Cyber Security: Of Heterogeneity and Autarky

The wonder of the Internet is incredibly capable computers connected with each other under the control of individuals. For all of the reasons that we think that decentralization is a powerful force we have applauded the ability of individual users to set up websites and make their ideas available to others. But there is a dark side as well. Always - on connections, extra computing cycles and gigabytes of storage to burn mean that individual decisions can propagate throughout the network quickly. The small-worlds phenomenon that is the Internet means that my computer is only a handful of clicks away from a malicious computer programmer. My decisions matter for your computing life. A malicious hacker can turn my computer into a zombie and use my broad-band connection and my computer to shut down websites, to send millions of spam emails, or worse. The network is a sea of computing externalities, many extraordinarily positive but others that can range from everyday bothersome to enormously disruptive. And, in the hands of a cyber-terrorist, the more we embed critical infrastructure into the public network, the more we make it possible for a cyber-terrorist to turns our computing resources against us and thereby harm critical infrastructure, such as the electricity grid or our communications networks. Addressing cyber security is a mixed question of engineering - computing architecture - and legal rules. The zombie PC problem emerges with the rise of the Internet and decentralized control over PCs. The pricing structure of the Internet world-one-price, all-you-can-eat broadband and lumpy computing power in the form of powerful CPUs kills off many of the natural incentives for an individual to ensure that her computing resources are not being used by others. This can be good, as it creates many opportunities for sharing, but the downside is that there is little reason for the individual computer user to police against zombification. In this article, I consider two issues in detail. The monoculture argument is one approach to architecting the network. That argument suggests that we should focus on forcing heterogeneity in operating systems to enhance our cyber security. I think that is the wrong emphasis. On its own terms, the argument tells us little about the extent of diversity that would be required to achieve meaningful protection, especially if our concern is the cyber-terrorist. The argument also ignores the more important question of adaptability, meaning how quickly can the current system adapt to new conditions. Instead, I argue in favor of the traditional approach of isolation - autarky - in separating critical infrastructure from the public network. Second, I consider the way in which liability rules for software might influence the quality of software and software use decisions. Hackers can exploit defects in software to seize control of machines. Fewer defects to exploit and we might reduce the harms of hackers. This turns out to be tricky. Broad liability rules that would protect consumers from the harms of hacking will lead to the standard moral hazard problem that we see in insurance. Consumers who shouldn't be using computers or on the network will jump on once they are protected from hacking losses. These are standard products liability issues, but software has two particular features that suggest that we should not just apply our standard approaches to products liability. First, we learn about software through use. One piece of software is combined with other software in a way that a Coke bottle is rarely combined with anything else. Second, software can adapt and can be fixed in place after-the-fact. Both of these features should push towards earlier release of software, for buggy software to be fixed later.

[1]  D. Baird,et al.  Does Bogart Still Get Scale? Rights of Publicity in the Digital Age , 2001 .

[2]  W. Landes,et al.  What Has the Visual Arts Rights Act of 1990 Accomplished? , 2001 .

[3]  Anup Malani,et al.  The Political Economy of Property Exemption Laws , 2001 .

[4]  William M. Landes,et al.  Copyright, Borrowed Images, and Appropriation Art: An Economic Approach , 2000 .

[5]  W. Landes,et al.  Winning the Art Lottery: The Economic Returns to the Ganz Collection , 1999, Recherches économiques de Louvain.

[6]  Alan O. Sykes,et al.  The Welfare Economics of Immigration Law , 1995 .

[7]  D. Baird,et al.  The Hidden Virtues of Chapter 11: An Overview of the Law and Economics of Financially Distressed Firms , 1997 .

[8]  Randal C. Picker From Edison to the Broadcast Flag: Mechanisms of Consent and Refusal and the Propertization of Copyright , 2002 .

[9]  Randal C. Picker,et al.  Regulating Network Industries: A Look at Intel , 1999 .

[10]  R. Epstein,et al.  Allocation of the Commons: Parking and Stopping on the Commons , 2001 .

[11]  Eric A. Posner,et al.  Courts Should Not Enforce Government Contracts , 2001 .

[12]  Luis Garicano,et al.  Specialization, Firms, and Markets: The Division of Labor within and between Law Firms , 2003 .

[13]  Eric A. Posner,et al.  A Theory of the Laws of War , 2002 .

