L Jean Camp, Indiana University
Why don't people use security, protect their data, or adopt privacy-enhancing technologies? Is it that people don't care? Or people don't understand security and privacy? Is it a question of usability? Or is it a combination of all three? Individuals may rationally choose not to invest in security to benefit others, may underestimate their own risks, and may simultaneously find solutions to be unusable.
The solution to the lack of adoption of security (and the corresponding privacy paradox) depends upon the research thread one follows. For a classic economist, privacy is means a less efficient market. Given that market efficiency is contingent on more information, individuals are rationally unconcerned; the value from information sharing outweighs the costs of privacy loss. Thus, the solution is to ensure that the value of the information being transacted is realized by the individual.
Economics of security is often empirical and analytical, addressing the cost of crime and amounts of business. Economics of security is also focused on incentive-aligned design where the person investing in security obtains the benefit. Earlier work addressed the conversion of economic information into goods; for example, creating markets for vulnerabilities.
In this presentation, I focus on the economic component of failures of adoption and acceptability in security. I will provide references to the research that addresses these dimensions in-depth. I will include specific examples of both successes and failures.
L Jean Camp, Indiana University
Jean Camp is a Professor at the School of Informatics and Computing at Indiana University. She joined Indiana after eight years at Harvard's Kennedy School where her courses were also listed in Harvard Law, Harvard Business, and the Engineering Systems Division of MIT. She spent the year after earning her doctorate from Carnegie Mellon as a Senior Member of the Technical Staff at Sandia National Laboratories. She began her career as an engineer at Catawba Nuclear Station and with a MSEE at University of North Carolina at Charlotte. Her research focuses on the intersection of human and technical trust, levering economic models and human-centered design to create safe, secure systems. She has authored more than two hundred publications. She has peer-reviewed publications on security and privacy at every layer of the OSI model. She has alumni in the private, public, and nonprofit sectors. She is a Fellow of the Institute of Electrical and Electronic Engineers, as well as a Fellow of the American Association for the Advancement of Science.
author = {L Jean Camp},
title = {All Security Is Good(s): Design Guidance for Economics},
year = {2020},
address = {San Francisco, CA},
publisher = {USENIX Association},
month = jan
}