This paper will consider the structure of fear appeal arguments in technology policy debates and then outline how those arguments can be deconstructed and refuted in both cultural and economic contexts. Several examples of fear appeal arguments will be offered with a particular focus on online child safety, digital privacy, and cybersecurity. The various factors contributing to “fear cycles” in these policy areas will be documented.
Cybersecurity proponents often rely upon cyber-doom scenarios as a key tactic for calling attention to prospective cyber-threats. This essay critically examines cyber-doom scenarios by placing them into a larger historical context, assessing how realistic they are, and drawing out the policy implications of relying upon such tales. It draws from relevant research in the history of technology, military history, and disaster sociology to examine some of the key assertions and assumptions of cyber-doom scenarios. It argues that cyber-doom scenarios are the latest manifestation of fears about “technology-out-of-control” in Western societies, that they are unrealistic, and that they encourage the adoption of counter-productive, even dangerous policies. The paper concludes by offering alternative principles for the formulation of cybersecurity policy.
ISPs have borne significant costs to reduce malware, despite their lack of formal legal liability. Informal institutions perform much better than a regime of formal indirect liability. The fact that legal polycentricity is more widespread than is often recognized should affect law and economics scholarship.
There has been no shortage of attention devoted to cybersecurity, with a wide range of experts warning of potential doomsday scenarios should the government not act to better secure the Internet. But this is not the first time we have been warned of impending dangers; indeed, there are many parallels between present portrayals of cyberthreats and the portrayal of Iraq prior to 2003, or the perceived bomber gap in the late 1950s.
This paper finds that alleged cybersecurity market failures are, at a minimum, much smaller than they first appear and, consequently, that attempts to correct them through naive government regulation run the serious risk of doing more harm than good.
Rhetoric around cybersecurity could be contributing to threat inflation and an emerging cyber-industrial complex. More verifiable evidence needs to be made public before deciding whether and how government intervention can help.
Cyber security is a serious concern, but policy makers should pursue strategies that focus on increasing technological and infrastructural resilience while promoting decentralization, self-organization, economic strength, and strong social systems.