What’s worse: one market failure or two? Most of us impulsively answer, “Two!” with confidence. But that is demonstrably wrong. The correct answer is: “It depends.” Two failures can be worse than one. Two negative externalities are worse than one. Each externality leads to inefficiently high production, so the two failures compound. A monopoly with positive externalities is worse than either monopoly or positive externalities alone. Each failure leads to inefficiently low production, so the two failures again compound.
In practice within ransomware markets, there is another important force: reputation! It would seem intuitive that someone who hacks your machine is an inherently untrustworthy person. In practice, this market works and ransomware continues because many hackers gain strong reputations for actually unlocking machines once paid, so victims often pay up. Thus, this market continues unfortunately to thrive.
As well as media coverage serving as proof that it worked, the ransomware markets have been 'solving' the problem in another way by manufacturing iterated transactions via security companies which promise to get your data back by cracking the encryption; what some of them do is just serve as a middleman and pay the ransomware gangs themselves while collecting a cut. This preserves plausible deniability for the customers, and creates iterated knowledge/reputation: the hackers and middlemen know they'll each be back and can learn.
Did anyone else feel this post ended halfway through a thought process?
Seems to me these premises are questionable on the very basis that people often pay the ransom AND get their stuff back.
We really should reject the notion of trust as presumed here. We trust the incentive structure setup by the criminal. If they don’t hold their end and release, the market will correct as assumed in the final premise. This is the clear disincentive to cut and run.
Certainly one-off cases exist that conform to Caplan’s logic. Systemically, we would expect ransomware to not be a thing if we accept the premises on face value.
I think assassination markets are a better example.
Darknet + cryptocurrency enabled assassination markets were something that people were really scared (and [a few people](https://cryptome.org/ap.htm), imo very wrongly, excited) about in the last few decades. But they haven't really happened at all, despite lots of improvements in things like encryption technology.
I think the reason why basically is adverse selection: pretty much all of the people offering to assassinate people on the darknets turned out to be scammers. There is also a moral element to this: lots of people feel _morally entitled_ to scam people who are attempting to commit a crime, and on the other hand, way fewer people feel morally entitled to try to build software or tools that decreases the information asymmetry issue in assassination markets, and both of these things combined lead to extremely high rates of scamminess that make the market unviable.
That’s a great example and got me thinking about the infrastructure component. We can really think of these crime services as requiring business tools, and the development and ecosystem of these tools also need to have sound economics to foster a the growth of the market.
Another interesting distinction between the assassination market and the ransomware market is the being paid for is actually “admirable” in the case of ransomeware. When hiring a hit man, you’re paying for someone to commit a crime, and as you note the buyers and sellers can’t even be pegged down as genuine. In the case of ransomware, you’re paying to resolve the aftermath of a criminal act. No firm is better suited to restore your data than the firm that encrypted it in the future (of course, you tell me haha). In that case, the ransomeware actor can be viewed in participating in a legitimate market. Kind of like being a pool party and some jerk tried to push you in the pool the grabbed you at the last moment saying “saved you from falling in!” There’s a market for preventing falling into a pool that is admirable, so the crime itself can be seen more of a customer acquisition cost.
There is a viable market to help people in their most dire need, like if a hospital were to cause your disease. It’s sad to think about but also useful tool I think in understanding why the market is viable.
Now what are these dangerous forms of partial coordination, where someone coordinating with some fellow humans but not others leads to a deep dark hole? It's best to describe them by giving examples:
* Citizens of a nation valiantly sacrificing themselves for the greater good of their country in a war.... when that country turns out to be WW2-era Germany or Japan
* A lobbyist giving a politician a bribe in exchange for that politician adopting the lobbyist's preferred policies
* Someone selling their vote in an election
* All sellers of a product in a market colluding to raise their prices at the same time
* Large miners of a blockchain colluding to launch a 51% attack
[from a different post]
This is actually a common pattern to see in politics, and indeed there are many instances of larger-scale coordination that are precisely intended to undermine smaller-scale coordination that is seen as "good for the tribe but bad for the world": antitrust law, free trade agreements, state-level pre-emption of local zoning codes, anti-militarization agreements... the list goes on. A broad environment where public subsidies are generally viewed suspiciously also does quite a good job of limiting many kinds of malign local coordination
---
A coordination failure between any of the groups (or pairs of individuals) in these examples is actually net good for society as a whole. In fact, I even make the stronger case that lots of really important things in society are built on limits to subgroups' ability to successfully coordinate.
