وبلاگ بلیان

The law and economics of cybersecurity: edited by Mark F. Grady, Francesco Parisi

معرفی کتاب «The law and economics of cybersecurity: edited by Mark F. Grady, Francesco Parisi» نوشتهٔ Mark F Grady; Francesco Parisi; NetLibrary, Inc، منتشرشده توسط نشر Cambridge University Press (Virtual Publishing) در سال 2005. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Cybersecurity is a leading national problem for which the market may fail to produce a solution. The ultimate source of the problem is that computer owners lack adequate incentives to invest in security because they bear fully the costs of their security precautions but share the benefits with their network partners. In a world of positive transaction costs, individuals often select less than optimal security levels. The problem is compounded because the insecure networks extend far beyond the regulatory jurisdiction of any one nation or even coalition of nations. Originally published in 2006, this book brings together the views of leading law and economics scholars on the nature of the cybersecurity problem and possible solutions to it. Many of these solutions are market based, but they need some help, either from government or industry groups, or both. Indeed, the cybersecurity problem prefigures a host of twenty-first-century problems created by information technology and the globalization of markets. Cover 1 Half-title 3 Title 5 Copyright 6 Contents 7 Acknowledgments 9 Contributors 10 The Law and Economics of Cybersecurity: An Introduction 11 Part One Problems: Cybersecurity and Its Problems 21 One Private Versus Social Incentives in Cybersecurity: Law and Economics 23 I. Introduction 23 II. Private Security Expenditures 25 III. Public and Private Goods 30 IV. Conclusion 36 References 37 Two A Model for When Disclosure Helps Security: What is Different About Computer and Network Security? 39 I. A Model for When Disclosure Helps Security 42 A. Case A: The Open Source Paradigm 42 B. Case B: The Military Paradigm 43 C. Case C: The Information-Sharing Paradigm 45 D. Case D: The Public Domain 46 E. The 2 X 2 Matrix for When Disclosure Improves Security 48 II. The Key Reasons Computer and Network Security May Vary from Other Types of Security 48 A. Hiddenness and the First-Time Attack 49 B. Uniqueness of the Defense 51 C. Why Low Uniqueness May Be Typical of Computer and Network Security 52 III. Relaxing the Open Source Assumptions: Computer and Network Security in the Real World 58 A. The Assumption That Disclosure Will Not Help the Attackers 59 B. The Assumption That Disclosure Will Tend to Improve the Design of Defenses 69 C. The Assumption That Disclosure Will Spread Effective Defenses to Others 73 IV. Conclusion: Security, Privacy, and Accountability 75 References 78 Three Peer Production of Survivable Critical Infrastructures 83 I. Introduction 83 II. Survivable Systems Versus Impregnable Artifacts 85 III. Examples of Peer-Produced Capacity-Generating Systems 88 A. Ad Hoc Mesh Wireless Networks 88 B. Distributed Data Storage and Retrieval 94 C. Distributed Computing 98 IV. Economics of Shareable Goods 101 A. What Are Shareable Goods? 101 B. Differences in Information Costs 103 C. Differences in Motivation Structures 105 D. Information and Motivation: Cumulative Considerations 109 V. Some Practical Proposals for Organization and Policy 110 A. Pooling Resources through Firms 110 B. Secondary Markets in Excess Capacity 111 C. Social Production of Survivable Infrastructures 114 VI. Conclusion 121 References 122 Four Cybersecurity: Of Heterogeneity and Autarky 125 I. Redundancy: Heterogeneity Versus Autarky 130 A. Monocultures: Supply versus Demand 131 B. Heterogeneity and Autarky 133 C. The Cost of Engineering Heterogeneity 137 II. Understanding Computer Software Product Quality 140 A. Consumer Software Adoption with Full Liability 141 B. Quality Investment and Full Liability 142 C. Timing of Software Release and Adoption 143 III. Conclusion 145 References 147 Part Two Solutions: Private Ordering Solutions 151 Five Network Responses to Network Threats: The Evolution into Private Cybersecurity Associations 153 I. Introduction 154 II. Private Provision of Security by Networks 160 A. Private Security Associations in the “[Very] Old Economy” 160 B. Private Security Assiciations in the “New Economy”: ISACs 162 C. Public Subsidies of Private Network Security Associations 