermining trust in the banks, superannuation providers, and the financial services industry more generally. It seems obvious now that these claims were made despite better knowledge. It seems important to recall this fact, as the implementation of effective solutions – even if evidence-based – is likely to encounter considerable opposition and attempts to water them down. Strategic dishonesty is a thing and it is at the heart of the problems so competently ferreted out by the RC.
  4. Kudos also to ASIC – much maligned these days – since it clearly has provided a considerable portion of the relevant systematic evidence under not always favourable conditions (e.g., the substantial reduction in its resources announced in the 2014 budget; the fact that some of these resources were restored in 2016 cannot distract from the fact that any such disruption is counterproductive).
  5. For an economist who knows the empirical (including the experimental) evidence on the effects of market power, incentives (especially those in social dilemma situations), and on human actors’ frequent failure to be ethical (honest) and in violations of existing norms of conduct, there is nothing surprising in the Interim Report. Likewise, the failure of the regulators to interfere effectively was hardly surprising, although the discussion of effective remedies among economists is likely to be more robust than on the other topics.

5.1. We know for example that market power begets socially suboptimal outcomes (e.g., Huck et al. JEBO 2004, or any textbook on Industrial Organization worth its cost).

5.2. We know, for example, that incentives, especially when in conflict with organizational or societal welfare, lead to undesirable outcomes (e.g., the huge literature on trust games reviewed in Ortmann et al. EE 2000, or more systematically in Johnson & Mislin JoEP 2011)

5.3. We know, for example, that, even for low stakes, there is a considerable amount of people that will always be unethical, with many more people being easily tempted by dishonest behaviour as the stakes increase (e.g., Rosenbaum et al. JoEP 2014; Abeler et al. JPublE 2014; Kajackaite & Gneezy GEB 2017; Capraro JDM 2018; Heck et al. JDM; Abeler et al. ECMTA forthcoming). People’s susceptibility to norm violations has been documented since Adam Smith wrote his The Theory of Moral Sentiments. For more recent evidence, see some of the evidence from psychology and related behavioural sciences in Gentilin (2016; for a critique of that evidence see Ortmann CE 2016 and references therein).

5.4. The question of effective remedies is a more complicated one. It touches on numerous mechanism design issues, although even there one can tap into a considerable empirical (and experimental) literature that addresses questions such as the relative efficacy of self-regulation (possibly under the threat of government intervention; see Van Koten & Ortmann 2017), certification, and other institutions such as independent standards boards that administer ethical culture surveys and whiste-blower protection, and provide pools of principal integrity officers, as suggested in Dennis Gentilin’s submission. More on these issues below under 7.

  1. That breaches were so many and so widespread will, especially in light of the significantly larger stakes at stake, not surprise any economist who knows the literature on the negative effects of market power, poorly designed and calibrated incentives, and many human actors’ tendency to be economical with the truth, and in violation of norms (especially if the chance that they are found out is minimal – see Dana et al. ET 2007)). Pages 268 – 270 of the Interim Report get it exactly right: “There being little threat of failure of the enterprise, and there being little competitive pressure, pursuit of profit has trumped consideration of how the profit is made. The banks have gone to the edge of what is permitted, and too often beyond that limit, … because they can; and because they profit from the misconduct that is described in this report.” (p. 269)

7.  So what needs to be done to prevent the conduct from happening again?

7.1. It seems obvious that extant law be applied to lay charges for unconscionable acts such as charging customers fees for advice they did not receive. (While it is laudable that ASIC has secured hundreds of millions in refunds for affected customers, it has come through enforceable undertakings which let the perpetrators of criminal actions off the hook.) Other potentially criminal offences have been committed and they should be pursued under current law wherever possible. Unfortunately, the current state of affairs has considerable reputational spill-over effects and contributes to the wide-spread decline of trust in key institutions.

7.2.  It seems clear that the light-touch approach of ASIC, and APRA, has not served the community well although it is hard to tell from the outside whether tough cops – such as Allan Fels and Graeme Samuel – alone can do the trick (Irvine SMH September 22, 2018).

