Home page logo
/

interesting-people logo Interesting People mailing list archives

Re: pro regulation viewpoint on cyber vulnerabiltiy
From: David Farber <dave () farber net>
Date: Mon, 30 Mar 2009 18:28:43 -0400



Begin forwarded message:

From: "Michael Kende" <Michael.Kende () analysysmason com>
Date: March 30, 2009 5:36:45 PM EDT
To: <dave () farber net>
Cc: <avg () kotovnik com>
Subject: RE: [IP] Re:   pro regulation viewpoint on cyber vulnerabiltiy

This makes absolutely no sense - the first statement is that there is no
single case of market failure which couldn't be traced back to
non-market intervention by a government, which is then followed by a
statement in the third paragraph that using market failure as a
justification for any policy is, at best, intellectually dishonest.

In other words, it is a government failure if government does not
intervene to prevent a market failure from arising, but if that market
failure does arise anyway, it is intellectually dishonest for the
government then to address it?

In economic, every micro textbook has a definition of market failure
(e.g. prices do not send proper signals about markets) and real-life
examples (pollution).

Michael

-----Original Message-----
From: David Farber [mailto:dave () farber net]
Sent: Monday, March 30, 2009 4:51 PM
To: ip
Subject: [IP] Re: pro regulation viewpoint on cyber vulnerabiltiy



Begin forwarded message:

From: Vadim Antonov <avg () kotovnik com>
Date: March 30, 2009 3:27:27 PM EDT
To: David Farber <dave () farber net>
Cc: ip <ip () v2 listbox com>
Subject: Re: [IP] pro regulation viewpoint on cyber vulnerabiltiy


David - for IP, if you wish.

On Mon, 30 Mar 2009, David Farber wrote:

> A paper that speaks to market failure is at:
> http://www.csis.org/component/option,com_csis_pubs/task,view/id, 5370/t
> ype,1/

The sad truth is that there is no single documented case of "market
failure" which couldn't be easily traced back to previous non-market
intervention (by government or crime) - and these should be properly
called "government failures", i.e. governments either doing what they
shouldn't do (granting monopolies to politically connected parties,
engaging in social engineering, etc), or failing in their duty to
protect citizens.

Just ask an economist to offer not a plausible theoretical scenario in
which a market failure could occur - but a clear-cut real-life case of
market failure, and then watch him squirming uncomfortably.

Market failure is one of those elusive concepts which everybody seems to
believe in, but which start to shift meaning, twist, and finally
evaporate if a closer scrunity is applied. Using it as a justification
for any policy is, at best, intellectually dishonest.

When applied to "cybersecurity", the very first assertion that "market
has failed to secure cyberspace" is a plain lie. Any real security
expect knows that there's no such thing as absolute and perfect
security.
Better security comes with price - and this price increases
exponentially if stronger (and rarer) treats are considered.

Thus, securing any real installation requires finding a proper balance
between security and cost - and in many cases that balance is on a side
which any security-conscious person would find quite insecure (just
think how long your front door would hold if someone wants to break in,
or how your windows are totally penetrable with an aid of a brick).
However, laminated cardboard doors and easily breakable glass windows
are sufficient to deter majority of opportunistic criminals - and
defending against determined thieves would be way too costly given that
the chances that one would pay a visit are rather small.

"Cybersecurity" is no different. Even with broken-by-design security
model of Windows/Explorer use of a cheap consumer security product
(Norton,
etc)
would be quite sufficient to achieve good-enough security. Nearly all
people who suffered from attacks by hackers simply didn't consider
security of their computers to be important enough to devote 15-20
minutes and few dozen dollars needed to find a product, buy, and install
it.

Well, there are people who don't bother to lock their doors and leave
keys in the ignition locks of their cars - but for some reason there's
no experts calling for federal programs to fix these "market falures".
I think that is because, without the smoke screen of fancy jargon, any
reasonable person would see inanity of any such proposal.

--vadim





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


This email is confidential and is protected by copyright. When addressed to our clients it is subject to our terms and conditions of business.

Analysys Mason Limited is registered in England and Wales. Registered office: Bush House, North West Wing, London WC2B 4PJ, UK. Registered number 05177472. Tel +44 20 7395 9000. Email enquiries () analysysmason com or visit www.analysysmason.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]