Tuesday, February 13, 2007

The economics of information security

Ross Anderson and Tyler Moore have published a nice paper that gives an overview of recent research in the economics of information security and some open questions (PDF). The paper begins with an overview of the relevance of economic factors to information security and a discussion of "foundational concepts." The concept of misaligned incentives is described with the now-standard example of how UK and U.S. regulations took opposite positions on liability for ATM fraud is given--the UK held customers liable for loss, while the U.S. held banks liable for loss. This led to U.S. banks having incentives to make their systems secure, while UK banks had no such incentives (and the UK has now reversed its position after this led to "an epidemic of fraud"). other examples are given involving anti-virus deployment (where individuals may not have incentives to purchase software if the major benefit is preventing denial of service attacks on corporations), LoJack systems (where auto theft plummets after a threshold number of auto owners in a locality install the system), and the use of peer-to-peer networks for censorship resistance.

The authors examine the economics of vulnerabilities, of privacy, of the deployment of security mechanisms including digital rights management, how regulation and certification can affect system security (and sometimes have counterintuitive adverse effects, such as Ben Edelman's finding that TRUSTe certified sites are more likely to contain malicious content than websites as a whole).

They end the paper with some open issues--attempts to develop network protocols that are "strategy-proof" to prevent cheating/free-riding/bad behavior, how network topologies have different abilities to withstand different types of attacks (and differing vulnerabilities), and how the software development process has a very high failure rate for large projects, especially in public-sector organizations (e.g., as many as 30% are death-march projects).

There are lots of interesting tidbits in this paper--insurance for vulnerabilities, vulnerability markets, the efficacy of spam on stock touting, the negligible effect of music downloads on music sales, and how DRM has moved power from record labels to platform owners (with Apple being the most notable beneficiary), to name a few.

(Hat tip to Bruce Schneier's blog, where you can find links to a slide presentation that covers the highlights of this paper.)

Monday, February 12, 2007

I've won a Thinking Blogger award!


I've been awarded a Thinking Blogger award, courtesy of Larry Moran at Sandwalk: Strolling with a Skeptical Biochemist. Thanks, Larry!

As per the rules of this award-meme, I must tag five other blogs that make me think:

1. Glen Whitman and Tom W. Bell at Agoraphilia
2. The Technology Liberation Front
3. Martin Geddes at Telepocalypse
4. Ed Felten at Freedom-to-Tinker
5. Kevin Carson at the Mutualist blog

Saturday, February 10, 2007

Arizona minimum wage increase leads to job cuts and reduced hours

In November, Arizonans voted to increase the state minimum wage from $5.15/hour to $6.75/hour, and there is now some anecdotal evidence of job loss for teen workers in South and Central Phoenix.

Pepi's Pizza in South Phoenix is laying off three of its 25 workers and Mary Coyle's Ice Cream Parlor has cut back on hours and not replaced two workers who quit (despite the fact that its owner, Tom Kelly, voted for the increase). Kelly notes that he also increased the wages of those who were already making above minimum wage, with the net effect being an additional $2,000/month in expenses.

The Arizona Republic article notes that the majority of the state's 124,067 workers aged 16-19 already made well above minimum wage before the change, 30.1% of workers making minimum wage fall in that age range, and 30.4% of minimum wage workers live with a parent or parents.

Teens can legally have sex, but if they take pictures, they're child pornographers

The Florida state appeals court ruled that a 16-year-old girl and 17-year-old boy in Tallahassee who took digital photos of themselves having sex were guilty of violating child pornography laws. The appeals court panel rules 2-3 that the Florida Constitution's right to privacy did not protect them. Judge James Wolf, in the majority opinion, wrote that they could sell the photos to child pornographers, and "if these pictures are ultimately released, future damage may be done to these minors' careers or personal lives." Apparently he's not concerned about the damage he's doing to them by causing them to become convicted child pornographers for taking pictures of themselves. Judge Philip Padovano, in his dissent, wrote that the law was intended to prevent children from being abused by others, not to punish them for their own mistakes.

More details in Declan McCullagh's story at News.com.

Friday, February 09, 2007

What's happened to The Simple Dollar?

The Simple Dollar blog is offline, and its author is looking for a way to get back online.

I've been reading Trent's The Simple Dollar blog since mid-December. It's a very well-written, professional-looking blog that gets a lot of traffic, but I was surprised to learn that he only started it about a month before I started reading it.

Today, I noticed a lot of Google searches for "The Simple Dollar" were hitting my blog, all coming to my post about Robert Kiyosaki that linked to Trent's blog. I clicked on the link to re-read his post, only to get a "Forbidden" message from his webserver. I contacted Trent to see if the problem was a legal issue, perhaps a threat from Kiyosaki, but it turns out his entire blog has been taken offline by Dreamhost, his webhosting provider.

It seems that today The Simple Dollar--already in the top 2800 at Technorati--got prominent links from both digg.com and reddit.com. This generated so much traffic to the shared server hosting the blog that Dreamhost disabled the account and denied access to the blog. Not only have they denied web access, they've denied Trent FTP access. He does have a backup from a few days ago, but is currently looking for a way to get back online with a dedicated server.

You can read his own account of his predicament at Metafilter.