It would be good to distinguish between different systems where the coordination games are played.
The system can set rules to incentivize participants to act a certain way. A free market economy is a good example. In an ideal free market, property and contract rights are clearly defined (everyone knows the rules) and enforced (rule brokers are punished). This creates strong incentives to cooperate in positive-sum transactions. Transactions are made only when each participant expects that they will be positive for them. Sometimes expectations turn out wrong, but this is the easiest way to create a wealthier society in the long run.
Cryptoanarchy is a very different system with completely different incentives. It doesn't define or enforce property or contract rights. That's why the crypto economy is full of thieves and scammers. That's also the reason why ransomware exists. If we had a free market economy instead of a cryptoanarchy, the system would take action against the ransomware hackers instead of strongly enforcing the payment transactions to them.
Of course, the problem is creating and maintaining a free market system (or any other positive-sum game). It's relatively easy to come up with rules that incentivize positive transactions. It's the metagame that's the problem. Many individuals can see that if they change the rules of the game, they can benefit themselves at the expense of other players. There are usually significant incentives to play the negative-sum game at the meta-level.
Are theft and robbery normally categorized as externalities? They are not side-effects of legitimate transactions the costs of which are not internalized. They are wholly illegitimate transactions. Ransomware attacks have elements of robbery and elements of vandalism. They deny you access to intellectual digital property that you have a right to use. That's vandalism. The enrichment aspect is the part that's like robbery. It's not unlike stick-up where you can choose to give up your wallet or get hurt. I don't see how calling these things externalities helps solve them.
I don't care about ending the ransomware scheme to save my neighbor from being hacked. I only care about the fact that I was just hacked. My decision to pay the ransom is obviously simply whether or not the expected value of paying the ransom is greater than the actual ransom. If my neighbors want me to take one for the team by refusing the ransom, they can start a GoFundMe and pay me.
Functional Decision Theories don't have this problem. Since the only reason they're hacking me is because they expect me to pay, if they know I won't pay up, they won't hack me. Therefore I should decide up front that I won't pay up, even once it's already happened.
I’d be curious to understand what circumstances the hacker would “know I won’t pay up.” Let’s say they have access to all your systems and can see you clearly making posts such as this one, communications with other colleagues, company SOP’s showing we don’t pay hackers etc, what’s the downside for the hacker to just ransoming your system anyway and test your confidence?
We want a theoretical account that doesn’t end with the victim not SOL. As long as some people pay off, a non-payer is only a single datapoint. We actually should distinctly care if our neighbor pays or not. It’s the prisoner’s dilemma of market incentives. If people in general pay because they believe they get their stuff back, your non-payment (and resulting loss of data) are just costs of doing business.
The problem with the “is ransomed items greater value than actual ransom?” thought process is that it doesn’t take into the probabilistic fact you don’t know if the money is going to achieve a result.
Very well could be worth it, but certainly not worth getting $0 in return.
Almost as if my entire reply calling into question the “expected value” as being a number one can determine. One doesn’t get a ratio of the value, you either get full value or nothing.
All good if you get hung up on your point, you don’t need to consider any other view other than your own I guess.
I don't need to consider your view because your view doesn't apply because it's premise is false. Expected value is calculated with probabilities. It is an estimate. My comment does not assume a mythical, truthful value. You either didn't research it or you still don't understand the concept.
If you cost-average a kidnapping, you’re gonna have a bad time.
MAYBE you’re using the wrong tool for the job here. But I guess that’s hard to see when you’re so committed to the outside perspective being wrong you can’t even conceive a charitable case where it’s right.
Again, no need to interact with outside world if it’s too much of a stretch. Just don’t go around blaming people for your unwillingness to understand other perspectives.