7.3. It also seems abundantly clear that Commissioner Hayne’s assessment of the sorry state of internal compliance assessment and reporting within CBA and NAB (and possibly other banks) justifies immediate action (p. 10 of Interim Report).

7.4. I do agree with Fels that structural separation of banks from their financial advisory arms is the way to go (Irvine SMH September 22, 2018). The same applies in my view for superannuation providers. The conflicts of interest are just too obvious to ignore and some proposed remedies (such as disclosure of conflicts of interests) seem to have counterproductive effects (e.g., Taguchi & Kamijo 2018, for a recent review of the literature).

7.5. Relatedly, the whole commission business has to be reconsidered. See also the relevant discussion on the broken model of broker remuneration in the Productivity Commission’s June 29 report on Competition in the Australian Financial System (pp. 21- 23) Financial advisors are effectively glorified salespeople and incentivizing them through commissions is a recipe for disaster under the best of circumstances.

7.6.  Relatedly, the variable-remuneration provisions for accountable persons according to BEAR have to be rethought. I endorse fully Recommendation One and Two in Dennis Gentilin’s submission on the RC’s Interim Report.

7.7. I also endorse fully Recommendations Four through Eight of Dennis Gentilin’s submission on the RC’s Interim Report and the rationale they are based on. What exactly the relation of an Independent Standards Board would be to Treasury, APRA, ASIC, and possibly ACCC, is as worthy of a good discussion as is a discussion of appointment procedures to that Board. See also the discussion of “a competition champion” in the Productivity Commission’s June 29 report on Competition in the Australian Financial System (pp. 15 – 19). Preferably the appointment of the Chair of some such Board would be consensus-driven and not partisan. (The sorry partisan transition from the first to the second ACNC Commissioner is not a recommended template.) I believe that Mr. Gentilin’s Recommendation Six – to have the proposed Independent Standards Board oversee the recruitment and appointment of Principal Integrity Officers to designated ADIs — is a brilliant one that will be key in guaranteeing the independence of Principal Integrity Officers. With Mr. Gentilin (specifically Recommendation Eight and its rationale), I believe that the establishment of a Whistleblowing Protection Authority is an indispensable and complementary step if indeed reducing misconduct in the banking, superannuation, and financial services industry is a serious concern and not just public posturing.

7.8. Last but not least, I would urge the Royal Commission – rather than adding more regulation that then is likely not enforced – to explore ways to let reputational feedback systems (e.g., Bolton et al MS 2013; see also systems such as TripAdvisor or work their magic. Considerably more transparency, and data, should be provided to the public to let interested researchers identify anomalies and developments that might be otherwise go unnoticed too long. Take the fascinating Figure 3 in the Productivity Commission’s April 2018 draft report on Superannuation: Assessing Efficiency and Competitiveness. Making that data available in a timely fashion would do wonders for the alignment of incentives. No traditional regulatory action I can think of would have the same effect.


Abeler et al. (2014), Representative evidence on lying costs. Journal of Public Economics pp. 96 – 104.

Abeler et al. (forthcoming), Preferences for truth-telling. Econometrica forthcoming.

Bolton et al. (2013), Engineering Trust: Reciprocity in the Production of Reputation Information. Management Science pp. 265 – 85.

Capraro (2018), Gender Differences in lying in sender-receiver games: A meta-analysis. Judgement and Decision Making pp. 345 – 55.

Dana et al. (2007), Exploiting moral wiggle room: experiments demonstrating an illusory preference for fairness. Economic Theory pp. 67 – 80.

Gentilin (2016), The Origins of Ethical Failures. Lessons for Leaders. Routledge.

Heck et al. (2018), Who lies? A large-scale reanalysis linking basic personality traits to unethical decision making. Judgement and Decision Making pp. 356 – 71

Huck et al. (2014), Two Are Few and Four Are Many: Number Effects in Experimental Oligopolies. Journal of Economic Behavior & Organization pp. 435 – 46.

Irvine (2018), ‘Stop being bastards’: how the royal commission could reform banks. Sydney Morning Herald 22 September.

