Economics and Information Security

I'm sitting in a conference room at Cambridge University, trying to simultaneously finish this article for Wired News and pay attention to the presenter onstage.

I'm in this awkward situation because 1) this article is due tomorrow, and 2) I'm attending the fifth Workshop on the Economics of Information Security, or WEIS: to my mind, the most interesting computer security conference of the year.

The idea that economics has anything to do with computer security is relatively new. Ross Anderson and I seem to have stumbled upon the idea independently. He, in his brilliant article from 2001, "Why Information Security Is Hard -- An Economic Perspective" (.pdf), and me in various essays and presentations from that same period.

WEIS began a year later at the University of California at Berkeley and has grown ever since. It's the only workshop where technologists get together with economists and lawyers and try to understand the problems of computer security.

And economics has a lot to teach computer security. We generally think of computer security as a problem of technology, but often systems fail because of misplaced economic incentives: The people who could protect a system are not the ones who suffer the costs of failure.

When you start looking, economic considerations are everywhere in computer security. Hospitals' medical-records systems provide comprehensive billing-management features for the administrators who specify them, but are not so good at protecting patients' privacy. Automated teller machines suffered from fraud in countries like the United Kingdom and the Netherlands, where poor regulation left banks without sufficient incentive to secure their systems, and allowed them to pass the cost of fraud along to their customers. And one reason the internet is insecure is that liability for attacks is so diffuse.

In all of these examples, the economic considerations of security are more important than the technical considerations.

More generally, many of the most basic security questions are at least as much economic as technical. Do we spend enough on keeping hackers out of our computer systems? Or do we spend too much? For that matter, do we spend appropriate amounts on police and Army services? And are we spending our security budgets on the right things? In the shadow of 9/11, questions like these have a heightened importance.

Economics can actually explain many of the puzzling realities of internet security. Firewalls are common, e-mail encryption is rare: not because of the relative effectiveness of the technologies, but because of the economic pressures that drive companies to install them. Corporations rarely publicize information about intrusions; that's because of economic incentives against doing so. And an insecure operating system is the international standard, in part, because its economic effects are largely borne not by the company that builds the operating system, but by the customers that buy it.

Some of the most controversial cyberpolicy issues also sit squarely between information security and economics. For example, the issue of digital rights management: Is copyright law too restrictive -- or not restrictive enough -- to maximize society's creative output? And if it needs to be more restrictive, will DRM technologies benefit the music industry or the technology vendors? Is Microsoft's Trusted Computing initiative a good idea, or just another way for the company to lock its customers into Windows, Media Player and Office? Any attempt to answer these questions becomes rapidly entangled with both information security and economic arguments.

WEIS encourages papers on these and other issues in economics and computer security. We heard papers presented on the economics of digital forensics of cell phones (.pdf) -- if you have an uncommon phone, the police probably don't have the tools to perform forensic analysis -- and the effect of stock spam on stock prices: It actually works in the short term. We learned that more-educated wireless network users are not more likely to secure their access points (.pdf), and that the best predictor of wireless security is the default configuration of the router.

Other researchers presented economic models to explain patch management (.pdf), peer-to-peer worms (.pdf), investment in information security technologies (.pdf) and opt-in versus opt-out privacy policies (.pdf). There was a field study that tried to estimate the cost to the U.S. economy for information infrastructure failures (.pdf): less than you might think. And one of the most interesting papers looked at economic barriers to adopting new security protocols (.pdf), specifically DNS Security Extensions.

This is all heady stuff. In the early years, there was a bit of a struggle as the economists and the computer security technologists tried to learn each others' languages. But now it seems that there's a lot more synergy, and more collaborations between the two camps.

I've long said that the fundamental problems in computer security are no longer about technology; they're about applying technology. Workshops like WEIS are helping us understand why good security technologies fail and bad ones succeed, and that kind of insight is critical if we're going to improve security in the information age.

This essay originally appeared on Wired.com.

Posted on June 29, 2006 at 4:31 PM • 56 Comments

Comments

KeithJune 29, 2006 4:44 PM

Was there any update on the economics effort out of I3P funded by HSARPA?
--
-Ke

RalphJune 29, 2006 6:05 PM

I recognise the huge part economics has to play in security and how much it affects why things are they way they and what constraints exist in moving forward.

But hells bells people, if this is the way it's going I might have to go back to university!

