A backdoor in xz

Posted Apr 1, 2024 17:49 UTC (Mon) by apoelstra (subscriber, #75205)
In reply to: A backdoor in xz by Wol
Parent article: A backdoor in xz

>That enforcement enables the agency to recover costs

In the US at least, I don't believe any agency works this way. Instead any fines or other enforcement-related payments go to the goverenment's general fund. Money is fungible so in principle this could make an agency cost-neutral, but it has no effect on the agency's budget so they aren't incentivized to try.

If any agency *were* incentivized to levy fines, because their operating budget had to come out of the fines, this would be a perverse incentive for them to just levy fines willy-nilly. Much like the "speed traps" operated by local police agencies near the end of the month.

A backdoor in xz

Posted Apr 1, 2024 21:49 UTC (Mon) by kleptog (subscriber, #1183) [Link] (1 responses)

> >That enforcement enables the agency to recover costs

> In the US at least, I don't believe any agency works this way.

It surely varies by jurisdiction, but regulatory agencies here in Netherlands don't live off fines. They'd die if that were the case. To give some examples how it works:

- NVWA (think food safety) charges per food inspection certificate issued, time spent auditing a business, etc for example.

- AFM (like the SEC) basically has a budget, which is divided by a formula over all the banks, insurance companies, etc within the Netherlands.

The principle is straight forward: regulatory authorities are paid for by the businesses they are regulating. The health agency is funded by the hospitals, GPs and pharmaceutical companies within their jurisdiction. If a sector complains the regulatory agency is too expensive, then politicians can simply argue that the sector should get its act together so they there's less enforcement work required.

It doesn't work for everything. Stuff like GDPR enforcement, it's not clear who should pay for that. But for a lot of regulatory agencies it does work reasonably well.

A backdoor in xz

Posted Apr 2, 2024 9:10 UTC (Tue) by farnz (subscriber, #17727) [Link]

The general model for things where it's not clear who should pay is for the regulator to be funded from general taxation, and for fines to go back into the general pot; it is understood that the regulator is not expected to attempt to pay its own costs via fines, but that it is expected to fine everyone who breaches the regulations.

A backdoor in xz

Posted Apr 2, 2024 18:26 UTC (Tue) by Wol (subscriber, #4433) [Link]

> If any agency *were* incentivized to levy fines, because their operating budget had to come out of the fines, this would be a perverse incentive for them to just levy fines willy-nilly. Much like the "speed traps" operated by local police agencies near the end of the month

What you *want* to achieve, is for the person paying to want to pay the minimum possible, but for them to have two (at least) different ways of minimising the cost.

My preferred example is with things like insurance companies. Why shouldn't the police have a "burglary investigation department" paid for by the insurance companies? You then hopefully get a "steady state" where the police catch enough burglars to keep the crime rate down, but barring outright fraud the system isn't going to get out of hand.

Unfortunately, capitalism tends to sabotage such neat systems, another example is the mess we have of utilities - it makes sense for the infrastructure to be owned by the customers, but all too often it's treated as a profit centre by suppliers :-( As a result you get the horror stories we of from America of people locked into cable monopolies, or stuck with dial-up speeds. In a first world state !?!?

(I won't say we're much better - in theory we're a lot better off, but it still fails horribly ...)

Cheers,
Wol