[14]  Peter A. Alces W(h)ither Warranty: The B(l)oom of Products Liability Theory in Cases of Deficient Software Design , 1999 .

[15]  William M. Landes,et al.  Copyright Protection of Letters, Diaries, and Other Unpublished Works: An Economic Approach , 1992, The Journal of Legal Studies.

[16]  E. Posner,et al.  Controlling Agencies with Cost-Benefit Analysis: A Positive Political Theory Perspective , 2001 .

[17]  Richard A. Posner,et al.  Creating and Enforcing Norms, With Special Reference to Sanctions , 1999 .

[18]  John R. Lott,et al.  Term limits and electoral competitiveness: Evidence from California’s state legislative races , 1997 .

[19]  Alan O. Sykes,et al.  The safeguards mess: a critique of WTO jurisprudence , 2003, World Trade Review.

[20]  Alan Sykes,et al.  Terrorism and Insurance Markets: A Role for the Government as Insurer? , 2002 .

[21]  R. Epstein,et al.  Transaction Costs and Property Rights: Or Do Good Fences Make Good Neighbors? , 1997 .

[22]  Randal C. Picker Understanding Statutory Bundles: Does the Sherman Act Come with the 1996 Telecommunications Act? , 2003 .

[23]  Chicago Unbound,et al.  Orwell versus Huxley: Economics, Technology, Privacy, and Satire , 1999 .

[24]  Cass R. Sunstein,et al.  Regulating Risks after "ATA" , 2001, The Supreme Court Review.

[25]  C. Sunstein,et al.  Cognition And Cost‐Benefit Analysis , 1999, The Journal of Legal Studies.

[26]  Richard A. Posner,et al.  Antitrust in the New Economy , 2000 .

[27]  John R. Lott,et al.  Public Schooling, Indoctrination, and Totalitarianism , 1998 .

[28]  Robert K. Rasmussen,et al.  Boyd's Legacy and Blackstone's Ghost , 1999, The Supreme Court Review.

[29]  E. Glaeser,et al.  Incentives and Social Capital: Are Homeowners Better Citizens? , 1998 .

[30]  D. Weisbach,et al.  Ten Truths About Tax Shelters , 2001 .

[31]  G. Ary,et al.  THE ECONOMIC WAY OF LOOKING AT LIFE * , 1992 .

[32]  Alan O. Sykes,et al.  The Economics of Public International Law , 2004 .

[33]  Richard A. Epstein,et al.  Into the Frying Pan: Standing and Privity under the Telecommunications Act of 1996 and Beyond , 2002 .

[34]  Alan O. Sykes,et al.  The Economic Structure of Renegotiation and Dispute Resolution in the World Trade Organization , 2002, The Journal of Legal Studies.

[35]  D. Lichtman Property Rights in Emerging Platform Technologies , 1999, The Journal of Legal Studies.

[36]  D. Lichtman,et al.  Strategic Disclosure in the Patent System , 2000 .

[37]  C. Sunstein,et al.  Private Broadcasters and the Public Interest: Notes Toward a 'Third Way' , 1999 .

[38]  R. Posner,et al.  The Long-Run Growth in Obesity as a Function of Technological Change , 1999, Perspectives in biology and medicine.

[39]  John R. Lott,et al.  Multiple Victim Public Shootings , 2000 .

[40]  J. A. Whittaker No clear answers on monoculture issues , 2003, S&P 2003.

[41]  David A. Weisbach,et al.  Thinking Outside the Little Boxes , 2002 .

[42]  Richard A. Epstein Contracts Small and Contract Large: Contract Law through the Lens of Laissez-Faire , 2020, The Fall and Rise of Freedom of Contract.

[43]  Richard A. Epstein,et al.  The 'Necessary' History of Property and Liberty , 2003 .

[44]  E. Posner,et al.  A Theory of Customary International Law , 1998 .

[45]  Ulrich Kamecke,et al.  Pursuing a Remedy in Microsoft: The Declining Need for Centralized Coordination in a Networked World , 2002 .

[46]  Cass R. Sunstein,et al.  Rules and Rulelessness , 1994 .

[47]  Y. Benkler 'Sharing Nicely': On Shareable Goods and the Emergence of Sharing as a Modality of Economic Production , 2004 .