Johnson & Mislin (2011), Trust Games: A Meta-analysis. Journal of Economic Psychology pp. 865 – 89.

Kajackaite & Gneezy (2017), Incentives and cheating. Games and Economic Behavior p. 433 – 44.

Ortmann et al. (2000), Trust, Reciprocity, and Social History: A Re-examination. Experimental Economics pp. 81 – 100.

Rosenbaum et al. (2014), Let’s be honest: A review of experimental evidence of honesty and truth-telling. Journal of Economic Psychology 181 – 96.

Taguchi & Kamijo (2018), Intentions behind disclosure to promote trust under short-terminism: An experimental study. Kochi University of Technology working paper.

Van Koten & Ortmann (2017), Self-regulatory organizations under the shadow of governmental oversight: An experimental investigation. In: Deck et al. (2017), Experiments in Organizational Economics, Research in Experimental Economics 19, 85 – 104.

Comments welcome.

Consider following me on twitter:


Lemonade and the question of (laboratory) evidence

Lemonade Inc., the New York based fintech startup that sells home and renters insurance has been in the news recently. It has raised tens of millions in venture capital  and also considerable interest in the top echelons of corporate Australia. I know because I was asked to reflect on it as part of a workshop on behavioral economics/behavioral science that I conducted a couple of months ago. I have to admit that I did not know about Lemonade before that request.

Turns out that Lemonade uses “Behavioral Science (and Technology) To Onboard Customers and Keep Them Honest”, so the title of a piece in Fast Company earlier this year. Lemonade bets that insights from Behavioral Economics (BE) will give it the edge over incumbent competitors. It bets specifically that the BE insights of Dan Ariely (he of Predictably Irrational and TED talk fame, and now Lemonade’s CBO = Chief Behavioral Officer) will provide that edge, important components being “trusting our customers” and “giving back” to charity all unused excess funds. On top of these components, or maybe undergirding it, is the promise that Lemonade commits to spending at most 20 percent of its income on administration and marketing, which presumably prevents it from profit maximizing at the expense of its customers. Lemonade also promises that it will process claims fast and relatively un-bureaucratically, at least by the standard of an industry that has a reputation for delaying tactics and for its persistent attempts to evade having to pay up. Examples of speedy processing are featured prominently on Lemonade’s website.

And not only that: A couple of months ago, Lemonade launched its Zero Everything policy which gets rid of deductibles and rate hikes after claims and is supposed to pay for itself through elimination of the paperwork that comes with relatively small claims.

BE principles are also appealed to when customers that make claims are asked to submit a brief video outlining their claim and to provide at the same time a honesty pledge which supposedly induces more honesty.

In sum then, Lemonade builds its business allegedly on the trust(worthiness) of its customers, and of itself, and also honesty on the part of both parties.

Let’s start with the (laboratory) evidence for trust(worthiness). On its web page, Lemonade illustrates the advantages of trust(worthiness) with one of the workhorses of experimental economics, the trust, or investment, game. According to the web page, a person that invests (the trustor) will see her investment to a trustee of $100 quadruple and then see the trustee return half of that $400 to herself (the trustor), for an impressive ROI of one hundred percent. Trust pays off, we learn: “We are more trusting and reciprocating than what standard economic theory predicts.”

Ignoring the stab at economic theory (which shows little more than a lack of elementary knowledge of modern economic theory), there are at least three problems with the Lemonade narrative. First, it is not clear at all why this particular game, in this particular parameterization, captures the customer – insurance company situation. Second, I am not aware of anyone ever having experimentally tested this game with that specific parametrization (specifically, a multiplication factor of 4), and I am not aware — the multiplication factors typically used being 3 or 2 — of responders returning more than what was invested. In fact, the results of my own work (which are very much in line with the literature in this area) suggest that trustors invest about half of what they were given and trustees return slightly less than what was invested. It is noteworthy that there is much heterogeneous behavior to be found in these experiments, with many of those that trust (“invest”) being brutally exploited.

