Little Britain Votes To Leave

In the worst act of vandalism since the Visigoths sacked Rome in 410, the UK has been ripped out of the European Union by regional voters, led by a trio of politicians that caricaturists could only dream of who perpetrated a campaign that "descended into dishonesty on an industrial scale". 

Yet the Brexit map of the UK shows that those who voted for Britain to leave the EU are not only among those who were the net beneficiaries of EU funding, but are also utterly dependent on the areas that voted to remain to negotiate the terms of Brexit and to plug the regional funding gap that the EU money filled: the 'Leave' campaign demanded that Britain's contribution to the EU be diverted into the black hole that is the NHS budget and that is exactly where it will disappear.

All the facts and projections labelled as 'doom and gloom' now loom as reality. 

Forking The DAO - Robin Hood Update

No, this is not science fiction: the Ethereum world really has been rocked by financial scandal, and has less than a month to resolve it.

It's very hard to explain this situation simply to fans of financial scandals who may be less familiar with cryptotechnology.

In essence a bunch of people ('curators') got together and created - or curated - a new type of open association, which they christened a Decentralized Autonomous Organization, and this first example “The DAO". 

The DAO is built on a new type of cryptographic software platform called a 'distributed ledger' or 'blockchain', in this case known as Ethereum. Such ledgers typically have their own virtual currency, in this case called 'ether'. 

The DAO's rules are in written in software code, so it is in fact a computer programme (or application or 'app'). The DAO is designed to be controlled by investors who use their 'ether' to buy DAO 'tokens' that entitle them to vote on the The DAO's affairs - the main issue being how the DAO should invest the 'ether' it raises through selling 'tokens' to investors, who can also start mini-DAO or 'child DAOs' to focus the investments. By last week the The DAO had raised $60m worth of ether at the going exhange rate.

You can maybe see what's coming...

A savvy participant noticed that The DAO would allow any participant to start a 'child DAO' under their own control and drain 'ether' from The DAO into the child DAO without bothering any of the other participants. 

So they did. 

Cue outrage!

The other participants and 'curators' now say this move was an "attack" that exploited a 'vulnerability' arising from a 'mistake' in The DAO's code. As a result, a 'soft fork' has been imposed by the DAO's 'curator' for 28 days, effectively freezing the child DAO and the ether within it. Many of The DAO's participants want to see the soft fork become permanent - or a 'hard fork' (this saga is providing endless scope for unfortunate puns). Yet The DAO web site's makes it very clear that the code is the sole contract governing The DAO (though what contractual significance The DAO's web site has is therefore questionable).  At any rate, The DAO clearly allowed what in fact happened.

It's ironic that the self-styled "attacker" has resorted to lawyers and is threatening court action to protect his/her/their financial gains. But it would be a fascinating case to run, and a real-world judgment on the issues (applicable law, jurisdiction, whether there was a mistake for which relief could be given etc.) could actually be very helpful to the development of distributed ledgers and the applications that run on them.

23 June:

Meanwhile, the parties are battling it out in a cryptographic re-enactment of Robin Hood (or Barbarians at the Gate?). So-called 'white hat' hackers (claiming to be 'good actors') attempted to secure the remaining ether in The DAO in other child DAOs but the 'attacker' joined them as well.

But is either set of participants 'right' or 'wrong', 'good' or 'bad'? Are they not simply competing in any fashion that The DAO allows?

Would you do business with The DAO or its 'children'?

Would you be happy for The DAO or any child DAO to be an investor in your business? 

Watch this (cyber)space!

Further reading:
Frances Coppola has written a great piece for Forbes.
Introduction to the DAO.
Open letter from "The Attacker".
DAO Wars: Hacker Counter-Attacks and Infiltrates the Robin Hood DAOs

European Privacy Regulators Now Not Happy With US #PrivacyShield

It all seemed to be going so smoothly for US policy-makers when the gathering of the EU's privacy regulators (the Article 29 Working Party) issued a draft review of the US Privacy Shield in February. But the final report means the champagne will remain in the bottle for sometime yet.

Basically, the regulators found the Privacy Sword Shield is hard to read, unclear, inconsistently worded, inconsistent with the new General Data Protection Regulation, does not provide equivalent protection, makes it too hard for foreigners to get redress, the proposed Ombudsman will be neither independent nor adequately resourced; and does "not exclude massive and indiscriminate collection of personal data originating from the EU"!

Meanwhile, data transfers from the EU to the US are still okay to take place under the existing data transfer mechanisms ('standard model clauses' and 'Binding Corporate Rules').

Pity Mr Schrems who managed to overturn the 'Safe Harbor' but leave us even less protected than before!

There's No Single Market For Consumer Finance: What Next?

Perhaps it's not what the European Commission intended, but its green paper on retail financial services is a great explanation of why there is so little cross-border activity in consumer finance: 3% for payment cards, current accounts and mortgages; 5% for loans (less than 1% between Eurozone countries!) and only 3% of gross insurance premiums. For a very long list of reasons, it's just not practicable for most retail financial services providers to operate across EU borders, as the EC has known since at least 2007. Could it be time, therefore, to scale back EU requirements for firms that only focus on their national market, so consumers have a clear choice between national and genuinely cross-border suppliers and products?

The Commission concedes that its vast, confetti-like attempt to harmonise EU financial regulation  has proved futile in catalysing a single retail finance market, yet it continues to ask what more can be done.

One issue in particular that the Commission is huffing and puffing about is 'geo-blocking', the use of technology to identify and block or re-direct consumers based in certain countries.