Ransomware has got much more professional. By which I don't mean it has got "better" for the people attacked. But there are "ransomware as a service" providers. And Ransomware groups have brands so that people can have reasonable confidence that if they pay their computer will be restored. Heinz doesn't go for a short-term boos to profits by putting cheap red liquid in ketchup bottles because they know that you'll stop buying Heinz products. Ransomware groups have the same incentive not to have any reports of people paying and net getting their computer back.
Just wondering: In theory, couldn't a ransomware group use the brand of another ransomware group to get people to pay and then still demand more? There is no enforcement of brands among criminal groups, right?
However reprehensible they are, ransomware groups are very good at cryptography. It is easy with public key cryptography to sign a message as to who you are that cannot be forged, even by another ransomware group.
Also, re: hacking it doesn't seem like you are relying on the moral righteousness of the hacker but on the fact that hacker groups know that not following through on their ransomes is very bad buisnesses.
I think most people would understand the statement as saying: suppose we hold fixed a market failure of a given size (otherwise it's trivially false...two tiny failures aren't worse than a huge one) and imagine adding another to it.
Your examples seem to be instances where two effects which would cause market failures on their own counteract each other to reduce the size of the market failure. But that doesn't seem to really compare one vs two market failures as much as compare a single market failure with one vs two externalities.
I suspect there are contrived counterexamples to the statement as interpreted here. For instance, the externality of dumping HCL into the river isn't internalized in market A and the externality of dumping NaOH into the same river isn't internalized in market B but the two dangerous byproducts react to form water and salt. But a noncontrived one would be interesting.
In "Externalities," Brian Simpson, in _Markets Dont Fail_, says there are no externalities because economics requires property rights. And that externalities are really a rationalization of altruist sacrifice.
That's a sort of no true Scotsman argument. Sure if you had perfect property rights, there'd be no such thing as externalities, but perfect property rights can never be realized, so unless you want to say that no market is a "true free market" you've got to admit that free markets have to contend with externalities.
See, I would go the other way: everything everyone does has externalities attached to it, and the only real question is how much we care to spend to fix them. The mistake people make is spotting an externality and saying "Aha! Market failure that must be corrected!" when the proper response is "Hmmm... is that worth attempting to correct?"
The answer to the latter is usually "No, not really," but sometimes the extra efficiency is worth it.
You evade definition and evade justifying them as problem. "Externalities" is a rationalization of the unproven "morality"of altruism. You lust for sacrifice of productive people to satisfy your hidden ideal, the crucified Jesus. Since productive people profit rather than sacrifice, you have prostituted economics.
I'm sorry, I thought we were using the textbook definition of "externality", being a cost or benefit to others who are not party to the decision to take an action or transaction, such that the full costs and benefits are not entirely considered within the framework of the decision by those making it. My point was that just about everything anyone does has effects on other people, either positive or negative, and the majority are not worth worrying about. An externality, as defined, has to be pretty big before we worry about correcting it, much less attempt to do so.
As to all your sentences past the first, you might have me confused for someone you know extremely well. In general, however, I would recommend not using that argumentative style, because it makes you sound like an insane person, or perhaps a bot.
Mainstream econ is corrupt, a rationalization of the collectivism that guides the initiation of economically destructive, statist force against productive people in all nations. Definitions are objective, a product of the focused mind, not of the unfocused minds of mystics and subjectivists. The textbook definition is a rationalization of the hatred of the property rights that alone justifies economic costs and benefits. You benefit from Locke's discovery of individual rights but youve never paid a farthing to his presumed estate. MARKET FAILURE! I feel disgust at rap music but I cant sue every time I chance to hear it. MARKET FAILURE! In both cases there is no property rights. Thus no economic externalities. Your mystical ideal is the collectivism of egalitarian (or elitist) slavery. You recognize thats impractical, so you compromise w/Pragmatic idealism. But Pragmatism is allegedly a practical way to apply impractical ideals. There is no objectivity to your "pretty big before we worry about correcting it." Its arbitrary, leading to pressure groups temporarily using govt to loot each other, all while govt grows like the heat of slow boiling frogs until totalitarianism renders the economy into a sludge. Learn how to use your mind with "What Is. Capitalism?" by Ayn Rand. An arbitrary chaos of poorly defined ideas arbitrarily associated is not science.
