Archive for the 'Uncategorized' Category

Cash and money laundering

Although privacy advocates often favour continuing a cash economy, it’s becoming clear that cash is heavily the place where bad things happen.

There are two ways in which cash is used in the black (and often criminal) economy. The first is as the basis of a barter economy — those involved buy and sell almost exclusively in cash, and their activities never get onto the radar of banks, taxation departments, or financial intelligence units. There’s not much that can be done about this, except that those who live in the cash economy usually have a lifestyle that’s much higher than their official income, so tax authorities might take an interest.

Cash is much more usable if it can be converted into electronic currency in banks. The number of ways this can be done is steadily diminishing. In Canada, banks and other financial institutions are required to report cash deposits above $10,000 unless they can show that they come from routine business activities (and there are quite specific rules about what this means). There are some loopholes, but not many and not big.

Australia has just taken steps towards banning cash deposits above $10,000 altogether. The uproar has been revealing.

One operator of an armoured car business complained to the media that he was moving ~$5 million a month in cash, about half from car dealers, and that this would ruin his business. The treasurer’s response was, roughly speaking, “Good”. (Businesses that sell transport already have quite strong restrictions about their cash activities in many countries.)

Also in Australia, the proportion of cash transactions dropped to 37% by 2016, with a corresponding drop in the total value they represent. However, the ratio of physical currency to GDP is at an all time high; there is $3000 in circulation for every Australian.

There are either some people with vast sums stashed under their mattresses, or this money is being used mostly by criminals. (Hint: it’s the latter.)

It’s no wonder that many countries are trying to be more aggressive about reducing the cash in circulation, mostly by removing high-denomination notes (because more value can be packed into a tighter space).

But it also seems clear that banks can’t resist to lure of large cash deposits, no matter how much they should. And as long as banks don’t tell them, country’s financial intelligence units can’t do a lot about it.



The Sound of Music Problem

Recommender and collaborative filtering systems all try to recommend new possibilities to each user, based on the global structure of what all users like and dislike. Underlying such systems is an assumption that we are all alike, just in different ways.

One of the thorny problems of recommender systems is the Sound of Music Problem — there are some objects that are liked by almost everybody, although not necessarily very strongly. Few people hate “The Sound of Music” (TSOM) film, but it’s more a tradition than a strong favourite. Objects like this — seen/bought by many, positively rated but not strongly — cause problems in recommender systems because they create similarities between many other objects that are stronger than ‘they ought to be’. If A likes an object X and TSOM, and B likes Y and TSOM, then TSOM makes A and B seem more similar than they would otherwise be; and also makes X and Y seems more similar as a consequence. When the common object is really common, this effect seriously distorts the quality of the recommendations. For example, Netflix’s list of recommendations for each user has substantial overlap with its ‘Trending Now’ list — in other words, Netflix is recommending, to almost everyone, the same set of shows that almost everyone is watching. Nor is this problem specific to Netflix: Amazon makes similar globally popular recommendations. Less obviously, Google’s page ranking algorithm produces a global ranking of all pages (more or less), from which the ones containing the given search terms are selected.

The property of being a TSOM-like object is related to global popularity, but it isn’t quite the same. Such an object must have been seen/bought by many people, but it is it’s place in the network of objects that causes the trouble, not its high frequency of having been rated as such.

Solutions to this problem have been known from a while (For example, Matt Brand’s paper outlines a scalable approach that works well in practice. This work deserves to be better known). It’s a bit of a mystery why such solutions haven’t been used by all of the businesses that do recommendation, and so why we live with recommendations that are so poor.

Provenance — the most important ignored concept

I’ve been thinking lately about the problems faced by Customs and Border Protection pieces of government. The essential problem they face is: when an object (possibly a person) arrives at a border, they must decide whether or not to allow that object to pass, and whether to charge for the privilege.

The basis for this decision is never the honest face of the traveller or the nicely wrapped package. Rather, all customs organisations gather extra information to use. At one time, this was a document of some sort accompanying the object, and itself certified by someone trustworthy; increasingly it is data collected about the object before it arrived at the border, and also the social or physical network in which it is embedded. For humans, this might be data provided on a visa application, travel payment details, watch lists, and social network activity. For physical objects, this might be shipper and destination properties and history.