  “Everyone has a price, the important thing is to find out what it is.” (P. Escobar)

Which brings us to the question of honesty. There is indeed some evidence that the way in which people are being prompted makes a difference and, more generally, that context matters (see Various, JEBO 2016). Friesen & Gangadharan  (Economics Letters 2012) use an individual performance task (“matrix task”) after which they ask their subjects to self-report the number of successes that participants had. While very few of their participants – only one out of 12 — are dishonest to the maximal extent, about one out of 3 are to different degrees, with men (in particular those of Aussie and NZ provenance) being more dishonest, and more frequently so, than female participants. Rosenbaum, Billinger, & Stieglitz  (Journal of Economic Psychology 2014) review experimental evidence of (dis)honesty 63 experiments from economics and psychology (including Friesen and Gangadharan EL 2012) and find the robust presence of unconditional cheaters and non-cheaters with the honesty of the remaining individuals being particularly susceptible to monitoring and intrinsic lying costs. Most of these experiments involve fairly low stakes, so those intrinsic lying costs are unlikely to be much of a constraint when stakes increase. The fraction of unconditional non-cheaters is almost certain to shrink towards the Escobar limit when stakes increase.

Interestingly, notwithstanding its public declarations in the good of people, Lemonade tells itself that, while trust is good, control is better.  It runs its claimants, on top of the honesty pledges, through 18 different fraud detection algorithms before it pays up. On top of this, Lemonade engages in blatant cream-skimming. For example, it did not quote half of their customers that wanted to insure their homes. And it reports that the customers that are joining, or allowed to join, are younger, educated, tech-savvy, above-average earners, and female. So much for trust, trustworthiness, and all that BE marketing horsemanure. Pretty cold-blooded standard economic theory if you ask me. Note that this screening takes care of a key problem with their advertised approach: the likely adverse selection of bad types that mere trusting would invite, a very likely whammy on top of the moral hazard problem that every insurer faces.

So is Lemonade a viable business model?

Time will tell.

In the State of New York, Lemonade claims to have overtaken Allstate, GEICO, Liberty Mutual, State Farm, etc. in what is probably the single most critical market (renters and home insurance) share metric of all: NY renters buying new insurance policies since 1 Jan 2017.

Lemonade, we are told, is growing “exponentially” = “new bookings have doubled every ten weeks since launch, and show no sign of letting up.” According to its most recent Thanksgiving Transparency ‘17 report, Lemonade has now branched out into, and is selling in, Illinois, California and Nevada, Texas, New Jersey and Rhode Island, and has been licensed in 15 other states.

Of course, collecting insurance premia is one thing. Paying insurance claims and balancing the books is another thing altogether and the verdict on that one will be out for a while.

If Lemonade succeeds – and we all should hope it does –, it will do so because it engages in cream-skimming, targeting of low-risk market segments, and massive control and surveillance of its clientele. It will not do so because of its invocation of the feel-good alleged BE findings so prominently displayed on its web page.









Why Blockchain has no economic future

When Bitcoin went public in 2009 it introduced to the world of finance and economics the technology of blockchain. Even the many who thought Bitcoin would never make it as a major currency were intrigued by the BlockChain technology and a large set of new companies have tried to figure out how to offer new services based on blockchain technology. It is still fair to say that very few economists and social scientists understand blockchain, and governments are even further behind.

I will argue that blockchain has no economic future in the regular economy. I will give you the bottom-line, then describe blockchain, discuss its key supposed advantages, and then take it apart as a viable technology by giving you a much more efficient alternative to the same market demand opportunities.

The bottom line for those not interested in the intricacies of blockchains and public trust

The essence of my argument is that a large country can organise a much more trustworthy information system than a distributed network using blockchain can, and at lower costs, meaning that any large economic role for blockchain is easily displaced by a cheaper and even larger national institution.

So in the 19th century, large private companies circulated their own money, in competition with towns and princedoms. In that competition, national governments won, as they will again now.

