Basics of Macroeconomics – 1

Macroeconomics 1 blog

These series of articles are for those intelligent group of people whose experties are not economics or finance, but are still interested to understand the impact of macroeconomic monetary and fiscal policies such as interest rates, taxes or spending on the overall course of economy, their businesses, their employers, investments and of course their daily life.Therefore, in these articles, I have knowingly avoided using economic and finance terms and jargon, as much as possible.

The impact of different macroeconomics monetary and fiscal policies on each other, economy and growth are complicated and may cause vicious, benign or virtuous cycles. It is like a polynomial equation with many different interactive factors and coefficients. Changing the value of each factor and each coefficient will not only generate a different result, but may even change the value of some other factors in that same equation! And of course, changing one factor may generate multiple or totally different results for different values of another factor.

Knowing all those facts, in this article, discussion is kept very simple and to the point. At any time, we focus on one causal impact of one factor only if ALL other factors are assumed to remain constant.

Part 1- Inflation, Interest Rates, Spendings, and Savings:

a- Mr. Max can borrow $100 at a 1% rate. This means that, Mr. Max should finally return $101 to his lender, or in other words pay $1 of interest to the lender. So for Mr. Max the cost of every $100, is $1.

Mrs. Ruby can borrow $100 at a 10% rate. This means that for Mrs. Ruby the cost of every $100, is $10. Obviously Mr. Max can spend much more money than Mrs. Ruby. This means that Mr. Max will be able to pay extra for goods and services, which means that in a low interest rate environment, money is abundant, spending is high, and prices will increase or inflateTo tame higher future prices (or inflation), interest rates should increase as inflation increases, to limit the amount of money. 

To make this clearer, answer this simple question: if you have two credit cards, one with 20% rate, and one with 5% rate, which one would you prefer to use? If the rates of your credit cards goes up by another 5%, will you still spend as much as you do today?

b- Now, if Mr. and Mrs. Granny depend on their banks savings for a living, and prices are expected to go higher by 1% in a year, a bank interest rate of 1% on their savings will enable them afford their current lifestyle in one year from today. But of course, if prices are expected to go higher by 10%, a higher interest rate of 10% is needed to ensure their affordability remains unchanged. So, higher interest rates are essential if inflation is high, to match rates on people’s savings.

c- It also means that if Mr. Max saves his $100 in the bank, where the interest rates are 1% he will receive only $1 after one year. But if Mrs. Ruby saves her $100 in the bank, with 10% interest rate, she will receive $10 after one year. So, Mrs. Ruby will be more likely to save than spend, while Mr. Max is more likely to spend than save. So, higher interest rates increase savings and decrease spending and vice versa. For further clarification answer this question: bank ABC offers 1% of interest rate on saving accounts, and offers credit card ABC with 1% of rate. But bank XYZ offers 10% of interest rate on saving accounts, and offers credit card XYZ again with 10% of rate? -If you are a client of bank ABC do you prefer to save, or spend? – If you are a client of bank XYZ do you prefer to save or spend?

Summary:

Low interest rates, decrease the cost of borrowing, hence increase the supply of money, and inflate prices. To tame inflation, interest rates should increase, as inflation increases.

Higher interest rates encourage saving, and discourage spending.

 

 

A Summary: Zillow Talk – Chapter 2: Rent or Buy

RentvsBuy

(Please see a summary of the previous chapter in http://www.kataneh.com/index.php/2017/12/01/zillow-talk-chapter-1/)

As opposed to public opinion, renting is not necessarily the right decision for singles or young professionals, and buying is not always right for happy families.

