Financial Crime: Business As Usual?

September 22, 2020

DarkCyber noted “HSBC Moved Vast Sums of Dirty Money after Paying Record Laundering Fine.” The article makes clear that banks do what banks do: Move money. Why? To make money, earn bonuses, and become a master of the banking universe.

Is anyone surprised? The authors of the write up seem to be. We noted this passage:

The FinCEN Files investigation found that HSBC’s highly profitable branch in Hong Kong played a key role in keeping the dirty money flowing. Although providing only a partial view of HSBC’s suspicious activity reports, the records show that between 2013 and 2017, HSBC’s U.S. compliance staff, who are charged with monitoring customer activity, filed reports lacking crucial customer information on 16 shell companies that had processed nearly $1.5 billion in more than 6,800 transactions through the bank’s Hong Kong operations alone. More than $900 million of that total involved shell companies linked to alleged criminal networks…

Institutions have processes. Once processes kick in, the paper pushing and the employees keep the wheels turning. The “work” is following the “rules” in order to complete tasks. Changing work processes in a large organization is difficult, often impossible. Quibi makes videos few watch. Facebook sells targeted ads across borders based on free flowing data. Successful organizations are successful because individuals find ways to generate profit from tasks others find giant money losers.

The write up hits the problem right between the eyes, stating:

Compliance officers said that the bank did not give them enough time to meaningfully investigate suspicious transactions and that branches outside the U.S. often ignored requests for crucial customer information. They said they were treated as a second-class workforce within the bank, with little power to shut down problematic accounts.

The exposition about the HSBC big bank is a reminder that institutions are, supercharged with online systems, smart software, and people who follow prescribed work procedures. In these efficient organizations, making money is the driver.

Regulators, compliance officers, and employees are unable to take meaningful action. Is it a surprise that “The Risk Makers: Viral Hate, Election Interference, and Hacked Accounts: Inside the Tech Industry’s Decades-Long Failure to Reckon with Risk” reaches an obvious conclusion: Money is the driver.

Consider the question, “What’s gone wrong?”

The answer is, “Nothing.” The system is what regulators, employees, and people want it seems.

Observations:

  1. A new definition of “crime” may be needed to embrace the reality of institutional behavior
  2. Regulatory authorities struggle to deal with corporate entities which are more impactful than governments
  3. Individuals appear willing to skirt social norms in order to feather their nest and craft a life outside of certain institutions.

Intriguing challenges for the institutions, their employees, and the governments charged with enforcing rules, laws, and mandated behaviors.

Stephen E Arnold, September 23, 2020

Palantir: Planning Ahead

September 4, 2020

I read “In Amended Filing, Palantir Admits It Won’t Have Independent Board Governance for Up to a Year.” The legal tap dancing is semi-interesting. Palantir wants money and control. I understand that motive. The company — despite its sudden interest in becoming a cowboy — has Silicon Valley roots.

image

What’s fascinating is that the company was founded in 2004, although I have seen references to 2003. No big deal. Just a detail. The key point is that the company has been talking about an initial public offering for years.

The write up explains that after submitting an S-1 form to the Securities & Exchange Commission, Palantir submitted a revised  or amended S-1. For a firm which provides intelware and policeware to government agencies, planning and getting one’s ducks in a row seem to be important attributes.

Did Palantir just dash off the first S-1 at Philz Coffee? Then did some bright young stakeholder say, “Yo, dudes, we need to make sure we keep control. You know like the Zuck.”

After 16 years in business and burning through a couple of tractor trailers filled with cash, it seems untoward to submit a revision hard on the heels of an SEC S-1 filing.

Careless, disorganized, or what the French call l’esprit d’escalier strikes me as telling.

Observations:

  1. The resubmission suggests carelessness and flawed management processes
  2. The action raises the question, “Are these Silicon Valley cowboys getting desperate for an exist?”
  3. For a low profile outfit engaged in secret work for some of its clients, public actions increase the scrutiny on a company which after a decade and a half is not profitable.

Interesting behavior from from Palantirians. Did the seeing stone suffer a power outage?