In practice within ransomware markets, there is another important force: reputation! It would seem intuitive that someone who hacks your machine is an inherently untrustworthy person. In practice, this market works and ransomware continues because many hackers gain strong reputations for actually unlocking machines once paid, so victims often pay up. Thus, this market continues unfortunately to thrive.
As well as media coverage serving as proof that it worked, the ransomware markets have been 'solving' the problem in another way by manufacturing iterated transactions via security companies which promise to get your data back by cracking the encryption; what some of them do is just serve as a middleman and pay the ransomware gangs themselves while collecting a cut. This preserves plausible deniability for the customers, and creates iterated knowledge/reputation: the hackers and middlemen know they'll each be back and can learn.
Did anyone else feel this post ended halfway through a thought process?
Seems to me these premises are questionable on the very basis that people often pay the ransom AND get their stuff back.
We really should reject the notion of trust as presumed here. We trust the incentive structure setup by the criminal. If they don’t hold their end and release, the market will correct as assumed in the final premise. This is the clear disincentive to cut and run.
Certainly one-off cases exist that conform to Caplan’s logic. Systemically, we would expect ransomware to not be a thing if we accept the premises on face value.
I think assassination markets are a better example.
Darknet + cryptocurrency enabled assassination markets were something that people were really scared (and [a few people](https://cryptome.org/ap.htm), imo very wrongly, excited) about in the last few decades. But they haven't really happened at all, despite lots of improvements in things like encryption technology.
I think the reason why basically is adverse selection: pretty much all of the people offering to assassinate people on the darknets turned out to be scammers. There is also a moral element to this: lots of people feel _morally entitled_ to scam people who are attempting to commit a crime, and on the other hand, way fewer people feel morally entitled to try to build software or tools that decreases the information asymmetry issue in assassination markets, and both of these things combined lead to extremely high rates of scamminess that make the market unviable.
That’s a great example and got me thinking about the infrastructure component. We can really think of these crime services as requiring business tools, and the development and ecosystem of these tools also need to have sound economics to foster a the growth of the market.
Another interesting distinction between the assassination market and the ransomware market is the being paid for is actually “admirable” in the case of ransomeware. When hiring a hit man, you’re paying for someone to commit a crime, and as you note the buyers and sellers can’t even be pegged down as genuine. In the case of ransomware, you’re paying to resolve the aftermath of a criminal act. No firm is better suited to restore your data than the firm that encrypted it in the future (of course, you tell me haha). In that case, the ransomeware actor can be viewed in participating in a legitimate market. Kind of like being a pool party and some jerk tried to push you in the pool the grabbed you at the last moment saying “saved you from falling in!” There’s a market for preventing falling into a pool that is admirable, so the crime itself can be seen more of a customer acquisition cost.
There is a viable market to help people in their most dire need, like if a hospital were to cause your disease. It’s sad to think about but also useful tool I think in understanding why the market is viable.
I talked a lot about one particular set of examples of this in my post on coordination 2 years ago:
https://vitalik.ca/general/2020/09/11/coordination.html
Short excerpt:
---
Now what are these dangerous forms of partial coordination, where someone coordinating with some fellow humans but not others leads to a deep dark hole? It's best to describe them by giving examples:
* Citizens of a nation valiantly sacrificing themselves for the greater good of their country in a war.... when that country turns out to be WW2-era Germany or Japan
* A lobbyist giving a politician a bribe in exchange for that politician adopting the lobbyist's preferred policies
* Someone selling their vote in an election
* All sellers of a product in a market colluding to raise their prices at the same time
* Large miners of a blockchain colluding to launch a 51% attack
[from a different post]
This is actually a common pattern to see in politics, and indeed there are many instances of larger-scale coordination that are precisely intended to undermine smaller-scale coordination that is seen as "good for the tribe but bad for the world": antitrust law, free trade agreements, state-level pre-emption of local zoning codes, anti-militarization agreements... the list goes on. A broad environment where public subsidies are generally viewed suspiciously also does quite a good job of limiting many kinds of malign local coordination
---
A coordination failure between any of the groups (or pairs of individuals) in these examples is actually net good for society as a whole. In fact, I even make the stronger case that lots of really important things in society are built on limits to subgroups' ability to successfully coordinate.