One should think about buying versus renting decision: renting does not require a down payment, and renters do not pay for interest, property taxes or maintenance expenses. However, if you rent, you do not own a house, might have to move out upon landlord’s request, and will not benefit from property price appreciation but are exposed to rent appreciation. Furthermore, you cannot deduct property taxes or mortgage interest from your income. Now, regardless of your family status and solely based on numbers and statistics, if you are planning to live in a neighborhood for one year, renting might be more cost-effective. But if you are staying in the same neighborhood for four years, buying might be wiser. The magic number depends on many factors, including your down payment, the median home price vs rent price,interest rate, property taxes, and the estimated future value of the house vs. rent appreciation. In a neighborhood,  you might be better off buying if you are planning to stay for longer than two years, while in another, renting for six years might be the right decision.

Zillow calculates the ‘breakeven’ point based on your information, market information, and median rent vs. purchase price of the neighborhood. For my Canadian friends, MLS does not have a similar calculator. Therefore people usually calculate themselves solely based on average house price divided by annual rent, which is not nearly as accurate.

In my opinion, if your length of stay is longer or shorter than the breakeven point by a safe margin, you may base your decision simply on Zillow guideline. Otherwise, you may need to do your own calculation too. I am not sure whether Zillow includes regular maintenance, and one-time legal and agent fees in its calculation. Also the impact of tax deduction depends on your own family / individual income and tax bracket. So, you may need to consult your accountant for the best judgement.

In sum, it all depends on your own circumstances. But even if you decide to buy because of emotional or cultural reasons when rent is more cost-effective, you’d better make an informed decision, knowing that it is not an economically profitable choice.

PS: see the book on Amazon at https://www.amazon.com/Zillow-Talk-Rules-Real-Estate/dp/1455574740

A Summary: Zillow Talk – Chapter 1: Stocks or Real Estate?

ForZillowTalkSummary_Chapter1

(Please see a summary of the previous chapter in Zillow Talk: Introduction)

In the first chapter, Spencer Rascoff argues that overall, investment in the real estate provides better return than stocks and unlike stocks, gives you a place to live. He indicates that as people pay their mortgage, they put equity in their houses. Owner can rent a house for income similar to dividend income, or can ask for loan to purchase a house, and of course deduct mortgage interest from their taxes. He then offers data and reasons to prove that return on investment is higher, while volatility is lower in the real estate market compared to stocks market. Furthermore, he reminds us that the real estate was resilient enough to resurrect from the crash of 2008.

I would like to add my personal opinion on the matter. I have invested in both stocks and real estate, and have read several books about different investment strategies in the stock market. I have also analyzed risk and return on investments in real estate as well as stock market; Based on all I have learned, I personally do not necessarily agree that real estate investment is more rewarding or less risky. Risk is an inherent part of any kind of investment. However, I strongly believe that for an average investor who can not analyze the value of stocks with acceptable accuracy, hence cannot weigh the risk of investment in the stock market, real estate investment would be a safer choice. After purchasing a house, any excess income (after mortgage is paid) may be saved in form of stocks or other.

PS: see the book on Amazon at https://www.amazon.com/Zillow-Talk-Rules-Real-Estate/dp/1455574740

P&C Insurance Income Statement – Old Problems or New Opportunities

By Vahid Mansoori and Kataneh Emami

PictureForInsuretech_2

Introduction:

Insurance industry has been stagnant and its growth lagged behind the economy with no substantial improvement in efficiency or profitability. Insurance companies are notorious for being reluctant to adopt change and leverage new technology. The sluggish and stagnant industry however, is now ripe for innovative solutions to address the root causes of decline and inefficiency through defying and disrupting the entire value chain and even business model.

Industry’s income statements since 2008 have been reviewed for further analysis of industry’s growth, efficiency and profitability, and to offer areas for improvement through the innovative utilization of advanced technologies. Sections A to C outline insurance companies’ revenue streams, costs and expenses, as well as financial ratios. If you are already familiar with basics of income statements for insurance companies, you may skip to section D.

A. Revenue

  • Revenue Streams

Insurance companies sell their customers coverage (policy) against risk for a price called premium. The premium is invested. Such investments are of course widely regulated, but we do not intend to discuss about regulations in this article. Therefore, insurance carriers have two revenue streams: premium and investment income.