Hoarse from shoutingJune 29, 2006 6:52 PM

Thanks for posting this. Great, necessary stuff. After all, economics trumps politics which trumps security, as Gunnar Peterson says.

Please don't be too quick to take credit for "discovering" the economics of security. Some of us have been shouting about this for decades and we've long since become hoarse...

Pete DapkusJune 29, 2006 6:56 PM

It's not even really applying technology; it's getting economic incentives correctly aligned and getting decision makers to understand the alignment is the key problem.

It seems like every enterprise I come into contact with has created a "security" group whose job it is to keep the enterprise infrastructure secure. It's no surprise that these folks routinely create requirements that often raise development effort/cost past the point of feasibility. They have no incentive to launch new functionality and can only lose if it turns out to be insecure.

In truth, many of these added requirements would probably reduce security just simply on the basis adding the complexity they add to the system.

MacJune 29, 2006 8:56 PM

The article on the costs to a company due to loss of internet was eye-opening.

However, there is one major flaw - you talked about it being a loss to the economy. If I am unable to sell a product to my customers, it is a loss to me. But the customer is fairly likely to buy it from a competitor instead - so there is no loss to the economy overall. (It is only a loss to the economy if they choose not to spend the money at all - even if they spend it on a holiday instead it is still a contribution to the economy)

Worst still is figuring out the difference between 'loss' and 'benefit'. If I convince a customer via marketing to buy a new $50,000 car - is that a $50,000 contribution to the economy?

What if I vandalize someone's car and so they have to buy a new one - as far as the contribution to the economy is concerned, how is it different to convincing them to upgrade via advertising?

There is one argument that vandalism/hacking etc contributes billions of dollars to the economy by convincing people to change the products they own and buy security systems.

At least their 'contribution' to the economy is no worse than advertising!

Mac
(Yes, I realise I'm exaggerating just a little...)

MKJune 29, 2006 9:34 PM

Were there any interesting thing going on ?

I think companies would spend more money on Ad and marketing instead of considering economy.

By the way, do you want to find out if you are a workaholic?

I found one recently
It is kind of personality , behavior test kind of thingy. It is sort of quiz.

http://ibtimes.com/bizquiz/

I am a workaholic according to the result. :(
Have fun guys.

Davi OttenheimerJune 29, 2006 10:19 PM

Well, you're partially right.

Information security is following a well-worn path of technology in human history. In other words, like the plow, hard science of a technology becomes less transformational as human behavior relative to the technology becomes more important (economics, politics, and philosophy, not to mention psychology and anthropology are critical factors). As a tool becomes more commonplace we can easily predict a shift from steps in innovation to stampedes of adoption that bring along resource contention, competing requirements, distribution and control challenges, etc.

For what it's worth, I remember forums about this in the 1980s, not to mention that the NSA has for many decades hired political science grads for information (security) analysis...maybe I'm just biased, since I certainly started with more of an economics background than a mathematical or computer science back in the early 90s, but when people ask me how I ended up in infosec I sometimes ask them how they think farmers ended up with a plow.

Davi OttenheimerJune 29, 2006 10:36 PM

"Some of the most controversial cyberpolicy issues also sit squarely between information security and economics. For example, the issue of digital rights management: Is copyright law too restrictive -- or not restrictive enough -- to maximize society's creative output?"

Ah, I think philosophy is the better practice area for this controversy, or at the very least the ethics of economics and ethical theory.

What would you say about information that was "free" but then became "owned" (e.g. Disney's commercialization of European folklore)? On what basis does an "owner" stake their claim? You can obviously say demand generates interest, but you still need to outline when and how a claim can be staked and by whom. This also touches on the political philosophy by which digital rights are defined and access regulated...since you're essentially defining governance and the nature of power.

JungsonnJune 30, 2006 4:57 AM

I have my own ideas on common security issues, it's not that i need it to post here, but maybe it might be interesting to hear my viewpoint.

To my idea one needs to question why one needs security in the first place. If one needs it, then someone is deterministic to breach it, because of the fundamental mindset of attacking, exploiting or abusing that system.

It's like saying: first there are troublemakers, then we install the police to solve the thing, No, these two arise together. There isn't first the trouble and then police, both ways can be looked upon as starting point. If one installs laws and police, trouble arises also because of the fact that people are resisting this. And one can expect trouble. He can expect a match: it takes two to tango.