It would be good to distinguish between different systems where the coordination games are played.
The system can set rules to incentivize participants to act a certain way. A free market economy is a good example. In an ideal free market, property and contract rights are clearly defined (everyone knows the rules) and enforced (rule brokers are punished). This creates strong incentives to cooperate in positive-sum transactions. Transactions are made only when each participant expects that they will be positive for them. Sometimes expectations turn out wrong, but this is the easiest way to create a wealthier society in the long run.
Cryptoanarchy is a very different system with completely different incentives. It doesn't define or enforce property or contract rights. That's why the crypto economy is full of thieves and scammers. That's also the reason why ransomware exists. If we had a free market economy instead of a cryptoanarchy, the system would take action against the ransomware hackers instead of strongly enforcing the payment transactions to them.
Of course, the problem is creating and maintaining a free market system (or any other positive-sum game). It's relatively easy to come up with rules that incentivize positive transactions. It's the metagame that's the problem. Many individuals can see that if they change the rules of the game, they can benefit themselves at the expense of other players. There are usually significant incentives to play the negative-sum game at the meta-level.
Are theft and robbery normally categorized as externalities? They are not side-effects of legitimate transactions the costs of which are not internalized. They are wholly illegitimate transactions. Ransomware attacks have elements of robbery and elements of vandalism. They deny you access to intellectual digital property that you have a right to use. That's vandalism. The enrichment aspect is the part that's like robbery. It's not unlike stick-up where you can choose to give up your wallet or get hurt. I don't see how calling these things externalities helps solve them.
I don't care about ending the ransomware scheme to save my neighbor from being hacked. I only care about the fact that I was just hacked. My decision to pay the ransom is obviously simply whether or not the expected value of paying the ransom is greater than the actual ransom. If my neighbors want me to take one for the team by refusing the ransom, they can start a GoFundMe and pay me.
Functional Decision Theories don't have this problem. Since the only reason they're hacking me is because they expect me to pay, if they know I won't pay up, they won't hack me. Therefore I should decide up front that I won't pay up, even once it's already happened.
I’d be curious to understand what circumstances the hacker would “know I won’t pay up.” Let’s say they have access to all your systems and can see you clearly making posts such as this one, communications with other colleagues, company SOP’s showing we don’t pay hackers etc, what’s the downside for the hacker to just ransoming your system anyway and test your confidence?
We want a theoretical account that doesn’t end with the victim not SOL. As long as some people pay off, a non-payer is only a single datapoint. We actually should distinctly care if our neighbor pays or not. It’s the prisoner’s dilemma of market incentives. If people in general pay because they believe they get their stuff back, your non-payment (and resulting loss of data) are just costs of doing business.
The problem with the “is ransomed items greater value than actual ransom?” thought process is that it doesn’t take into the probabilistic fact you don’t know if the money is going to achieve a result.
Very well could be worth it, but certainly not worth getting $0 in return.
"Expected value," Steve. There's a reason why I deliberately used that term. Please look it up.
Almost as if my entire reply calling into question the “expected value” as being a number one can determine. One doesn’t get a ratio of the value, you either get full value or nothing.
All good if you get hung up on your point, you don’t need to consider any other view other than your own I guess.
I don't need to consider your view because your view doesn't apply because it's premise is false. Expected value is calculated with probabilities. It is an estimate. My comment does not assume a mythical, truthful value. You either didn't research it or you still don't understand the concept.
If you cost-average a kidnapping, you’re gonna have a bad time.
MAYBE you’re using the wrong tool for the job here. But I guess that’s hard to see when you’re so committed to the outside perspective being wrong you can’t even conceive a charitable case where it’s right.
Again, no need to interact with outside world if it’s too much of a stretch. Just don’t go around blaming people for your unwillingness to understand other perspectives.
No one said anything about averages. Failure to understand the concept: Confirmed.