  • Gross Premium vs. Net Premium

Many insurance companies share their risk in very different and creative forms. For example, very often they pay a percentage of premium to bigger and higher capitalized insurers (called re-insurers), and re-insurer covers a percentage of losses. An insurance company’s total amount of premiums received is gross premium, of which the re-insurance premium (paid to reinsurance companies) should be deducted to get the net premium amount. Net premium gauges the amount of risk that the insurance company is taking on.

  • Net Premium Written vs. Net Premium Earned

Imagine that the insurance company sold a home insurance policy for the total amount (premium) of $1200 for 2017 in January. This is their net premium written. But, they cannot consider the whole 1200 as their revenue yet. In fact, every month, $100 of the total can be ‘realized’ as their revenue. So, at the end of 2017, the total $1200 becomes their “earned” revenue.

B. Losses and Expenses

Insurance companies have two main categories of costs, which include losses and other expenses. Other expenses are usually costs of salaries, underwriting, marketing, sales and administration. But losses should be divided further into two categories: loss cost, and loss adjustment expenses. Loss cost is the insurance company’s cost to compensate for damages. Adjustment expenses however, are the losses to handle insurance claims. The simplest example would be a car accident, and when the insured claims damage to their car. The insurance company pays an investigator to make sure the accident really happened, the car is actually damaged, and the amount of loss to the insured is estimated accurately. In this case, the amount of loss paid to the insured is the “loss cost”, and the amount paid to the investigator is the loss adjustment expense (aka LAE).

Now knowing that total revenue minus total costs and expenses equals profit (gains or net earning), it can be easily deducted that the lesser the losses and expenses are, the higher the profit would be. The reality is, very often insurance companies return losses and are not profitable. It means that by its nature in the insurance industry, expenses and losses are higher than revenue.

C. Ratios

For better understanding and analysis, we need to calculate four ratios:

a) Loss ratio: percentage of loss cost, paid out to compensate damage, plus loss adjustment expenses, paid out to handle claims, divided by (earned) revenue from premiums.

b) Expense ratio:percentage of other expenses divided by (earned) revenue from net premiums. High expense ratio is a sign of inefficiency in company’s operation and business processes.

c) Dividend ratio: percentage of dividend paid out to policyholders divided by earned revenue from premiums. This is mainly applicable to mutual insurance companies.

d) Combined ratio: percentage of loss cost plus expenses plus dividends divided by earned revenue from net premiums. The higher this ratio is, the less profitable the insurance has been.

D. Trend since 2008

The first chart compares growth in P&C insurance with US percentage growth in total gross domestic products since 2008. From the chart, it is obvious that growth in insurance has been lower than the national growth. In fact, the US economy grew by over 26% from $14.718 trillion in 2008 to $18.569 trillion in 2016, while P&C insurance net written premiums grew by 19.9% and net premiums earned grew by 17.8% only.[1][2][3]

Slide1Chart 1 – US P&C Insurance Growth vs. US Economy – 2008 to 2016

(Rates are calculated as year over year growth percentage in the dollar value of US total gross domestic product [3][5] vs revenue generated in P&C insurance industry. [1][2])

The second chart depicts the very fact that insurance companies usually operate at a loss. In fact, in only three out of 9 years the industry was (marginally) profitable. Insurance industry is known to turn losses by nature.

Slide2Chart 2 – US P&C Efficiency and Profitability Ratios – 2008 to 2016

Last but not least is P&C insurance companies yield on investment compared to US market return.

Insurance companies percentage of return on investment has been very reliable with no volatility. But of course, returns underperformed market by a high percentage. In fact, the investment strategy (often because of strong regulation) is to avoid risk at all costs and preserve the capital.[1][2][4]

Insurance_IncomeStatement_08ToDate_4

 Chart 3 – Annual Yield on Investment P&C vs. US Market – 2008 to 2016

E. Conclusion:

Historical data shows that growth in P&C insurance is lagging behind growth in the economy. A full analysis of the root causes is out of the scope of this article. At a high level, there are two ways to increase revenue: a) sell more to the existing customers, or b) sell to more customers. In other words the industry should identify, target and reach the under-insured market, and/or identify the new areas of risk and target to underwrite and design products for early market penetration.