The reason that the tech community is investing in blockchain companies is partially because some are in love with the technicalities of blockchain, some hope to attract the same criminal and gullible element that Bitcoin has, some lack awareness of the evolution and reality of political systems, and some see a second-best opportunity not yet taken by others. But even in this brief period of missing-in-action governments, large companies will easily outperform blockchain communities on any mayor market. Except the criminal markets, which is hence the only real future of blockchain communities. Continue reading “Why Blockchain has no economic future”

Opportunities for innovation in Australia

The Australian startup ecosystem is growing too slowly, but existing firms are becoming more interested in innovation as a source of competitive advantage.

MBS students brainstorming during the Innovation Bootcamp
Students brainstorming during the MBS Innovation Bootcamp

Australia performed poorly in the global startup ecosystem ranking 2015 which was published recently ( Sydney fell 4 spots and now ranks 16th in the world, while Melbourne fell entirely out of the top 20 despite being on that chart in the previous version of the report published three years ago. The study expresses concerns about the Australian ecosystem that echo those in other studies performed by academics as well as in the Australian Government’s Innovation System Report ( The 2014 AIS report sums it up nicely: “Australia performs relatively poorly on ‘new to market’ innovation”.

Yet on the ground, interest in innovation and startups has never been stronger than before in Australia. Compared to five years ago, we now have many more ‘meetup’ groups in Melbourne and Sydney for founders and entrepreneurs, a variety of incubators and accelerators, and a number of innovation-oriented programs at leading universities including Melbourne, UTS, Swinburne and QUT. There is strong interest in courses on “design thinking” and “lean startups”. MBS has our innovation bootcamp for MBA students, while the University of Melbourne now has an accelerator and is about to launch a new Masters in Entrepreneurship program. A growing number of entrepreneurs are contacting me to discuss new business models, market entry and how to protect their innovations. These will take time to bear fruit.

How do we reconcile the weak findings at the ecosystem level with growing interest at the ground level? Part of what’s happening is that other startups ecosystems are maturing faster than the one in Australia. Many ecosystems abroad have continued to enjoy stronger government support, better access to venture capital and closer industry-university linkages. The most successful ecosystems (including Silicon Valley, New York, Los Angeles, Boston, Tel Aviv) have continued to develop and reinforce a coherent system for connecting resources, talent, funding and market access. Here in Australia, we have bits and pieces that are good in each major city, and we also have specific firms and sectors that are incredibly innovative. But that distribution is uneven and the parties involved are not as seamlessly interconnected as they could be.

A second part of the explanation is due to the business environment in Australia. Given our small domestic market, many of our startup entrepreneurs will continue to sink at least one foot (if not both feet) into other ecosystems. This makes sense from the point of view of being close to market and expertise.

A big change however is the growing interest in innovation by existing firms. In recent years, incumbent firms in industries ranging from retail to energy, news and financial services have been jolted out of a comfortable (often monopolistic or duopolistic) existence due to the threat of entrants, both online and offline.

The embrace of innovation by Australian firms has taken a long time, partly due to the difficulty of changing the mindsets of senior executives who run these organizations. However, it is clear that in a variety of industries across the globe, the terms of competition have changed and Australia is no exception. In conversations with senior managers at Australian organizations, I am discovering a growing interest in innovative strategy, business transformation, ‘design thinking’ and ‘business model innovation’. These conversations often begin with a reactive or defensive tone reflecting a need to respond to market or technological threats. However at some organizations the discussions have begun to advance beyond that stage: managers at some firms start to view innovation as an opportunity to reconsider their existing ways of doing things, engage new stakeholders and to develop new capabilities.

In the short run, I see a good opportunity in helping existing Australian firms learn to innovate and become more agile and competitive. In the longer run, it would be nice to see the startup ecosystem flourish in Australia, but that is something that will take time and sustained effort.

Note: I was invited to write this article for the Melbourne Business School student newsletter. It is reprinted above, sightly edited.

Should you activate fingerprint authentication on your new iPhone (or other mobile device?)

Bottom line: if you care about security you should avoid activating fingerprint authentication. Use an alphanumeric password in place of the 4-digit PIN and deal with the inconvenience. If you don’t care much about security but are careless about where you leave your phone or which networks you connect to, you should also probably skip it. For everyone else, it depends on your risk appetite. Good luck.

