risk management Software

Unlikely but just about plausible

I’ve been recently been working with the Centre for Risk Studies in Cambridge on some extreme scenarios: one-in-200, or even less likely events. It’s been an interesting challenge, not least because it’s very difficult to make things extreme enough. We find ourselves saying that the step in the scenario that we’re working would never actually happen, because not everything would go wrong in the right way. But of course that’s just the point: we’re looking at swiss cheese situations.

A couple of times we’ve dreamt up something that we thought was really unlikely, only for something remarkably similar to turn up in the news. We came up with the idea that data could be irretrievably corrupted, and a few days later found ourselves reading about a Xerox copier that irretrievably corrupted the images.

So I was really interested to read a story about a security researcher who’s apparently found a really nasty piece of malware — except it’s not clear if he’s making the whole thing up.

People following this story fall into a few different camps. Many believe everything he says — or at least most of it — is true. Others think he’s perpetrating a huge social engineering experiment, to see what he can get the world and the media to swallow. A third camp believes he’s well-intentioned, but misguided due to security paranoia nurtured through the years.

The thing is, the individual pieces of the scenario are all just about possible. But is it possible for them all to happen in a connected way? For the holes in the swiss cheese to line up?

The absolutely amazing thing about this story is that nearly everything Ruiu reveals is possible, even the more unbelievable details. Ruiu has also been willing to share what forensic evidence he has with the public (you can download some of the data yourself) and specialized computer security experts.

Where developments start getting preposterous, no matter how much leeway you give him, is how many of the claims are unbelievable (not one, not two, but all of them) and why much of the purported evidence is supposedly modified by the bad guys after he releases it, thus eliminating the evidence. The bad guys (whoever they are) are not only master malware creators, but they can reach into Ruiu’s public websites and remove evidence within images after he has posted it. Or the evidence erases itself as he’s copying it for further distribution.

Again, this would normally be the final straw of disbelief, but if the malware is as devious as described and does exist, who’s to say the bad guys don’t have complete control of everything he’s posting? If you accept all that Ruiu is saying, there’s nothing to prove it hasn’t happened.

I don’t know. I haven’t looked into the details at all, and probably wouldn’t understand them even if I did. But there’s certainly a lesson here for those of us developing unlikely scenarios: it’s difficult to make things up that are more unlikely than things that actually happen.


Don’t count your chickens

Take reports of changed pension deficits with large amounts of salt. It’s always important to put news in context, and to think about what’s going on underneath, especially when you read a story based on a survey or report produced by a consultant. And yes, I am a consultant, and that applies to surveys or reports I put out, too.

In yesterday’s FT there was a piece (£) about the pensions funding position. Apparently it hasn’t changed much since December 2010,

partly because the gap between yields on government bonds and those on corporate bonds has widened, which has the effect of reducing liabilities.

No it doesn’t. Absolutely not. The liabilities have not changed an iota because of any change in bond yields. The pension schemes are still on the line for the same payments in the future as they were. The only thing that has changed is one estimate of the present value of the liabilities, in other words how much money should be set aside now to pay the liabilities in the future.

But let’s get this straight. Nobody knows how much the pension schemes will have to pay out in the future. It depends on all sorts of things — including how long the pensioners live, what survivors they leave when they die, what future inflation rates are, whether members of the scheme transfer out before starting to draw their pension, what options they exercise when they do start, and countless others. And that’s without even considering what can happen to active members (those still in employment). So the actual payments out are uncertain.

And the payments in are uncertain too — investment returns, employer contributions, member contributions.

It’s fairly easy, nowadays, to estimate the value of the assets — just use the market value. Which is of course highly volatile, especially in the short to medium term.

It’s much less easy to estimate the value of the liabilities. You project the likely future payments, and then use a discount rate to come up with a present value. Which could be volatile too, as well as uncertain, if the discount rate you use is volatile.

So the deficit (or surplus) is the difference between two large numbers, at least one of which is highly volatile and the other is highly uncertain. No change that occurs over just a few months can be really significant, if nothing else has changed.

Just apply some common sense. If the assets are the same assets (no big changes in investments), and the liabilities are the same liabilities (no big changes in membership or benefits), then the long term position simply can’t have changed significantly. Pensions is a long term business. Transient changes in estimated current values are bound to happen, but in the end what matters is that the benefits are paid out when they fall due.


Interesting links

Some links I’ve found interesting recently:

  1. Uses and abuses of crowdsourcing (via Bruce Schneier)
  2. Does High Frequency Trading improve liquidity?
  3. A Maserati for £1 – your best bet is roulette
  4. Game theory in a fairly literal sense
  5. Much more influential than Steve Jobs

Visualising uncertainty

Understanding uncertainty, David Spiegelhalter’s site, is an absolute must for anyone who reasons about or models uncertainty. David Spiegelhalter, Mike Pearson and Ian Short have just had a paper about Visualising uncertainty published by Science. If it’s anything like any of the content of the web site, it’s a must read.