If you have a Yahoo or Flickr account, read this!

yahoo-breachLike many people, I have a Yahoo account (for news updates and Flickr). Now it appears that 500 million Yahoo accounts, including probably mine, have been accessed, by a ‘foreign state actor’. And 200 million of them are now for sale on the dark web. I regarded Yahoo and other non-financial and non-critical sites as a low risk, and used the same password on many of them. I just did an analysis of how many places I had used the same password. It turns out to have been 60! Quite a lot. Some of those have information like phone numbers and my address. So I have just been through them all, giving them strong individual passwords. I suggest you do the same. But just how risky is this breach?

The stolen Yahoo passwords are supposed to have been encrypted. The most widely used ‘strong’ password encryption standard is ‘salted MD5 hashing’. Technology has moved so fast now that anyone with a $400 Nvidia PC graphics card (GPU) can use ‘brute force’ to decode these passwords. The table below shows the real impact on the time it takes to crack a password of the number of characters (first column of the table) and the complexity of the password (first row of the table,  ranging from  numbers only on the left, to numbers plus lower and upper case letters on the right). So how long does it take to decode a strong (salted MD5 hash) password in seconds? Not long it turns out. A 6 character password using a mix of lower case letters and numbers which you might have thought to be quite secure, takes just 4 seconds to crack.  That cracked password is worth real cash to a hacker, so for 4 seconds on some cheap PC hardware, they are going to invest some time and money.  If you had a Yahoo or Flickr account you are highly vulnerable.

The moral is, use AT LEAST a minimum of 8 characters with a mix of lower case, and upper case characters, symbols, and numbers (that combination would take 5 days to crack with today’s GPU cards). Yahoo say that ‘the majority’ of their passwords were encrypted with the stronger ‘bcrypt’ method. But it’s only a matter of time before the speed of the GPUs and the smarts of the hackers (this table is produced by a hacker) will catch up with that also. And in the recent breaches of Dropbox, Linkedin and Adobe, the passwords all had very poor (SH1) or NO encryption. So be careful. Make sure all your passwords are long,  strong, and unique!

brute-force-timings-on-md5

Share

Brexit – the ugly options for Trade

Brexit trade models

This is (as far as I can make it) a factual analysis of the trade options (highlighted in bold) following Brexit. It shows there is no option that meets the “Leavers” goals, and every variant other than the one we are just about to leave, is pretty bad for the UK. Note that all the picture links lead to the original, more detailed data source.

These are our choices (the above BBC article explains more): The Norway model and the Swiss model have free trade, but also everything Brexiters hate (free movement, and the same contribution to the EU as now) with no say at all in the decisions the EU makes. They both will sacrifice the City of London’s EU trade. The Norwegian Prime minister’s opinion of their model in the BBC video clip above (click on the picture above to get to the BBC article) indicates that in her informed opinion, it is not a good option for the UK, even as it stands.

Bloomberg on SwitzerlandSome Brexiters say that the Swiss, who recently had a referendum to limit free movement, will renegotiate with the EU to get the kind of “free trade – no free movement” that they want.  In fact the UK  just made it almost impossible as the Bloomberg article on the left shows. As Bloomberg notes: “Switzerland was always going to struggle to reach an agreement with the European Union to limit immigration. Britain’s decision to split from the bloc just made it near impossible”.

The Turkish model sounds attractive, but as my prior post outlines, it severely restricts negotiating power with other countries, still disadvantages the Commonwealth,  there will be no easy access of our people into the EU,  and it excludes services.

Canada dealThen there is the Canadian model (CETA).  It is good for manufacturing (no tariffs) OK for agriculture (some tariffs) and dreadful for the City (services are excluded).  Canada is still negotiating their deal with Brussels – they have no favoured status at the moment, and are on WTO tariffs. CETA requires ratification by every EU country, and is being held up by those countries who do not have visa-free access to Canada.  The same will certainly happen to the UK in this or any other negotiations. The Canadian process started in 2009, was agreed in draft in 2014, and is still not in place.  So assume it will take us a good long time to get a deal, at least 7 years.