Stephen E Arnold, September 4, 2020

Facebook: High School Science Club Management in Action

September 3, 2020

The online information service Mashable published a headline which tells the story. And the story is a Dusie if accurate: “Mark Zuckerberg Blames Facebook Contractors for Kenosha Militia Fiasco.” The article states:

When it comes to mistakenly allowing a militia’s event page to remain on Facebook, even after concerned users reported it at least 455 times, Mark Zuckerberg wants you to know that the buck stops with his contractors.

The essence of the high school science club management method is to infuse entitlement and arrogance with a pinch of denial. The write up notes:

According to Zuckerberg, the reason Facebook chose to tacitly approve an event page that, by his own admission, violated the site’s own rules, is because the non-Facebook employees tasked with enforcing his company’s Byzantine policies didn’t understand them well enough.

The HSSC approach to management may be institutionalized in some Silicon Valley type outfits. That’s super, right? The elite science club is never wrong; for example, “It is not our fault that the stink bomb triggered smoke alarms and two students were hurt rushing from the building.”

Stephen E Arnold, September 3, 2020

Smart Software: Automating Duplicitous Behavior

August 31, 2020

Dark patterns in software can be found. What about dark patterns in artificial intelligence libraries and apps? The problem is likely to be difficult if not impossible, particularly if those trying to figure out the AI’s process are not well informed.

All That Glitters Is Not Gold: Misuse of AI by Big Tech Can Harm Developing Countries” provides some information into a facet of smart software not often considered by users, API users, or regulators. The write up states:

The biggest concern with AI is a lack of governance, which gives large companies (popularly called as the “Big Tech”) unlimited access to private data.

That’s a safe statement. The write up continues:

In his study, Dr, Truby [Qatar University] discusses three examples to show how unregulated AI can be detrimental to SDGs. To begin with, he focuses on SDG 16, a goal that was developed to tackle corruption, organized crime, and terrorism. He explains that because AI is commonly used in national security databases, it can be misused by criminals to launder money or organize crime. This is especially relevant in developing countries, where input data may be easily accessible because of poor protective measures. Dr Truby suggests that, to prevent this, there should be a risk assessment at each stage of AI development. Moreover, the AI software should be designed such that it is inaccessible when there is a threat of it being hacked. Such restrictions can minimize the risk of hackers obtaining access to the software.

According to the write up, Dr. Truby asserts:

He concludes, “The risks of AI to the society and the possible detriments to sustainable development can be severe if not managed correctly. On the flip side, regulating AI can be immensely beneficial to development, leading to people being more productive and more satisfied with their employment and opportunities.”

Scrutiny is likely in some countries. In others, the attitude is, “How are my investments doing today?”

Stephen E Arnold, August 31, 2020

Hippy Dippy New Age Insight: Ads Are Numerous

July 30, 2020

I want to keep this brief. The number of ads is increasing. Avoiding them is difficult. Why? Zero controls, zero social responsibility, and zero regulatory oversight.

I Was Horrified at How Many Ads the New Brave Browser and VPN for iOS Blocked” is amusing because it reveals the lack of awareness of the zip zip mobile world in which some hippy dippy New Age “real” news publications thrive.

The article states:

I visited a few of my favorite sites and then was promptly horrified when it told me that in about 3 minutes of browsing, it had blocked 107 ads and trackers and given me 2 HTTPS upgrades. Supposedly, this saved me five seconds of my life.

Not for long. Online advertisers share some DNA with bad actors creating novel malware. One difference: Law enforcement pursues the malware wizards. Online advertising outfits get invited to testify to a Congressional committee.

Stephen E Arnold, July 30, 2020

High Schoolers: The Cafeteria Jibes Continue

July 7, 2020

I read “What’s Really Behind Tech Versus Journalism?” The write up’s goal is to explain that the Silicon Valley crowd is not happy with “real” journalists.

The article asserts:

Let me start with a brief recounting of events — and acknowledge that I played a role in some of them.

Okay, an autobiographical account of the origin of the high school cafeteria spat. The combatants are the whiz kids in Science Club. This is the organization which may have served as the inspiration for the film “Revenge of the Nerds.”

At the other table in the lunch room are the writers, the wordsmiths able to melt the hearts of English teachers and inflame the school’s administration with poems, pamphlets, and pulsing pellets of prose.