There is not much that insurance industry can do to decrease their loss cost which has historically been between 65 to 75 percent. After all, this is the reason of their existence. However, it can be argued that by leveraging advanced technologies like AI, data science, machine learning and IoT, insurance companies can predict the loss, encourage safe and preventative behavior, dynamically price the risks and rein in leakage and fraud related costs to reduce the loss cost ratio.

Subsequently, adjustment cost can be managed more efficiently with newer technologies. AI based image processing, loss assessment using drones and remote sensing and automation are all being explored in this regard and new startups are looking at leveraging all these new technologies to make it easier and more efficient to serve claims.

Cost of revenue (agent fees, marketing and advertisement) can be reduced by effective digital strategies, implementing direct sales channels, and software modernization.

Finally, with the advent of Fintech, highly available data, and the unprecedented possibilities of analyzing data and forecasting the future, insurance industry should be able to adopt dynamic investment strategy. It is absolutely true that the capital collected in premium MUST BE available immediately and as catastrophe hits, but with the very advanced technology, data modelling and analysis methods, soon it should be invest based on market conditions and insurers’ risk profile to optimize (not necessarily maximize) return rather than just preserve the capital.

References:

[1] Source: NAIC, National Association of Insurance Commissioners, Industry Snapshots, Dec. 31, 2012

[2] Source: NAIC, National Association of Insurance Commissioners, Industry Snapshots, Dec. 31, 2016

[3] https://data.worldbank.org/indicator/NY.GDP.MKTP.CD?locations=US

[4] https://ycharts.com/indicators/sandp_500_total_return_annual

[5]

2016 2015 2014 2013 2012 2011 2010 2009 2008
US Gross Domestic Product (in million $)  18,569,100.00  18,036,600.00  17,393,100.00  16,691,500.00  16,155,300.00  15,517,900.00  14,964,400.00  14,418,700.00  14,718,600.00
Change % [(y2-y1)/y1] 2.95% 3.70% 4.20% 3.32% 4.11% 3.70% 3.78% -2.04%

Zillow Talk – Introduction

Buying a house is a milestone in almost everyone’s life. Many work for several years, if not decades, to afford a house and then to pay off the mortgage. For many, it is their largest investment and asset. Surprisingly, not many people do due diligence in understanding the markets, weighing their different options, and separating fact from myth based on (now) widely available data.

The CEO and the chief economist of Zillow have co-authored a book, ‘Zillow Talk, The New Rules of Real Estate’ to help people make smart decision about buying or selling their houses, by:

a) studying the widely available data, b) separating myth from fact, and c) understanding how rules of real estate changed with the advent of technology.

I am also highly impressed by Spencer Rascoff’s vision and courage on the very early adoption and application of big data to first disrupt travel industry (he co-founded Hotwire) and then real estate industry in the United States.

In these series of articles, I will summarize each of the 26 chapters of this book into one article of up to 400 words, after providing a summary of the introduction in this first article.

Introduction: 

Unlike other investments, purchasing a house is not solely based on financial and economical considerations. Many other elements, including emotional ties, culture and the comfort of the family play major role on how we decide.

In the introduction, Spencer Rascoff recounts his own experience in purchasing their family houses, and how in the process he realized that the real estate industry needed to be disrupted by collecting, analyzing and making the real-time data available to the public. Before Zillow, sellers and buyers needed to wait for days to have an estimate on the value of the house and data about the neighborhood. Today, Zillow makes that information and much more available instantaneously. Through the analysis of the vast amount of real-time and up-to-date data, many myths and conventional wisdom about the housing market are busted and many are proved to be true.

