Cybersecurity

Research

Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle Adam Thierer \| Jan 25, 2013 This paper will consider the structure of fear appeal arguments in technology policy debates and then outline how those arguments can be deconstructed and refuted in both cultural and economic contexts. Several examples of fear appeal arguments will be offered with a particular focus on online child safety, digital privacy, and cybersecurity. The various factors contributing to “fear cycles” in these policy areas will be documented.	Beyond Cyber-Doom: Assessing the Limits of Hypothetical Scenarios in the Framing of Cyber-Threats Sean Lawson \| Dec 19, 2012 Cybersecurity proponents often rely upon cyber-doom scenarios as a key tactic for calling attention to prospective cyber-threats. This essay critically examines cyber-doom scenarios by placing them into a larger historical context, assessing how realistic they are, and drawing out the policy implications of relying upon such tales. It draws from relevant research in the history of technology, military history, and disaster sociology to examine some of the key assertions and assumptions of cyber-doom scenarios. It argues that cyber-doom scenarios are the latest manifestation of fears about “technology-out-of-control” in Western societies, that they are unrealistic, and that they encourage the adoption of counter-productive, even dangerous policies. The paper concludes by offering alternative principles for the formulation of cybersecurity policy.
Internet Security Without Law: How Service Providers Create Order Online Eli Dourado \| Jun 19, 2012 ISPs have borne significant costs to reduce malware, despite their lack of formal legal liability. Informal institutions perform much better than a regime of formal indirect liability. The fact that legal polycentricity is more widespread than is often recognized should affect law and economics scholarship.	Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy Jerry Brito, Tate Watkins \| Apr 10, 2012 There has been no shortage of attention devoted to cybersecurity, with a wide range of experts warning of potential doomsday scenarios should the government not act to better secure the Internet. But this is not the first time we have been warned of impending dangers; indeed, there are many parallels between present portrayals of cyberthreats and the portrayal of Iraq prior to 2003, or the perceived bomber gap in the late 1950s.
Is There a Market Failure In Cybersecurity? Eli Dourado, Jerry Brito \| Mar 06, 2012 Like gardens, the Internet developed without government intervention. Unnecessary regulation could break down the norms and practices that caused the Internet flourish in the first place.	Is There a Cybersecurity Market Failure Eli Dourado \| Jan 23, 2012 This paper finds that alleged cybersecurity market failures are, at a minimum, much smaller than they first appear and, consequently, that attempts to correct them through naive government regulation run the serious risk of doing more harm than good.

More Research

Testimony & Comments

Cyber Security Certification Program

Jerry Brito, Tate Watkins | Jul 12, 2010

The notice of inquiry seeks comment on whether a cyber security certification program “would create business incentives for providers of communications services to sustain a high level of cyber…

Research Summaries & Toolkits

Mercatus Center Policy Guide

| Aug 03, 2012

The Mercatus Center at George Mason University is pleased to provide you with our new policy guide. The guide is designed to provide easily accessible economic information that might prove useful in pre- paring for hearings or town hall meetings, drafting speeches or policy papers, and generally educating the public regarding spending, taxes, regulation, financial markets, and technology policy.