Everything else is the WTO tariffs, and these will be the default after the 2-year Article 50 period expires (in the absence of or pending a negotiated and more favorable trade deal). The tariffs  range for the EU from 40% for baked goods to 10% for cars.  It will massively disadvantage manufacturing exports, and eliminate the benefit of devaluation for exporters. 

Those who think that Germany has to allow tariff free access to their markets so they can sell BMWs here should ask what else are the rich English going to buy.  Audi, Mercedes, BMW, Volvo, Alfa-Romeo are all EU imports.  Jaguar does not have the capacity, or the range to backfill this volume.  They would be unlikely to invest in the UK market opportunity until they were certain that the UK was keeping punitive tariffs on EU luxury cars permanently.  Without a massive Jaguar expansion,  the British will continue to buy European luxury cars, because that’s the place that makes 90% of them.  European manufacturers will just put prices up 7% and take a 3% hit on profit, and they are done. No special bargain should be necessary for them to continue to profit from the UK market. And I think you will see the rich Brexit voters of rural England continue to swan around in their German cars, just like before.

Business for Britain, which campaigned for exit, estimated that at worst (ie. at WTO levels),  tariffs would cost British exporters £7.4 billion a year and said the UK would save enough on EU membership fees to be able to compensate exporters for that. The bill to minimise the impact on exporters would therefore be £7.4Bn per year for at least 7 years, and presumably a reduced, but significant amount after that.

But the UK also has to compensate farmers, Wales, Cornwall and the other recipients of EU grants for their loss of support. This will likely wipe out our saving on EU contributions and more. And the huge amount of additional certification required for non-EU importers and the  work to renegotiate the EU treaties, and trade deals with 50 other countries will be a massive consumer of resource. The country is going to expend vast amounts of effort just to get us back to a position similar to where we are today. Far from entering the sunlit upper pastures, we may well waste 9 years of work for no economic advantage at all.  On that basis, and on the outlook of most market analysts, a recession is certain.

EU trade comissionerThe EU has made it very clear there are no fantasy Johnson/Gove/Leadsom/Hannan timescales or trade deals. Cecilia Malmstrom, the EU trade commissioner who will lead all EU trade talks has made it clear that all elements of the UK withdrawal from the EU have to be completed (in 2 years) before any trade talks have started.  One of the candidates to be next UK prime minister, Liam Fox (certain to be in the new Conservative front bench) called Ms Malmstrom’s stance “bizarre and stupid”, saying the Brexit talks would include trade (the BBC’s Chris Morris in Brussels says Ms Malmstrom’s view of two consecutive sets of negotiations appears technically correct).  I would suggest that starting negotiations by calling your lead counterpart “stupid” almost guarantees a bad result.

No EU official has indicated that the UK can get tariff free access to the EU without their four principles (including free movement of people) being adopted.  While various organizations and individuals in Europe have said a deal could be struck that might meet UK needs, they are not going to be doing the negotiations.  Those who will be, have been very clear.

I can find no senior politician on either side in the UK who seems to have a coherent understanding of this dilemma  or has a pragmatic plan to get an effective negotiated result for the UK.  All the Conservative front bench seem to be expecting a fantasy of access to the free market without free movement of people, which  the EU has made clear is not an option.  Jeremy Corbyn, the Labour leader,has said he wants the EU exit Article 50 to be implemented immediately, precipitating an immediate start of the 2-year exit clock with no trade deal in place at all.  Nigel Farage wants the same, and today they have been joined in the “immediate Article 50” camp by Andrea Leadsom, the hedge-fund backed Conservative leadership contender.

McDonnell on brexitJohn McDonnell, the Shadow Chancellor has predictably said something quite different.  At the Royal Festival Hall in London, he announced five principles upon which Labour will judge any negotiated deal and which would have to be met for Labour to give backing for a vote to trigger Article 50.  They include,  freedom of trade for UK businesses in the EU, the rights of UK financial services companies to win business across the EU, existing protections at work provided by the EU to be maintained, and no UK citizen currently living or working in the EU to have their rights affected.  From what the EU have said so far, I would suggest that none of those are likely to be delivered.  In that case, McDonnell says that Labour would not vote to support Article 50 being exercised, entirely at variance with Corbyn’s position.