165 III. A Theory of the Evolution of Private Legal Systems 168 A. Enforcement of Norms by Networks and Hierarchies 168 B. The Paradox of Spontaneous Formation 175 C. The Evolution of Private Legal Systems 180 D. A Note on Game Types 183 E. Assessing Enforcement Costs of Regulated Norms 185 IV. Applying the Theory to Private Network Security Associations 189 A. Network Security Norms as Noncooperative Game Types 189 B. Reliance on Existing Functionality in the Chemical Sector ISAC 192 C. Implications on the Public Subsidy of ISACs 195 V. Conclusion 197 References 198 Six The Dark Side of Private Ordering: The Network/Community Harm of Crime 203 I. The Network Harms from Computer Crime 205 A. Network Harms 207 B. Distributional Harms 209 II. Some Implications of A Community Harm Approach 211 A. The Case for Unlike Punishments for Like Crimes 214 B. Crimes against Networks 215 C. The Third-Party Liability Debate 217 D. The Problem with Current Law Enforcement and White House Cyberstrategy 222 III. Conclusion 225 References 225 Seven Holding Internet Service Providers Accountable 231 Abstract 231 I. The Theory of Indirect liability 237 A. The Standard Model 237 B. Applied to Internet Service Providers 242 II. Objections 249 A. Overzealous ISPs 249 B. Subscriber Self-Help 252 C. Other Objections 254 III. Recent Cases 257 A. The Communications Decency Act 257 B. Common Law Principles 263 IV. Conclusion 264 Eight Global Cyberterrorism, Jurisdiction, and International Organization 269 I. Introduction 269 II. Categorizing Cyberterrorism Security Threats 271 A. Terms and Parameters 271 B. Analytical Framework 272 C. Factors Relating to the Value, Vulnerability, and Protection of the Target 273 D. Factors Relating to the Control and Jurisdiction over the Network and the Attacker 277 III. Private Sector Responses 279 IV. Government Intervention 281 A. The Role of Law in Different Societies 282 B. Public Goods and Collective Action Problems 283 C. Externalities 283 D. Costs of Regulation 284 V. Choice of Horizontal Public Order: A Transaction Cost Analysis of Prescriptive Jurisdiction in Cybersecurity 284 A. Territoriality and Aterritoriality 284 B. Regulatory Competition and Regulatory Cartelization 288 VI. Strategic Considerations and International Legal and Organizational Responses 289 A. The Cybersecurity Public Goods Game 290 B. Coordination Problem: The Global Cyberspace Stag Hunt 292 C. State Sponsorship of Cyberterrorism: A Game of “Chicken” or of “Bully”? 293 D. Relative and Absolute Gains 294 E. Information Problems 295 VII. Vertical Choice 2: International Intervention 295 A. Use of Analogs and Precedents 295 B. Cybercrime and Cyberterrorism: The Council of Europe Cybercrime Model 297 C. Data Flows and Funds Flows: Finance for Terrorism and the Financial Action Task Force Model 298 D. Data Packets and Shipping Containers: The Maritime Security Model 300 E. Results of Analogical Assessment 301 VIII. Conclusion 302 References 303 Index 307 Cover......Page 1 Half-title......Page 3 Title......Page 5 Copyright......Page 6 Contents......Page 7 Acknowledgments......Page 9 Contributors......Page 10 The Law and Economics of Cybersecurity: An Introduction......Page 11 Part One Problems: Cybersecurity and Its Problems......Page 21 I. Introduction......Page 23 II. Private Security Expenditures......Page 25 III. Public and Private Goods......Page 30 IV. Conclusion......Page 36 References......Page 37 Two A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?......Page 39 A. Case A: The Open Source Paradigm......Page 42 B. Case B: The Military Paradigm......Page 43 C. Case C: The Information-Sharing Paradigm......Page 45 D. Case D: The Public Domain......Page 46 II. The Key Reasons Computer and Network Security May Vary from Other Types of Security......Page 48 A. Hiddenness and the First-Time Attack......Page 49 B. Uniqueness of the Defense......Page 51 C. Why Low Uniqueness May Be Typical of Computer and Network Security......Page 52 III. Relaxing the Open Source Assumptions: Computer and Network Security in the Real World......Page 58 A. The Assumption That Disclosure Will Not Help the Attackers......Page 59 B. The Assumption That Disclosure Will Tend to Improve the Design of Defenses......Page 69 C. The Assumption That Disclosure Will Spread Effective Defenses to Others......Page 73 IV. Conclusion: Security, Privacy, and Accountability......Page 