So the issue starts where value is being put on things. Then, they try to secure it. Then it will have more value, more security, more value, and in the end security will be breached, because of the mindset of people. change the people's mindset and you wouldn't need security.

Thats how i objectivly think about it.

TOMBOTJune 30, 2006 6:57 AM

I strongly recommend everyone at least check out the last half of Paul Ormerod's "Why Most Things Fail."

Even putting the economic incentive in the right place (as described in Mr. Schneier's excellent column on customer receipts) isn't enough if the person doesn't fully understand it. Neither I nor none of my friends I forwarded that story to knew why they saw signs offering free stuff if you didn't get a receipt; it just seemed like a mean way to screw the poor schlubs working the register for forgetting to do something trivial. At the end of the day most of us hated our supervisors when we worked in food service or retail jobs anyway, so even with the knowledge, no dice.

TOMBOTJune 30, 2006 7:03 AM

And e-mail encryption remains uncommon because current PGP clients and key escrow tools put productivity directly into the toilet. Even grad students in information assurance have a hard time making sure they line up all the pieces correctly. All it takes is one mistake and you've published your private key to everyone. Start over!

UnderpaidJune 30, 2006 7:46 AM

In my opinion, the idea that economics has anything to do with computer security is not relatively new. I agree with Hoarse that those of us in the trenches have known this for decades. We just don't have the spare time to publish papers on the topic (or, coincidently, have the money to attend conferences such as WEIS).

Chris WalshJune 30, 2006 8:48 AM

@RPF

One of the papers this year was an event study which addressed that. Several papers by leading practitioners in the WEIS workshops have looked @this question.

The slide deck you cite is not research in the academic sense, but it is aimed in the right direction, and shows how the work some of the WEIS folks have been doing is diffusing more broadly.

Ross Anderson's on-line reading list has pointers to several of the relevant papers in this area (Google is your friend). Also, you can just look at the bibliography from any of the papers addressing this question from this years's WEIS or last year's for additional pointers. All in all, there are probably 10 papers that are truly relevant to the question of share-price impacts of breaches, and another 20 that have peripheral relevance.

TOMBOTJune 30, 2006 10:41 AM

How about illustrating the rate of return on investing in DRM tech? Was Sony there?

quincunxJune 30, 2006 1:24 PM

"The idea that economics has anything to do with computer security is relatively new."

Really?

" Automated teller machines suffered from fraud in countries like the United Kingdom and the Netherlands, where poor regulation left banks without sufficient incentive to secure their systems, and allowed them to pass the cost of fraud along to their customers."

Poor regulation? You mean over-regulation. If you understand one thing about economics it's this: competition. Top down regulation eliminates this and creates a cover-your-ass mentality. When will you understand this, Bruce?

Pat CahalanJune 30, 2006 1:45 PM

re: economics and computer security being a new idea

For those of you claiming (rightly or wrongly) that people in the trenches have know this for decades or that you personally have known this for some period of time, "new idea" in an academic sense has a particular meaning.

@ Underpaid

> We just don't have the spare time to publish papers on the topic

Well, then, in the academic sense you didn't have the idea. You can come up with the world's greatest theory and rigorously define and fine-tune it, but if you don't publish it for the academic community to digest, agree with, attack, or consider, it's not your idea. (this is how academia works, you can dislike it if you want, but that's the practical reality).

@ quincunx

> You mean over-regulation

I pretty sure he meant "poor regulation", actually. Why don't you write up your *own* fully dressed argument about regulation and put it on the web somewhere. If it's cogent and defensible, maybe I'll be swayed by it and come over to your way of thinking.

quincunxJune 30, 2006 3:11 PM

"For those of you claiming (rightly or wrongly) that people in the trenches have know this for decades or that you personally have known this for some period of time, "new idea" in an academic sense has a particular meaning."

The problem is that there are two ways to approach this.

One is to come from a comp sec background and try to apply economic principles, this unfortunately is difficult to do because economics, like other social sciences is littered with poor arguments and crankism. So the comp sec ends up using a hodge-podge of economic principles (some contradictory, others well disputed) to prove his point.

The other approach is to be a reasonable economist (ie non-marxist) and try to apply his knowledge of human action specifically to the field of comp sec. The latter is not always technically apt.

"I pretty sure he meant "poor regulation", actually."

Any top-down regulation must be "poor" , since it doesn't arise voluntarily.

"And economics has a lot to teach computer security. We generally think of computer security as a problem of technology, but often systems fail because of misplaced economic incentives: The people who could protect a system are not the ones who suffer the costs of failure."