Fingerprint_picture.svgYesterday, Apple launched two new iPhones. The flagship model, the 5s, is impressive and includes many new features including fingerprint based authentication. It is part of a trend towards using biometrics on mobile devices, e.g., facial recognition on Android and voice recognition on the new Moto X.

The use of fingerprint authentication is not new (a family member has that on their Lenovo notebook), but deployment by Apple usually signals the onset of mainstream adoption. At present the iPhone offers it as an option, so you can still choose to use a traditional password instead. The main benefit of fingerprint technology is slightly faster unlocking than using a PIN code. Also the Apple device is said to be accurate and fast, unlike some earlier consumer-oriented implementations. At present Apple is allowing its use for iTunes and Apps Store purchases but one can imagine third-party applications are around the corner.

Before you activate this system, you should consider several issues. Online forums are abuzz about whether your fingerprint can be spoofed, whether the NSA might be spying on you, and whether you can be legally forced to unlock your device. In turn, Apple has tried to allay fears by stating that your fingerprint only exists in a “secure enclave” on the phone (strictly speaking, it is an electronic description rather than an image of your actual finger). However, there are several issues that I believe need consideration:

1. It is hard to replace your fingerprint.
If your password is compromised, you can just revoke it and create a new one. Replacing your finger can probably be done, but it will involve a bit of pain. If you lose your phone and a hacker gets in, or if they are able to remotely access your fingerprint data, the personal costs may be rather high. We also we have no information about know how cleanly (if at all) the data is erased when you sell your phone or recycle it; can the data be extracted afterwards?

2. The fingerprint encryption scheme will be hacked.
This is not a possibility but a certainty. The only questions are how long before it happens and whether you will get to hear about it. People are worried that the NSA is helping Apple keep a backup copy of the master encryption key (i.e., can you trust them to keep it secret, since they lost thousands of documents to some junior guy without knowing it?). But the problem is more fundamental than that: in order to make use of that encrypted data, your phone must contain the key. This is unlike the case where a password is kept separate from your encrypted fingerprint data, or a design in which a password (or some other security token) is needed in addition to your fingerprint data. Keeping the decryption key on the device makes it vulnerable, since with enough effort the key will be recovered, or some weakness in the encryption software can be found. If you think you have heard this story before, it’s because the same thing happened with DVDs. Any DVD player must contain the decryption key and mechanism for doing so, otherwise you won’t be able to view the movie contained on the disc. When DVDs were launched, manufacturers thought their encryption was sufficient, but were quickly proven wrong. Same thing with BluRay.

3. A magnet for attack
Some are worried about the NSA, but they probably already have your fingerprints. The real threat is elsewhere: encryption is broken and various encryption standards have been compromised (including at an atomic level involving encryption libraries used to build software). Thus, storing the data in encrypted format is just a deterrent. Apart from the NSA, you should worry about the other, possibly more nefarious organizations and governments out there. The fact that we know it is possible implies that others will try to get in, either through the same means or by creating new methods. Nathan Rosenberg calls these “inducement mechanisms” that focus the efforts of others; I have observed it in my own fieldwork on semiconductors. All over the world next week, communities of hackers and spy organisations will probably be posting “do not disturb” signs on their doors and begin working on this new challenge.

4. Large attack surface
The data on the fingerprint chip itself might be fairly secure but IOS, like all operating systems, is complex and has been compromised. Every year we hear of interesting exploits at events like Black Hat. There is no such things as a completely safe program, especially one as elaborate as a modern operating system. Your phone or mobile device is not locked down, unlike the scanning device at your neighborhood immigration counter. You bring it everywhere: to airports, cafes, public places, friends’ homes and to pubs). It is exposed to many angles of attack: physical hacking, software backdoors, security holes, hidden code in apps, and compromised websites that you might visit on the phone’s web browser. Another way in is through your computer that syncs to the phone via iTunes because your phone treats it as a trusted connection. Apple claims that the operating system has no access to the fingerprint data on the chip itself, but you’ll have to go on trust with that one as it is not verifiable (Apple also said it did not store your GPS data!).  The question remains of how separate the fingerprint system really is, since iTunes and the App Store will be able to authenticate using the fingerprint sensor, suggesting there may be some indirect paths available to hijack the authentication process, even if one does not touch the data itself.