Expert Commentary

A Net Skeptic's Conservative Manifesto Reason By Adam Thierer \| Apr 27, 2013 Evgeny Morozov’s latest book, To Save Everything, Click Here, follows the same blueprint as his first book, 2011’s The Net Delusion. He takes the over-zealous ramblings of a handful of Internet evangelists, suggests that Pollyannas like them are all around us, and then argues, implausibly, that their very ideas threaten to undermine our culture or humanity in some fashion. Along the way, he doles out generous heapings of unremitting, snarky scorn.	Cyber-Security: Stand Down, for Now, Congress Time By Jerry Brito \| Feb 22, 2013 Now that President Obama has acted on cyber-security, Congress doesn’t need to. Yet guided by their worst impulses – to extend protections to business, or to exert bureaucratic control – members of Congress will insist that it is imperative they get in on the action. If they do, they will undoubtedly be saddling us with a host of unintended consequences that we will come to regret later.
Le Stasis C’est Moi The Umlaut By Jerry Brito \| Feb 21, 2013 While you might drive an Audi and shop at Ikea, you likely can’t even think of a European Internet company. Some would argue that the EU’s strict privacy regulations inhibit Internet entrepreneurship in the continent, but there seems to be something else going on since they don’t seem to keep U.S. firms from doing business there. Well, just barely.	Why We Should Fear a Do-Something Congress The Umlaut By Jerry Brito \| Feb 07, 2013 As more inevitable breaches are reported, the public will demand that Congress “do something” about the cyber threat from abroad—even if they have no idea what that something should be. As a result, Congress will be more than happy to act by spending gobs of money on “cyber R&D and scholarships,” by exempting companies from privacy laws, and even by licensing cybersecurity professionals.
Aaron Swartz: The Punishment Did Not Fit the Crime Reason By Jerry Brito \| Jan 31, 2013 Aaron Swartz, a 26-year-old computer prodigy and Internet activist, was facing decades in prison for violating federal hacking laws when he took his own life earlier this month. Many commentators, including Lawrence Lessig and Glenn Greenwald, have argued that prosecutorial zeal drove Swartz to hang himself. They’re certainly right. Yet prosecutorial discretion would not have mattered much if the possibility of such draconian punishment did not exist.	What’s Wrong With a Copyright Alert System? Reason By Jerry Brito \| Jan 04, 2013 In January, Internet service providers will begin sending notices to subscribers suspected of illegally downloading music or movies using peer-to-peer file-sharing networks. After five increasingly sternly worded warnings, subscribers’ Internet access will be slowed down or partially blocked. This new “Copyright Alert System” is bound to raise the hackles of digital rights activists—but should it?

More Expert Commentary

Experts

Jerry Brito

Jerry Brito is a senior research fellow at the Mercatus Center and directs the Technology Policy Program. His primary research interests are technology and telecommunications policy, government transparency and accountability, and the regulatory process.

Eli Dourado

Eli Dourado is a research fellow at the Mercatus Center at George Mason University with the Technology Policy Program.

Adam Thierer

Adam Thierer is a senior research fellow at the Mercatus Center at George Mason University with the Technology Policy Program. His primary research interests are technology, media, Internet, and free speech policy issues, with a particular focus on online child safety and digital privacy policy issues.

Videos

The U.N. and the Internet: Previewing the World Conference on International Telecommunication

Eli Dourado, Jerry Brito, Paul Brigner, Gary Fowlie, Milton L. Mueller, Terry D. Kramer | November 14, 2012

The Great Privacy Debate

Adam Thierer | July 24, 2012

Podcasts

Sean Flaim on the private enforcement of copyrights

Jerry Brito | March 26, 2013

Sean Flaim, an attorney focusing on antitrust, intellectual property, cyberlaw, and privacy, discusses his new paper “Copyright Conspiracy: How the New Copyright Alert System May Violate the Sherman Act,” recently published in the New York University Journal of Intellectual Property and Entertainment Law. Flaim describes content owners early attempts to enforce copyright through lawsuit as a “public relations nightmare” that humanized piracy and created outrage over large fines imposed on casual downloaders.

Download the MP3

More Podcasts

Recent Events

Hackers, Terrorists, and Rogue States: What Do They Mean for American Cybersecurity?

Cybersecurity is a hot topic on Capitol Hill. But what exactly does cybersecurity entail? An issue this large encompasses many elements: what is the real threat? What is its scope? Who is at risk? Who is the most suited to defend against the threat?

More Recent Events

Media Clippings

Stuxnet Debate Continues: How Should Cyberweapons be Used?

Jerry Brito | Jul 12, 2012

Jerry Brito cited discussing current cybersecurity concerns.