Let me rephrase that to a more generic statement:

"And economics has a lot to teach about the nature of government. We generally think of government as a problem of having the right people and policies, but often political systems fail because of misplaced economic incentives: The people who could protect a system are not the ones who suffer the costs of failure."

Now that's sounds like a good argument against government.

Unfortunately, Bruce, you will never be consistent in your criticism. You will continue to come up with patches (via argumentation) to a hack (gov).

"Why don't you write up your *own* fully dressed argument about regulation and put it on the web somewhere. If it's cogent and defensible, maybe I'll be swayed by it and come over to your way of thinking."

Head over to mises.org & lewrockwell.com, freedomainradio.com. I see no need to reinvent the wheel - I just choose the wheel that is most consistent and difficult to refute without contradicting ones' self.

paulJune 30, 2006 5:27 PM

Some of Tombot's points about the difficulty of putting incentives in the right places (or making them large enough and pointing in the right direction) have a lot to do with the point during development where security concerns are introduced. It's a common truism that it's both cheaper and far more effective to make security part of the architecture more or less from the beginning rather than to bolt it on top/around/underneath after the rest of the architecture is fixed. Indeed, some architectural choices can make building a secure system almost impossible -- or at least very cost-ineffective.

It seems to me that there may be a useful analogy between the kinds of choices that are allowed by different classes of system architecture and the kinds of choices that are allowed by different kinds of market structure. (There's a huge literature, for example, on how various bidding rules for auctions lead to substantially different prices and ultimately more or less efficient markets.) In that case, what we should be talking about isn't so much the incentives for or against security within a particular market/system architecture, but rather how to design markets (system architectures) for security in a way that gives different players and their incentives the widest range of effectiveness.

I think that such an approach might lead to results different from the traditional portrayal of security mechanisms (such as DRM) as constituting a little language that different players use to negotiate, because by the time you get to negotiations using whatever language you have, most of the choices have already been fixed.

Stephan EngbergJuly 1, 2006 5:30 AM

A fine article as always. Privacy & Security erconmics certianly is a very interesting subject.

Through, having worked with Trust socio/economics for many years, I must say, I am puzzled.

There is a pretty straight relationship through the issue of RISK and risk aversion. When a descision make sense risk, barriers to transact with grow - in other words risk or lack of security is a "cost" barriers to trade.

One of the problems are that one tend to mistreat the issue of personal information economics. We cannot know all, evaluate all or even dedicate cognitive energy to every desicsion as the cognitive cost would outweigh the sensed value to achieve.

Point is that this cost or sacrifice loss of income from inaction due to perceived danger are orders of magnitude larger than the accountable cost of security failures.

A 5% "successfull" market penetration vs. a 40% successfull market penetration makes all the difference in the world whereas a 2% loss on actual transactions failling may be substantial. but ignorable in comparison.

And this is before we start accounting for the innovation and allocation value to society if Demand-pull was stenghtend compared to the increasing focus on technology-push or rather marketing-push.

BobTurboJuly 2, 2006 5:20 AM

The arguments in this entry are left-wing non-sense that seems to be swaying towards manipulating the economy in some interventionist way based on a fundamental misunderstanding of the issues.

As quincunx said, learn about competition.

Stephan EngbergJuly 2, 2006 6:36 AM

BobTurbo said:

"The arguments in this entry are left-wing non-sense that seems to be swaying towards manipulating the economy in some interventionist way based on a fundamental misunderstanding of the issues."

When lack of trust hampers B2B processes, nobody would question the valid reasons for NOT collaborating due to lack a security or risk prevention.

But when you move to B2C and rephrase security as "privacy", the economic agents are supposed to naively trust (=accept total risk) towards any commercial entity?

What do we do in business to business when risk elements are blocking a good deal? We redesign and change the deal to take the security needs into consideration.

The article is merely a report from an ermerging academic field. Compare it to the early financial risk analysis models in the 1970s where theories such as CAPM (Capital Asset Pricing Models) etc. was introduced and today consitute central elements of financial market operations.

This field is expanding financial risk analysis to data and identity.

Intervention has nothing to do with that, it is all about giving the market agents better tools to make better descisions that incorporate the cost of risk in operational and technical choices.

