Money Stuff

Uber Hacks and Bitcoin Futures

Also universal index funds and Long Island municipal bonds.

Oh, Uber.

If you are a big consumer-facing company and you store data on an external server, and someone breaks into that server and accesses personal information about millions of your customers, then that is usually called "hacking," and it is a big deal, and "a patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur." On the other hand, if one of your employees logs into that server and accesses that information, that is just something that happens every day in the ordinary course of business and is not a problem at all.

I suppose there is a synthesis of these two ideas: If some stranger comes to you and says "I have broken into your server and stolen data about millions of your customers, but I'll give it back and walk away quietly for $100,000" ... wouldn't it be tempting to say "oh hey thanks you work for us now, with a start date effective as of two weeks ago, good job enhancing our security systems, here's a $100,000 bonus"? Problem solved! It wasn't a data breach, it was a security exercise conducted by a consultant you paid for.

I mean, I don't really know what Uber Technologies Inc.'s former chief security officer -- a former federal prosecutor! -- was thinking when he agreed to pay off hackers without alerting regulators or customers or, apparently, Uber's chief legal officer. But he is gone now, and Uber has some egg on the egg that was covering the egg on top of all the other egg all over its face:

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. 

"None of this should have happened, and I will not make excuses for it," wrote Uber's new chief executive officer, Dara Khosrowshahi, in a pretty good summation of the last few years of Uber. I assume that when Khosrowshahi types an "n" on his phone it auto-fills "_one of this should have happened, and I will not make excuses for it." I expect his letter to investors in Uber's inevitable initial public offering prospectus will begin "None of this should have happened, and I will not make excuses for it." Uber's a cappella group should call itself "Tone and Pitch Should Have Happened, and I Will Not Make Excuses for It." 

It's ... just ... Uber, man, come on. "It is one thing after another," I would say, except that they all seem to have happened at the same time. If it's not undisclosed hacking it's sexual harassment; if it's not theft of trade secrets it's hiding from law enforcement

What is Uber? Why is it a $70-billion-or-whatever company? You could tell a bunch of stories -- it is an app company, a taxi company, a driverless-car company -- but one possibility is that it is a regulatory-evasion company. Local regulations around the world entrenched taxi companies and allowed them to capture excess value, and Uber's central innovation was not building an app or developing a surge-pricing algorithm but simply saying "what if we took that value instead?" In 2017 it spends a lot of time lobbying and buttering up local governments so that they don't ban it, but earlier on the process was simpler: It would just ignore the local regulations and hope no one would stop it. That worked really well! Not flawlessly, not permanently, not at scale -- that's why it has now pivoted to lobbying and buttering-up -- but well enough to get Uber to this point, the point where its lobbying and buttering-up can work.

I am a finance guy, and I think a lot about "regulatory arbitrage" as a source of value, and it seems to me that a lot of Uber's value comes from a form of regulatory arbitrage. But it is not the form of regulatory arbitrage that I am familiar with, where you carefully analyze the rules in order to build products that get the best possible treatment under different regulatory regimes. It is more just "hey a good arbitrage would be to ignore these regulations." If that is the core idea that made your company successful, it is going to pervade a lot of your decisions, not just the ones about taxi licensing. And it's going to be hard to pivot away from it.

Bitcoin futures.

I want you to imagine a time, in the not-too-distant future, where the following things have happened (in this order):

  1. Bitcoin futures have started trading on the CME Group Inc.'s futures exchange, which they are scheduled to do by next month.
  2. JPMorgan Chase & Co. has offered its institutional trading customers access to the bitcoin futures contract through its futures brokerage, as it is contemplating doing.
  3. Everyone has decided that bitcoin is dumb and its price has collapsed, as JPMorgan Chief Executive Officer Jamie Dimon has said it will.

I do not want to speculate on the likelihood of these events. (Well, #1 seems pretty much inevitable, and I would bet on #2 myself, but you're on your own on #3.) But you will concede that they are all at least possible. My questions are: Will the customers who lose money on bitcoin futures sue JPMorgan for letting them buy them? Will their legal briefs say "JPMorgan knew bitcoin was a fraud, and in fact its CEO said so, but JPMorgan nonetheless pushed bitcoin futures on customers"? Will there be congressional hearings? Will Dimon be called to testify? Will senators ask him why he sold bitcoins to clients after saying that people who buy bitcoins are "stupid"? Will he say:

What clients are buying ... is they are buying an exposure. The thing that we are selling to them is supposed to give them the risk they want. They are not coming to us to represent what our views are. They probably, the institutional clients we have, wouldn’t care what our views are, they shouldn’t care. 

That did not go over especially well in the Senate in 2010, when Goldman Sachs Group Inc. CEO Lloyd Blankfein actually said it about the mortgage bonds that his bank sold in the lead-up to the financial crisis. Nonetheless it was true then, and it is true now, and it will be true in my imagined future. If you are buying bitcoin futures from JPMorgan it is because you want exposure to bitcoin. The fact that Jamie Dimon doesn't want exposure to bitcoin may or may not be an interesting data point for you, but it is surely not dispositive. He has no inside information about bitcoin. Since Jamie Dimon announced that bitcoin was a fraud and will collapse, its price has almost doubled. He might still be right, but even if he is, you could have had a nice profit on a tactical trade since his announcement.