I've offered a few suggestions for possible webhosting providers, but he doesn't think he can afford a dedicated server right now. That's in part because, despite his huge traffic, his blog has grown in popularity so fast that he hadn't yet acquired any major advertisers. He's been the victim of his own too-rapid success.

Are there any advertisers out there who would be willing to help finance the blog's return on a dedicated server with sufficient bandwidth to handle the traffic?

UPDATE (February 10, 2007): The Simple Dollar (or at least most of its content) is back!

Bill Maher makes fun of creationist museum

And Ken Ham is not amused:

Christian publisher Ken Ham said Maher showed up unannounced this week to videotape an interview with him at Ham's Creation Museum, which is just south of Cincinnati. The $25 million facility, due to open in the spring, tells visitors that the earth is just a few thousand years old and that Adam and Eve lived among the dinosaurs.

Ham said a camera crew arranged a Monday visit to the museum, but he was not told that it was connected with Maher, host of HBO's "Real Time with Bill Maher."

"They sneaked Bill Maher into the building while I was waiting for an interview," Ham wrote in a blog he maintains on the Web site of his publishing company, Answers in Genesis.

Maher visited the museum for a documentary he's been filming on religion, his publicist, Sarah Fuller, said Friday. She said he's traveled throughout the U.S. and Europe for the project.

"He's been all over the place," she said. Fuller said she wasn't familiar with how the interview with Ham was conducted.

Ham called Maher's visit an "elaborate deception." He said the film crew asked for a one-on-one interview with Ham after a tour of the museum. After the tour, crew members asked for permission to bring some camera equipment in through the back of the building. Ham wrote that the crew drove to the rear, then distracted an employee as Maher ducked into the building.

Ham said he was shocked, but agreed to the interview.

"Bill Maher did interview me; though respectful in one sense, most of his questions were just mocking attacks on God's word," Ham wrote in the blog on Wednesday.

Ham declined on Friday to comment further on Maher's visit.

But AiG's Mark Looy says "Ken is not upset."

Paszkiewicz has Matthew LaClair removed from his class

The latest news from Kearny High School, via Kevin Canessa at the Observer, is that David Paszkiewicz has removed what he sees as the source of his problems from his classroom by switching classes with another teacher. Now, Debbie Vartan teaches Paszkiewicz's class and vice versa. Principal Alfred Somma confirms that Paszkiewicz requested the switch.

Apparently the ban on classroom recordings wasn't enough--Paszkiewicz must realize that Matthew LaClair has more credibility than he does with the mainstream media, and his presence in the classroom was cramping his style.

Here's hoping that there's someone who was in Debbie Vartan's class who's got as much integrity and brains as Matthew LaClair, and who will keep the public informed of any further misrepresentations or Establishment clause violations in Paszkiewicz's classroom.

Warner Music: we'd rather go out of business than give customers what they want

After Steve Jobs said that he'd prefer to have the iTunes store sell DRM-free music, but is forced into DRM by the music labels, Edgar Bronfman of Warner Music said that his company will have nothing to do with DRM-free music:
"We advocate the continued use of DRM," Bronfman said, adding that music deserves the same anti-piracy protections as software, TV broadcasts, video games and other forms of intellectual property. "We will not abandon DRM nor services that are successfully implementing DRM for both content and consumers."
This quote appeared in an article reporting Warner's dismal results:
its fiscal first-quarter profit fell 74% because of fewer album releases and soft domestic and European sales. Its shares fell nearly 6%.

The New York-based recording company said net income for the period that ended Dec. 31 declined to $18 million, or 12 cents a share, from $69 million, or 46 cents, a year earlier. Revenue fell 11% to $928 million.
The competition at EMI, however, feels differently:
Music label EMI Group is in talks to release a large portion of its music catalog for Web sales without technological protections against piracy that are included in most music bought over the Internet now, sources said on Thursday.
...
One source familiar with the matter said that EMI was in talks to release a large amount of its music in an unprotected MP3 format to various online retailers.
EMI's plans apparently include talks with Shawn Fanning's SnoCap about releasing MP3-format music through MySpace.

Which company is more likely to still be in business under the same management ten years from now?

100% atheist

You are 100% atheist!

Hooray you are an atheist with respect to most or all gods. Good work. Hope you aren't disbelieving in the wrong one...

Am I An Atheist
Create a Quiz

The RIAA doesn't understand economics

The Recording Industry Association of America has a web page arguing that we're all getting a fantastic deal on compact discs because, if they had gone up in price along with the Consumer Price Index, they'd be over $33 each. As Ben Woods points out, by that same argument Texas Instruments calculators that cost $20 in the mid-1980s should have cost over $300.

In fact, the recording labels engaged in price fixing, by setting "minimum advertised pricing" on CD retailers, which caused prices to stop their downward trend in 1996--and causing a decline in sales as prices increased.

If you want to sell more CDs, lower the price.

(Via Techdirt.)

UPDATE (February 9, 2007): This post at kuro5hin from January 2003 on "RIAA vs. MP3 vs. Adam Smith" addresses compact disc pricing and demand.

UPDATE (February 10, 2007): And this post at Techdirt reports on a study that shows no measurable effect on CD sales from online downloads (as opposed to, say, CD prices).