Get the UN’s Hands Off the Internet

Eli Dourado |

Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle Adam Thierer \| Jan 25, 2013 This paper will consider the structure of fear appeal arguments in technology policy debates and then outline how those arguments can be deconstructed and refuted in both cultural and economic contexts. Several examples of fear appeal arguments will be offered with a particular focus on online child safety, digital privacy, and cybersecurity. The various factors contributing to “fear cycles” in these policy areas will be documented.	Beyond Cyber-Doom: Assessing the Limits of Hypothetical Scenarios in the Framing of Cyber-Threats Sean Lawson \| Dec 19, 2012 Cybersecurity proponents often rely upon cyber-doom scenarios as a key tactic for calling attention to prospective cyber-threats. This essay critically examines cyber-doom scenarios by placing them into a larger historical context, assessing how realistic they are, and drawing out the policy implications of relying upon such tales. It draws from relevant research in the history of technology, military history, and disaster sociology to examine some of the key assertions and assumptions of cyber-doom scenarios. It argues that cyber-doom scenarios are the latest manifestation of fears about “technology-out-of-control” in Western societies, that they are unrealistic, and that they encourage the adoption of counter-productive, even dangerous policies. The paper concludes by offering alternative principles for the formulation of cybersecurity policy.
Internet Security Without Law: How Service Providers Create Order Online Eli Dourado \| Jun 19, 2012 ISPs have borne significant costs to reduce malware, despite their lack of formal legal liability. Informal institutions perform much better than a regime of formal indirect liability. The fact that legal polycentricity is more widespread than is often recognized should affect law and economics scholarship.	Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy Jerry Brito, Tate Watkins \| Apr 10, 2012 There has been no shortage of attention devoted to cybersecurity, with a wide range of experts warning of potential doomsday scenarios should the government not act to better secure the Internet. But this is not the first time we have been warned of impending dangers; indeed, there are many parallels between present portrayals of cyberthreats and the portrayal of Iraq prior to 2003, or the perceived bomber gap in the late 1950s.
Is There a Market Failure In Cybersecurity? Eli Dourado, Jerry Brito \| Mar 06, 2012 Like gardens, the Internet developed without government intervention. Unnecessary regulation could break down the norms and practices that caused the Internet flourish in the first place.	Is There a Cybersecurity Market Failure Eli Dourado \| Jan 23, 2012 This paper finds that alleged cybersecurity market failures are, at a minimum, much smaller than they first appear and, consequently, that attempts to correct them through naive government regulation run the serious risk of doing more harm than good.

A Net Skeptic's Conservative Manifesto Reason By Adam Thierer \| Apr 27, 2013 Evgeny Morozov’s latest book, To Save Everything, Click Here, follows the same blueprint as his first book, 2011’s The Net Delusion. He takes the over-zealous ramblings of a handful of Internet evangelists, suggests that Pollyannas like them are all around us, and then argues, implausibly, that their very ideas threaten to undermine our culture or humanity in some fashion. Along the way, he doles out generous heapings of unremitting, snarky scorn.	Cyber-Security: Stand Down, for Now, Congress Time By Jerry Brito \| Feb 22, 2013 Now that President Obama has acted on cyber-security, Congress doesn’t need to. Yet guided by their worst impulses – to extend protections to business, or to exert bureaucratic control – members of Congress will insist that it is imperative they get in on the action. If they do, they will undoubtedly be saddling us with a host of unintended consequences that we will come to regret later.
Le Stasis C’est Moi The Umlaut By Jerry Brito \| Feb 21, 2013 While you might drive an Audi and shop at Ikea, you likely can’t even think of a European Internet company. Some would argue that the EU’s strict privacy regulations inhibit Internet entrepreneurship in the continent, but there seems to be something else going on since they don’t seem to keep U.S. firms from doing business there. Well, just barely.	Why We Should Fear a Do-Something Congress The Umlaut By Jerry Brito \| Feb 07, 2013 As more inevitable breaches are reported, the public will demand that Congress “do something” about the cyber threat from abroad—even if they have no idea what that something should be. As a result, Congress will be more than happy to act by spending gobs of money on “cyber R&D and scholarships,” by exempting companies from privacy laws, and even by licensing cybersecurity professionals.
Aaron Swartz: The Punishment Did Not Fit the Crime Reason By Jerry Brito \| Jan 31, 2013 Aaron Swartz, a 26-year-old computer prodigy and Internet activist, was facing decades in prison for violating federal hacking laws when he took his own life earlier this month. Many commentators, including Lawrence Lessig and Glenn Greenwald, have argued that prosecutorial zeal drove Swartz to hang himself. They’re certainly right. Yet prosecutorial discretion would not have mattered much if the possibility of such draconian punishment did not exist.	What’s Wrong With a Copyright Alert System? Reason By Jerry Brito \| Jan 04, 2013 In January, Internet service providers will begin sending notices to subscribers suspected of illegally downloading music or movies using peer-to-peer file-sharing networks. After five increasingly sternly worded warnings, subscribers’ Internet access will be slowed down or partially blocked. This new “Copyright Alert System” is bound to raise the hackles of digital rights activists—but should it?