Bitcoin Ends Year at $10,000, Says Mike Novogratz

There is a notion, popular in some circles, that the point of an investment bank is to sell people securities that will go up: that it has a duty to its customers to carefully curate its product offerings and sell them only the stuff that it personally believes in. This is not the point of an investment bank. JPMorgan sits between people who want to buy a thing and people who want to sell the thing, and it intermediates their trades. Diversity of opinion -- some people think the thing will go up, others think it will go down -- is what makes a market. If JPMorgan could only trade with clients after satisfying itself that they are right, it would never do any trades. 

Elsewhere in bitcoin futures, a reader emails:

Can you answer something puzzling me? Just saw the bitcoin futures spec come out. And it is cash-settled. That is, against an index. Not physically settled. Now, isn't this the one commodity that absolutely should be physically settled? It isn't thousands of barrels of oil you have to move to Oklahoma. And isn't the whole hype on blockchain that it is going to revolutionize settlements infrastructure because it is so much easier and cheaper than, oh, just for example, clearinghouses ... like the one that will be handling the settlement of BTC futures?

Ha, it's true. If you buy an oil futures contract on the CME, and you hold it when it expires, then someone hands you 1,000 barrels of oil, and you have to find a place to put them. If you buy a bitcoin futures contract, and you hold it when it expires, nobody hands you the 5 bitcoins underlying the contract. Instead, CME computes a daily "Bitcoin Reference Rate," "which aggregates the trade flow of major bitcoin spot exchanges during a calculation window into the U.S. Dollar price of one bitcoin as of 4:00 p.m. London time," and if the Bitcoin Reference Rate at the expiry of your futures contract is higher than the Bitcoin Reference Rate when you opened the contract, you get paid the difference (times 5), and vice versa. In dollars. You get exposure to bitcoin without ever actually handling bitcoins.

Of course this makes sense, because handling bitcoins is mostly terrible. The fate of every bitcoin exchange, I often say around here, is to have its bitcoins stolen, so CME is quite sensibly launching a bitcoin exchange without any bitcoins to be stolen. Individuals and institutions who handle bitcoins, meanwhile, have been reduced to writing their private keys on scraps of paper and putting those scraps of paper in safe deposit boxes. That is how securities markets worked, like, 50 years ago, but since then people have figured out ways to track stock certificates electronically, and have mostly gotten rid of the safe deposit boxes. If you're an institutional investor who wants exposure to bitcoin, a futures contract that trades on an exchange that you already use is very helpful. A scrap of paper in a safe is hard to manage.

But it is awkward. If you are buying bitcoin futures, it is probably because you think that bitcoin will go up. If you think that bitcoin will go up, it is probably because you think it will be more widely adopted as a currency and a store of value and an alternative to the current financial system. But if you really thought that, you'd just buy bitcoins. You're buying the futures because, deep down, you prefer the existing system. "The need for a bitcoin ETF," I once wrote, and it is just as true of a bitcoin future, "is an argument against buying it."

Oh also by the way eventually CME Group, like every other centralized financial intermediary, will announce with great fanfare that it is experimenting with putting its settlement system on "the blockchain." (It already has a blockchain project for gold trading.) As we discussed yesterday, replacing clearinghouses' central ledgers with distributed blockchains might be perfectly sensible in many cases, improving performance and reducing reconciliation issues. But of course these blockchains are not the bitcoin blockchain; they are private blockchains that only approved banks and institutions can use and that have trusted central administrators. I am looking forward to the day when CME's bitcoin futures contract trades on a blockchain, but not the bitcoin blockchain.

Are index funds communist?

Here is "Corporate Governance as Privately-Ordered Public Policy: A Proposal," from Lynn Stout and Sergio Gramitto, who propose to "show how our society can use corporate governance shifts to address, if not entirely resolve, a number of currently pressing social and economic problems."

We demonstrate how, to a very significant extent, these problems can be traced to the way shares in business corporations are currently owned, traded, and voted. We also offer a plausible plan for shifting the structure of share ownership, trading, and voting to create a more democratic and sustainable capitalism that allows business corporations to better serve humanity. Our proposal, which envisions developing a new form of institutional shareholder, does not rely either on market forces or government interventions. Rather, it relies on voluntary cooperation and the private ordering of free individuals using modern information technologies. 

The idea is that "all U.S. citizens receive a share in a collective portfolio of securities; in essence, a collective mutual fund." I gather that this Universal Fund would be more or less index-fund-ish, and the point of it would be to give citizens, as citizens, more equalized voting rights in corporate decision-making:

Securities in the Fund would be voted in accordance with the preferences of Shareholders, who of necessity are diversified, long-term investors with significant interests as employees, customers, taxpayers, and organisms that live in the environment. We show how providing income to and empowering Shareholders this way would reduce inequality and disparities in wealth and equity ownership; increase economic security; spur corporate innovation and investment; reduce corporate externalities; and provide a variety of “soft” social benefits such as greater civic engagement, reduced social tensions, and improved trust in and support for the capitalist system.

