Do we spend enough on hunting down bad guys on the
Internet? Do we not spend enough? Or do we spend too much?
One of the most exciting and rapidly-growing fields at the boundary between technology and the social sciences is the economics of information security. Many security and privacy failures are not purely technical: for example, the person best placed to protect a system may be poorly motivated if the costs of system failure fall on others. Many pressing problems, such as spam, are unlikely to be solved by purely technical means, as they have economic and policy aspects too. Building dependable systems also raises questions such as open versus closed systems, the pricing of vulnerabilities and the frequency of patching. The `economics of bugs' are of growing importance to both vendors and users.
Now that both crime and conflict are becoming virtualised, many of the lessons learned by information security economists may travel to other security applications, such as law enforcement. Law enforcement concerns such as traffic analysis impact on information security costs and practices in turn. For these and other reasons, the confluence between information security and economics is of growing importance.
Information security mechanisms are increasingly used not just to protect against malicious attacks, but also to protect monopolies, differentiate products and segment markets. There are deep questions about the economics and politics of DRM, of locking printers to the maker's cartridges, and of practices such as region coding.
Original research papers are sought for the Fifth Workshop on the Economics of Information Security. Topics of interest include the dependability of open source and free software, the interaction of networks with crime and conflict, the economics of digital rights management and trusted computing, liability and insurance, reputation, privacy, risk perception, the economics of trust, the return on security investment, and economic perspectives on spam.
Full papers should be sent by noon GMT on Monday 20th March, 2006 to firstname.lastname@example.org.
|Notification of acceptance||April 24, 2006|
|Workshop||June 26-28, 2006|
Ross Anderson (Cambridge)
Alessandro Acquisti (Carnegie Mellon)
Jean Camp (University of Indiana)
Huseyin Cavusoglu (Tulane University)
Larry Gordon (University of Maryland)
Marty Loeb (University of Maryland)
Andrew Odlyzko (University of Minnesota)
Stuart Schechter (MIT Lincoln Laboratory)
Bruce Schneier (Counterpane)
Rahul Telang (Carnegie Mellon)
Hal Varian (UC Berkeley)
A PDF and text version of the call for papers is also availabe.For more information, please contact email@example.com. Website maintained by Tyler.Moore at cl.cam.ac.uk