While these risks are real, they do not necessarily imply that you will be hacked. That depends on whether you are a high enough value target. It also depends upon your personal habits and whether these practices expose you to a larger or smaller attack surface. And it depends upon your luck. Even with a regular old password, you could still end up being hacked, but at least you won’t risk losing your fingerprint data along with your other stuff. It is just a question of being aware of the risks. By no means am I dissuading you from buying that shiny new iPhone.

Bottom line: if you care about security you should avoid activating fingerprint authentication. Use an alphanumeric password in place of the 4-digit PIN and deal with the inconvenience. If you don’t care much about security but are careless about where you leave your phone or which networks you connect to, you should also probably skip it. For everyone else, it depends on your risk appetite. Good luck.

Image source:

Unlocking DRM Lets You Open Multiple eBooks Simultaneously

The Amazon Kindle, Apple iPad and other e-readers are fast becoming mainstream and their usability has improved tremendously over the past years. However there is one area in which printed books are still much better: the ability to open multiple books at once. This might not matter if you are reading the latest “50 shades” novel and want to be uninterrupted. However, if you are working on a research project and constantly need to switch across multiple books, you will find that current eBook readers are a nightmare. Switching eBooks involves creating bookmarks, returning to a main menu (library page), going to another book and navigating it. This quickly becomes tedious. I cannot understand why tabbed browsing is absent from eBook software since it is rudimentary and exists in practically every web browser.

One solution is to buy multiple eBook readers and open one book per device. This turns out to work quite well. One might argue that the savings from not having to ship printed books will more than cover the cost of additional eBook readers. However it occurred to me recently that another solution exists: simply remove the DRM from your existing books. This is really easy to do. You can then manage your books using software like calibre, which allows multiple eBooks to be opened at the same time. On a fast computer with a large screen, this is a liberating experience! A 27″ or 30″ screen is sufficient to give me as good an experience as with 3-4 printed books. You can even do things that you cannot with regular books (without mutilating them) such as opening multiple instances of the same book for quick cross-referencing across different sections. If you take the extra step and export your library into pdf format, you then have the ability to manage, annotate and search your eBooks using software like Papers 2, treating them just like any other pdf file and merging them with your collection of journal articles.

There are other benefits of unlocking DRM, including the ability to prevent vendor lock-in (e.g., read your Amazon ebooks using Apple iBooks), avoid arbitrary and unfair removal of your books, and to overcome silly device download limits. For some of us, opening multiple books at the same time is another big plus. I suspect that over time, eBook DRM will go away. We are at the stage of the eBook industry that we were at with music 10 years ago, when we had to rip music from our personal CD collections or the proprietary formats on iTunes and convert them into unlocked files that were more flexible. Today music is sold unlocked and I don’t see why it should end up otherwise with eBooks.

(ps: yes I know eBooks are licensed, not sold, but lets save that for another discussion).

Reading multiple books at once
Your 30″ monitor can show all these books at the same time

The water you drink has been piss at least 10 times already!

Last thursday I posed the question of how often the water you drink has been pissed by a vertebrate already. If the number is very small, then those who baulk at drinking recycled water have more cause to complain than if the number is very high.

As some commentators to that post pointed out, in reality we are all drinking water that includes some recycled piss: every dam from which we drink has ducks, lizards, and all sorts of animals pissing and shitting in it, so it is already a bit of a myth to think one can drink water that has not been recently mixed with piss. Still, as another comment revealed, many think the idea of copying Singapore and drinking water that is officially recycled sewage is deemed ‘gross’. So the question how often water has been piss in the past still matters for the ‘yuk factor’.

The answer comes from a very simple formula, which requires a few guesstimates as inputs:

Piss ratio = (total water pissed)/(total water) = (total vertebrate biomass ever lived* piss rate)/ (total water) = (average biomass vertebrates * piss rate per year * years of vertebrates) / (total water)

This simple formula thus boils down to 4 inputs for which we can search for good guesstimates.

