Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-77c89778f8-gq7q9 Total loading time: 0 Render date: 2024-07-22T12:15:02.018Z Has data issue: false hasContentIssue false

1 - Private versus Social Incentives in Cybersecurity: Law and Economics

Published online by Cambridge University Press:  18 August 2009

By
Bruce H. Kobayashi
Edited by
Mark F. Grady  and
Francesco Parisi
Bruce H. Kobayashi
Affiliation:
Professor of Law and Associate Dean for Academic Affairs, George Mason University, School of Law
Mark F. Grady
Affiliation:
University of California, Los Angeles
Francesco Parisi
Affiliation:
George Mason University, Virginia
Get access

Summary

INTRODUCTION

Individuals and firms make significant investments in private security. These expenditures cover everything from simple door locks on private homes to elaborate security systems and private security guards. They are in addition to and often complement public law enforcement expenditures. They also differ from public law enforcement expenditures in that they are aimed at the direct prevention or reduction of loss and not necessarily at deterring crime through ex post sanctions.

A growing and important subset of private security expenditures are those related to cybersecurity (see Introduction and Chapter 5). Private security expenditures are important given the decentralized nature of the Internet and the difficulties in applying traditional law enforcement techniques to crime and other wealth-transferring activities that take place in cyberspace. These include difficulties in identifying those responsible for cybercrimes, difficulties arising from the large volume and inchoate nature of many of the crimes, and difficulties associated with punishing judgment-proof individuals who are eventually identified as responsible for cyberattacks. As a consequence, those responsible for cyberattacks may perceive both that the probability of punishment is low and that the size of the sanction (when punishment occurs) is small; the final result will be a low expectation of penalty and inadequate deterrence (Becker 1968).

Although individuals and businesses have made significant private investments in cybersecurity, there is a concern that leaving the problem of cybersecurity to the private sector may result in an inadequate level of protection for individuals, firms, and critical networks.

Type
Chapter
Information
The Law and Economics of Cybersecurity , pp. 13 - 28
Publisher: Cambridge University Press
Print publication year: 2005

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Armantier, Olivier, and Richard, Oliver. 2003. Exchanges of Cost Information in the Airline Industry. RAND Journal of Economics 34:461CrossRefGoogle Scholar
Aviram, Amitai, and Tor, Avishalom. 2004. Overcoming Impediments to Information Sharing. Alabama Law Review 55:231Google Scholar
Becker, Gary. 1968. Crime and Punishment: An Economic Approach. Journal of Political Economy 76:169CrossRefGoogle Scholar
Becker, Gary, and Stigler, George. 1974. Law Enforcement, Malfeasance, and Compensation of Enforcers. Journal of Legal Studies 3:1CrossRefGoogle Scholar
Clotfelter, Charles T. 1978. Private Security and the Public Safety. Journal of Urban Economics 5:388CrossRefGoogle Scholar
Craswell, Richard, and Calfee, John E.. 1986. Deterrence and Uncertain Legal Standards. Journal of Law, Economics, and Organization 2:279Google Scholar
Demsetz, Harold. 1970. The Private Production of Public Goods. Journal of Law and Economics 13:293CrossRefGoogle Scholar
Easterbrook, Frank H., and Fischel, Daniel R.. 1984. Mandatory Disclosure and the Protection of Investors. Virginia Law Review 70:669CrossRefGoogle Scholar
Eisenberg, Barry S. 1981. Information Exchange among Competitors: The Issue of Relative Value Scales for Physicians' Services. Journal of Law and Economics 23:461Google Scholar
Friedman, David. 1979. Private Creation and Enforcement of Law: A Historical Case. Journal of Legal Studies 8:399CrossRefGoogle Scholar
Friedman, David. 1984. Efficient Institutions for the Private Enforcement of Law. Journal of Legal Studies 13:379CrossRefGoogle Scholar
Friedman, David. 1991. Impossibility, Subjective Probability, and Punishment for Attempts. Journal of Legal Studies 20:179CrossRefGoogle Scholar
Frye, Emily. 2002. The Tragedy of the Cybercommons: Overcoming Fundamental Vulnerabilities to Critical Infrastructure in a Networked World. Business Law 58:349Google Scholar
Gal-Or, Esther. 1986. Information Transmission: Cournot and Bertrand Equilibria. Review of Economic Studies 53:85CrossRefGoogle Scholar
Hayek, F. 1945. The Use of Knowledge in Society. American Economic Review 35:519Google Scholar
Hui-Wen, Koo, and Png, I. P. L.. 1994. Private Security: Deterrent or Diversion. International Review of Law and Economics 14:87CrossRefGoogle Scholar
Johnsen, D. Bruce. 2003. The Limits of Mandatory Disclosure: Regulatory Taking under the Investment Company Act. Mimeo, George Mason UniversityGoogle Scholar
Kobayashi, Bruce H. Forthcoming. An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods. Supreme Court Economic ReviewGoogle Scholar
Kobayashi, Bruce H., and Ribstein, Larry E.. 2002a. State Regulation of Electronic Commerce. Emory Law Journal 51:1Google Scholar
Kobayashi, Bruce H. and Ribstein, Larry E.. . 2002b. Privacy and Firms. Denver University Law Review 79:526Google Scholar
Krim, Jonathan. 2003. Help Fix Cybersecurity or Else, U.S. Tells Industry. Washington Post, December 4, p. E02Google Scholar
Landes, William M., and Posner, Richard A.. 1975. The Private Enforcement of Law. Journal of Legal Studies 4:1CrossRefGoogle Scholar
Landes, William M., and , Richard A. Posner. 2003. The Economic Structure of Intellectual Property Law. Cambridge, MA: Belknap PressGoogle Scholar
Liebowitz, Stan J., and Margolis, Stephen E.. 1999. Winners, Losers, and Microsoft: Competition and Antitrust in High Technology. Oakland, CA: Independent InstituteGoogle Scholar
Shavell, Steven. 1990. Deterrence and the Punishment of Attempts. Journal of Legal Studies 19:435CrossRefGoogle Scholar
Shavell, Steven. 1991. Individual Precautions to Prevent Theft: Private versus Socially Optimal Behavior. International Review of Law and Economics 11:123CrossRefGoogle Scholar
Walker, Leslie. 2003. The View from Symatec's Security Central. Washington Post, January 9, p. E01Google Scholar

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×