He then emphasizes that the three things that matter in property are NOT ‘location, location, location’, but ‘future location, future location, future location’.

A very interesting piece of data is about the change in square footage of residential properties per person from less than 300 square feet in 1950 to almost 900 in 2000. Within the same period, the square footage of commercial properties per employee decreased from 600 to 100. This is all because of the change in people’s lifestyle, with fewer members in the family, and demand for home-office, media room or even fitness rooms. In commercial market however, the internet and high tech made libraries, archives and big computer rooms irrelevant, and made telecommuting possible.

Real estate is a very major element of macro-economy and even a political issue. Therefore access to transparent timely information is essential for the health of the market and consumers’ confidence.

It should also be noted that with more information about the market and house values, the threat of speculative pricing and bubble in the housing market would be less. For my Canadian friends who are handcuffed by the monopolistic power of TREB: Unlike MLS, Zillow provides all information, including the estimated price of EVERY HOUSE with high accuracy, and the price at which houses were sold, and not just the listing price.

PS: see the book on Amazon at https://www.amazon.com/Zillow-Talk-Rules-Real-Estate/dp/1455574740

 

 

 

Insuretech : Back to Basics

By Kataneh Emami and Vahid Mansoori

sn-mammoth_0

In its core, insurance serves to the most basic need of a society: being protected; one for all and all for one. Protection and caring for one another is essential to the survival of any society, for which three elements are fundamental:

  • Risks should be identified, and their likelihood and impact should be determined,
  • Right to be protected should be earned (or purchased) by any individual in that community who expects to be looked after,
  • Trust in the community is essential to ensure protection, should risks materialize,

In fact, these elements are the main (and only) values that insurance companies add to the society. They identify and assess risks, determine the cost of protection based on each individual’s exposure, collect and preserve the capital, and use it to cover the insured when the risk happens. However, over many decades and centuries, processes and operations have become so complicated that the very basic purpose of the industry is sometimes being overlooked and not adequately or efficiently served in a timely manner.

Pace of change is faster than anytime in the past, which poses new threats on the humankind. New technologies might at any point expose people to unprecedented unpredictable risks, which are not yet identified, and for many which are identified, the extend of damage is not known accurately. Also in a globalized and connected world with many parties involved, the one(s) responsible for the damage can not be clearly singled out. The very obvious examples are driverless vehicles; nobody is sure about potential risks, who might be affected, and who is responsible if risk materializes. Another example is climate change, which (regardless of root causes) is happening. Impacts are not fully determined, and there is not adequate knowledge of who is exposed to what losses, when and how.

In one sense, insurance is a form of crowdfunding; the larger the pool of contributors is, the more efficient and effective the protection will be. However, there are still gaps in the industry. First of all, insurers have not reached all who are exposed to risks. In fact most of the people are uninsured or underinsured. Second, individuals’ right to protection is (usually) collected over time, and as they contribute to the pool, but individual’s exposure to risk (or future cost of protection) changes over time. In fact, individuals may use safety measures or develop behaviors to reduce their risks and vice versa. In other words and in an ideal world, full efficiency materializes when regardless of where people live, all who share the risk contribute to the same pool to collect the right of being protected by the community. This should be based on the dynamic and accurate measurement of their current risk, therefore dynamic pricing, and their current amount of collected right to the pool.

Trust is central and crucial to the concept of insurance. In fact, that is the main reason why this industry is highly regulated. There should be assurance that capital will be available whenever required. Also, mistrust is a reason for underinsurance; individuals are not sure whether they will be covered when the unpredictable happens. Complicated processes, long policies, full of legal jargons and fine prints, and commission-based sales teams add to the reasons for mistrust.

Ideally and in a perfect world, insurance would excel when risks are identified in real-time and defined transparently, with accurate measurement of their likelihood and impact on all individuals. Then all people who are exposed to the same risk are notified and gathered in one (virtual) community, with timely assessment of each individual’s required contribution for their desired level of protection, in an environment which is safeguarded from fraud, and provides tools and timely feedback to reduce individual’s exposure.