The fact that some market agents presently favour business models and technologies without necesary risk protection, is a sign that market risk allocation does not work properly. This is perhaps a product of intervention, ie. when government require "surveillance", they disturb the market and establish power models that is then abused for commercial purposes and creating "externalisties".

This is the exact point, Bruce address, when he talks about reallocating liability.

As an example of how economics and security interact take the growing problem of Identity Theft in US.

One way to rapidly change the alarming problems of Identity theft could be to make data aggregators for credit reporting as a source of risk, liable for related identity theft.

This could disassociate credit from the commercial operation and ensure credit to be provided by specialised credit providers instead of making the entire economy vulnurable only in order to enable data reselling for marketing and "credit" purposes.

Data reselling for marketing purposes could then have to refocus on consumer needs instead of uncoluntary consumer tracking.

Such a change could never be driven by intervention, but addressing the market imperfection of risk allocation, could help the market solve the overall problem of Identity theft by restructuring credit provisioning and data sharing according to market needs.

BobTurboJuly 2, 2006 10:45 AM

Stephan Engberg said:

"The fact that some market agents presently favour business models and technologies without necesary risk protection, is a sign that market risk allocation does not work properly."

Can you give an example other than identity theft as I am not up to speed on this topic? Bruce mentioned Windows which was an invalid example. I mentioned the word "competition". If the motivation is high enough, users will migrate to another product. Leaving your product insecure invites a gap for competitors. It also invites pulling forces from companies that benefit from the product being more secure (eg. retailers wanting more online sales).

The distribution of cost is no reason whatsoever as to why Windows is insecure. Whats more, they are spending a lot of money on trying to make it secure (or build something else that is secure), without intervention of some sort. But when Windows was built, these were not primary concerns to anyone, including users. Consumer demand has determined what a product should be. So maybe, because consumers are now demanding security, Microsoft is trying to patch something together out of Windows. Supply and demand. There is no sign of market failure or any need to redistrubute costs.

solitaireJuly 3, 2006 6:48 AM

@BobTurbo:

IMHO, the economic incentives for companies in a free market does not always lead to the most desirable outcome for the public. There are plenty of examples for this; predatory pricing, dumping, and other things considered "anti-competitive". It's a reasonable thing for government to adjust the playing field so that the profit incentives for companies also lead to optimal results for the public. And the optimality of free markets only comes with (among other things) complete consumer knowledge, which is rare in something complex like technology products. Often, interoperability is actually detrimental to the bottom line, whereas it's often clearly in the public good. Same thing with low switching costs.

Executives of publicly-traded companies can be sued if they don't make the choice that maximizes shareholder value; nothing else can take precedence. The definition of a sociopath is a person who cannot take other people's desires and needs into consideration. Corporations are immortal persons. Think about it.

Actually, I'm not quite as cynical as that argument would indicate. Corporations aren't good or bad, they're machines that maximize profit (and coincidentally also dump risk and externalize any costs possible through the legal system). As the saying goes, hate the game, not the player.

quincunxJuly 3, 2006 8:33 AM

@ Engberg

"Intervention has nothing to do with that, it is all about giving the market agents better tools to make better descisions that incorporate the cost of risk in operational and technical choices."

As long as it's persuasion, it is fine, the moment that it becomes public policy is the moment it becomes intervention. Expect stagnation, poor security, entrenched bureaucracy and inefficiency, and generally more cover-your-ass mentality.

"The fact that some market agents presently favour business models and technologies without necesary risk protection, is a sign that market risk allocation does not work properly. "

Duh! The market for risk assessment does not work properly because of persistent government intervention since the late 19th century, that is the whole body of corporate law, specifically the default position of limited liability and things like FDIC (as well as other gov legal promises and subsidies for special interests) that hamper the natural process of the market to determine things like prices, and in our case: risk-assessment.

Here are other things that hamper risk-assessment: fiat currency, anti-trust laws, SEC, as well as a host of principal-agent problems that plague our legal system.

"This is perhaps a product of intervention, ie. when government require "surveillance", they disturb the market and establish power models that is then abused for commercial purposes and creating "externalisties"."

Right on. This is inherent in all government action. Read "Power & Market" by Murray Rothbard for more on this.

@ solitaire

"IMHO, the economic incentives for companies in a free market does not always lead to the most desirable outcome for the public."

What is this opinion based on? There is no such thing as a 'free market' anywhere in the world. There is only countries with varying degrees of economic freedom randomly distributed among its industries, but directly coorelated with political clout.