Now the two factions are grown up. The science club crowd wants to do what it wants. That’s the move fast, break stuff group informed by its interpretation of the smartest people in the room.

The pulsing pellets of prose group wants to right wrongs. That’s the we know better than you faction. Those required readings provide the tinder for burning outrage.

As adults, the members of these groups no longer skirmish in the close confines of an 18 minute lunch break for hyper active teenyboppers. The battle is on a bigger stage. The science club members have done bad things. The pellets of prose crowd becomes the target for the anger of the whiz kids. Confusion and chaos ensue. After 20 years of doing whatever, the science club folks want their status quo to remain, well, static.

The prose pellet pals want the wrongs of the science club fixed and fast. I can hear the taunts grinding in the background.

The write up reports:

Workers still face significant obstacles as they lobby to create more fair and equitable workplaces.

The notion of “workplaces” seems quaint, almost old-fashioned. That’s just one of the oddities in the write up. Add that pre-Covid stance to the autobiographical spin.

The administrators get involved. And who may these respected individuals be? Venture capitalists, the skin in the game crowd, the MBA torpedoes blasting their way through mere social norms:

Certainly, the worlds of tech and venture capital have complaints about journalism that go beyond hit pieces. … The exasperation is real, even if the scrutiny is a natural consequence of starting a company that aims to change the world.

Let’s step back.

I have used the phrase “high school science club management methods” to describe the approach to governance evidenced among some of the high-tech, high-performance companies. The HSSCMM — which one upscale, bug buck “real” journalist did not understand when I explained the concept — is one way to approach decisions which have unintended consequences; for example, Facebook and its dealings with those involved in the Cambridge Analytica matter. As I recall, exactly zero changed at Facebook. Also, there’s innovation starved companies like Google buying an obscure maker of semi functional Google Glass devices. I can almost hear the inner voices of Googlers whispering, “We are behind, we are behind. Buy the company, buy the company.” Will this deal be a Dodgeball II reprise.

The “real” journalists, for their part are wordsmiths. The idea the pen is mightier than the checkbook lives on.

The dispute is one more example of how one faction of high school achievers responds to another faction. The issues require more than jibes, knee jerk reactions, and “I told you” so’s.

That’s one of the consequences of allowing a particular mind set make decisions because of this rationale: “We can just do it. So there.”

Both the technology wizards from the science club and the wordsmiths from the writing club see themselves as informed individuals. Both in their view are “right,” which is a nebulous concept in a relativistic world of dynamic data.

The problem from my point of view is that these views emerged fully formed from a 15-year-old brains, were refined by conversations with fellow travelers, and encouraged by those who could make money from these young achievers.

After decades of ministrations by nurturing venture capitalists, what have we got? A food fight, but is a food fight is not what’s needed to address significant issues about governance, ethical behavior, and professional conduct.

Net net: Watch out. That angry teen just threw a Twinkie at the principal.

Stephen E Arnold, July 7, 2020

Quote to Note: A Father of the Internet and a Googler to Boot

July 7, 2020

DarkCyber spotted this quote from Vint Cerf. I once introduced him at a conference and he displayed a T shirt with the message “I TCP on Everything!”

Here’s the Cerf quote from Diginomica:

When you see a phenomenon like the Internet, which is rich in its evolution, new ideas, new applications, it is a very open architecture and invites people to invent new ways of using it. But this introduces new kinds of governance concerns: what we do about misinformation, about malware which is propagating through the network, about someone in one country who is harmed by someone in another.  For anyone who is interested in governance, there is simply a wide open space here for hard work and for international agreements, in order to manage this very complex and very rich environment that we call the Internet, and the World Wide Web.

Interesting phrasing. We noted the words misinformation, malware, and governance.

Governance is particularly interesting; for example, what does governance mean in this sentence:

But this introduces new kinds of governance concerns.

Yes, that is true if the quote is accurate. If any company knows anything about governance, I would submit it is the Google.

Stephen E Arnold, July 7, 2020

Techno-Grousing: A New Analytic Method?

July 3, 2020

Two items snagged my attention as my team and I were finishing the pre-recorded lecture about Amazon policeware for the upcoming National Cyber Crime Conference.