It is a little reminiscent of Matt Bruenig's argument, which we have discussed a couple of times here, that the rise of index funds has paved the way for market socialism. If it turns out that ownership of the means of production by a broad class of investors in broadly diversified portfolios doesn't stifle competition and innovation, then why not extend it by giving that ownership to everyone? If the benefits of capitalist competition can be obtained with separate firms all owned by the same people, then why shouldn't society tinker with who gets to profit from that ownership?

Municipal bonds.

Here is a story about a Long Island municipality that is charged with securities fraud, which I mention to you mainly because it is my hometown. Not really; it is the Town of Oyster Bay, which is technically the town where I grew up, but Long Island towns are weird and I don't feel any particular connection to "Oyster Bay" as a political entity. (I grew up in Syosset, an unincorporated hamlet which does not as far as I know commit securities fraud, though obviously I would be thrilled if anyone has evidence to the contrary.) Anyway the alleged fraud consisted of "defrauding investors in the town’s municipal securities offerings by hiding the existence and potential financial impact of side deals with a businessman who owned and operated restaurants and concession stands at several town facilities." And of course:

The unusual decision at the highest levels of the Town to go to such great lengths to assist a vendor was a result of the Concessionaire’s long and close relationship with Town and Nassau County officials, which the Concessionaire had cultivated, in part, by providing various forms of gifts, bribes, kickbacks, and political support to those officials.

The alleged gifts from the concessionaire included "free limousine services through a third-party vendor," "free or discounted meals at his restaurants," and "gift cards, home repairs, and a free family trip to Italy." The alleged securities fraud consists of not disclosing all this to bond investors, which seems like a cheap way to turn municipal bribery into securities fraud, but I'll take it. Remember, everything is securities fraud. Good job, Long Island. 

Blockchain blockchain blockchain.

Blockchain for real estate! Honestly this is an obviously good idea:

“If you were to design a [title] system today, it would look a lot more like what people are talking about in terms of recording electronically and through something like the blockchain than the system we have in place now,” said Michael Pieciak, commissioner of financial regulations for Vermont, one of the most aggressive U.S. states in adopting the technology.

In a lot of securities markets, dumb old paper-based systems of tracking ownership were replaced decades ago by modern-ish computer-based systems that are still slow and inefficient and require error-prone manual reconciliation. Replacing those systems with a blockchain could be a nice incremental upgrade, even though replacing them with faster more efficient more accurate central databases would also be fine. But in a lot of U.S. real property markets, the dumb old paper-based systems are still in use, and are absolutely terrible, and replacing them with a blockchain could yield big benefits.

Elsewhere, former New York Superintendent of Financial Services Benjamin Lawsky just joined the board of blockchain company Ripple. "He is widely recognized as the architect of the BitLicense, New York’s industry-leading regulation for digital asset businesses operating in the state," says Ripple's press release. Imagine an alternate universe in which Lawsky, when he was a regulator, had looked at digital assets and said "meh, seems fine, no need to regulate any of this." Would he be on Ripple's board now? Maybe! He was a financial regulator, and Ripple is interested in financial regulation. But he certainly enhanced his perceived expertise and value to crypto companies by regulating crypto assets. This is worth thinking about whenever you consider the "revolving door" between government and industry: There is a popular view that it creates incentives for regulators to go easy on regulated industries, but the reality is more complicated. 

People are worried about yield curve flattening.

"Worldwide search interest in 'yield curve flattening' has soared to its highest level in at least five years." People: Is there anything they won't worry about?

Things happen.

Effort to Block AT&T-Time Warner Deal Gets Mixed Reception. Lawyers see few precedents for DoJ’s AT&T intervention. Will Justice Department’s Lawsuit Derail Deal-Making Boom? FINRA Fines J.P. Morgan Securities, LLC $1.25 Million for Failing to Appropriately Fingerprint or Screen Its Employees. U.S. Prosecutors Suffer Dramatic Tax-Evasion Loss. Nordea sells AT1 bonds at record low European coupon. Dan Loeb Exchanges Racially Charged Emails with Top de Blasio Official. Facebook is still publishing illegal discriminatory ads despite saying months ago that it would stop. Fake-Ad Operation Used to Steal From Publishers Is Uncovered. Lingerie Startup Settles FTC Suit Over Deceptive Subscriptions. U.S. Bribery Case Sheds Light on Mysterious Chinese Company. "We test lookback periods ranging from one quarter to twenty-five years and conclude that risk parity results are robust to the lookback period selected." Airport sushi. Pasta theme park. Brunswick CEO says boat clubs could usher millennials into boat ownership. In 2017, UK water companies still rely on “magic.” "'He cannot say that people want trivia,' said Yusupov, the founder of the HQ Trivia app."

If you'd like to get Money Stuff in handy email form, right in your inbox, please subscribe at this link. Thanks! 

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

    To contact the author of this story:
    Matt Levine at

    To contact the editor responsible for this story:
    Brooke Sample at

    Before it's here, it's on the Bloomberg Terminal.