New technologies, including artificial intelligence, blockchain, big data and the internet of things, in a connected world will eventually be leveraged to eliminate inefficiencies and take insurance back to its origins and very core. This means that the future of the insurance would be a highly advanced end to end solution that disrupts the industry, and is extremely efficient, simple and intuitive to the end user. Path to excellence will not be fast and easy, but will happen eventually.

After all, just like Steve Jobs said “Simple can be harder than complex: You have to work hard to get your thinking clean to make it simple. But it’s worth it in the end because once you get there, you can move mountains.”

US trade deficit with China

I am fascinated by macroeconomics and the variety of elements that change dynamics of local and global markets, sometimes in unexpected ways.

US trade deficit with China is in no better shape now than a year ago. In fact, it is expected to increase by almost 10% to over $370 billion in 2017 compared to $347 billion in 2016.

In the recent visit to China:

  • The United States is asking China to curb its trades with North Korea. China is North Korea’s top trading partner, as well as USA’s top trading partner. I am not sure how US can negotiate to narrow its trade deficit with China, while also asking China to curb its financial ties with the North Korea, and let US army be strongly present in the area.
  • Even more interesting, Shen Jianguang, an economist at Mizuho suggests that demand is much higher in China than in the United States! This means that US companies need the Chinese market more than China requires the US market. I would still have some questions to ask him, nonetheless this is an interesting notion.

Tax, interest rates and regulations play major roles in the economy of the United States, especially now that the unemployment rate and interest rates are at their lowest, but inflation is not growing much. Unfortunately all three factors, especially taxes and deregulation are so politicized and impacted by lobbyist as well as populists that the real purpose of any changes are dubious and the final outcome of lawmakers’ decisions may not necessarily spur economic growth.

A fourth factor however, should not be overlooked: the power of innovation and disruption, especially in IP-intensive industries to increase growth and reduce trade deficit. China has been forming joint ventures with many US firms (in exchange for giving them access to the Chinese market). The IP (Intellectual Property) did not necessarily stay within the joint venture. Second issue is China’s new cyber security law, which (some believe) will give unwanted access to US IP. -Details are out of the scope of this article.

Unfortunately, I do not see any details on how (or whether) the US administration or Mr. Ross discussed, or is planning to discuss IP issues with the Chinese government. Second, I am not sure if the new tax laws or deregulation will help to augment demand in the US by increasing overall wealth and focusing on middle income class. In the absence of solid solutions to either of the two above-mentioned concerns, resolutions to trade deficit imbalance may not be as effective or long-term.

References:

a) https://www.wsj.com/articles/china-trade-surplus-widens-in-october-1510116345

b) https://www.wsj.com/articles/trumps-china-trip-brings-admonitions-on-north-korea-along-with-business-deals-1510147113

c) https://thediplomat.com/2017/10/slow-and-steady-us-intellectual-property-and-the-china-challenge/

Oil Prices – Oil God and Algorithmic Trading

Andy Hall has been one of the most prominent investors and analysts in the oil market for decades.

Some time around the winter of 2017 in a WSJ article (which I cannot find now, unfortunately), I remember I read him saying that the price of oil would be at $70 by the end of 2017. He had mentioned that he could simply pick up the phone and talk to anybody in the oil industry at any time. He was so confident in his analysis and forecast at the time.

Around 6 months later in August, he closed his main hedge fund Astenbeck after losing 30% through betting on oil, while S&P 500 was up by almost 10% in the same period. In fact when he closed down the fund, Bloomberg channel reporter was saying that everybody in the oil industry, including the OPEC countries should be warned if Andy Hall failed.

Andy Hall blamed it on algorithmic trading systems that disrupted commodities trading and fundamental analysis.