Ransomware has got much more professional. By which I don't mean it has got "better" for the people attacked. But there are "ransomware as a service" providers. And Ransomware groups have brands so that people can have reasonable confidence that if they pay their computer will be restored. Heinz doesn't go for a short-term boos to profits by putting cheap red liquid in ketchup bottles because they know that you'll stop buying Heinz products. Ransomware groups have the same incentive not to have any reports of people paying and net getting their computer back.
Just wondering: In theory, couldn't a ransomware group use the brand of another ransomware group to get people to pay and then still demand more? There is no enforcement of brands among criminal groups, right?
However reprehensible they are, ransomware groups are very good at cryptography. It is easy with public key cryptography to sign a message as to who you are that cannot be forged, even by another ransomware group.
Also, re: hacking it doesn't seem like you are relying on the moral righteousness of the hacker but on the fact that hacker groups know that not following through on their ransomes is very bad buisnesses.
I think most people would understand the statement as saying: suppose we hold fixed a market failure of a given size (otherwise it's trivially false...two tiny failures aren't worse than a huge one) and imagine adding another to it.
Your examples seem to be instances where two effects which would cause market failures on their own counteract each other to reduce the size of the market failure. But that doesn't seem to really compare one vs two market failures as much as compare a single market failure with one vs two externalities.
I suspect there are contrived counterexamples to the statement as interpreted here. For instance, the externality of dumping HCL into the river isn't internalized in market A and the externality of dumping NaOH into the same river isn't internalized in market B but the two dangerous byproducts react to form water and salt. But a noncontrived one would be interesting.
In "Externalities," Brian Simpson, in _Markets Dont Fail_, says there are no externalities because economics requires property rights. And that externalities are really a rationalization of altruist sacrifice.
That's a sort of no true Scotsman argument. Sure if you had perfect property rights, there'd be no such thing as externalities, but perfect property rights can never be realized, so unless you want to say that no market is a "true free market" you've got to admit that free markets have to contend with externalities.
>perfect property rights
How does religion refute science?
See, I would go the other way: everything everyone does has externalities attached to it, and the only real question is how much we care to spend to fix them. The mistake people make is spotting an externality and saying "Aha! Market failure that must be corrected!" when the proper response is "Hmmm... is that worth attempting to correct?"
The answer to the latter is usually "No, not really," but sometimes the extra efficiency is worth it.
You evade definition and evade justifying them as problem. "Externalities" is a rationalization of the unproven "morality"of altruism. You lust for sacrifice of productive people to satisfy your hidden ideal, the crucified Jesus. Since productive people profit rather than sacrifice, you have prostituted economics.
I'm sorry, I thought we were using the textbook definition of "externality", being a cost or benefit to others who are not party to the decision to take an action or transaction, such that the full costs and benefits are not entirely considered within the framework of the decision by those making it. My point was that just about everything anyone does has effects on other people, either positive or negative, and the majority are not worth worrying about. An externality, as defined, has to be pretty big before we worry about correcting it, much less attempt to do so.
As to all your sentences past the first, you might have me confused for someone you know extremely well. In general, however, I would recommend not using that argumentative style, because it makes you sound like an insane person, or perhaps a bot.
Mainstream econ is corrupt, a rationalization of the collectivism that guides the initiation of economically destructive, statist force against productive people in all nations. Definitions are objective, a product of the focused mind, not of the unfocused minds of mystics and subjectivists. The textbook definition is a rationalization of the hatred of the property rights that alone justifies economic costs and benefits. You benefit from Locke's discovery of individual rights but youve never paid a farthing to his presumed estate. MARKET FAILURE! I feel disgust at rap music but I cant sue every time I chance to hear it. MARKET FAILURE! In both cases there is no property rights. Thus no economic externalities. Your mystical ideal is the collectivism of egalitarian (or elitist) slavery. You recognize thats impractical, so you compromise w/Pragmatic idealism. But Pragmatism is allegedly a practical way to apply impractical ideals. There is no objectivity to your "pretty big before we worry about correcting it." Its arbitrary, leading to pressure groups temporarily using govt to loot each other, all while govt grows like the heat of slow boiling frogs until totalitarianism renders the economy into a sludge. Learn how to use your mind with "What Is. Capitalism?" by Ayn Rand. An arbitrary chaos of poorly defined ideas arbitrarily associated is not science.