In other words, customs wants to know the provenance of every object, in as much detail as possible, and going back as far as possible. All of the existing analytic techniques in this space are approximating that provenance data and how it can be leveraged.

Other parts of government, for example law enforcement and intelligence, are also interested in provenance. For example, sleeper agents are those embedded in another country with a false provenance. The use of aliases is an attempt to break chains of provenance.

Ordinary citizens are wary of this kind of government data collection, feeling that society rightly depends on the existence of two mechanisms for deleting parts of our personal history: ignoring non-consequential parts (youthful hijinks, sealed criminal records) at least after they disappear far enough into the past; and forgiving other parts. There’s a widespread acceptance that people can change and it’s too restrictive to make this impossible.

The way we handle this today is that we explicitly delete certain information from the provenance, but make decisions as if the provenance were complete. This works all of the way from government level to the level of a marriage.

There is another way to handle it, though. That is to keep the provenance complete, but make decisions in ways that acknowledge explicitly that using some data is less appropriate. The trouble is that nobody trusts organisations to make decisions in this second way.

There’s an obvious link between blockchains and provenance, but the whole point of a blockchain is to make erasure difficult. So they will really only have a role to play in this story if we, collectively, adopt the second mechanism.

The issues become more difficult if we consider the way in which businesses use our personal information. Governments have a responsibility to implement social decisions and so are motivated to treat individual data in socially approved ways. Businesses have no such constraint — indeed they have a fiduciary responsibility to leverage data as much as they can. A business that knows data about me has no motivation to delete or ignore some of it.

This is the dark side of provenance. As I’ve discussed before, the ultimate goal of online businesses is to build models of everyone on the planet and how much they’re willing to pay for every product. In turn, sales businesses can use these models to apply differential pricing to their customers, and so increase their profits.

This sets up an adversarial situation, where consumers are trying to look like their acceptable price is much lower than it is. Having a complete, unalterable personal provenance makes this much, much more difficult. But by the time most consumers realise this, it will be too late.

In all of these settings, the data collected about us is becoming so all-encompassing and permanent that it is going to change the way society works. Provenance is an under-discussed topic, but it’s becoming a central one.

What is the “artificial intelligence” that is all over the media?

Anyone who’s been paying attention to the media will be aware that “artificial intelligence” is a hot topic. And it’s not just the media — China recently announced a well-funded quasi-industrial campus devoted to “artificial intelligence”.

Those of us who’ve been around for a while know that “artificial intelligence” becomes the Next Big Thing roughly every 20 years, and so are inclined to take every hype wave with a grain (or truckload) of salt. Building something algorithmic that could genuinely be considered intelligent is much, much, much harder than it looks, and I don’t think we’re even close to solving this problem. Not that we shouldn’t try, as I’ve argued earlier, but mostly for the side-effects a try will spin off.

So what is it that the media (etc.) think has happened that’s so revolutionary? I think there are two main things:

  1. There’s no question that deep learning has made progress at solving some problems that have been intractable for a while, notably object recognition and language manipulations. So it’s not surprising that there’s a sense that suddenly “artificial intelligence” has made progress. However, much of this progress has been over-hyped by the businesses doing it. For example, object recognition has this huge, poorly understood weakness that a pair of images that look to us identical can produce the correct identification of the objects they contain from one image, and complete garbage from the other, using the same algorithm. In other words, the continuity between images that somehow “ought” to be present when there are only minor pixel level changes is not detected properly by the algorithmic object recogniser. In the language space, word2vec doesn’t seem to do what it’s claimed to do, and the community has had trouble reproducing some of the early successes.
  2. Algorithms are inserting themselves into decision making settings which previously required humans in the loop. When machines supplemented human physical strength, there was an outcry about the takeover of the machines; when algorithms supplemented human mental abilities, there was an outcry about the takeover of the machines; and now that algorithms are controlling systems without humans, there’s a fresh outcry. Of course, this isn’t as new as it looks — autopilots have been flying planes better than human pilots for a while, and automated train systems are commonplace. But driverless vehicles have pushed these abilities into public view in a new, forceful way, and it’s unsettling. And militaries keep talking about automated warfare (although this seems implausible given current technology).

My sense is that these developments are all incremental, from a technical perspective if not from a social one. There are interesting new algorithms, many of them simply large-scale applications of heuristics, but nothing that qualifies as a revolution. I suspect that “artificial intelligence” is yet another bubble, as it was in the 60s and in the 80s.