Now three months after he closed Astenbeck, oil prices are up again, and are expected to remain in the range of $55 to $65 for the rest of the year. Energy ETF shares are higher by 8% since their lowest on August 21st. Oil prices have been up by over 10% since August.

Now two matters are unknown to me – and I do not have much knowledge of algorithmic trading systems, unfortunately, so, I have just questions with no answers:

  • As mentioned in my previous article, with AI trading, will trading and investment make any sense anymore? Again, I would compare it to all gamblers in a casino betting on the jackpot at the right time.
  • Second, and even worse: can algorithm developers and data miners manipulate information and/or prices to the benefit of themselves and their own institutions at the expense of the public and ordinary investors?

References:

https://www.cnbc.com/2017/08/14/oil-trading-god-andy-hall-says-hes-met-his-match-robots.html

https://www.forbes.com/sites/stevehanke/2017/07/31/is-the-oil-god-andy-hall-dead/#676f21bf59bf

The Morningstar Mirage*

A Wall Street Journal article titled “The Morningstar Mirage” outlines an analysis, for which I have been waiting at least for a couple of years.

Previously, in John Bogle’s famous book of “the little book of commonsense investing”, I had read a strong argument against investment in actively traded funds vs. exchange-based funds. Well, I know about all the controversy around index-based investing. I, however agree with the very valid argument that a mutual fund manager can rarely (if at all) beat the market over several years.

This article of the Wall Street Journal builds the case and offers substantiated data for the fact that a Morningstar five-star rating IS IN FACT (as Morningstar also advertises clearly) of very little to no value in determining which fund will in the future perform best.

WSJ_MorningStar_FundRating

 

As the article puts it best, and John Bogle outlined as one of the reasons why mutual funds may not be the best possible investments:

“The Journal’s analysis found that most five-star funds perform somewhat better than lower-rated ones, yet on the average, five-star funds eventually turn into merely ordinary performers.”

Reference:

*Wall Street Journal, October 25, 2017, “the morningstar mirage”, https://www.wsj.com/articles/the-morningstar-mirage-1508946687

Are We Creating An Insecure Internet of Things (IoT)? Security Challenges and Concerns

Headshot.jpg

The Internet of Things (IoT) has been an industry buzzword for years, but sluggish development and limited commercialization have led some industry watchers to start calling it the “Internet of NoThings”.

Double puns aside, IoT development is in trouble. Aside from spawning geeky jokes unfit for most social occasions, the hype did not help; and, in fact, I believe it actually caused a lot more harm than good. There are a few problems with IoT, but all the positive coverage and baseless hype are one we could do without. The upside of generating more attention is clear: more investment, more VC funding, more consumer interest.

security and the internet of things

However, these come with an added level of scrutiny, which has made a number of shortcomings painfully obvious. After a couple of years of bullish forecasts and big promises, IoT security seems to be the biggest concern. The first few weeks of 2015 were not kind to this emerging industry, and most of the negative press revolved around security.

Was it justified? Was it just “fear, uncertainty and doubt” (FUD), brought about by years of hype? It was a bit of both; although some issues may have been overblown, the problems are very real, indeed.

From “Year Of IoT” To Annus Horribilis For IoT

Many commentators described 2015 as “the year of IoT,” but so far, it has been a year of bad press. Granted, there are still ten months to go, but negative reports keep piling on. Security firm Kaspersky recently ran a damning critique of IoT security challenges, with an unflattering headline, “Internet of Crappy Things”.

Kaspersky is no stranger to IoT criticism and controversy; the firm has been sounding alarm bells for a while, backing them up with examples of hacked smart homes, carwashes and even police surveillance systems. Whether a hacker wants to wash their ride free of charge, or stalk someone using their fitness tracker – IoT security flaws could make it possible.

Wind River published a white paper on IoT security in January 2015, and the report starts off with a sobering introduction. Titled Searching For The Silver Bullet, it summarizes the problem in just three paragraphs, which I will condense into a few points:

  • Security must be the foundational enabler for IoT.
  • There is currently no consensus on how to implement security in IoT on the device.
  • A prevalent, and unrealistic, expectation is that it is somehow possible to compress 25 years of security evolution into novel IoT devices.
  • There is no silver bullet that can effectively mitigate the threats.