"There are plenty of examples for this; predatory pricing, dumping, and other things considered "anti-competitive"."

The things you describe are bogey-men. They do not exist in real life - only in the models of poorly disciplined economists. And to the extent that they do exist, ephemeral as they may be, is only due to easy money policy, and mercantalist-style intervention.

"It's a reasonable thing for government to adjust the playing field so that the profit incentives for companies also lead to optimal results for the public."

That's really funny. The PROFIT is proof of optimal results for the public. The public is what determines if there is a profit or not.

How can a monopoly on force, that funds itself by force, be an agent of
'adjusting the playing field' to the benefit of both parties? Nay, this is stupid - for it is obvious that the only gaining party is the gov itself, and the closest contracting cronies around.
By the latter I mean the first to get freshly issued government paper money before it has time to permeate into society.

"And the optimality of free markets only comes with (among other things) complete consumer knowledge, which is rare in something complex like technology products"

But consumer knowledge IS the market, and vice versa. The two are always complimentary. The ability to spread the knowledge as far as possible is what reduces prices and increases real wealth in the long term.

"Executives of publicly-traded companies can be sued if they don't make the choice that maximizes shareholder value; nothing else can take precedence."

I don't know where you are getting this from. Executes are EMPLOYEES, you can only sue employees for actual damages, you can't sue them for underperformance. You can fire them, though.

"Corporations are immortal persons."

Until they file for bankruptcy.

BobTurboJuly 3, 2006 9:52 AM

solitaire: I was not making a general statement, merely pointing to the particular issues mentioned here. There may be many areas where government intervention is valid and necessary. The problem is when intervention occurs when it is not necessary.

"And the optimality of free markets only comes with (among other things) complete consumer knowledge, which is rare in something complex like technology products. "

Completely knowledge is found nowhere and there is no solution to this imperfection either. Where is the magic device that gives people complete knowledge? Or are you going to let some other person that you have nominated decide what everyone else buys? I do not want a government deciding what features are in my products, what products I purchase, etc. A government has no idea what each and every consumer wants.

Switching costs and other barriers to entry have positives, as they promote better competition. There are many points in regards to this. I am not saying you are wrong, but I prefer sticking to a case by case basis rather than talking in generalisations.

Stephan EngberbgJuly 3, 2006 4:30 PM

@Bobturbo

"Can you give an example other than identity theft as I am not up to speed on this topic? Bruce mentioned Windows which was an invalid example."

Security failures and Identity Theft are externalisties of government intervention and infrastructure power models. Lots of examples - Microsoft passport, Liberty Alliance, Credit cards, mobile phones, PKI, SIM, Trusted Computing, DRM, Cable TV, biometrics, credit reporting etc.

Basically anything trying to spin a "trusted" party persistently into the loop without explicitly delinking transactions to prevent identifier and credential reuse out of context.

If they were liable towards the asociated risk, these technologies would not have been designed as they are. In other wrods, someone else is paying the bill originating in the power model design.

When you talk about bad Windows security, you need to seperate between system fault and system failure, ie. a security breach would have less consequences if the system were designed with security fallbacks in place.

A generic approach to this is to incorporate Privacy enhacing Technologies and principles in the core system architecture.

As an commercial operational example, I have been involved with, see RFIDsec design of passive RFIDs (the paper on "Zero-Knowledge Device Authentication"). Even in this seriously ressource restrained technology, design makes all the difference.

For instance - when they transfer control to the new owner and delete the EPC serial product number in the RFID at point of sales, you create strong security fallbacks against cloning (anti-counterfeit), breach of confidentiality (B2B) and linkage (B2C privacy) even in case of physical tampering.

Strong security is much more about what you cannot do, than what someone can but promise not to do. Power models involve added risk and depend on a failure in market liability allocation.

If markets work, risk will get designed out of these technologies and business models as risk add cost without benefits.

We can hope markets still work longterm but especially government intervention may sustain these distorting effects.

