Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-7479d7b7d-pfhbr Total loading time: 0 Render date: 2024-07-10T18:20:00.691Z Has data issue: false hasContentIssue false

5 - Network Responses to Network Threats: The Evolution into Private Cybersecurity Associations

Published online by Cambridge University Press:  18 August 2009

By
Amitai Aviram
Edited by
Mark F. Grady  and
Francesco Parisi
Amitai Aviram
Affiliation:
Assistant Professor of Law, Florida State University, College of Law
Mark F. Grady
Affiliation:
University of California, Los Angeles
Francesco Parisi
Affiliation:
George Mason University, Virginia
Get access

Summary

The enforcement of certain norms on network participants – such as norms supporting information exchange and governing access to the network – is critical for ensuring the security of the network. While a public norm enforcer may be feasible in many situations, private norm enforcement may, and frequently does, complement or substitute for public enforcement. Private enforcement of cybersecurity is often subsidized, primarily in nonpecuniary manners (e.g., by exemption from antitrust laws). These subsidies may be necessary to capture the positive externalities of providing security to the network, but they also bias private parties' incentives and may result in the formation of inefficient security associations that are beneficial to their members only due to the subsidy. To mitigate this concern, subsidies should be awarded only to associations that are likely to be effective in enforcing norms on the network participants. This article offers a framework for assessing the likelihood that an association would become an effective norm enforcer.

Norms that are expensive to enforce are rarely enforced by newly formed private legal systems (PLSs) because the effectiveness of mechanisms used to secure compliance (e.g., the threat of exclusion) depends on the PLSs' ability to confer benefits on their members, and newly formed PLSs do not yet confer such benefits. Preexisting functionality inexpensively enhances a PLS's ability to enforce norms, and therefore most PLSs rely on preexisting institutions that already benefit members, typically by regulating norms that are not very costly to enforce.

Type
Chapter
Information
The Law and Economics of Cybersecurity , pp. 143 - 192
Publisher: Cambridge University Press
Print publication year: 2005