[48]  Richard A Epstein,et al.  Disparities and Discrimination in Health Care Coverage: A Critique of The Institute of Medicine Study , 2005, Perspectives in biology and medicine.

[49]  Eric A. Posner,et al.  A Theory of Contract Law under Conditions of Radical Judicial Error , 1999 .

[50]  C. Sunstein,et al.  The Arithmetic of Arsenic , 2001 .

[51]  David A. Weisbach,et al.  Ironing Out the Flat Tax , 2000 .

[52]  Lisa E. Bernstein ‘The Questionable Empirical Basis of Article 2’s Incorporation Strategy: A Preliminary Study , 1999 .

[53]  Amitai Aviram,et al.  The Paradox of Spontaneous Formation of Private Legal Systems , 2003 .

[54]  William M. Landes,et al.  Sequential versus Unitary Trials: An Economic Analysis , 1993, The Journal of Legal Studies.

[55]  John R. Lott,et al.  Does a Helping Hand Put Others at Risk?: Affirmative Action, Police Departments, and Crime , 2000 .

[56]  David A. Weisbach,et al.  Does the X-Tax Mark the Spot? , 2002 .

[57]  Saul Levmore,et al.  Puzzling Stock Options and Compensation Norms , 2000 .

[58]  Cass R. Sunstein,et al.  Avoiding Absurdity? A New Canon in Regulatory Law , 2002 .

[59]  Richard A Epstein,et al.  Steady the course: property rights in genetic material. , 2003, Advances in genetics.

[60]  David D. Friedman,et al.  More Justice for Less Money , 1996, The Journal of Law and Economics.

[61]  Cass R. Sunstein,et al.  DO People Want Optimal Deterrence? , 2000, The Journal of Legal Studies.

[62]  Avraham D. Tabbach,et al.  The Effects of Taxation on Income-Producing Crimes with Variable Leisure Time , 2005 .

[63]  Eric A. Posner,et al.  Simplicity and Complexity in Contracts , 2000 .

[64]  Richard A. Epstein,et al.  Deconstructing Privacy: And Putting It Back Together Again* , 2000, Social Philosophy and Policy.

[65]  J. Mark Ramseyer,et al.  Credibly Committing to Efficiency Wages: Cotton Spinning Cartels in Imperial Japan , 1993 .

[66]  Douglas Lichtman,et al.  Uncertainty and the Standard for Preliminary Relief , 2002 .

[67]  Daniel N. Shaviro Budget Deficits and the Intergenerational Distribution of Lifetime Consumption , 1995 .

[68]  E. Posner,et al.  Transfer regulations and cost-effectiveness analysis. , 2003, Duke law journal.

[69]  George G. Triantis,et al.  Financial Contract Design in the World of Venture Capital , 2001 .

[70]  Kenneth W. Dam Intellectual Property and the Academic Enterprise , 1999 .

[71]  Kenneth W. Dam The Economic Underpinnings of Patent Law , 1994, The Journal of Legal Studies.

[72]  John R. Lott,et al.  Environmental Violations, Legal Penalties, and Reputation Costs , 1999 .

[73]  Daniel Kahneman,et al.  Deliberating About Dollars: The Severity Shift , 2000 .

[74]  D. Weisbach,et al.  The Integration of Tax and Spending Programs , 2003 .

[75]  Richard A. Epstein,et al.  In and Out of Public Solution: The Hidden Perils of Property Transfer , 2001 .

[76]  W. Landes,et al.  Indirect Liability for Copyright Infringement: An Economic Perspective , 2003 .

[77]  Eric A. Posner,et al.  Moral and Legal Rhetoric in International Relations: A Rational Choice Perspective , 2002, The Journal of Legal Studies.

[78]  Kenneth W. Dam Self‐Help in the Digital Jungle , 1999, The Journal of Legal Studies.

[79]  Richard A. Epstein,et al.  Trade Secrets as Private Property: Their Constitutional Protection , 2003 .

[80]  William M. Landes,et al.  The Art of Law and Economics: An Autobiographical Essay , 1997 .

[81]  Christine Jolls,et al.  A Behavioral Approach to Law and Economics , 1998 .

[82]  Alan O. Sykes,et al.  Justice in immigration: The welfare economics of immigration law: a theoretical survey with an analysis of U.S. policy , 1992 .

[83]  M. Adler,et al.  Rethinking Cost-Benefit Analysis , 1999 .

