Money Stuff

Hack Hearings and Investor Ordering

Also Uber governance, Twitter defamation, love regulation, HODL, trash unicorns and virtual-reality word processing.


Yesterday Tim Sloan, the chief executive officer of Wells Fargo & Co., and Richard Smith, the recently departed CEO of Equifax Inc., schlepped down to Washington, D.C., to be yelled at by politicians, at two separate hearings. Of course they deserve it -- not so much because they are bad people, or because the politicians are paragons of moral probity and competence who are entitled to lecture the CEOs, but just because, if you are the CEO of a large financial institution, part of what you are (well) paid for is the risk that something will go wrong and you'll have to go get yelled at by Congress. "At best you are incompetent, at worst you were complicit," Senator Elizabeth Warren told Sloan, and if he's smart he slipped into a meditative state and contemplated the $35 million he's received over the past three years in unconscious anticipation of this moment. "Yes, incompetent, complicit, sure," I hope he mumbled earnestly, while caressing a wad of cash.

Meanwhile, come on Equifax:

When asked by representative Adam Kinzinger of Illinois about what data Equifax encrypts in its systems, Smith admitted that the data compromised in the customer-dispute portal was stored in plaintext and would have been easily readable by attackers. "We use many techniques to protect data—encryption, tokenization, masking, encryption in motion, encrypting at rest," Smith said. "To be very specific, this data was not encrypted at rest."

Yeah, I mean, companies tend to protect their customer data, but this wasn't customer data, because the consumers whose credit Equifax analyzes are not its customers. So it expresses its lack of concern for their interests in various subtle and not-so-subtle ways, including by not encrypting their data and then by losing it.

One thing I've been thinking about is: Which is worse, the Equifax hack or the Wells Fargo fake-accounts scandal? The Wells Fargo thing is completely absurd, thousands of Wells Fargo employees creating millions of fake accounts for customers to meet their sales goals. But the harm to consumers seems relatively small. Most of the fake accounts didn't cost customers anything, and the total fees Wells Fargo collected for all of them were a few million dollars. Many customers probably never noticed their fake accounts. Others, though, were charged high fees without notice, or their credit was damaged by opening accounts without their consent. 

The Equifax hack, on the other hand, affected some 145.5 million people, essentially everyone with a credit score. It is unclear exactly what the harm to them has been, or will be: Perhaps millions of people will just have the nuisance of thinking about credit freezes and not doing anything, or perhaps millions of people will have their identities stolen and be unable to get jobs or credit. (It is hard to tell in part because there have been so many other hacks that you can't be sure which one led to any particular case of identity theft.) And the hack is causing systemic, societal effects: It seems to be the beginning of the end of Social Security numbers as the primary personal identifier in America. Basically if you are a person in America, foreign hackers now know your name, date of birth and Social Security number, so using those as identifiers now seems utterly pointless.

So Equifax's scope and impact was probably much worse. But there are other considerations. Smith argued that Equifax's problem was the work of a single person forgetting to do his job:

“The human error was that the individual who’s responsible for communicating in the organization to apply the patch, did not,” Smith, who did not name this individual, told the committee.

That is perhaps a disappointing exercise in buck-passing, and of course a careful company would build in redundancies, but it is basically true that hackers are looking to exploit weaknesses, and that one weakness created by one person's laziness can create an opening. Wells Fargo's problem, by contrast, was widespread and cultural: The only way you get millions of fake accounts is if thousands of employees are working hard to create those fake accounts. Wells Fargo fired 5,300 people for creating fake accounts, and then congratulated itself on having so few bad apples. ("The 1% that did it wrong, who we fired, terminated, in no way reflects our culture nor reflects the great work the other vast majority of the people do," said Sloan's predecessor as CEO.) The Equifax hack could have happened to anyone -- anyone who decided not to encrypt consumer data, anyway! -- while the Wells Fargo scandal took a lot of coordinated nefarious effort.

Investor ordering.

Here are a blog post and related article by Scott Hirst of Harvard Law School arguing that a lot of the securities laws governing public companies should be opt-out: If a company doesn't want to, say, disclose quarterly financial information, or get shareholder approval for its executive pay packages, or forbid insider trading by its executives, and if it can talk a majority of its outside shareholders into approving, then it should be able to just opt out of those rules:

Mandatory rules have been justified as necessary to control agency costs of managers, and externalities that would affect the capital market. This may have been true when the securities laws were enacted, but it is no longer the case. Institutional investors now hold the majority of equity of corporations, so have the capability to determine corporate arrangements. They have incentives to limit the agency costs of managers, and because they hold positions in many other corporations, to “internalize” the effects of an arrangement on other corporations in the capital market.

Investor ordering permits greater freedom than mandatory regulation, but has structural elements that limit the costs of unconstrained private ordering. Rather than mandating particular arrangements, SEC regulations would be default arrangements. Corporations could opt-out of an arrangement if a majority of outside shareholders approve. 