The first is a mostly context free item from a Silicon Valley type “real” news outfit. The article’s title is:

Hany Farid Says a Reckoning Is Coming for Toxic Social Media

The item comes from one of the technology emission centers in the San Francisco / Silicon Valley region: A professor at the University of California, Berkeley.

What’s interesting is that Hany Farid is activating a klaxon that hoots:

In five years, I expect us to have long since reached the boiling point that leads to reining in an almost entirely unregulated technology sector to contend with how technology has been weaponized against individuals, society, and democracy.

Insight? Prediction? Anticipatory avoidance?

After decades of supporting, advocating, and cheerleading technology — now, this moment, is the time to be aware that change is coming. Who is responsible? The media is a candidate, people who disseminate misinformation, and bad actors.

Sounds good. What about educators? Well, not mentioned.

The other item comes from the Jakarta Post. You can find the story at this link. I have learned that mentioning the entity the story discusses results in my blog post being skipped by certain indexing systems. Hey, that’s a surprise, right?

The point of the write up is that a certain social media site is now struggling with increased feistiness among otherwise PR influenced users.

What’s interesting is that suddenly, like the insight du jour from the Berkeley professor, nastiness is determined to be undesirable.

The fix for the social media outfit is simple: Get out of line and you will be blocked from the service. There’s nothing so comforting as hitting the big red cancel button.

Turning battleships quickly can have interesting consequences. The question is, “What if the battleship’s turn has unforeseen consequences?”

Stephen E Arnold, July 3, 2020

MIT and Being Smart

July 3, 2020

When I hear “MIT”, I think Jeffrey Epstein. Sorry. Imprinting at work. I read “MIT Apologizes, Permanently Pulls Offline Huge Dataset That Taught AI Systems to Use Racist, Misogynistic Slurs.” Yep, that the MIT which trains smart people today.

The write up reports:

Vinay Prabhu, chief scientist at UnifyID, a privacy startup in Silicon Valley, and Abeba Birhane, a PhD candidate at University College Dublin in Ireland, pored over the MIT database and discovered thousands of images labeled with racist slurs for Black and Asian people, and derogatory terms used to describe women. They revealed their findings in a paper undergoing peer review for the 2021 Workshop on Applications of Computer Vision conference.

Presumably the demise of Mr. Epstein prevented him from scrutinizing the dataset for appropriate candidates.

Error corrected. Apology emitted. Another outstanding example of academic excellence engraved in digital history.

Stephen E Arnold, July 3, 2020

Governance, Data Management, Digital Revolution! Yeah, Right

May 29, 2020

The digital revolution is not going as planned if the information in a recent Beta News’ article is correct. The headline tells the tale:

Three Quarters of Organizations Fail to Complete Legacy System Modernizations.

The statement is surprising to DarkCyber. The write up explains:

New research from Advanced shows that 74 percent of organizations have started a legacy system modernization project but failed to complete it.

Plus there is more:

The report also suggests a disconnect between business and technical teams could be to blame. CIOs and heads of IT are more interested in the technology landscape of their organization as a whole, whereas enterprise architects are more internally focused.

How does one complete modernization projects? Wave a magic wand? Hire retired people who built the system? Use a mobile app? Organize via Microsoft Teams? Hold Zoom meetings? No, the answer is:

“Collaboration is absolutely essential to successful modernization,” says Brandon Edenfield, managing director of application modernization at Advanced. “To achieve this, technical teams must ensure that senior leadership see the value and broader business impact of these efforts in terms they can understand. Without full commitment and buy-in from the C-Suite, these projects run the risk of complete failure.”

DarkCyber wishes to offer a handful of observations. You may interpret these as reasons for dead end digital renovations:

  1. Cost. The estimates are incorrect and the bean counters choke off funds.
  2. Complexity. The 20 somethings and the MBAs afflicted with spreadsheet fever have under estimated how difficult the rework actually is.
  3. Craziness. The manager with the bright idea leaves or gets fired and in the chaotic aftermath, the project goes away.

Yep, the three Cs and probably the reason for the dismal performance of the modern data management, governance, and digital revolution in most companies. Change is somewhat more difficult that some people armed with PowerPoints and consulting babble wish to know.

Stephen E Arnold, May 29, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta