The Estate Tax

At present, the federal estate tax maxes out at 40% of the amount of an estate over 10 million dollars.  Almost no one pays it, because of the large exemption.

The best argument I’ve heard against the estate tax is that if the bulk of the estate is something that is not liquid, like a farm or a business, there may be no way to raise the money to pay the tax without selling the family farm or the family business.

For those with more liquid assets like stocks and bonds and a dozen houses, well the estate tax isn’t that big a deal.  Heres why.

Estates change hands about every 25 years, which arguably is the length of a generation.

The long term average appreciation in the stock market is around 7%.  In 25 years, a stock market investment might grow by 5x.  If you start with 20 million, in 25 years you will have about 100 million.

With the estate tax, your notional 20 million drops to only 16 millions, because 10 million is exempted and you pay 40% of the rest.

After 25 years, that 16 million would only increase to 86 million.

In this case, the estate tax cost the equivalent of about 4 years of growth.

Even if the exemption were zero, the estate tax would represent about 8 years of growth every 25 years.  The fortune just keeps growing.

Of course this analysis is true only if you just leave the money in the market.  Historically, fortunes last about three generations before being diluted and generally squandered.  However, once you get into serious money, it is kind of hard to spend enough to keep the rest from growing to infinity.

If the policy objective of the estate tax is to prevent self sustaining multigenerational fortunes, it doesn’t accomplish its purpose.  However it does kill those family farms and family businesses.  What might be done?

Idea 1: Make the estate tax payable over a generation, rather than as a lump sum.  In effect, this is a wealth tax, rather than an estate tax.  If my figuring is right, the 40% estate tax applied every 25 years is very close to a 1.3% wealth tax applied annually.  This has the same effect on cash estates, but might be managable for those family farms and businesses. Like the estate tax, this would apply only to wealth over 10 million.

Idea 2: Bump the tax rate on income for the 1% to raise the same amount of money.  Evidently, the estate tax raises about 20 billion per year. In 2014, an income of 465,000 put you in the 1% and the average income of the 1 percenters was 1.2 million, and there were about a million 1% households – that is 1.2 trillion in income, and the income tax surcharge to replace the estate tax would be . . . 1.6%

These two ideas are not that far apart.  On the whole a 1.6% income tax surcharge is easier, because  income is reported, and wealth is (a) not reported and (b) often consists of unrealized gains.

All this leaves unresolved the question about the policy goal.  Is the estate tax or a possible replacement just a way to pay for government? Or is it really intended to reduce income or wealth inequality?  If the latter, we need a much larger discussion about how to accomplish the goal, because the estate tax doesn’t do it.  Repealing the estate tax will surely make inequality worse, but keeping it only slows down increases in inequality, and not by that much.

 

Credit Freezes

It is possible to place a “credit freeze” on one’s account at the credit reporting companies.  The major ones are TransUnion, Equifax, and Experian.

A freeze prevents other companies from doing credit checks on you, which generally prevents them from opening accounts in your name.  This is important because the way that identity thieves monetize their theft is to open credit and bank accounts in your name, that you don’t even know about.

At present, credit freezes are governed by individual state laws, that range all over the map.  In Massachusetts, a victim of identity theft with a police report can get a credit freeze for free, but everyone else must pay $5 to each agency to place a freeze and another $5 to lift it, even temporarily, to apply for credit.

In view of the recent Equifax breach which revealed the private information of millions of Americans, it it clear that the credit reporting industry itself cannot be trusted to keep personal information secure.

I propose that credit freezes and credit monitoring be made free for everyone.  I would go further and suggest that a credit freeze should be the default state, but I suspect that would just destroy the whole industry (is that a bad thing?)

Since companies cannot keep private information secure, the alternative seems to be to devalue the information.  Credit freezes help do that.

This will require state by state or federal legislation.  I have just contacted my state representative and senator here in Massachusetts, as well as my representative in congress and both senators, requesting that they sponsor and support such legislation.

I recommend that you do the same.

Here’s what I sent Representative Clark:

I am Lawrence Stewart, of XXX.

In view of the recent Equifax breach which revealed the private information of millions of Americans, including 3 million Massachusetts residents, it is clear that the credit reporting industry cannot be trusted to keep personal information secure.

At present, the best defense against identity theft is a credit freeze, which prevents companies from doing credit checks without your permission.  This stops identity thieves from opening accounts in your name.

Credit freezes are governed by a conflicting mess of state laws.  Generally someone who has been a victim of identity theft can request a freeze for free, but the rest of us have to pay for the privilege of protecting our credit to the very companies that caused the problem through their negligence.

I urge you to introduce or support legislation to make credit freezes free for everyone. It is the best way to hold industry accountable for their actions and the best way to protect the citizens from identity theft.

Carmen Ortiz to step own

Carmen Ortiz, the US Attorney in Massachusetts, is leaving.  I am glad she is leaving, but she should never have been appointed or confirmed.  She should have been fired in January 2013, after she and her henchman Steven Heymann caused the death of Internet activist Aaron Schwartz through extreme over prosecution of a “crime” that was at most civil disobedience.

Here’s what I wrote at the time:

http://larry.stewart.org/2013/01/13/aaron-swartz/

Here’s what the Guardian had to say:

https://www.theguardian.com/commentisfree/2013/jan/16/ortiz-heymann-swartz-accountability-abuse

Ms Ortiz now says (quoted in the Boston Globe here:  https://www.bostonglobe.com/metro/2016/12/21/attorney-carmen-ortiz-announces-resignation/fV7IJmesqOU8SEYd1pylEO/story.html )

“I feel tremendous sorrow for what his family has gone through,” Ortiz said Wednesday.

“I regret I wasn’t able to identify that situation early on and we didn’t have that opportunity to have that go on a different path because a young man at the end of the day did lose his life.”
I am hopeful that Ms Ortiz will never be in a position again to cause the death of another shining star, or indeed anyone.   As US Attorney, she was much more interested in personal power and headlines than justice.  US Attorneys have little oversight and no accountability and many of them are not up to the job.  Carmen Ortiz was one. For myself, I will not forgive or forget her actions.

She will be moving on, but Aaron Schwartz is still dead.

 

 

Popular Vote vs Electoral College

It seems that Trump won the electoral vote while Clinton won the popular vote.  This has happened a few times before as well.

The constitution does not specify how states assign electoral votes.  At the moment, two states, Maine and Nebraska, split their electoral votes in some way among the candidates, while all the other states are winner take all.

I don’t think the electoral college itself is a bad idea.  Like the way that even low population states have two senators, each state has two “extra” electors, which tends to give a bit more power to low population states versus high population states.

I think that winner-take-all selection of electors is a problem.  This removes ANY power from the minority party in winner take all states.  There is little point to being a Democrat in Kansas or a Republican in Massachusetts.  Such individuals have no say at all in choosing a president, and that isn’t right.

What would be better?  According to the the electoral college FAQ, for example, Maine awards an elector for the winner of each congressional district, and awards the to extra electors to the statewide winner.  A state that felt strongly about the popular vote could proportionately assign all the electors.

Perhaps it is time for some back-testing of elector selection algorithms against old voting records.

Personally, I think the Maine system runs up against another problem – gerrymandering.  In most states, the congressional district boundaries are drawn by whoever controls the state legislature, with the goal of disenfranchising their opponents.  At the moment, one of the main reasons the Republican party has a lock on the house of representatives is that they spent a lot of time gaining control of governorships and state legistatures, and as a result used the redistricting after the 2010 census to lock in district boundaries that benefit their own party.

 

Wikileaks Bait

One of the interesting developments in the 2016 electoral cycle is the use of offensive cyberespionage.  Wikileaks is publishing internal email from the campaign of Hillary Clinton, with the publications timed to attempt to damage the campaign.

Maybe this is the work of Russian spies, with Wikileaks an unwitting stooge, maybe not, but the case is quite interesting.

What should a campaign organization, or corporation, or government agency do?  Their emails may be next.

One possibility is to salt the email stream with really tempting tidbits suggesting illegal, immoral, or unethical behavior, but also put these emails in escrow somewhere.  Then, when the tidbits come to light, you can derail the news cycle with one about how your infosec team has pwned the leakers and trolled the media.

The technique will only work the first time, but even later, professional news organizations are not going to want to take the chance that their scoop is a plant.  That is how Dan Rather lost his job.

If the plants are subtly different, they could also be used to identify the leaker or access path.  (This was suggested in “The Hunt for Red October” by Tom Clancy, written in 1984, but the idea is surely older than that.)

More on point, it should be obvious at this point that email is not secret, nor is any electronic gadget secure.  [[ How do you identify the spook? She’s the one with a mechanical watch, because she doesn’t carry a phone. ]]

Until we get secure systems, and I’m not holding my breath, conspirators really shouldn’t write anything down.  In the alternative, their evil plans must be buried in a sea of equally plausible alternatives.

 

Civilians killed by police

Before I start, the murder of police is not acceptable.  The killings in Dallas and Baton Rouge appear to have been committed by disturbed individuals, representing no one but themselves.  Parenthetically, the sole comment by the NRA about these murders was to send condolences to the families of the officers.  It seems to me the least they could do is to revoke the membership of the killers.

Regarding the killings of civilians by police, I have a modest proposal.

From what I’ve learned, there are about 1000 civilians killed every year by police in America.  These deaths are not tracked[1], other than by a few journalists trying to understand.  What has happened over the past few years is not that many more people are being killed, but that we are starting to hear about them, and to see them by video.  Sometimes, perhaps most of the time the use of lethal force is justified, but in an unfortunate number of cases it is not.

My own outrage arises from three factors:

  • The people being killed are disproportionately black.
  • An alarming number of killings seem to be made by ill trained, incompetent officers who should never have had a badge in the first place.
  • Very little is being done to reduce the carnage.  Cities try to avoid consequences and try to hide evidence until the affair fades away.  District attorneys sandbag their cases (if any) against police to avoid damaging their relationships.  Police unions and non-involved officers tend to support their incompetent fellow officers.

I don’t think that bringing murder charges against police is the answer.  Prosecutors, judges, and juries give a lot of deference to police, and it is very hard to get convictions.  When cases fail, even when they fail for good reasons, the public is outraged again, and the government shrugs and says “we tried”.  I also don’t want police to be so nervous about personal liability that they can’t do their jobs.  In egregious cases, sure

So what should be done?

My proposal is that for any civilian killed by police, there should be an automatic five million dollar award to the victim’s family unless the police have unambiguous video and audio evidence showing the individual presenting a clear threat and that the police exhausted every non lethal means for resolution.  Further, there should be an immediate threat not created by the police themselves.  No-knock warrant?  Better be sure you don’t kill the residents.  Broken tailight?  It’s the policeman’s responsibility to make sure the occupants of the car go home safely.

What about suicide by cop?  There are likely people so desperate that getting themselves killed for a large payday looks like a good idea. That’s where the video comes in.  If there is clear video evidence, then no payout. In addition, as police learn to defuse situations and develop better non-lethal tools, the rate will drop.

What about the large civil penalties already paid by cities in egregious cases?  They haven’t done much to solve the problem.  The awards have to be immediate, public, and humiliating for the chain of command and the politicians. Too often, such awards are years too late and never reported. Perhaps the awards should be scaled according to the complaint record of the officers.  That should give the chain of command incentives to remove bad apples from the barrel.  If police union contracts forbid firing, fine. Bad officers should report for duty and just sit somewhere where they are not killing people.

My point is, the police have a responsibility not to kill unarmed or innocent civilians.  It doesn’t really matter if the killing is not judged criminal and the officers involved are not found liable.  The police have a responsibility not to kill civilians.

[1] There needs to be central reporting of every police involved killing.

 

 

Robot Killers

According to the Obama administration, between 2009 and 2015, 473 drone strikes killed about 2500 combatants and about 100 non combatants.

Last week, the Dallas Police department used a robot to kill the police shooter.

As far as I know, all of these events have had human operators, supposedly exercising human judgement.  

The thing is, many reports about drones and robots leave one with the impression that these are autonomous devices, without a human in the loop. It isn’t like that.

I do not think there is a real difference between a sniper on a hilltop killing from a mile away and a drone operator killing from 10,000 miles away.  Both have a human pulling the trigger. We can and should talk about ways to further reduce non-combatant deaths, but sniper rifles and drones are much safer for our guys than bayonets and hand grenades.

The real discussion ought to be about autonomous vs human-in-the-loop.

The unfortunate fact is, we already have lots of truly autonomous devices killing people on their own initiative.  They are called land mines.

Stingray countermeasures

A Stingray is a cell tower lookalike device.  It broadcasts its presence and nearby phones connect to the Stingray thinking it is a legitimate tower.  The Stingray can then log each phone or act as a man in the middle to incercept call metadata, text messages, or even call contents.

There are a number of public databases of legitimate cell towers.  For example, http://opencellid.org  Some databases are government, for example, the FCC license database, while others are crowdsourced.

It should be possible to modify a phone to only connect to towers which are legitimate by checking the purported tower ID against a cached copy of the database for the local area.  A stingray could, of course, use the id of a real tower, but that would disrupt communications in the whole area. This might not prevent the Stingray from logging the presence of such a phone, since the Stingray could hear the protocol handshake with the legitimate tower.

It should also be possible for a phone to passively listen for tower broadcasts, and to compare the tower ID against the database,  An unknown ID might be a new legitimate tower or it might be a Stingray.

It is likely quite difficult to get at and modify the low level radio software in a commercial smartphone, but there is a complete open source suite of cell infrastructure software at http://openbts.org

That code could serve as a starting point for a software defined radio device for detecting and tracking Stingrays.  One could make a box with a red light on top which lights up when there is an unknown tower in the area.

In some areas, use of Stingray devices requires a warrant, but this is not universal.  The courts have also determined that use of location data from legitimate cell towers does not require a warrant

.

.

PIN Escrow

The FBI has dropped their request to require Apple to write code to unlock the terrorist iPhone.  Supposedly a third party offered a way in.  Yesterday the FBI said they did get in, so they no longer need Apple’s help.

For those whose first instinct is to distrust the government, this looks like the Justice department realized they were going to lose in court and hastily discovered a way out. “Never mind”.  This preserves their option to try again later when public opinion and perhaps law would be more on their side.  I am a little reluctant to think Justice would outright lie to a federal judge, but it wouldn’t be the first time.

This morning on NPR there was a different sort of heartbreaking story.  A woman and her baby were murdered, and there might be evidence on the woman’s phone, but it can’t be unlocked.  So what to do?

My idea is “PIN Escrow”.  Everyone should have a letter written with a list of their accounts and online passwords, to be opened by someone in the event of death or disappearance.  Everyone should have a medical power of attorney and so forth as well, to give a family member or trusted friend the power to act for you in the event of a sudden disability.  Just add your smartphone PIN to the letter,

In the alternative, one could write an app that encrypts your pin with the public key of an escrow service and sends it off.  This facility could even be built into the OS, with opt-in (or even opt-out, after a sufficient public debate), so it would automatically track changes.  The government could operate such a service, or it could be private.  There could be many such services.  Some could be offshore.  Some could use key-sharing for the private key, so PIN recovery could not be done in secret.

Let’s leave it up to individuals whether they want someone to have the power to unlock their phone in the event of an emergency.

From a security perspective, a PIN escrow service would be a dangerous and attractive target, so such a thing would have to be well designed in order to be trustworthy.  It should be kept offline, with no network connection.  The private key should be in a hardware key module.  Several people would have to collude in order to unlock a key, and there ought to be hardware safeguards to prevent bulk PIN recovery.

This is not a general back door for government surveillance, it wouldn’t grant remote access to a phone.  It wouldn’t be useful for hacking into criminal’s or terrorist’s phones (if they are smart), but it might help in cases where the phone owner is the victim of tragedy or accident.

And if you change your mind about having your PIN escrowed?  Just change your PIN.

 

Apple v FBI

I’m beginning to build up a full head of steam.  The first step seems straightforward.  I’m going to write my congressman.  It may not have much effect, but if enough of us write, it might.

Here’s my letter to Massachusetts Senator Elizabeth Warren.  I’ll be sending similar letters to Sen. Ed. Markey and Rep. Katherine Clark.

2016, March 16

The Honorable Elizabeth Warren
317 Hart Senate Office Building
Washington, DC 20510

Dear Senator Warren:

I write about the Apple FBI affair.  Please oppose any attempt by government to weaken the security and privacy of all Americans by demanding security “backdoors” in our technology or to require the conscription of Americans or American companies to weaken their own security.

First, regarding backdoors. I hold a PhD in Electrical Engineering and have worked with computer systems and computer security for over 40 years.  I am coauthor of the well-regarded book on E-commerce systems “Designing Systems for Internet Commerce.”  In other words, I know quite a lot about this area.  There is simply no way to create a backdoor that does not also reduce the security of the system for everyone.

Second, speaking as an ordinary citizen, I do not know how the courts will rule on the government’s request to use the All Writs Act to compel Apple to write software to unlock the San Bernadino iPhone, but my own view is that the constitution does not and should not allow it.

The government is being deliberately disingenuous when it claims this case is only about one terrorist’s phone. I have no sympathy for the killers, but the privacy and security of everyone is at risk should the government prevail.  Should that happen, I expect you to propose and support legislation that outlaws backdoors and forbids the conscription of individuals or companies into the government’s service.  This has happened before.  In 1980, Congress passed the Privacy Protection Act of 1980 which corrected the overreach of government in Lurcher v. Stanford Daily.

Sincerely yours,

Lawrence C. Stewart