I think that this is basically right as a descriptive matter, and it's why you see so many big tech unicorns that remain private, or go public but opt out of traditional corporate governance arrangements. Companies know what they want, and big institutional investors are sophisticated enough to decide whether to give it to them, and both the companies and the investors prefer to structure exactly the deal that they want with each other, rather than rely on the default settings that have long applied to public companies.

Still it is a little unsettling. In the old model, startups aspired to become public companies, and being a public company was viewed as a generic social compact. Companies followed the rules because they were the rules, without doing individualized assessments of the efficiency of those rules in their particular cases. Now companies are viewed as arrangements between entrepreneurs and providers of capital, and if the entrepreneurs want some weird provision, and the providers of capital are cool with it, then who is society to intervene?

Elsewhere, here is Dorothy Shapiro Lund with "How Nonvoting Shares Can Help Promote Efficient Corporate Governance":

I argue that nonvoting shares can allow companies and investors to unlock the same efficiency gains that would result if votes could be traded on the market. Specifically, nonvoting shares can be used to allocate voting power to informed and motivated investors who value their voting rights and are motivated to use them to maximize the firm’s value. Moreover, companies that issue nonvoting shares and channel them to uninformed and weakly motivated shareholders—which include some passively managed mutual funds, as well as retail shareholders—will make all shareholders better off.


The board of Uber Technologies Inc. yesterday unanimously approved some measures to reduce former chief executive officer Travis Kalanick's power, including by getting rid of super-voting rights for holders of Class B common stock and preferred stock and by expanding the board to add new directors not appointed by Kalanick. Careful observers of Uber's board may remember that Kalanick is on it, so the unanimous approval is quite a concession by him. ("In a statement, Mr. Kalanick said the board 'came together collaboratively and took a major step forward in Uber’s journey to becoming a world class public company'" -- also a concession from a founder who was always pretty opposed to going public.) On the other hand, the anti-Travis provision that the board had been considering -- which would have required two-thirds approval of both the board and the shareholders for any former executive to come back and be CEO -- was softened to require only board approval, so Kalanick can still hold out some hope of a triumphant return as CEO.

In general, Kalanick is probably right that this sprucing up of Uber's governance and voting mechanics is good preparation for going public as a normal-ish company. (It is also preparation for a potential multibillion-dollar investment in Uber by the SoftBank Vision Fund, which the board also endorsed.) But there is one weird aspect, which is that the board took away super-voting rights from shareholders who weren't there and didn't approve. ("The board’s action today was unfair and illegal and we will be relentless in rectifying this wrong,” said two of them.) You don't normally see corporate boards stripping shareholders of their voting rights without those shareholders' consent; after all, the point of getting super-voting rights in your shares is precisely to be able to vote down changes that you dislike. But I guess Uber has no non-weird governance choices, and is just doing the best it can to be as normal as possible.

Are favs endorsements?

Here is a lawsuit brought by Eros International Plc, a New York Stock Exchange-listed "preeminent co-producer and distributor of Bollywood films," against Mangrove Partners, a hedge fund, and its various alleged co-conspirators in an alleged scheme to short Eros's stock and then profit by spreading false negative rumors about the company. I don't know the facts here, though in general I am skeptical of lawsuits like this: If you short a stock and say mean things about it, the company will inevitably accuse you of market manipulation, while if you buy a stock and say nice things about it, no one will really criticize you even if you're wrong. 

But the fun part of this lawsuit is that some of the alleged defamation of Eros took place on Twitter, where the defendants allegedly "created an 'echo chamber'" for their false statements. Specifically:

Another alias, “mboom1991,” joined Twitter in June 2017. Since then, mboom1991 has published zero tweets of his own but consistently rubber-stamps Unemon’s negative tweets about Eros by “liking” them.

Imagine being found liable for defamation just for liking some tweets. 

Love regulation.

Nashoba Brook Bakery lists "love" as one of the ingredients in its granola, which, fine, is a little eye-rolly, but which also prompted this perhaps excessive response from the Food and Drug Administration, telling it to remove "love" from the list:

“Your Nashoba Granola label lists ingredient ‘Love,’” the agency wrote in the Sept. 22 letter. “‘Love’ is not a common or usual name of an ingredient, and is considered to be intervening material because it is not part of the common or usual name of the ingredient.”

I like the symbolism: The Trump administration is all about reducing regulations and letting businesses do whatever they want, but it draws the line at love. Love will not be deregulated. Love will be treated with great suspicion. To be fair the bakery's products are also allegedly made in "insanitary conditions whereby they may have become contaminated with filth," and while you may want love in your granola, you don't want filth.

Blockchain blockchain blockchain.

Yesterday I joked about the name of the "HOLD 10" cryptocurrency index fund, which Forbes explained was "named for a common saying in crypto (and Bitcoin in particular) to hold one’s coins rather than sell." Quite a few readers patiently explained to me that it comes from a famous 2013 Bitcointalk forum post titled "I AM HODLING" (sic), in which the poster explains that he is holding on to his bitcoins "because I'm a bad trader and I KNOW I'M A BAD TRADER." That is also why I invest in index funds, honestly, so it does kind of make sense to name your crypto index fund after that post. But -- as several readers also pointed out -- it should really be the "HODL 10."