RvnPhnxJuly 5, 2006 12:26 PM

@(other than BobTurbo and quincunx)
I do believe that the aforementioned are just playing y'all. If they were going to offer up a more cohesive and functional argument than "everything that has gotten us to this point is invalid because it isn't an anarchic system without government" then I'd consider them interesting--but the fact of the matter is that they don't seem to know too much history (I'll refrain from assessing other aspects of their demonstrated knowledge).
I do wonder if they know anything about Thomas Jefferson's oppinion on Newspapers and Governments (as quoted recently by Sen. Arlan Specter)--and most importantly about what led him to make the conclusion he did... The point of this is to illustrate the false choice: one doesn't have to choose newspapers OR governments -- it is well possible to have both. The same is true for person-to-person business and government.
Where the rub comes in is that it is often necessary to do business with people (real natural persons, or otherwise) whom you don't know. Without a way to ensure common--or even known and accepted--standards of trust, behavior, and value an economy cannot survive long.
There are many ways to solve this problem--most of them fall under the purview of what we generally call governments. In fact just about everything other than anarchy (including Mafia-style rule) which causes this de-facto trust to exist in some form (including the entirely disfuctional ones) fits under some description of "government."
So, even a true "market economy" (I know of none that actually exist, or have ever existed) requires regulation by government when larger than a certian abstract size. In other words, one cannot have an economy where all actors are not directly connected based soley upon trust (or even fear) alone (without having bloody warfare, for instance--as shown by the historical record).
Therefore, it is a falacy to claim that one must choose "free markets" OR government, as in realty that choice is not only a false dichotomy but it doesn't actually exist. Free "market economies" are a choice, but functional economy without regulation via some means is not a choice.

quincunxJuly 5, 2006 2:23 PM

@RvnPhnx

" If they were going to offer up a more cohesive and functional argument than "everything that has gotten us to this point is invalid because it isn't an anarchic system without government" then I'd consider them interesting"

I don't know where you are pulling this out from. My contention is government is like a 50 pound sack on the back of a marathon runner. Surely he can finish the race, but no one in their right mind would think that he did it BECAUSE of the 50 pound sack.

"but the fact of the matter is that they don't seem to know too much history (I'll refrain from assessing other aspects of their demonstrated knowledge)."

Actually, the truth is quite the opposite.
You must be paying too much attention to the history written by court and state intellectuals, whose material well being depends upon deceiving the subjects. Some of them might be well meaning, but typically fall pray to doublespeak.

"I do wonder if they know anything about Thomas Jefferson's oppinion on Newspapers and Governments "

Appeals to authority is no way to argue, especially when the authority's noble experiment in minimal government failed (either by 1865, 1913, or later depending on criteria used) miserably. He failed to realize that a minimal government can't be, simply because of the nature of the beast.

"The point of this is to illustrate the false choice: one doesn't have to choose newspapers OR governments -- it is well possible to have both. The same is true for person-to-person business and government. "

This is an interesting allegation of a false dichotomy that itself falls into being a false dichotomy.

First of all, you or I can exercise our choice & our earned money to buy or not to buy newspapers. Now tell me, are you aware of any safe method of claiming your property as a sovereign state?

Person-to-person business (non-crime) does not entail one stealing from the other, it is not a parasitical transaction, and only occurs if two parties ex-ante believe that they will benefit. The government on the other hand decides how much it will steal, and then steals it. Aside from the rhetoric that it's good for you, it is still theft. Is the double-standard of morality not apparent here?

'The state has been living on a revenue which was being produced in the private sphere for private purposes and had to be deflected from these purposes by political force. The theory which construes taxes on the analogy of club dues or of the purchase of the services of, say, a doctor only proves how far removed this part of the social sciences is from scientific habits of mind.' - Joseph Schumpeter (economist)

"Where the rub comes in is that it is often necessary to do business with people (real natural persons, or otherwise) whom you don't know. "

That's an interesting way to solve a problem: Instead of having two people making a business decision based on polycentric legal standards, you suggest that:

It is better for each of these two to be taxed and regulated by a third party against their will, and then be subject to the mandates of this third party. And somehow this third party will NOT possibly form an antagonistic relationship between both parties or one of them.

"Without a way to ensure common--or even known and accepted--standards of trust, behavior, and value an economy cannot survive long. "

You are confusing government with governance. Technological standards for the most part (non-military) are created by the market, for the market. The standards of trust, behavior, and value should only be subject to property rights violation, that of persons and objects. It is funny to suggest that the government, an agency that exists only by violating these rights is the same one that will justly guard those rights.

"There are many ways to solve this problem--most of them fall under the purview of what we generally call governments. In fact just about everything other than anarchy (including Mafia-style rule) which causes this de-facto trust to exist in some form (including the entirely disfuctional ones) fits under some description of "government."

Again, don't confuse actual governments with governance. No anarchist is against governance.

