Selling a Single Item with Negative Externalities

We consider the problem of regulating products with negative externalities to a third party that is neither the buyer nor the seller, but where both the buyer and seller can take steps to mitigate the externality. The motivating example to have in mind is the sale of Internet-of-Things (IoT) devices, many of which have historically been compromised for DDoS attacks that disrupted Internet-wide services such as Twitter [5, 26]. Neither the buyer (i.e., consumers) nor seller (i.e., IoT manufacturers) was known to suffer from the attack, but both have the power to expend effort to secure their devices. We consider a regulator who regulates payments (via fines if the device is compromised, or market prices directly), or the product directly via mandatory security requirements. Both regulations come at a cost-implementing security requirements increases production costs, and the existence of fines decreases consumers' values-thereby reducing the seller's profits. The focus of this paper is to understand the efficiency of various regulatory policies. That is, policy A is more efficient than policy B if A more successfully minimizes negatives externalities, while both A and B reduce seller's profits equally. We develop a simple model to capture the impact of regulatory policies on a buyer's behavior. In this model, we show that for homogeneous markets-where the buyer's ability to follow security practices is always high or always low-the optimal (externality-minimizing for a given profit constraint) regulatory policy need regulate only payments or production. In arbitrary markets, by contrast, we show that while the optimal policy may require regulating both aspects, there is always an approximately optimal policy which regulates just one.

[1]  G. Hardin,et al.  Tragedy of the Commons , 1968 .

[2]  George A. Akerlof The Market for “Lemons”: Quality Uncertainty and the Market Mechanism , 1970 .

[3]  W. Baumol On Taxation and the Control of Externalities , 1972 .

[4]  M. Weitzman Prices vs. Quantities , 1974 .

[5]  Roger B. Myerson,et al.  Optimal Auction Design , 1981, Math. Oper. Res..

[6]  P. Seabright Managing Local Commons: Theoretical Issues in Incentive Design , 1993 .

[7]  E. Stacchetti,et al.  How (not) to sell nuclear weapons , 1996 .

[8]  D. Fullerton Environmental Levies and Distortionary Taxes: Comment , 1997 .

[9]  R. Mooij,et al.  Environmental levies and distortionary taxation: Comment , 1997 .

[10]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[11]  W. Lehr,et al.  Managing shared access to a spectrum commons , 2005, First IEEE International Symposium on New Frontiers in Dynamic Spectrum Access Networks, 2005. DySPAN 2005..

[12]  J. Montero A simple auction mechanism for the optimal allocation of the commons , 2008 .

[13]  Chaim Fershtman,et al.  Network Security: Vulnerabilities and Disclosure Policy , 2007, WEIS.

[14]  Shuchi Chawla,et al.  Algorithmic pricing via virtual valuations , 2007, EC '07.

[15]  Vahab S. Mirrokni,et al.  Optimal marketing strategies over social networks , 2008, WWW.

[16]  Kamesh Munagala,et al.  On Allocations with Negative Externalities , 2011, WINE.

[17]  Nima Haghpanah,et al.  Optimal auctions with positive network externalities , 2011, EC '11.

[18]  Vahab S. Mirrokni,et al.  On Fixed-Price Marketing for Goods with Positive Network Externalities , 2012, WINE.

[19]  Asuman E. Ozdaglar,et al.  Optimal Pricing in Networks with Externalities , 2011, Oper. Res..

[20]  Renato Paes Leme,et al.  Pricing public goods for private sale , 2013, EC '13.

[21]  Jason D. Hartline Bayesian Mechanism Design , 2013, Found. Trends Theor. Comput. Sci..

[22]  Jason D. Hartline Mechanism Design and Approximation , 2014 .

[23]  D. Martimort,et al.  A Mechanism Design Approach to Climate-Change Agreements , 2016 .

[24]  Stefan Savage,et al.  You've Got Vulnerability: Exploring Effective Vulnerability Notifications , 2016, USENIX Security Symposium.

[25]  Vern Paxson,et al.  A Large-Scale Empirical Study of Security Patches , 2017, CCS.

[26]  Approximate revenue maximization with multiple items , 2012, J. Econ. Theory.

[27]  Elissa M. Redmiles,et al.  Dancing Pigs or Externalities?: Measuring the Rationality of Security Decisions , 2018, EC.

[28]  Terrence August,et al.  Market Segmentation and Software Security: Pricing Patching Rights , 2019, Manag. Sci..