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Abbott, Alden F. 2003. Remarks before George Mason University Law School Tech Center. Critical Infrastructure Protection Conference on Antitrust and the Exchange of Cyberthreat Information (Arlington, VA, Jan. 30, 2003)
Ahdieh, Robert. 2003. Making Markets: Network Effects and the Role of Law in the Creation and Restructuring of Securities Markets. Southern California Law Review 76:277Google Scholar
American Bankers Association. 2004. 125th Anniversary Timeline 1890–1899. http://www.aba.com/aba/125/timeline1890--1899.htm
Aviram, Amitai. 2003. Regulation by Networks. Brigham Young University Law Review 2003:1179Google Scholar
Aviram, Amitai. 2004. A Paradox of Spontaneous Formation: The Evolution of Private Legal Systems. Yale Law and Policy Review 22:1Google Scholar
Aviram, Amitai. 2005. In Defense of Imperfect Compliance Programs. Florida State University Law Review 32:397Google Scholar
Aviram, Amitai, and Tor, Avishalom. 2004. Overcoming Impediments to Information Sharing. Alabama Law Review 55:231Google Scholar
Baird, Douglas G.. 1994. Game Theory and the Law. Cambridge, MA: Harvard University PressGoogle Scholar
Bebchuk, Lucian A., and Roe, Mark J.. 1999. A Theory of Path Dependence in Corporate Ownership and Governance. Stanford Law Review 52:127CrossRefGoogle Scholar
Benson, Bruce L. 1989. The Spontaneous Evolution of Commercial Law. Southern Economic Journal 55:644CrossRefGoogle Scholar
Bernstein, Lisa. 1992. Opting out of the Legal System: Extralegal Contractual Relations in the Diamond Industry. Journal of Legal Studies 21:115CrossRefGoogle Scholar
Brooks, Robin A. 1998. Deterring the Spread of Viruses Online: Can Tort Law Tighten the Net?Review of Litigation 17:343Google Scholar
Church, Jeffrey, and King, Ian. 1993. Bilingualism and Network Externalities. Canadian Journal of Economics 26:337CrossRefGoogle Scholar
Clay, Karen. 1997. Trade without Law: Private-Order Institutions in Mexican California. Journal of Law, Economics, and Organization 13:202CrossRefGoogle Scholar
Coase, Ronald H. 1937. The Nature of the Firm. Economica 4:386. Reprinted in Coase, Ronald H., The Firm, The Market, and the Law (Chicago: University of Chicago Press, 1988)Google Scholar
Coase, Ronald H.. 1960. The Problem of Social Cost. Journal of Law and Economics 3:1CrossRefGoogle Scholar
Cohen, William E. 1996. Competition and Foreclosure in the Context of Installed Base and Compatibility Effects. Antitrust Law Journal 64:535Google Scholar
Cooter, Robert D. 1996. Decentralized Law for a Complex Economy: The Structural Approach to Adjudicating the New Law Merchant. University of Pennsylvania Law Review 144:1643CrossRefGoogle Scholar
Courtney, Will. 2001. Are Online Auctions Guilty of E-Scalping?Eagle Tribune. http://www.eagletribune.com/news/stories/20010304/FP_004.htmGoogle Scholar
Cremer, Jacques. 2000. Connectivity in the Commercial Internet. Journal of Industrial Economics 48:433CrossRefGoogle Scholar
Cunningham, Lawrence A. 2004. The Appeal and Limits of Internal Controls to Fight Fraud, Terrorism, Other Ills. Journal of Corporate Law 29:267Google Scholar
DHS, SEC Talking about Requirements to Disclose Information about Cybersecurity. 2003. Law Week 72:2234
Dick, Andrew R. 1996. When Are Cartels Stable Contracts?Journal of Law and Economics 39:241CrossRefGoogle Scholar
Drury, Allan. 2002. When It Comes to Ticket Scalping, the Net's the Wild West. USA Today. http://www.usatoday.com/tech/webguide/internetlife/2002--10--07-e-scalping_x.htm
Eatwell, John., eds. 1987. Game Theory. New York: NortonGoogle Scholar
Eisenberg, Melvin A. 1999. Corporate Law and Social Norms. Columbia Law Review 99:1253CrossRefGoogle Scholar
Ellickson, Robert C., 1986. Of Coase and Cattle: Dispute Resolution among Neighbors in Shasta County. Stanford Law Review 38:623CrossRefGoogle Scholar
Ellickson, Robert C.. 1989. A Hypothesis of Wealth-Maximizing Norms: Evidence from the Whaling Industry. Journal of Law, Economics, and Organization 5:83Google Scholar
