Podcast: Play in new window | Download (Duration: 13:15 — 6.1MB)

DOW – 12 = 17,900
SPX – 2 = 2071
NAS – 5 = 4769
10 YR YLD – .03 = 2.26%
OIL – .61 = 66.77
GOLD – 3.10 = 1207.50
SILV + .06 = 16.59

Seven of the 10 main industries in the S&P 500 declined. Energy companies slumped 0.8%, following three days of gains. Chevron (CVX) slid 1.3%, the most in the Dow, and Exxon Mobil (XOM) declined 0.6%. Crude fell 18% last month and moves of that magnitude cannot be attributed to normal markets following supply and demand. There is manipulation in the oil market, and the question is really whether it will end well.

Initial jobless claims fell 17,000 in the week ended Nov. 29 to 294,000. In the prior week, new filings hit 314,000, the first reading above 300,000 since early September. Tomorrow is the monthly jobs report and the guesstimates are calling for 230,000 new jobs added and the unemployment rate steady at 5.8%. The November jobs reports are subject to some revisions, so don’t be surprised if that guesstimate is wildly off base. When the jobs report surprises to the upside, the S&P trades up two-thirds of the time, with growth sectors like industrials outperforming. When jobs miss, gold does well.

We’ll dig into the report tomorrow, but some of the important bits of data we will track includes where wages are going. There have been signs in recent months of higher employment costs, and workers did get a boost in October from a slightly longer workweek, but hourly earnings haven’t picked up, at least not yet. That means we’ll also watch where jobs are created; in decent paying jobs like manufacturing and construction or in lower paying sectors such as restaurants and bars. Then we’ll see if the jobs added in November are full-time or part-time; last month the U-6 unemployment rate, which tracks underutilized workers, dropped from 11.8% to 11.5%. And of course we’ll follow the participation rate, which ticked up a bit in October, to 62.8% from 62.7% in September; that might be a sign that discouraged, long-term unemployed workers are jumping back in the labor pool.

The US House has passed a $577 billion dollar measure to fund the Defense Department. The bill passed the House today, 300-119, without any changes. The Senate probably will follow suit next week. The annual defense policy bill sets military policy and spending targets for fiscal 2015, which started Oct. 1. While laws covering many other parts of the government routinely are allowed to lapse because of disagreements or disinterest, a defense authorization has been enacted for 52 consecutive years. Next week Congress will work on a funding bill to keep the government open.

The European Central Bank met today. Normally, when a major central bank holds a policy meeting you might expect policy, but that’s not how the ECB does it. You may remember 2 years ago, ECB President Mario Draghi said they would do “whatever it takes”, and then they thought about it. The European Central Bank, of course, has not been idle during the past two years. It has cut its benchmark interest rate seven times under Draghi to its current low of 0.05%, or effectively zero. Today, the central bank left the rate unchanged. It has taken the virtually unprecedented step of introducing a negative interest rate on money that commercial banks store at the central bank, to induce them to lend the funds rather than hoard them. And it has allowed banks to borrow money on extremely favorable terms for up to four years. The central bank is set to issue another round of cheap four-year loans next week. They have not embarked on quantitative easing, or a big bond buying program, like the Fed, or the Bank of Japan.

Today, Draghi said that the European Central Bank would reassess its stimulus measures “early next year” and that its governing council “remains unanimous in its commitment to using additional unconventional instruments within its mandate.” Which sounds like a few more words to say the familiar line “whatever it takes”. Stimulus is right around the corner, just not today. And the lack of action leaves the impression that bond buying might not help much; rates are already very low and further declines will have little traction on the economy unless they are matched by fiscal stimulus and reform measures to raise the growth potential of struggling European economies. Whether it will help or not, the ECB will have to take action sooner rather than later.

Also, an interesting development in London, where they have proposed what is being called a “Google tax”; actually a proposed 25% tax on multinational companies’ local profits. The idea is to stop multinationals from using complicated tax structures to move profits from their British operations to jurisdictions like Ireland or Luxembourg, where companies pay less corporate tax. The Google tax would go into effect in April and would force multinational companies to pay more tax in countries where they have large operations.

