The crash of '87?
3
Vol. 9, No. 6, Page 5 two parties do not know or trust each other. His paper presented a practical identification scheme which is probably secure if factoring large numbers is difficult and is two orders of magnitude faster than the RSA scheme. The new scheme can be implemented on most microprocessors in a fraction of a second, it is claimed, and thus can be added to chip cards, access control systems, communications devices, operating systems, terminals, military command and control systems, etc. Simple extensions to the system enable users to sign their messages digitally and to derive the verification keys from the prover's claimed identity rather than from a public key directory. All in all, SECURICOM 87 was a "good vintage" which offered highly innovative practical and theoretical presentations. Yves Leroux, Digital Equipment Corporation, France. THE CRASH OF '87? On September 1987, there will be a three-day conference in Amsterdam entitled "Coping with Computer-age Vulnerability". The author of this article, Adrian Norman, volunteered to evaluate a major potential risk by seeking expert opinions from our readers. You can write directly to him, or to the editor for publication in Computer Fraud & SecuriCy Bulletin. Mr Norman asks: "Should I be worried? More important, should you? Please write and tell me." Today's global trading systems and markets are vulnerable not only to computer failure but also to computer success. If many computerized trading and settlement systems were actually to operate as their owners intend today, they would bring about the crash of the marketplace in which they operate. Let me explain why. First, a little history. Following the first public conference on transborder data flows in 1978, I found myself travelling back to Paris with the chairman of the session at which I had presented a paper on Project Goldfish, a hypothetical illustration of the threats to individual rights from the establishment of a data haven (like a tax haven) where personal data could be collected outside the ambit of data protection legislation. We began to discuss other significant threats from the availability of computing and telecommunications technology and aroused in each other sufficient anxiety about the stability of future financial markets to consult the head of the New York Federal Reserve Bank a few months later. One of his staff who had studied the problems was slightly reassuring, reckoning that the dangerous technology would not be in place for about five years. That, remember, was in 1978. So what was it that worried us so much? Crashes in financial markets are caused by positive feedback: financial institutions are installing computing and communications systems which can become connected in a positive feedback loop under certain circumstances. @ 1987 Elsevier Science Publishers B.V., Amsterdam.lo7/$o.M) + 2.20 No part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any means, electronic. mechanical. photocopying, recording or otherwise, without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.)
-
Upload
adrian-norman -
Category
Documents
-
view
214 -
download
0
Transcript of The crash of '87?
Vol. 9, No. 6, Page 5
two parties do not know or trust each other. His paper presented
a practical identification scheme which is probably secure if factoring large numbers is difficult and is two orders of magnitude faster than the RSA scheme. The new scheme can be implemented on most microprocessors in a fraction of a second, it is claimed, and thus can be added to chip cards, access control systems, communications devices, operating systems, terminals, military command and control systems, etc. Simple extensions to
the system enable users to sign their messages digitally and to derive the verification keys from the prover's claimed identity rather than from a public key directory.
All in all, SECURICOM 87 was a "good vintage" which offered highly innovative practical and theoretical presentations.
Yves Leroux, Digital Equipment Corporation, France.
THE CRASH OF '87? On September 1987, there will be a three-day conference in Amsterdam entitled "Coping with Computer-age Vulnerability". The author of this article, Adrian Norman, volunteered to evaluate a major potential risk by seeking expert opinions from our readers. You can write directly to him, or to the editor for publication in Computer Fraud & SecuriCy Bulletin. Mr Norman asks: "Should I be worried? More important, should you? Please write and tell me."
Today's global trading systems and markets are vulnerable not only to computer failure but also to computer success. If many computerized trading and settlement systems were actually to operate as their owners intend today, they would bring about the crash of the marketplace in which they operate. Let me explain why.
First, a little history. Following the first public conference on transborder data flows in 1978, I found myself travelling back to Paris with the chairman of the session at which I had presented a paper on Project Goldfish, a hypothetical illustration of the threats to individual rights from the establishment of a data haven (like a tax haven) where personal data could be collected outside the ambit of data protection legislation. We began to discuss other significant threats from the availability of computing and telecommunications technology and aroused in each other sufficient anxiety about the stability of future financial markets to consult the head of the New York Federal Reserve Bank a few months later. One of his staff who had studied the problems was slightly reassuring, reckoning that the dangerous technology would not be in place for about five years. That, remember, was in 1978.
So what was it that worried us so much? Crashes in financial markets are caused by positive feedback: financial institutions are installing computing and communications systems which can become connected in a positive feedback loop under certain circumstances.
@ 1987 Elsevier Science Publishers B.V., Amsterdam.lo7/$o.M) + 2.20 No part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any means, electronic. mechanical. photocopying, recording or otherwise, without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.)
Vol. 9, No. 6, Page 6
On 23 January 1987, the New York Stock Exchange All Share Index suddenly dropped more than 100 points. Commentators blamed "program trading". Computer systems run by major financial dealing and trading institutions were reading the signals from the marketplace and trying to rebalance their own and their clients' portfolios by buying and selling financial instruments. When the price of one instrument is going down relative to another it is sensible to sell the one that is going down as quickly as possible and buy the one that is going up. This causes the price of the instrument that is sold to decline further and the one that is bought to rise, as the market adjusts to reflect the balance of supply and demand. Those who deal later will get less for what they sell and have to pay more for what they buy. Some systems have trigger levels at which "stop loss orders" are issued to prevent the institution being left holding assets of too low value. As each institution reaches its own stop loss point, its selling activity pushes the price down past another institution's marginally lower level. That is what positive market feedback is all about.