Ellickson, Robert C.. 1991. Order without Law: How Neighbors Settle Disputes. Cambridge, MA: Harvard University PressGoogle Scholar
Ellickson, Robert C., and Thorland, Charles D.. 1995. Ancient Land Law: Mesoportamia, Egypt, Israel. Chicago Kent Law Review 71:321Google Scholar
Frye, Emily. 2002. The Tragedy of the Cybercommons: Overcoming Fundamental Vulnerabilities to Critical Infrastructures in a Networked World. Business Law 58:349Google Scholar
Frye, Emily. 2003. Information-Sharing Hangups: Is Antitrust Just a Cover?CIP Report 1:6Google Scholar
Galbi, Douglas A. 2002. Revolutionary Ideas for Radio Regulation. http://papers.ssrn.com/sol3/papers.cfm?abstract_id-316380
Gentile, Carmen J. 2000. Israeli Hackers Vow to Defend. Wired News, November 15. http://www.wired.com/news/politics/0,1283,40187,00.htmlGoogle Scholar
Glaber, Ralph. 2004. Miracles de Saint-Benoit. http://www.fordham.edu/halsall/source/glaber-1000.html
Goodman, Marc D., and Brenner, Susan W.. 2002. The Emerging Consensus on Criminal Conduct in Cyberspace. University of California Los Angeles Journal of Law and Technology 2002:4Google Scholar
Greif, Avner. 1989. Reputation and Coalitions in Medieval Trade: Evidence on the Maghribi Traders. Journal of Economic History 49:857CrossRefGoogle Scholar
Greif, Avner. 1993. Contract Enforceability and Economic Institutions in Early Trade: The Maghribi Traders' Coalition. American Economic Review 83:525Google Scholar
Greif, Avner. 1994. Coordination, Commitment, and Enforcement: The Case of the Merchant Guild. Journal of Political Economy 102:745CrossRefGoogle Scholar
Griboff, Howard. 1992. New Freedom for AT&T in the Competitive Long Distance Market. Federal Commercial Law Journal 44:435Google Scholar
Grow, Brian. 2004. Nothing's Foolproof, but Early Warning Antivirus Systems Are Getting Better Jumps on Mischief Makers. Business Week, June 21. P. 84Google Scholar
Hayek, Friedrich A. 1978. Law, Legislation and Liberty. Chicago: University of Chicago PressCrossRefGoogle Scholar
Head, Thomas, and Landes, Richard, eds. 1992. The Peace of God: Social Violence and Religious Response in France around the Year 1000. Ithaca, NY: Cornell University PressGoogle Scholar
Holmes, Oliver Wendell. 1897. The Path of the Law. Harvard Law Review 10:457. Reprinted in Harvard Law Review 110 (1997):991Google Scholar
ISAC. 2004a. Frequently Asked Questions. http://www.energyisac.com/faq.dfm
ISAC. 2004b. Energy ISAC Subscriber Agreement. http://www.energyisac.com/docs/local/subscriberagreement.pdf
Islamic Hackers Step up Attacks. 2002. BBC News, October 29. http://news.bbc.co.uk/1/hi/technology/2372209.stm
Israel under Hack Attack. 2002. BBC News, April 16. http://news.bbc.co.uk/1/hi/sci/tech/1932750.stm
Katyal, Neal K. 2001. Criminal Law in Cyberspace. University of Pennsylvania Law Review 149:1003CrossRefGoogle Scholar
Klausner, Michael. 1995. Corporations, Corporate Law and Networks of Contracts. Virginia Law Review 81:757CrossRefGoogle Scholar
Kolasky, William J. 1999. Network Effects: A Contrarian View. George Mason Law Review 7:577Google Scholar
Kolko, Gabriel. 1965. Railroads and Regulation. New York: NortonGoogle Scholar
Kranton, Rachel E. 1996. The Formation of Cooperative Relationships. Journal of Law, Economics, and Organization 12:214CrossRefGoogle Scholar
Krawiec, Kimberly D. 2005. Organizational Misconduct: Beyond the Principal-Agent Model. Florida State University Law Review 32:263Google Scholar
Kreps, David M. 1987. Nash Equilibrium. In Game Theory, ed. Eatwell, John et al., 167. New York: NortonGoogle Scholar
Lemley, Mark A., and McGowan, David. 1998. Legal Implications of Network Economic Effects. California Law Review 86:479CrossRefGoogle Scholar
Lessig, Lawrence. 1999. Code and Other Laws of Cyberspace. New York: Basic BooksGoogle Scholar
Lichtenbaum, Peter, and Schneck, Melanie. 2002. The Response to Cyberattacks: Balancing Security and Cost. International Law 36:39Google Scholar
Macaulay, Stewart. 1963. Non-Contractual Relations in Business: A Preliminary Study. American Sociological Review 28:55CrossRefGoogle Scholar
