I really like this JEP piece on the economics of on-line crime by Tyler Moore, Richard Clayton and Ross Anderson ( http://www.aeaweb.org/articles.php?doi=10.1257/jep.23.3.3 ) for a few reasons:
1. The article is filled with softball lob questions and statements calling for more regulation that libertarian-minded economists with computer knowledge can and should knock out of the park. I recently read David Friedman’s “Future Imperfect,” and I didn’t realize how important of a book it was until I read this piece. Internet security and crime is a fertile ground for spontaneous order stories, self-enforcement and self-regulation. One part of the article notes how in the U.K., the police units specializing in Internet crime rely on funding from the banking industry (as it should be).
One example is that they compare security software firms to Akerlof’s markets for lemons model, arguing that it is hard to discern the quality of the security of software. Though I agree it is hard for a consumer to be able to understand the complexities of computer codes and their weaknesses, there are several organizations that test and rate this security software. A company that persistently creates vulnerable software will be weeded out through the testing process and news releases.
2. One anecdote explains how private security companies use to keep their virus lists private, in order to beat out competitors in trials that would see which product was able to stop the most viruses. The security industry, realizing that they would all be better off, agreed at the EICAR conference to sharing their virus lists with competitors. This is an example of a self-enforcing coordination operating (as opposed to a prisoner’s dilemma collusion problem).
3. They discuss, certainly not in enough depth, how laws that make it criminal to possess any child sex material, regardless of the circumstance, prevents private companies (ISPs etc.) from hunting down and taking down these sites as finding them entails possessing it, even if it is just as an on-screen image.
4. Finally, the paper, in the conclusion, states “This collective action problem is best dealt with by private-sector information sharing, as it was 15 years ago in the world of computer viruses.”