New data on human trafficking

The UN’s International Organisation for Migration has just released a large tranche of data about migration patterns, and a slick visualization interface:

Some of the results are quite counter-intuitive. Worth a look.

A gentle guide to money laundering

Money laundering is the process of legitimising money obtained from illegal activities (‘proceeds of crime’), moving it into the financial system in such a way that either it fails to attract the attention of authorities, or there is a plausible reason that can be used to explain its existence. The first mechanism is preferable because it also avoids liability for tax.

Much, although not all, illicit money is collected as cash, from activities such as drug sales, theft, and ransoms. It is possible to keep this as cash and spend it within a cash environment, but this is limiting to the owner mostly because it is dangerous to spend it in large amounts. Law enforcement have long used the tactic of watching for people who spend more than they legitimately earn. National tax authorities also watch for spending that is greater than declared income. Until relatively recently, many countries imposed a wall between their tax departments and their law enforcement to encourage criminals to declare, and pay tax on, the proceeds of crime. Famously Al Capone was prosecuted for tax crimes, not organised crime. Thus it is natural the criminals want to find ways to take cash and convert it into explained resources in the mainstream financial system. Once in the financial system, opportunities for moving it around, and so blurring the trail, are much greater.

National money laundering

We begin by considering money laundering in a national context, that is within a single country. It is still possible to buy some expensive assets for cash, although opportunities are diminishing. Some of these assets are attractive because they are easy to transfer without any record (e.g. jewelry) so the eventual holder of such an asset cannot be linked back to the individual who bought it. In some Western countries it is still possible to buy a property worth millions and walk into the real-estate broker’s office with the purchase price in cash. However, even in these countries this probably requires some level of collusion or wilful blindness on the part of the real-estate broker. Many jurisdictions have begun to push ‘know your customer’ regulations out to any profession that handles large amounts of money, requiring them to report large cash transactions. The opportunities for directly converting cash into valuable items are shrinking.

The other way to legitimise cash in a single-country setting is to leverage a suitable business. The best businesses are those where the gap between inputs (costs of raw materials) and outputs (prices charged) is large. For example, a pizza business may sell 1000 pizzas a month but buy the raw ingredients for 5000 pizzas a month, flushing the unneeded ingredients away. The cost of the discarded raw ingredients is much lower than the price of finished pizzas. The cash to be laundered is accounted for as cash purchases of the non-existent pizzas, and so becomes part of the apparently legitimate profits of the business. It is difficult for law enforcement to demonstrate that not enough real pizzas were sold, and so that the business must be partly fraudulent. This mechanism depends on the claim that many customers pay with cash, and this is becoming less and less sustainable as debit cards etc. are more widely used, even for small purchases.

Another suitable business is art, because the costs of the raw materials to create, say, a painting are small compared to the selling price, which could be a million times greater. The art market worldwide is secretive, and anonymity of purchasers is commonplace. It is possible to create an art dealership and generate paintings that are apparently sold for large sums in cash to unidentified buyers. The sums paid by these fictitious buyers are made up from the laundered cash. This mechanism is more difficult to use than creating retail businesses, since it requires an art expert and an art creator who is good enough to create works with plausibly large prices.

Businesses where large amounts change hands can also be exploited, for example casinos, where wins that are provably legitimate can be bought at a discount price from winners desperate for quick money. However, casinos are amongst the most instrumented and analysed locations in the world, so any interaction within a casino risks leaving a record, visible both the casino analytics and potentially then to law enforcement.

Banks in several Western countries have mechanisms that allow anonymous cash deposits, although into known accounts. In Australia, ATMS allow deposits of large amounts of cash, often into accounts set up by foreign tourists for plausible purposes. In Canada, cash deposit mechanisms are a holdover from the days when many businesses needed to deposit cash takings after banking hours. Amounts of the magnitude of around $25,000 can be deposited in this way, and then moved through the domestic financial system and between banks, so that the trail is difficult, perhaps impossible to follow.

Within a single national jurisdiction, there are fewer and fewer ways to convert cash to other kinds of mainstream assets without drawing attention. Moving money across borders, although it increases some kinds of risks, also has advantages because of the weaknesses of national government organisations at cooperation with other countries. Also many countries have little interest in money laundering, and so serve as havens for doing so.

