The site uses cookies that you may not want. Continued use means acceptance. For more information see our privacy policy.

Risk Management These Days

A look at risk mismanagement circa 2013.

It seems like companies and governments can’t effectively manage risk. From a nuclear disaster apparently made out of a radioactive Pinocchio’s nose (it keeps growing every time the management lies), to badly bungled warzones, to banks that can’t pay for their mistakes, to the spill in the Gulf of Mexico…it’s like a thousand points of light, each representing some mismanaged risk that’s turned into a fire leaving people worse than they came.

Often it is the government that first requires an industry to manage its risk, then decides to help by assuming the risk (and in some cases even paying for the privilege). But you and I help, too.

In every contract of adhesion with major businesses, the language is replete with the customer holding the risk. And if that risk materializes, you can challenge in binding arbitration.

Systemic risk mismanagement is what we see, from the congress failing to do their jobs, to businesses going scot-free (or maybe they pay a modest tribute to the gods the judge favors) no matter how egregious their crimes.

But combating the problem seems difficult. For one, the governments that are supposed to enforce risk management seem ill-equipped and reluctant. For another, while much of the internet passes around image memes of one sort, the corporations pass around their own image memes detailing how to deflect, understate, or otherwise mismanage their risk. [Use your imagination, “destroy all the things,” or “why don’t we take our risk, and move it to the children of the earth,” etc.]

Lots of solutions come to mind, but most of them rely on functional government. And unless we solve the problem of functional government soon, that’s just not a viable option to force the proper management of risk.

Why do companies insist on being risk-addled so-and-sos? The naive belief that not paying for risk will make them more money? Their corporate brothers bragging up how they just built a new virulence research facility on the roof of a preschool? Do regulations contribute to a false sense that risk is overmanaged? Is it overmanaged in some places which gives the illusion of safety?

These questions, this post, tends to overstate the problem. There are problematic industries, yes. But in all likelihood many industries are doing a great job of managing their risks. Statistically we’re pretty safe these days. It’s easy to overstate some risks, due to their visibility, magnitude, impact.

Yes, government is currently mismanaging some risks due to their inaction. The banking industry has it as an endemic problem (and it even seems somewhat proud of the fact). And a few other bad industries can be lumped in with these.

But most business doesn’t seem to like the risk. We should expect them to tire of helping prop up or cover the risk loving industries. That leverage they hold should be key, if they ever wake up to what the bad bets and deflected risks are costing them. Indeed, in many cases they may be required to take action, as they are otherwise not maximizing their shareholders’ value.

Firearms, Violence, and Society

Instead of debating guns, we should be discussing society. A short post about that.

Guns make money. According to Statistic Brain: Firearm Industry Statistics, annual revenues of $11 billion. Moreover, prominent media events (including the election of democrats and acts of violence) drive impulse buying of weapons, due to the threat of new regulations.

Violence makes money, too. We spent over $600 billion in 2010 (Wikipedia: Military budget of the United States), and we have spent over $3 trillion on the actions in Iraq and Afghanistan.

When you add in the money spent on police and private protection, prison, and the legal system, the numbers grow even further. Opportunity costs for all of these things, and you’re talking about vast amounts of human capital and funding that could propel society far into the future.

It costs us all something, to have these overgrown industries. And in the wake of tragedy our instinct is that it’s not enough. We need more guns, we need more police, we need more security. We need to double down on violence. It’s a loser’s bet, though.

What we need to double down on is science. On societal transformation beyond simply barring or allowing the presence of weapons. We need to recognize that we can and will move past violence (or the world will move past us). It’s only a question of when and how.

We need to have a serious discussion about… guns? Really? We need to have a million serious discussions about society. But it’s always a bait-and-switch. Nobody can be bothered to reimagine society writ large. It’s always, “what can we do about these damn guns but keep everything else the way it is?” Or, “how can the government pay its bills without decreasing services or raising taxes?”

What we call that in Computer Science is an overconstrained problem. Professors like to cite the Kobayashi Maru (Wikipedia: Kobayashi Maru), from the original series of Star Trek. This was a fictional test at the Star Fleet Academy. It was a rock and a hard place proposition where you either attempt to rescue the crippled Kobayashi Maru and risk provoking war, or leave it to certain destruction.

On his third attempt, James T. Kirk reprogrammed the simulation to allow a successful outcome. The point being, you shouldn’t always rely on initial constraints; don’t take a perceived mountain as truly immovable.

And we shouldn’t do that with our society, particularly the leaders. They have aides and colleagues telling them what won’t work, leaving them with a very narrow path to take. They look like utter schmucks, or at least untrained mimes, trying to walk a tightrope down a wide path. They never attempt to engage the people beyond some short-sighted resolution to avenge the deaths of the innocent. Never attempting to avenge the lives of the innocent, who currently want and need a real, functional government.