[84]  Cass R. Sunstein,et al.  Must Formalism Be Defended Empirically , 1999 .

[85]  Lisa E. Bernstein,et al.  Private Commercial Law in the Cotton Industry: Creating Cooperation Through Rules, Norms, and Institutions , 2001 .

[86]  Yannis Bakos,et al.  Shared Information Goods , 1999 .

[87]  Richard A. Posner,et al.  Blackmail, Privacy, and Freedom of Contract , 1993 .

[88]  C. Sunstein,et al.  The Laws of Fear , 2001 .

[89]  D. Baird,et al.  Optimal Timing and Legal Decisionmaking: The Case of the Liquidation Decision in Bankruptcy , 1999 .

[90]  Ariel Porat,et al.  Decreasing‐Liability Contracts , 2003, The Journal of Legal Studies.

[91]  A. Sykes An Introduction to Regression Analysis , 1993 .

[92]  Eric A. Posner,et al.  Implementing Cost-Benefit Analysis When Preferences are Distorted , 1999 .

[93]  Richard A. Epstein,et al.  Animals as Objects, or Subjects, of Rights , 2002 .

[94]  Richard A. Posner,et al.  Status Signaling and the Law, with Particular Application to Sexual Harassment , 1999 .

[95]  Eric A. Posner,et al.  Agency Models in Law and Economics , 2000 .

[96]  Randal C. Picker,et al.  Bankruptcy Rules, Managerial Entrenchment, and Firm-Specific Human Capital , 1993 .

[97]  John S. Quarterman Monoculture Considered Harmful , 2002, First Monday.

[98]  Douglas Lichtman,et al.  Copyright as a Rule of Evidence , 2001 .

[99]  Cass R. Sunstein,et al.  The Rights of Animals: A Very Short Primer , 2002 .

[100]  Saul Levmore,et al.  Insuring Against Terrorism and Crime , 2003 .

[101]  Kenneth W. Dam,et al.  Chicago Unbound , 2018 .

[102]  Alan O. Sykes,et al.  International Trade and Human Rights: An Economic Perspective , 2003 .

[103]  Kenneth W. Dam Some Economic Considerations in the Intellectual Property Protection of Software , 1995, The Journal of Legal Studies.

[104]  D. Baird,et al.  Control Rights, Priority Rights, and the Conceptual Foundations of Corporate Reorganizations , 2001 .

[105]  Alan O. Sykes,et al.  The Dormant Commerce Clause and the Internet , 2000 .

[106]  Richard A. Epstein,et al.  HIPAA on Privacy: Its Unintended and Intended Consequences , 2002 .

[107]  J. Mark Ramseyer,et al.  The Market for Children: Evidence from Early Modern Japan , 1995 .

[108]  John R. Lott,et al.  A Simple Explanation for Why Campaign Expenditures are Increasing: The Government is Getting Bigger , 1999 .

[109]  Eric A. Posner,et al.  Covenants Not to Compete from an Incomplete Contracts Perspective , 2001 .

[110]  Richard A. Posner,et al.  The Theory and Practice of Citations Analysis, with Special Reference to Law and Economics , 1999 .

[111]  David B. Mustard,et al.  Crime, Deterrence, and Right‐to‐Carry Concealed Handguns , 1997, The Journal of Legal Studies.

[112]  Richard A. Posner,et al.  Values and Consequences: An Introduction to Economic Analysis of Law , 1998 .

[113]  Richard A. Epstein,et al.  The Optimal Complexity of Legal Rules , 2004 .

[114]  Lior Jacob Strahilevitz,et al.  The Right to Destroy , 2004 .

[115]  Richard A. Posner,et al.  Community, Wealth, and Equality , 1997 .

[116]  Francis A. Longstaff,et al.  Throwing Good Money After Bad? Cash Infusions and Distressed Real Estate , 1996 .

[117]  Richard A. Epstein,et al.  In Defense of the 'Old' Public Health: The Legal Framework for the Regulation of Public Health , 2002 .

[118]  David A. Weisbach,et al.  The Fifth Circuit Gets It Wrong in Compaq v. Commissioner , 2002 .

[119]  David A. Weisbach,et al.  Line Drawing, Doctrine, and Efficiency in the Tax Law , 1998 .

[120]  David A. Weisbach,et al.  An Economic Analysis of Anti-Tax Avoidance Laws , 2000 .