International money laundering.

The main reasons for money laundering across national borders are that it provides a natural break in the chain of ownership, and discontinuities in jurisdiction. Although law enforcement organisations cooperate between countries, this cooperation is usually more difficult than within a single country, with different laws applying, different search and seizure rules, and different priorities. Tax departments also tend to be nationally focused.

It is also common for those who benefit from criminal activity to live in countries other than those where the crimes are committed. For example, the heads of drug production and smuggling cartels tend to live in Central and South America, while their profits are primarily made in the U.S. and Brazil. To access their profits, these must be moved from one country to another.

There are three qualitatively distinct mechanisms for moving money across borders, each with their own issues: objects of value can be physically moved; money can be moved through the global financial system; and value can be transferred virtually, that is without any actual movement of anything.

Moving objects of value.

The most obvious way to do this is to move cash physically. Travellers are supposed to declare amounts above a certain threshold (the $10,000 limit), but it is far from clear how likely someone carrying large amounts of currency is to be detected, either as an outgoing passenger (where checks are quite weak) or at Customs as an incoming passenger (which might be riskier, except that the countries where transnational criminals reside also tend to be those with weak border controls). For example, the U.S. estimates that at least $40 billion in physical currency is smuggled across the U.S.-Mexico border each year, while programs aimed at finding and stopping it have interdicted less than $100 million. Currency can also be shipped as cargo and, again, the level of risk this carries is far from clear. There have been a non-trivial number of interdictions of currency in air shipments, and in vehicles across land borders. The reluctance of retailers to accept any but pristine U.S. dollar bills in South America suggests that owning bills that are visibly used attracts suspicion in those countries. This in turn suggests that authorities in those countries are aware of illicit US currency shipments that end up in circulation in South American countries. One of the problems with currency is that it is quite bulky for its value, and sometimes has a detectable smell (e.g. U.S. dollars).

The practice of smurfing, carrying currency just below the declarable amount, is common and existing legal regimes make this difficult to suppress.

Another way to move value is to convert cash into small, portable, valuable items and transport these instead. The difficulty here is that the purchase of such items for cash is increasingly raising suspicion, as described above (although a number of small purchases over time could build up a reservoir of valuable items – for example, stored value cards can be purchased in modest quantities at a time, while accumulating large totals). The exception is art, for which large cash purchases are still the norm. Art has the added advantage that its declared value for border crossing need have little to do with its realisable value, and so it may not draw much attention from Customs. Thus while smuggling high-value diamonds carries some risk, smuggling art is almost totally without risk.

Bearer negotiable instruments also provide a way to move value (still with the risks associated with obtaining them). These are almost impossible to detect at borders, since they can be embodied in a single piece of paper. In some jurisdictions (e.g. Australia) there is no requirement to report a bearer negotiable instrument sent by mail.

Another way to move value is invoice fraud. A shipper in country A sends a legitimate product to country B, but charges an exorbitant price for it. When the recipient pays the exorbitant price, a confederate in country A receives the difference between the actual price and the exorbitant price from the shipper so that value is transferred from country B to country A.

Moving money through the global financial system.

The global financial system exists to move money between countries, but such movements must be traceable by the financial institutions involved, and the records of these movements are increasingly accessible to governments. Thus a criminal moving money internationally must take steps to make the records of the movements seem innocuous. Banks are supposed to report transfers that they consider suspicious. The extent to which banks take this seriously, and their working definitions of ‘suspicious’ are far from clear, but many are looking for patterns of transfer that are structured, that is broken up into several sub-transfers, each designed to look innocuous. Another strategy used by criminals to further blur the existence of a large transfer is to send sub-transfers from different bank branches, using variant names and details of the sender, and using other techniques to disguise the similarity of the sub-transfers. Any one of the individual sub-transfers is designed not to seem suspicious at the particular branch; but it is not difficult for the bank to detect the overall structure, if it looks for it.  There are limits to how much this can be done because the receiver needs to know that the correct total amount has been transferred, and in a timely way; too much blurring of sub-transfers creates opportunities for the sender to purloin some of the money. Banks are increasingly validating precise details of senders in their online transfer interfaces, making it harder to create artificial variations from one sub-transfer to another.