That is, the people of the Kobayashi Maru, that can still be saved.

It’s our choice, whether we succumb to the test constraints, deciding either not to risk saving them, or to risk it and face certain death, or take the third option, toss out the constraints and find some other way. It’s plain which path I think is best. What about you?

IP Neutrality

RFC791, published in 1981, states that datagrams are independent entities, unrelated to any other datagram. Let’s call it what it is: Internet Protocol Neutrality. Viva IP!

Let’s stop calling it Network Neutrality, and let’s start calling it what it really is: Internet Protocol Neutrality.  If you are sending data via Internet Protocol (IP), then it should conform to the rules that have existed since the Internet began.  What are those rules?  Let’s quote from RFC791, shall we?

The internet protocol treats each internet datagram as an independent entity unrelated to any other internet datagram. There are no connections or logical circuits (virtual or otherwise).

What does that mean?  It means that if I send you a file, it filters down to the low levels of your Internet connection and is broken up into datagrams, chunks of data.  When these are sent out over the Internet, they are to be treated as wholly independent messages and routed as such.

That is the essence of network neutrality: a datagram is a datagram.

Now, let’s analyze the Google/Verizon proposal.  I do not have the stomach to ramble endlessly on each point, so I am taking pains to be brief on each of their “key elements.”

Consumer Protections

There is this word that crops up repeatedly in the document: lawful.  The word is problematic for a number of reasons, but primarily it is because the suggestion is that all data be inspected as deeply as needed to determine its legality.  Not only is this impossible (as data can always be disguised in a novel or unexpected fashion), but it flies in the face of the above-mentioned RFC.  It’s treating each datagram as a potential bad egg (if: blacklist) in the best case, and in the worst case it would only allow data it deemed innocuous to be routed (if: whitelist).


This is probably the funniest of the “key elements.”  It states that data should be treated fairly, unless “the presumption [is] rebutted.”  No, really: the whole element relies on something that the element itself says may not hold!  So we might as well just chuck this one out (except it makes it seem like they care at all).


Another proposal that an industry tell their customers what the deal actually is.  I’ve never, not once, in my entire life, seen a company actually do that.  If you want to change your phone, cable, internet, travel, bank, credit card, electricity, water, gas, insurance, or any other service (including government, depending on the department), good luck.  Their phone systems, their policies, their websites (including supposed industry leaders like Google) simply fail to meet their customers’ needs.  And it’s on purpose.

Your only real hope is that you get a real person that hasn’t been promoted or fired that is a good soul.  They are like angels from heaven when you find them, because you actually get what you need and you don’t have to kill anyone to get it.  But their legislative proposal isn’t going to deliver any angels.

Network Management

Boiler plate that basically indemnifies providers if they decide to violate any of the protective elements.  Some of the items here are valid (protecting against DoS and DDoS, for example), but that’s not its purpose.  It’s simply there to grant them permission to ignore the whole idea of Network Neutrality.

Additional Online Services

Here’s where my claim it should be renamed to IP Neutrality comes into play.  They aren’t talking about a separate, Non-IP realm where new services could be developed.  Their only distinction is based on whimsy: if the provider wants to charge you separately, or charge the provider of the service separately, then they can deem it to be an “Additional Online Service.”  More grinding away of any sort of teeth the Verizon/Google Network Neutrality could possibly have.

Wireless Broadband

They basically gave up at this point.  They flat out state that wireless is Laissez-faire.  Apparently Wireless never needs to stoop to the level of IP, eh?  No, it does… they just gave up trying.

Case-by-Case Enforcement

Here you can smell the arbitration clauses breeding like rabbits.  The FCC would have no rulemaking ability, regardless of ongoing harm that might be happening.  Consumers and providers would be “encouraged” (through binding arbitration agreements, no doubt at all) to forget the Seventh Amendment.  The FCC would have limited enforcement capabilities, and a maximum penalty of a measly $2 million (hardly deterrence if the service they are biased toward garners them an excess of the penalty, which it likely will).

Regulatory Authority and Broadband Access for Americans

Fully restricting regulation to Internet access itself and some palaver about “[spurring] deployment in unserved areas.”  We’ve given massive gifts to the telecommunications industry in the past, and they failed to roll out a single nanometer of the fiber or services they claimed they would.  Google is likely positioning itself to become an ISP in the long-term, and this is just one of the tools they hope will allow them to do just that.  Verizon, for its part, is watering at the mouth over the wireless portion, but also sees vast profits in its land-based broadband if this happens.

No amnesia for me, though.  The New York Times was conceptually right the first time and Google’s response was simply a misleading truth.