75 References......Page 78 I. Introduction......Page 83 II. Survivable Systems Versus Impregnable Artifacts......Page 85 A. Ad Hoc Mesh Wireless Networks......Page 88 B. Distributed Data Storage and Retrieval......Page 94 C. Distributed Computing......Page 98 A. What Are Shareable Goods?......Page 101 B. Differences in Information Costs......Page 103 C. Differences in Motivation Structures......Page 105 D. Information and Motivation: Cumulative Considerations......Page 109 A. Pooling Resources through Firms......Page 110 B. Secondary Markets in Excess Capacity......Page 111 C. Social Production of Survivable Infrastructures......Page 114 VI. Conclusion......Page 121 References......Page 122 Four Cybersecurity: Of Heterogeneity and Autarky......Page 125 I. Redundancy: Heterogeneity Versus Autarky......Page 130 A. Monocultures: Supply versus Demand......Page 131 B. Heterogeneity and Autarky......Page 133 C. The Cost of Engineering Heterogeneity......Page 137 II. Understanding Computer Software Product Quality......Page 140 A. Consumer Software Adoption with Full Liability......Page 141 B. Quality Investment and Full Liability......Page 142 C. Timing of Software Release and Adoption......Page 143 III. Conclusion......Page 145 References......Page 147 Part Two Solutions: Private Ordering Solutions......Page 151 Five Network Responses to Network Threats: The Evolution into Private Cybersecurity Associations......Page 153 I. Introduction......Page 154 A. Private Security Associations in the “[Very] Old Economy”......Page 160 B. Private Security Assiciations in the “New Economy”: ISACs......Page 162 C. Public Subsidies of Private Network Security Associations......Page 165 A. Enforcement of Norms by Networks and Hierarchies......Page 168 B. The Paradox of Spontaneous Formation......Page 175 C. The Evolution of Private Legal Systems......Page 180 D. A Note on Game Types......Page 183 E. Assessing Enforcement Costs of Regulated Norms......Page 185 A. Network Security Norms as Noncooperative Game Types......Page 189 B. Reliance on Existing Functionality in the Chemical Sector ISAC......Page 192 C. Implications on the Public Subsidy of ISACs......Page 195 V. Conclusion......Page 197 References......Page 198 Six The Dark Side of Private Ordering: The Network/Community Harm of Crime......Page 203 I. The Network Harms from Computer Crime......Page 205 A. Network Harms......Page 207 B. Distributional Harms......Page 209 II. Some Implications of A Community Harm Approach......Page 211 A. The Case for Unlike Punishments for Like Crimes......Page 214 B. Crimes against Networks......Page 215 C. The Third-Party Liability Debate......Page 217 D. The Problem with Current Law Enforcement and White House Cyberstrategy......Page 222 References......Page 225 Abstract......Page 231 A. The Standard Model......Page 237 B. Applied to Internet Service Providers......Page 242 A. Overzealous ISPs......Page 249 B. Subscriber Self-Help......Page 252 C. Other Objections......Page 254 A. The Communications Decency Act......Page 257 B. Common Law Principles......Page 263 IV. Conclusion......Page 264 I. Introduction......Page 269 A. Terms and Parameters......Page 271 B. Analytical Framework......Page 272 C. Factors Relating to the Value, Vulnerability, and Protection of the Target......Page 273 D. Factors Relating to the Control and Jurisdiction over the Network and the Attacker......Page 277 III. Private Sector Responses......Page 279 IV. Government Intervention......Page 281 A. The Role of Law in Different Societies......Page 282 C. Externalities......Page 283 A. Territoriality and Aterritoriality......Page 284 B. Regulatory Competition and Regulatory Cartelization......Page 288 VI. Strategic Considerations and International Legal and Organizational Responses......Page 289 A. The Cybersecurity Public Goods Game......Page 290 B. Coordination Problem: The Global Cyberspace Stag Hunt......Page 292 C. State Sponsorship of Cyberterrorism: A Game of “Chicken” or of “Bully”?......Page 293 D. Relative and Absolute Gains......Page 294 A. Use of Analogs and Precedents......Page 295 B. Cybercrime and Cyberterrorism: The Council of Europe Cybercrime Model......Page 297 C. Data Flows and Funds Flows: Finance for Terrorism and the Financial Action Task Force Model......Page 298 D. Data Packets and Shipping Containers: The Maritime Security Model......Page 300 E. Results of Analogical