Moving value virtually.

There are a variety of alternative remittance systems (ARSs), of which the best known are the hawalas, that developed to facilitate transfers for people who do not have easy access to banks, or for whom the fees charged by mainstream financial institutions are prohibitive. Historically, the customers of these ARSs were guest workers in rich countries who send a portion of their wages to relatives back home.

When the flow from country A to country B is more or less in balance with the flow in the reverse direction, ARSs need move no money at all. Customers in country B receiving (notionally) money sent from country A are in fact paid with money deposited in country B intended for country A, and vice versa. Short-term imbalances are handled on a trust basis by the ARS bankers at both ends.

A problem arises when the flows between the two countries are not balanced, so that there is a net flow in one direction. The most common net flow is from rich countries to poorer ones and this is also the more probable direction for money laundering flows as well (although people smuggling, for example, may generate flows in the other direction). Net flows must eventually be realised as actual flows.

One way to handle the actual flow is to use conventional financial system transfers. A single financial system transfer is the result of the net of many small transfers collected and aggregated, so the overhead of a standard banking transfer is amortized. The effect of money laundering flows can be concealed in the larger flows arising from ordinary practice. Concealment is sometimes helped by the informal record keeping of many ARSs, although they are now registered in some jurisdictions, and so tracking mechanisms are beginning to be in place.

The second way to handle the required balancing flows is to use cuckoo smurfing. This technique uses a legitimate transfer, in the direction opposite to that required to correct the imbalance, as cover. In other words, if ARS A wants to move $50,000 from to ARS B to correct an imbalance, they find a legitimate transfer from a customer of B to a customer of A of the right size, B takes the deposited funds from B’s customer and keeps them, while A pays $50,000 to A’s customer. Both customers are satisfied, A is $50,000 poorer while B is $50,000 richer, as required, and no money has actually moved through the global financial system. In fact, the only way to detect that this has happened is that the apparent transfer from B’s customer to A’s customer did not leave a trace, when it should have.

The same mechanism can be used directly for money laundering, as long as a matching countervailing innocent flow is available. The lack of trace of the money laundering transfer makes this approach especially attractive.

Cuckoo smurfing requires the existence of substantial innocent transfers in the opposite direction to the net flows between the two countries concerned (typically from poorer countries to richer ones) which may limit the applicability of this technique.

Many developed countries are on a trajectory to block most of these money laundering paths by more detailed regulation, and increased enforcement. However, Financial Intelligence Units (FIUs) – Austrac in Australia, Fintrac in Canada, Fincen in the U.S., and the Financial Intelligence Unit in the U.K. for example – struggle to find and/or block money laundering for several structural reasons.

First, the cornerstone of detection is the reporting, by banks and ASRs, of transactions that they consider to be suspicious or anomalous. While legislation lays out the conditions that should trigger reporting, there is, inevitably, some interpretation leeway; dealing with rich customers is how banks make their money; and so there is some incentive to under-report certain kinds of transactions. In other words, banks make a policy decision about the level of risk they will take, and this decision is not necessarily one that FIUs would agree with. In Zapata et al. v HSBC Holding Plc (2016), HSBC admitted criminal liability for laundering $881 million of the drug cartel proceeds, accepting large sums of money from individuals with no visible source of income. In several other successful terrorist financing prosecutions, well-known multinational banks transferred millions of dollars to terrorist organisations. The Commonwealth Bank of Australia has recently been charged with failing to report more than 50,000 suspicious transactions over the $10,000 threshold, involving large deposits (100s of millions) paid in through ATMs and almost immediately transferred offshore. This suggests that, as well as developing regulations, FIUs need to be more aggressive in their approach to banks. Another aspect of the problem is that FIUs don’t know about the transactions that they aren’t told about, so it is difficult for them to assess the extent of under-reporting. Measuring compliance remains a challenge.

Second, money laundering has become a service, provided by specialists and marketed to criminals. A criminal group can outsource its money laundering needs to an organisation that develops its own intelligence, mechanisms, and experience in the use of techniques for laundering. More importantly, though, the use of such a wholesaler breaks the connection between the crime(s) that generated the money and the money itself – so that proving that intercepted money is actually proceeds of crime becomes much more difficult. Thus when FIUs find transfers that are clearly suspicious, they may be unable to prosecute anyone because they cannot demonstrate that the money is not innocent. There may be a greater role for disruption as a strategy rather than prosecution, as the U.K already does.