People are worried that people aren't worried enough.

In a fun twist on this worry, here is the Wall Street Journal explaining "that calm seems to find its way to the market when investors are least expecting it." Calm: the biggest surprise of all.

Meanwhile, here at Bloomberg Prophets, Myron Scholes and Ash Alankar explain that "options -- which provide extremely efficient estimates of the market's assessment of short-term risk -- indicate that the market is not sounding alarms over the likelihood of a severe near-term correction."

People are worried about unicorns.

You know, just yesterday, I made a little fun of the conceit that vegan mayonnaise company Hampton Creek Inc. is a "tech company that happens to be working with food." I mean, sure they use computers in their food business, but so does McDonald's. "Eventually," I wrote, "every company will use machine learning, and every company will say 'well we're not a garbage-hauling company, we're a tech company,' and the tech sector will make up 100 percent of the economy." But when I wrote that, I hadn't even seen this article about Rubicon Global, the trash unicorn (Elasmotherium purgamenti), whose co-founder calls it -- what else? -- the "Uber of Trash." Former employees say that "Rubicon has consistently overstated the impact its technology is having on its business, which more resembles a conventional waste brokerage than a sophisticated Silicon Valley startup":

Rubicon’s challenges follow a familiar path in Silicon Valley and the broader tech startup world. Investors write large checks to impressive yet unproven entrepreneurs with seductive stories. But those founders often find it surprisingly complicated to apply high-tech solutions to old-fashioned problems.

"'I tell people all the time that we built this business for the millennial generation,' Morris told Waste Dive, an industry newsletter," is one perfect sentence in the article. Anyway yes using computers to schedule trash pickups turns out to be more like being a garbage company than a computer company.

Elsewhere in "tech" here's a sock company:

“We saw socks as a Trojan horse to build a brand,” he explains, in a black tank top, shorts and, naturally, knee-high socks after a game on the company basketball court. “A well-built brand could have the same sort of value, in terms of returns to investors, as an internet or software company.”

And here's a story about WeWork, which I guess really is the Uber of shared office space, and which raised a few billion dollars from SoftBank earlier this year at a $20 billion valuation. It contains this quote from WeWork's co-founder and chief executive officer Adam Neumann:

"No one is investing in a co-working company worth $20 billion. That doesn't exist," Neumann says. "Our valuation and size today are much more based on our energy and spirituality than it is on a multiple of revenue."

Look, I am not in the business of identifying bubbles or calling tops, but when you are raising billions of dollars at an 11-digit valuation based on "energy and spirituality," you are definitely pushing things a bit.

Work Stuff / the simulation hypothesis.

Microsoft Corp.'s engineers sat down to design a virtual reality environment in which people could fulfill their wildest fantasies and push the limits of human experience, and came up with literally sitting at a desk to do word processing:

During an early hands-on with a developer version of the Acer headset, for example, we were able to step into a digital room where we could sit at a digital desk and interact with Microsoft programs such as Word, watch videos on a big screen and more. The experience is quite incredible.

One oddity of the "simulation hypothesis," the idea that we live in a computer-generated simulation rather than the real world, is that so much of our experience is kind of dull. If the artificial intelligences of "The Matrix" were really designing a virtual world for us, wouldn't they make it more exciting than just a lot of people sitting in offices staring at computer screens? But one possible answer is that, if we are living in a simulation, it is a simulation designed by Microsoft.

Of course, if we are living in a simulation of office jobs, then it would make a kind of sick sense for us to put on mixed-reality headsets to experience a further simulation of office jobs. And why stop at two layers? Why not, in this current simulation we live in, put on a Microsoft mixed-reality headset to step into a digital room in which you put on another Microsoft mixed-reality headset, and step into a digital room in which you put on another Microsoft mixed-reality headset, etc. etc. etc., until you step into the final digital room and discover the meaning of life, or vanish in a digital puff, or open a Word document? The future will just be a mise en abyme of boring virtuality.

Things happen.

Trump Suggests Puerto Rico’s Debt May Need to Be ‘Wiped Out.’ Fed Chair Hopeful Warsh Draws Opposition From Left and Right. Private credit booms as new hedge funds pile in. Yahoo Triples Estimate of Breached Accounts to 3 Billion. What's up with Deliveroo's share options? Anthony Scaramucci remains desperate for attention. The Downside of Baseball’s Data Revolution—Long Games, Less Action. The Error in Baseball and the Moral Dimension to American Life. "According to Darden Restaurants, owner of the Olive Garden chain, the phrase is intended to call to mind ideas of the olive harvest and Tuscan authenticity, not the final, anguished night of a prophet, dark hours spent in prayer, wrath, and silence."

If you'd like to get Money Stuff in handy email form, right in your inbox, please subscribe at this link. Thanks! 

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

    To contact the author of this story:
    Matt Levine at

    To contact the editor responsible for this story:
    James Greiff at

    Before it's here, it's on the Bloomberg Terminal.