The amount of water on the planet (total water) is the easiest one because it is the sort of thing geologists and physicists are good at estimating. As this linked article computes, there is around 1.386 billion cubic kilometers of water on the planet. Whilst it is true that this water comes in various forms, that is not relevant for the calculation: since we are considering hundreds of millions of years, it doesn’t matter how much of that water is currently salt, fresh, stored in ice, or whatever: compared to such long time horizons it all circulates pretty fast so there is no problem in taking it all as one blob of water.

I can already say that my best guess for how much water we humans have pissed during our existence is around 800 cubic kilometers, meaning that only one 2-millionth of the atoms in the average water molecule will have been pissed out by a human. So we might be drinking reconstituted piss, but not much is reconstituted human piss.

Now, onto the other three inputs into our crucial equation. What is the average wet biomass of vertebrates? If we take the present as a reasonable guess for how much vertebrate biomass the earth continuously houses, then the answer we can gleam here is around 10% of total animal biomass (zoomass), or in the order of 5 billion tonnes of wet biomass (a lot more than dry biomass which you will often see reported). This includes up to 2 billion tonnes of dry-biomass fish, a little under half a billion tonnes of human, close to a billion tonne of things we might eat that walk on land (cattle and such), and 2 billion other wet biomass. In turn, this is in the order of one thousands of total biomass.

Admittedly, the estimate of 5 billion tonnes of wet vertebrate biomass may be out by a factor of 2 or so, but can easily be an under-estimate since I only found a dry biomass estimate for fish.

Then the next part of the equation: how much does a vertebrate piss per year? Again, this turns out to be a tricky question because only birds and mammals produce concentrated urine like we do. The rest pisses much weaker stuff, though things like fish still produce ammonia and the other normal elements of piss because the basic physiology is not that different between us and a fish. So the process and form of piss is not the same across species but the substances produced by our bodies and eventually excreted somehow are not that dissimilar.

So we need to slightly alter the definition of what we are looking for and think of piss as a ‘human-like’ substance. We can then again take a conservative approach and don’t count the watery piss that fish produce as ‘100% piss’ but rather as a much weaker variety of what we produce. We can then take ourselves as the measure of what a body produces and simply scale up, getting an easier question to start out with: how much do we humans piss in a year? The answer turns out to be that we piss around 1.5 liters per day, or 500 liters per year. Another way to put this is that we piss out 8 to 9 times our weight in wet biomass per year.

Then onto the last unknown, which is the number of years that vertebrates have been around in the abundant form of life we have now. Again, a tough one. The earth is now quite a bit cooler and probably less fertile than it was in the times of the dinosaurs, so the amount of biomass walking around now is probably quite a bit less than it was in the more productive phases of earth, but by the same token for much of the earth’s inhabited history the inhabitants were bacteria and not things with spines. If we concentrate on the period of the vertebrates, the best guess is that fish arose some 500 millions years ago, whilst land was conquered by vertebrates some 380 million years ago. Taking a conservative guess for the total period of time that the volume of vertebrates we have now has been present, this means that the wet vertebrate biomass we have now has occupied earth for around 350 million years.

We can now put the pieces together to compute our piss ratio: 350 million years of 5 billion tonnes of wet vertebrates pissing 8 times their body weight per year equals 14,000 million cubic kilometers of piss. This means the atoms in your average water molecule will have been concentrated piss some 10 times already. And that is a conservative estimate. In the more likely scenario, there would have been more like 10 billion tonnes of vertebrate biomass on average, pissing 10 times their own body weight, living 400 million years, equating to water having been piss around 25 times already.

Perhaps equally interesting I can give some idea how often the water has been piss from a particular group of vertebrates. Starting from the best guess estimate, water has been fish piss some 10 times, mammal piss around twice, and other forms of piss 13 times. Only a trickle has been monkey piss.

As per usual, champagne to all those who thought the answer was ‘often’ (which is all commentators game to give a guess). Unflavoured recycled filtered desalinated naturalised piss for the rest!