However, there is some good news; the knowledge and experience are already here, but they have to be adapted to fit the unique constraints of IoT devices.

Unfortunately, this is where we as system security developers stumble upon another problem, a hardware problem.

U.S. Federal Trade Commission chairwoman, Edith Ramirez, addressed the Consumer Electronics Show in Las Vegas earlier this year, warning that embedding sensors into everyday devices, and letting them record what we do, could pose a massive security risk.

Ramirez outlined three key challenges for the future of IoT:

  • Ubiquitous data collection.
  • Potential for unexpected uses of consumer data.
  • Heightened security risks.

She urged companies to enhance privacy and built secure IoT devices by adopting a security-focused approach, reducing the amount of data collected by IoT devices, and increasing transparency and providing consumers with a choice to opt-out of data collection.

Ramirez went on to say that developers of IoT devices have not spent time thinking about how to secure their devices and services from cyberattacks.

“The small size and limited processing power of many connected devices could inhibit encryption and other robust security measures,” said Ramirez. “Moreover, some connected devices are low-cost and essentially disposable. If a vulnerability is discovered on that type of device, it may be difficult to update the software or apply a patch – or even to get news of a fix to consumers.”

While Ramirez is spot on in most respects, I should note that the Internet went through a similar phase two decades ago. There were a lot of security concerns, and the nineties saw the emergence of the internet-borne malware, DDoS attacks, sophisticated phishing and more. Even though Hollywood depicted a dystopian future in some films, we have ended up with kittens on social networks and a high-profile security breach here and there.

The Internet is still not secure, so we can’t expect IoT to be secure, either. However, security is constantly evolving to meet new challenges, we’ve seen it before, and we’ll see it again, with IoT and subsequent connected technologies.

IoT Hardware Is And Will Remain A Problem

Some of you will be thinking that the hardware issues mentioned by the FTC boss will be addressed; yes, some of them probably will.

As the IoT market grows, we will see more investment, and as hardware matures, we will get improved security. Chipmakers like Intel and ARM will be keen to offer better security with each new generation, since security could be a market differentiator, allowing them to grab more design wins and gain a bigger share.

Technology always advances, so why not? New manufacturing processes generally result in faster and more efficient processors, and sooner or later, the gap will close, thus providing developers with enough processing power to implement better security features. However, I am not so sure this is a realistic scenario.

insecure iot

First of all IoT chips won’t be big money-makers since they are tiny and usually based on outdated architectures. For example, the first-generation Intel Edison platform is based on Quark processors, which essentially use the same CPU instruction set and much of the design of the ancient Pentium P54C. However, the next-generation Edison microcomputer is based on a much faster processor, based on Atom Silvermont cores, which is in many Windows and Android tablets, today. (Intel shipped ~46m Bay Trail SoCs in 2014.)

On the face of it, we could end up with relatively modern 64-bit x86 CPU cores in IoT devices, but they won’t come cheap, they will still be substantially more complex than the smallest ARM cores, and therefore will need more battery power.

Cheap and disposable wearables, which appear to be the FTC’s biggest concern, won’t be powered by such chips, at least, not anytime soon. Consumers may end up with more powerful processors, such as Intel Atoms or ARMv8 chips, in some smart products, like smart refrigerators or washing machines with touchscreens, but they are impractical for disposable devices with no displays and with limited battery capacity.

Selling complete platforms, or reference designs for various IoT devices, could help chipmakers generate more revenue, while at the same time introduce more standardisation and security. The last thing the industry needs is more unstandardized devices and more fragmentation. This may sound like a logical and sound approach, since developers would end up with fewer platforms and more resources would be allocated for security, however, security breaches would also affect a bigger number of devices.