But the Commission's own findings are that few players have the resources to focus on cross-border markets. Suppliers who do target multiple countries typically use separate local operating entities to deal with all the problems listed in the green paper, so they don't even properly qualify as 'cross'-border. At any rate, how can you force a Spanish motor insurer to sell policies to Germans if it simply can't afford to administer claims in Germany? How would that be in the policyholders' interests? Even assuming the focus solely on Spanish customers is the supplier's own choice, rather than due to some legal restriction, wouldn't requiring the firm to deal with Germans or Swedish consumers put it at risk of going bust, leaving the whole market to a few big players who can afford to serve customers everywhere?

In its response to the green paper, the UK's Financial Conduct Authority quite rightly urges caution on the economic impact of more (futile) regulation, as well as careful analysis of consumer needs and behaviour before churning it out. The FCA points out that existing regulation must be allowed to 'bed-in' before assessing its real impact; and the Commission needs to consider that EU consumers are not some amorphous clump of flesh waiting eagerly for Greek insurance policies homogeneous, but diverse in their needs and behaviours - so a 'one-size-fits-all' approach won't be universally acceptable and risks crushing local financial services that are working well.

The FCA hints at the idea of a range of EU-approved products that might be provided by any EEA firm to any EEA consumer in a standard way, though this still begs the question whether the providers are able to manage this operationally. 

I guess it's possible that those able to target cross-border markets would benefit from some kind of voluntary EU-cross-border safe harbour scheme that enables them to adopt the same approach to marketing, contracts, customer service, complaints handling and enforcement and so on throughout their target market(s). It could even be very a attractive product in some national markets that are currently under-served or where consumers are being fleeced.

But that's more or less what the current regime allows, yet few firms are bothering to do it: the whole point is that we know it is futile to impose a cross-border scheme on firms and consumers who just want to focus on their own national, regional or local market.

Which begs the question: rather than add more regulation, why not allow member states to scale back EU requirements for firms that wish to remain nationally focused? This would allow further differentiation between national and cross-border suppliers and products, presenting consumers with a clearer choice to make.

Of Brexit, Red Tape and Light At The End Of The Eurotunnel

A pragmatic approach to the Brexit debate is to ask whether withdrawal from the European Union would solve enough root causes of Britain's problems to make up for the inevitable disruption.

But we are yet to see that level of analysis, and I doubt we ever will.  

That, and the fact that opportunists like Boris Johnson are able to swing their booms from one side of the debate to the other in the hope of catching any old puff of political wind, tells me the UK's membership of the EU is just a political issue, unconnected to anything 'real'.

One thing that is clear, however, is that cutting the ties with Brussels will not automatically cut the UK's source of red tape: Britain is expert at producing its own. You only need to look at the NHS, the social welfare 'system', the Home Office or education to see how much of a mess the UK is capable of making on its own turf; and its approach to implementing EU law is similarly self-defeating...

Generally speaking, you might say that 'an Englishman's red tape is a Frenchman's business plan'. The English common law principle is that 'the law follows commerce' and we should be able to get on with something until the law forbids or restricts it; while civil law dictates that an activity is not lawful until the state says so. Another difference, somewhat surprising in light of the first, is that the common law system is based on literal interpretation; while civil law is interpreted on the basis of its purpose - the spirit rather than just the letter - and this is how EU law is interpreted by the European Court of Justice.

While the EU's civil law countries rely on EU regulation to tell them more or less how to act, the UK has not coped with this distinction very well. Firstly, the UK's attitude to EU membership means that it misses opportunities to influence the favourable development of EU law in the first place - the UK always seems to be on the back foot. Then, once EU laws are passed, the UK suffers from a policy of 'gold-plating' directives by simply copying them word-for-word into its own national laws which are interpreted literally under common law principles rather than reflecting the purposive interpretation that civil law member states adopt. So the UK creates several rods for its own back.

While it is said that the English courts do (or should) adopt a purposive approach when interpreting national legislation in areas covered by EU law, in practice this opportunity is not widely embraced either by officials or the legal and regulatory community. Once any awkward or confusing EU requirements are transposed into national law, everyone in the UK seems doomed to take them literally.

The result is a system that pushes the burden of resolving any EU regulatory awkwardness or confusion off the public sector's plate and onto the private sector (and, ultimately, the consumer or citizen). A recent case in point include the UK's approach to implementing the Payment Accounts Directive. There are others too numerous to mention.

I do have a little sympathy with the UK's approach to the EU legislative process. It is outnumbered by civil law countries who may not appreciate or respect the more reactive common law approach.  It is also tempting to avoid the expense in time and resources required to continually debate with EC officials whether UK regulation reflects the purpose of EU directives, rather than the letter. But this doesn't bother Italy, Germany, France or the other countries higher on the league table of those failing to implement European laws.

Maybe you could say this failure to navigate the EU legislative process is a reason to leave the EU, but it seems pretty feeble for the UK to lose the benefits of membership due to a political problem of its own making. At any rate, if UK ministers and officials would only take full advantage of the opportunity to resolve any problems in the formation of EU laws in Brussels and take a purposive approach to enacting them nationally, they would surely reduce any adverse impact on the wider UK community from laws that might be unduly restrictive.

Meanwhile, ironically, the EU authorities are beginning to take a more common law wait-and-see approach to regulation, having realised that regulation won't catalyse cross-border markets that don't already exist. Contrast the futile approach to consumer credit with the more cautious approach to regulating crowdfunding and virtual currencies/distributed ledger technology.  

In other words, the UK seems keen to leave when there may be light at the end of the Eurotunnel.