Assessment......Page 301 VIII. Conclusion......Page 302 References......Page 303 Index......Page 307 "Cybersecurity is a leading national problem for which the market may fail to produce a solution. The ultimate source is that computer owners lack adequate incentives to invest in security because they bear fully the costs of their security precautions but share the benefits with their network partners. In a world of positive transaction costs, individuals often select less than optimal security levels. The problem is compounded because the insecure networks extend far beyond the regulatory jurisdiction of any one nation or even coalition of nations. This book brings together the views of leading law and economics scholars on the nature of the cybersecurity problem and possible solutions to it. Many of these solutions are market based, but they need some help, either from government or industry groups, or both, indeed, the cybersecurity problem prefigures a host of 21st-century problems created by information technology and the globalization of markets."--BOOK JACKET Private Versus Social Incentives In Cybersecurity: Law And Economics / Bruce K. Kobayashi -- A Model For When Disclosure Helps Security : What Is Different About Computer And Network Security? / Peter P. Swire -- Peer Production Of Survivable Critical Infrastructures / Yochai Benkler -- Cyber Security : Of Heterogeneity And Autarchy / Randal C. Picker -- Network Responses To Network Threats : The Evolution Into Private Cybersecurity Associations / Amitai Aviram -- The Dark Side Of Private Ordering: The Network/community Harm Of Crime / Neal K. Katyal -- Holding Internet Service Providers Accountable / Doug Lichtman And Eric P. Posner -- Global Cyberterrorism, Jurisdiction, And International Organization / Joel P. Trachtman. Edited By Mark F. Grady, Francesco Parisi. Several Of The Papers Originally Presented At A Conference Held At George Mason University On June 11, 2004. Includes Bibliographical References And Index. Private versus social incentives in cybersecurity : law and economics / Bruce K. Kobayashi A model for when disclosure helps security : what is different about computer and network security? / Peter P. Swire Peer production of survivable critical infrastructures / Yochai Benkler Cyber security : of heterogeneity and autarky / Randal C. Picker Network responses to network threats : the evolution into private cybersecurity associations / Amitai Aviram The dark side of private ordering : the network/community harm of crime / Neal K. Katyal Holding internet service providers accountable / Doug Lichtman and Eric P. Posner Global cyberterrorism, jurisdiction, and international Organization / Joel T. Trachtman. Private versus social incentives in cybersecurity, law, and economics / Bruce K. Kobayashi A model for when disclosure helps security : what is different about computer and network security? / Peter Swire Peer production of survivable critical infrastructures / Yochai Benkler Cyber security : of heterogeneity and autarchy / Randal C. Picker Network responses to network threats : the evolution into private cyber-security associations / Amitai Aviram The dark side of private ordering for cybersecurity / Neal K. Katyal Holding internet service providers accountable / Doug Lichtman and Eric P. Posner Global cyberterrorism, jurisdiction, and international Organization / Joel T. Trachtman. Cybersecurity is a leading national problem for which the market may fail to produce a solution because individuals often select less than optimal security levels in a world of positive transaction costs. The problem is compounded because the insecure networks extend far beyond the regulatory jurisdiction of any one nation or even coalition of nations. This book brings together the views of leading law and economics scholars on the nature of the cybersecurity problem and possible solutions to it. Many of these solutions are market based, but in need of aid, either from government or industry groups or both. Cybersecurity is a growing problem for countries worldwide, particularly due to nations' critical assets being vulnerable to cyberattack. This book brings together the views of leading law and economics scholars on the nature of the cybersecurity problem and possible solutions to it
دانلود کتاب The law and economics of cybersecurity: edited by Mark F. Grady, Francesco Parisi