Classical economic theory says that when prices decline, buyers enter the market to pick up the bargains. However, this negative feedback theory applies only to a slow moving or almost static marketplace. In the dynamic financial marketplace, dealers will endeavour to sell just as the decline starts and buy back once the price has dropped to its lowest level. Because the cost of dealing is very low, the cost of the selling and buying operation is small compared to the gains from selling high and buying back low. As everyone knows, in today's computerized financial marketplaces, deals can be made in minutes or even seconds and the price adjusts promptly.
The next step in the development of dealing systems is to have the computer issue the dealing instructions in accordance with a policy laid down by the portfolio managers. The policy is in the form of a set of rules reflecting the expertise of the investment manager. Such systems are called Intelligent Knowledge Based Systems (IKBS). When the deal has been made, the transfers of ownership associated with the settlement process can in principle be achieved immediately using the telecommunications networks that now girdle the earth. The instruments that are traded, which might be currencies, commodity futures, or fixed or variable interest stocks, can be bought or sold in marketplaces around the world. At least some of them will be open at any particular time. It is also possible to deal in instruments which are not direct claims on real assets, such as 'puts' and 'calls'. Futures markets make it possible to sell what you do not own and to buy with no intention of taking possession. With these devices, which have a respectable economic role of transferring risk between investors with different attitudes to it, it is possible to amplify the volume of dealing and thus increase the rate of price movement in the marketplace. Again, this is the very nature of feedback.
The dealing and settlement systems owned by individual players in the market can now be coupled through telecommunications networks to each other and to sources of information about market movements. In effect, each system knows
instantaneously what is happening in the market and, thanks to the
0 1987 Elsevier Science Publishers B.V., Amsterd~./87/$0.00 + 2.20 No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, mechanical, photocopying, recording or otherwise. without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.)
Vol. 9, No. 6, Page 7
knowledge base provided by its managers, it knows the rules that the other systems are going to be following. Each of them is standing ready to pounce should the signals from the marketplace indicate that action is needed.
In 1929, the New York Stock Exchange crash occurred over a period of several weeks. At that time, there was an amplifier provided by the practice of trading on margin. As prices declined, the brokers who had been providing funds for those who had purchased stocks but only paid part of the price (leaving the stock that had been purchased with the broker as collateral) called for more cash from the purchaser. He therefore had to se1 some of his stock to find the cash, pushing prices down still further. This frightened others into getting out while the going was good and discouraged buyers from entering till the price was lower still.
Am I right to predict that sometime in the quite near future, we shall see the crash of 1929 not in weeks, but in milliseconds? If I am wrong, please will you write and tell me why. If I am right, who should be trying to do something about it? Is it possible in practice, even were one able to devise a theoretical structure, to put in place a regulatory mechanism to control the behaviour of an electronic market place which can migrate anywhere around the globe to evade controls? Should the central banks, or perhaps an association of the major global banks, establish some kind of self-denying ordinance outlawing program trading at electronic speeds which preclude human intervention? Should they agree some stops - triggers set by price movements beyond agreed "normal" levels - which would call for a pause and allow human intervention? Or do we need some kind of buyer/seller of last resort who will always intervene to prevent violent price fluctuations?
Adrian Norman, Consultant, Arthur D Little Ltd, Berkeley Square House, Berkeley Square, London WlX 6EY,UK; tel: 01-409-2277.
DATA SECURITY - The BIS series of Casebooks on Computer-related Fraud, WATCH OUT FOR THE Computer Crime, and Computer Disasters first came out in 1983. NEW COMPUTER The new editions of the Computer Fraud and Computer Crime CRIMINALS Casebooks contain many more new cases which have come to light
since the last publication date. BIS has detected major shifts of emphasis in computer crime trends both in terms of the significance of losses as well as in the schemes of perpetration. Increasingly BIS detects better cooperation between victim organizations and the police authorities: as a result there have been more prosecutions and more details are now available for individual case analysis. With the recent cases also come new types of computer criminals and new threats to computer data and business information. Fortunately the security industry is also responding to new demands for protection in erstwhile virgin territory for both attackers and defenders.
o 1987 Elsevier Science Publishers B.V.. Amsterdam./87/$9.00 + 2.20
CO~~‘f~~~~~~‘;~~;,& No part of this publication may be reproduced, stored in a retrieval system. or transmitted by any form or by any
SEcwIRBuLLErm means. electronic, mechanical, photocopying, recording or otherwise. without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back LOWT )
![NBER WORKING PAPER SERIES CRASH OF 87 C ......Schwert [1987] analyzes the relation of stock volatility with real and nominal macroeconomic volatility, financial leverage, stock trading](https://static.fdocuments.in/doc/165x107/60c0f0071052fd72b327a616/nber-working-paper-series-crash-of-87-c-schwert-1987-analyzes-the-relation.jpg)