The tax would not just apply to Google (GOOG); many other firms including Facebook (FB) and Apple (AAPL) have come under criticism for basing their extensive European businesses from Ireland. Google is just catching some extra flack lately, including an investigation by European antitrust authorities over its dominant role in search engines.

Meanwhile, the FBI is continuing to investigate the hack attack on Sony Pictures. Now they aren’t so sure it was North Korean hackers. Sony was hit by hackers on Nov. 24, resulting in a companywide computer shutdown and the leak of corporate information, employee information (including social security data and salaries) and a few films were stolen and posted on the internet. Meanwhile, Deloitte, the consulting and auditing firm, was hacked yesterday. Sony has worked with Deloitte. The leaked data is likely to raise embarrassing questions about Deloitte’s own insider-threat program. The firm has aggressively marketed its digital threat intelligence services and has been providing advice to corporations about how to protect data from employee leaks. Four months ago, Deloitte sponsored an article in The Wall Street Journal about how companies can more quickly identify employees who take internal data, the very issue it now finds itself addressing.

The hacking at Sony stands out because the hackers didn’t just sneak in and sneak out; they defaced the website; they posted pirated films online; they trashed the site and acted in a very brash manner. That’s different, and maybe a bit overconfident, but also maybe they were saying that the hackers are winning the cybersecurity wars. In other words, game on.

Security company Symantec (SYMC) reports there was a 62% increase in hack attacks over the past year. The threats are real and growing worse, and so far there doesn’t seem to be any particular urgency about making basic, fundamental changes to insure cyber security. Meanwhile, more and more commerce is moving online, everything from retail shopping to banking to the functioning of the electric grid to medical processing and recordkeeping to, well almost everything is now online.

In a speech two years ago, Leon Panetta, the former defense secretary, predicted it would take a “cyber-Pearl Harbor”, a crippling attack that would cause physical destruction and loss of life, to wake up the nation to the vulnerabilities in its computer systems. That hasn’t happened yet, not exactly. But there have been attacks. The Home Depot breach compromised over 50 million customers; don’t forget the breach at Target – 40 million credit cards and info on 70 million customers. Smaller hack attacks on the Pentagon, the White House (Even President Obama had to have his credit cards replaced because of a breach), CNN, JPMorgan, universities, hospitals, and scores of others, even the NSA. And the credit cards are small compared to the value of intellectual property hacked by foreign companies and foreign governments.

And part of the reason why this is a growing problem is that we don’t have national standards on security, and we haven’t really established liability in the courts; although there are some lawsuits that might work their way through the legal system and establish some precedent. Sometimes banks get stuck with the cost on fraudulent card usage, but that’s a small price compared to massive investment in security infrastructure. And if your credit card is hacked you may or may not be covered for losses. Most of the time, the only remedy for consumers is to cancel the card or change the password. Seriously. Not exactly a strategic solution.

Sure, there are companies trying to deal with the issue of cybersecurity and they are making progress, but the problem is that the hackers are progressing faster. And while I would like to tell you there are some great new technologies to protect you right around the corner, the reality isn’t quite so Pollyannaish. Five years ago, the Defense Advanced Research Projects Agency, or DARPA, decided to explore what the Internet might look like if we could rebuild the computer systems from the ground up, employing the hard lessons we have learned about security. It’s an interesting notion but it might be impossible. The internet was built for performance not security, and it is on the verge of extending to the Internet of Things, where we can control things like thermostats and lights and garage doors and refrigerators and cars all online. Or where we could lose control of all those things.

Our cyber infrastructure is not secure, and it won’t be until the economics of a breakdown are apparent and assigned. Just try and be careful out there.

NASA scrubbed the launch of its new Orion space capsule this morning after a series of delays caused by high winds and problems with the rocket. They’ll try again tomorrow morning.