What Are Data Security and Privacy Worth?
Experts on Economics of Data Security To Gather at Carnegie Mellon
PITTSBURGH—In a digitized world where massive amounts of patient data can be compromised by a single lost laptop or an individual's identity can be swiped by an online "phishing" expedition, the need for information security is vital. But what is security worth to individuals and companies, and what are they willing to pay for it?
Those questions will be the focus of the 2007 Workshop on the Economics of Information Security, a convergence of economists, computer scientists, lawyers and psychologist/behavioral economists June 7–8 at Carnegie Mellon University.
"Discussions of data security often focus on technical solutions," noted Alessandro Acquisti, assistant professor of information technology and public policy at Carnegie Mellon's H. John Heinz III School of Public Policy and Management. "But getting people to protect themselves and getting companies and government agencies to implement information security practices often involves economic, behavioral and legal factors over and above the technical issues," added Acquisti, who chairs the workshop's program committee with Rahul Telang, assistant professor of information systems.
An international array of researchers and security experts will present papers on the expanding black and white markets for selling newly discovered vulnerabilities in software, how publicized arrests of hackers can at least temporarily deter attacks on computer networks, and the ways employee use of peer-to-peer networks for sharing music, videos and software can inadvertently compromise a company's databases.
Other papers include an inside look at a computer used to operate a "phishing" site — a Web site designed to look like a legitimate bank or other institutional Web site to trick visitors into revealing account or other personal information — and the techniques used to keep it running. And researchers will report on the first study that found people willing to pay extra to protect their privacy, at least when that privacy protection was visible to them.
The Workshop on the Economics of Information Security is hosted by the Heinz School and Carnegie Mellon CyLab, and supported by Dartmouth University's Institute for Information Infrastructure Protection and Microsoft. For more information, see http://weis2007.econinfosec.org.