Malone, Robert J., and Levary, Reuven R.. 1994. Computer Viruses: Legal Aspects. University of Miami Business Law Journal 4:125Google Scholar
McAdams, Richard H. 1997. The Origin, Development, and Regulation of Norms. Michigan Law Review 96:228CrossRefGoogle Scholar
McCarthy, John. 2003. Focus on Information Sharing. CIP Report 1:4Google Scholar
Milhaupt, Curtis J., and West, Mark D.. 2000. The Dark Side of Private Ordering: An Institutional and Empirical Analysis of Organized Crime. University of Chicago Law Review 67:41CrossRefGoogle Scholar
Miller, Harris N. 2002. Testimony Presented to United States Senate Committee on Governmental Affairs. http://www.itaa.org/infosec/050802testimony.pdf
Nash, John F. 1950. Equilibrium Points in n-Person Games. Proceedings of the National Academy of Sciences 36:48CrossRefGoogle ScholarPubMed
Nash, John F.. 1951. Non-Cooperative Games. Annals of Mathematics 54:286CrossRefGoogle Scholar
NERC. 2004. About NERC. http:/www.nerc.com/about
Note, Functional Analysis, Subsidies, and the Dormant Commerce Clause. 1997. Harvard Law Review 110:1537CrossRef
Oedel, David G. 1993. Private Interbank Discipline. Harvard Journal of Law and Public Policy 16:327Google Scholar
Olsen, Erik. 2001. Hacking for the Cause. ABC News, October 15. http://abcnews.go.com/sections/scitech/DailyNews/strikes_hacker_yihat)011015.htmlGoogle Scholar
Ostrom, Elinor. 1990. Governing the Commons: The Evolution of Institutions for Collective Action. Cambridge: Cambridge University PressCrossRefGoogle Scholar
Palay, Thomas M. 1984. Comparative Institutional Economics: The Governance of Rail Freight Contracting. Journal of Law and Economics 13:265Google Scholar
Piraino, Thomas A. Jr. 1995. The Antitrust Analysis of Network Joint Ventures. Hastings Law Journal 47:5Google Scholar
Posner, Eric A. 1996. Law, Economics, and Inefficient Norms. University of Pennsylvania Law Review 144:1697CrossRefGoogle Scholar
Posner, Richard A. 1998a. Economic Analysis of the Law. 5th ed. Gaithersburg, MD: Aspen PublishersGoogle Scholar
Posner, Richard A.. 1998b. Law and Literature. Cambridge, MA: Harvard University PressGoogle Scholar
Ribstein, Larry E., and Kobayashi, Bruce H.. 2001. Choice of Firm and Network Externalities. William and Mary Law Review 43:79Google Scholar
Smith, Adam. 1776. An Inquiry into the Nature and Causes of the Wealth of Nations. Ed. Cannan, E.. New York: Bantam ClassicsGoogle Scholar
Stigler, George J. 1964. A Theory of Oligopoly. Journal of Political Economics 72:44CrossRefGoogle Scholar
Strahilevitz, Lior. 2003a. Charismatic Code, Social Norms, and the Emergence of Cooperation on the File-Swapping Networks. Virginia Law Review 89:505CrossRefGoogle Scholar
Strahilevitz, Lior. 2003b. Social Norms from Close-Knit Groups to Loose-Knit Groups. University of Chicago Law Review 70:359CrossRefGoogle Scholar
Sunstein, Cass R. 1996. Social Norms and Social Roles. Columbia Law Review 96:903CrossRefGoogle Scholar
Thorne, Susan. 2002. Premiums Least of Owners' Worries in Israel. Shopping Centers Today. http://www.icsc.org/srch/sct/sct0902/page85.htmlGoogle Scholar
U.S.-Canada Power System Outage Task Force. 2003. Final Report on the August 14, 2003 Blackout in the United States and Canada: Causes and Recommendations. http://www.nerc.com/pub/sys/all_updl/docs/blackout/ch1--3.pdf
U.S. Department of Justice. 2000. Business Review Letter to Electric Power ISAC. http://www.usdoj.gov/atr/public/busreview/6614.htm
White House. 1998. Presidential Decision Directive/NSC-63. http://www.fas.org/irp/offdocs/pdd/pdd-63.htm
Will the Net End Ticket Scalping? 1999. MSNBC. com. http://zdnet.com.com/2100--11501311.html
Williamson, Oliver E. 1983. Credible Commitments: Using Hostages to Support Exchange. American Economic Review 73:519Google Scholar
Wolverton, Troy. 2002. Online Ticket Market Pressures Scalpers. CNET News.com. http://msn.com.com/2100--1106--918772.htmlGoogle Scholar
Zywicki, Todd J. 2003. The Rise and Fall of Efficiency in the Common Law: A Supply Side Analysis. Northwestern University Law Review 97:1551Google Scholar

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×