[121]  P. Bernholz,et al.  Public Choice , 2018, The Oxford Handbook of Public Choice, Volume 1.

[122]  D. Weisbach,et al.  Measurement and Tax Depreciation Policy: The Case of Short-Term Assets , 2003 .

[123]  Randal C. Picker Copyright as Entry Policy: The Case of Digital Distribution , 2002 .

[124]  Richard A. Epstein,et al.  The Ubiquity of the Benefit Principle , 1994 .

[125]  David A. Weisbach,et al.  Taxation and Risk-Taking with Multiple Tax Rates , 2002, National Tax Journal.

[126]  C. Sunstein,et al.  Are Poor People Worth Less than Rich People? Disaggregating the Value of Statistical Lives , 2004 .

[127]  Eric A. Posner,et al.  Law and the Emotions , 2000 .

[128]  D. Weisbach,et al.  The (Non) Taxation of Risk , 2004 .

[129]  Randal C. Picker An Introduction to Game Theory and the Law , 1994 .

[130]  Anil K. Makhija,et al.  Throwing good money after bad?: Nuclear power plant investment decisions and the relevance of sunk costs☆ , 1988 .

[131]  C. Sunstein,et al.  Academic Fads and Fashions (with Special Reference to Law) , 2001 .

[132]  Geoffrey P. Miller,et al.  Explaining Deviations from the Fifty-Percent Rule: A Multimodal Approach to the Selection of Cases for Litigation , 1996, The Journal of Legal Studies.

[133]  Randal C. Picker Simple Games in a Complex World: A Generative Approach to the Adoption of Norms , 1997 .

[134]  Cass R. Sunstein,et al.  Switching the Default Rule , 2001 .

[135]  C. Sunstein,et al.  Human Behavior and the Law of Work , 2000 .

[136]  Farhang Zabeeh,et al.  What is in a Name? , 1968, Springer Netherlands.

[137]  Richard A. Posner,et al.  What Do Judges and Justices Maximize? (The Same Thing Everybody Else Does) , 1993, Supreme Court Economic Review.

[138]  E. Posner,et al.  Law and Economics of Consumer Finance , 2001 .

[139]  Randal C. Picker The Law and Economics of Contract Damages , 2000 .

[140]  Richard A. Posner,et al.  The Economics of Legal Disputes Over the Ownership of Works of Art and Other Collectibles , 1996 .

[141]  John R. Lott,et al.  Punitive Damages: Their Determinants, Effects on Firm Value, and the Impact of Supreme Court and Congressional Attempts to Limit Awards , 1998 .

[142]  C. Sunstein The Law of Group Polarization , 1999, How Change Happens.

[143]  Eric A. Posner,et al.  Economic Analysis of Contract Law after Three Decades: Success or Failure? , 2002 .

[144]  John R. Lott,et al.  How Dramatically Did Women's Suffrage Change the Size and Scope of Government? , 1998 .

[145]  Richard A. Posner,et al.  An Economic Approach to the Law of Evidence , 1999 .

[146]  Richard A. Epstein,et al.  The Assault on Managed Care: Vicarious Liability, Class Actions and the Patient's Bill of Rights , 2000 .

[147]  Luis Garicano,et al.  Hierarchies, Specialization, and the Utilization of Knowledge: Theory and Evidence from the Legal Services Industry , 2004 .

[148]  Cass R. Sunstein,et al.  Are Juries Less Erratic than Individuals? Deliberation, Polarization, and Punitive Damages , 1999 .

[149]  J. Mark Ramseyer,et al.  Explicit Reasons for Implicit Contracts: The Legal Logic to the Japanese Main Bank System , 1993 .

[150]  Cass R. Sunstein,et al.  Assessing Punitive Damages (with Notes on Cognition and Valuation in Law) , 1998 .

[151]  D. Weisbach,et al.  Should the Tax Law Require Current Accrual of Interest On Derivative Financial Instruments? , 1999 .

[152]  C. Sunstein Social Norms and Social Roles , 1995 .

[153]  R. Hahn,et al.  A New Executive Order for Improving Federal Regulation? Deeper and Wider Cost-Benefit Analysis , 2002 .

[154]  Alan Sykes,et al.  Trips, Pharmaceuticals, Developing Countries, and the Doha 'Solution' , 2002, Chicago journal of international law.