It seems pretty clear to me that almost all senior UK politicians are in a fantasy world, and are wholly at variance with the EU, who hold all the negotiating cards.  When professionals take over, the process will settle down somewhat, but I don’t expect a rosy outcome.  I would expect some kind of Canadian style free trade deal ultimately, with the City’s role as an EU financial hub being sliced up and given to the Irish, French, Dutch and Germans.  Inward investment to the UK for car manufacturing will probably slow down and move to the cheaper EU countries like the Czech republic and Bulgaria etc. UK citizens in France and other EU countries will lose reciprocal/free medical treatment, and many will have to return because of that and the dire effect of currency devaluation on their income and expenses. But of course it could all be much worse than that, if we have to fall back on all that, plus WTO tariffs for 7 plus years.

What about Scotland? The current market view (as of today) is that oil would have to be at $130 per barrel before Scotland’s deficit would meet EU membership rules. The rest of the UK is currently funding the Scottish deficit. If Scotland left the UK and joined the EU, they would have to accept the Euro, accept WTO tariffs for exporting into the UK (80% of the Scottish export market), accept a customs border with the UK, and accept German austerity rules for managing their deficit (which would be greater than Greece’s). While the rest of the UK would probably be better off on a purely economic basis, it would be a massive diminution of the UK’s world standing, particularly if Scotland is followed by Northern Ireland.

Scottish independenceHowever economically unattractive, EU membership may well be an achievable option for Scotland to pursue if they want to.  Dr Kirsty Hughes, in the only practical expert analysis on Scottish membership of the EU I have come across so far (see the link to the left), concludes that the Scots may have a fair chance of EU membership, but only once they are an independent nation.  Given their good relations with the EU, the Scots are also much more likely to get concessions on accession, than the UK will on exit.  She also has said, quite reasonably, that the Scots  will not want to go through the whole pain of the UK leaving and renegotiating a trade deal, before starting their own accession talks.  Instead, they should be negotiating their own trade deal at the same time as the UK is doing theirs (or even before).   If that is their goal, they need to get their referendum done in the first half of next year, and be fully independent of the UK by the end of 2019. The EU might well be flexible then on continuing trade terms for Scotland (and tough on exit terms for the UK) while they negotiate accession.

There are many other radioactive elements of the EU decision, but trade is the critical one that will affect everyone’s lives.  This summary of the options and likely outcomes is a marker post for me and I’ll come back to it over the next few years to see how it all panned out.  You might want to as well. But like many in the UK right now, I don’t think this particular story is going to end well.

 

Share

Brexit – the Turkey option

Turkey article

A customs Union with the EU is an attractive option for many Brexit proponents. The only major one concluded is with Turkey. Here’s what it involves…..the following is a description of the deal from it’s Wikepedia page. How do you like this particular bargain, Leavers?

  • Turkey, by accepting the customs union protocol, was giving the EU the power to manipulate the foreign relations of Turkey. Turkey was accepting all the treaties between EU and any non EU country (i.e. all the other countries in the world) by precondition. (16th and 55th articles[4] )
  • Turkey, by entering to the customs union, was accepting not to do any treaties with any non-EU country without the knowledge of EU. Otherwise, EU had the right to intervene and annul that treaty. (56th article[4])
  • Turkey, by entering to the customs union, was unconditionally accepting to make laws which are parallel to the newer laws made for the customs union by EU. (8th article[4])
  • Turkey, by entering to the customs union, was accepting to obey the all laws and decisions of European Court of Justice, where there is no single Turkish judge. (64th article[4])
  • Turkey, by entering to the customs union, was opening its own market to European goods. The domestic goods of Turkey were in a great difficulty to compete against these due to a difference in quality. The European goods would flow into Turkey without any customs fee.

It may of course be that there is some deal that is not Norwegian one, and not the Turkish one, and not the Swiss one.  It’s completely unclear to me how then the EU would explain the crap deal these other states got.  In fact, the EU has made clear the terms of the UK deal again and again.  It’s Free Trade and EU rules, like free movement, and payment into the EU, or it’s the right to control our borders and WTO (World Trade Organisation) trade rules. All the evidence shows there is no magic place for the UK.  There certainly isn’t one for the US……

Share