One development which will change the face of money laundering is the development of cryptocurrencies such as Bitcoin. These make it possible to decouple the relationship between criminal and crime. For example, drugs are increasingly sold online via Dark Web market sites. Drugs are paid for with Bitcoin and shipped to the buyer through regular postal channels. These market sites operate like other online businesses, in some cases guaranteeing refunds if shipments are interdicted by Customs. But now criminals are paid in untraceable Bitcoins, and it is the buyers who have to convert traceable national currency into untraceable (and international) cryptocurrency. Bitcoin is already accepted by some real-estate brokers, some airlines and travel agencies, and sites such as eBay, so that criminals can spend their Bitcoin on their lifestyle directly. There are also arbitrage businesses that use Bitcoin to buy gift cards which are widely usable. The development of ransomware, for which the ransoms are also collected in cryptocurrency, shows how non-physical criminal ‘services’ can also be delivered without providing a path back to the criminals involved.

Another form of illicit money transfer that is not, strictly speaking, money laundering is the movement of money for evasion of tax. Many forms of tax evasion/avoidance seek to move money without revealing its ownership. Even when ownership is visible, international transfers can be used to reduce the tax payable. An individual in country A sends some money to country B using a mechanism that makes it non-taxable in country A. This money is then moved to country C and is then brought back to country A as incoming money that is again not subject to tax (for example, an international business loan). The money is now available to its original owner, but has been sheltered from tax liability. This is difficult for financial authorities in any of the three countries to detect, since it seems innocuous until the loop is visibly closed.

(Fear not, Dear Reader, that this document reveals anything to criminals that they don’t already know. All of the content is already available from public sources.)

Is “sentiment analysis” doing anything real?

Oceans of computational cycles have been spent analysing the sentiment of documents, driven by businesses interested in how their products are being perceived, movie producers interested in their potential products, and just about everyone about tweets.

Sentiment is based on a measure of how “positive” or “negative” a particular document is. The problem is that there are a number of aspects of an individual that could be positive or negative, and sentiment analysis jams them all into one bucket and measures them. It’s far from clear that this measures anything real — signs of which can be seen in the well-known one-and-a-half star difference when individuals are asked to rate the same objects on two successive days.

So what can be positive and negative?

It could be the individual’s attitude to a particular object and, of course, this is what most systems purport to be measuring. However, attitude is a two-place relation: A’s attitude to B. It’s usually obvious that a document has been written by A, but much more difficult to make sure that the object about which the attitude is being expressed is actually B.

However, most of the difficulty comes from other aspects that can also be positive and negative. One of these is mood. Mood is an internal setting whose drivers are poorly understood but which is known to be (a) predictable over the course of a period of, say, a day, and (b) composed of two independent components, positive mood and negative mood (that is, not opposites). In broad brush terms, negative mood is stable through the day, while positive mood peaks in the middle of the day. There are longer term patterns as well; positive mood tends to increase through the week while negative mood decreases.

Looking at someone’s writing about an object therefore should take into account their underlying mood — but never does. And it would be difficult to tease apart the signals of mood from the signals of attitude with the current state of the art. But we could plausibly predict that “sentiment” would be less positive overall if it was captured at the beginning or end of the day.

The other aspect that can be positive or negative is emotion. Emotions are short-term responses to the current environment that play a role in reordering each individual’s priorities to optimize decision making, especially in response to an external stimulus.  There are two emotions that align strongly with positivity (joy) and negativity (disgust).

Looking at someone’s writing about an object should therefore take into account their emotional state (at the time they were writing) — but never does. Again it would be difficult to tease the signals of emotion and the signals of attitude apart. I have no doubt that many businesses get much worse results from their surveys than they ‘should’ because those surveys are designed so poorly that they become annoying, and this spills over into the content of the responses.

Bottom line: there is no such thing as positive sentiment or negative sentiment. There are positive or negative attitudes, moods, and emotions, but the one that sentiment analysis is trying to measure — attitudes — is inextricably confounded by the other two.  Progress is being made in understanding and detecting moods and emotions, but much less has been done on detecting attitudes, mostly because of the difficulty of finding the intended object within a short piece of text.