When I speak of government, I specifically mean the parasitic State. That actual existing body that robs you with a concealed weapon, and tells you it's for society's good.

"So, even a true "market economy" (I know of none that actually exist, or have ever existed) requires regulation by government when larger than a certian abstract size. In other words, one cannot have an economy where all actors are not directly connected based soley upon trust (or even fear) alone (without having bloody warfare, for instance--as shown by the historical record). "

The historical record shows MOSTLY state warfare. I'm amazed you even claim to know history, yet you should realize that the atrocities of governments in the 20th century has killed more people than all the private crime throughout history!

Shit, even if you remove the fascists: FDR, Stalin, Mao, Pol Pot, Pinochet, Hitler, Moussolini, state crime is multi-factors of magnitude ahead of private crime in human history.

You suggest that it is important for a third party to exist that enforces contracts between two parties, but yet it is a non-sequitor to go from

'there ought to be a third party people can go to settle disputes'

to

'there must be ONE third party that people MUST go to to settle disputes, even in cases where this party is itself is being disputed'.

"Therefore, it is a falacy to claim that one must choose "free markets" OR government, as in realty that choice is not only a false dichotomy but it doesn't actually exist."

Free market is a loaded concept. Taken to it's extreme it means exactly that: FREE MARKET- only private contracts, enforceable by agreed upon arbitrators.

Government on the other hand IS a monopoly of violence and justice in a given territorial area.

All that you are talking about is a MARKET. The term 'free market' is often useful for comparing nations' policies.

"Free "market economies" are a choice, but functional economy without regulation via some means is not a choice.""

But it would be a non-sequitor to say that this regulation can only occur by a monopoly force. Free Markets are self-regulating, when centralized violence fed by theft is removed.

quincunxJuly 5, 2006 5:14 PM

Wow, I'm impressed with your style of arguing. Throw up a strawman, ignore my claim of it being one, and then proceed to delight in your crapulence.

Your point, if I recall was: "everything that has gotten us to this point is invalid [to quincunx] because it isn't an anarchic system without government"".

My point is the marathon runner analogy: he finishes the race DESPITE the 50 pound sack, not because of it. Progress is the result of the market, not government., therefore I would be an idiot to think that 'everything is invalid' up to this point, since we've at least had a market, hampered as it might have been.

My contention is that government HAMPERS the only process by which progress can occur, not to say that it removes it outright, for that would not be good for the agents of government as well.

I was hoping you'd have something more constructive to add, but alas my quote was quite proper, for it 'proves how far removed this part of the social sciences is from scientific habits of mind'.

Pat CahalanJuly 5, 2006 6:10 PM

@ quincunx

> he finishes the race despite the 50 lb sack, not because of it.

You haven't provided much in the way of compelling evidence of this. You've also not examined the possibility that (to use your analogy's terms) it is not possible to have a race without carrying a sack, and the 50 lb sack is the lightest one available.

> Progress is the result of the market, not government.

Combine this with your own earlier statement:

> There is no such thing as a 'free market' anywhere in the world. There is only
> countries with varying degrees of economic freedom randomly distributed among its
> industries, but directly coorelated with political clout.

Since "progress" is the result of the market, but there are no "free" markets, it follows that "progress" is the result of the regulated market. You contend that removing the regulation will make the market more efficient at stimulating progress, but that does not necessarily follow.

> state crime is multi-factors of magnitude ahead of private crime in human history.

Since you by definition call taxation theft (whereas not everyone does), this statement is meaningless for someone who does not share your definition.

> 'there ought to be a third party people can go to settle disputes'
>
> to
>
> 'there must be ONE third party that people MUST go to to settle disputes, even in
> cases where this party is itself is being disputed'.

This is a valid point. However, you never successfully (IMO) defend the idea of distributed "third parties". Moreover, there is a blanket assumption here that "the government" is a unit (ONE). This can be true, certainly, but at least here in the US the government is designed (specifically, although not necessarily with perfect efficacy), to be broken into three pieces, any two of which can over-rule the third.

> Appeals to authority is no way to argue, especially when the authority's noble
> experiment in minimal government failed miserably.

This is an improper use of "appeal to authority". An appeal to authority is a fallacy if and only if the authority is not within his/her area of expertise. You may think that Jefferson's experiment in minimal government failed, but he was intimately involved with one of the very few incidences of the creation of a governmental system, so he certainly qualifies as *an* authority.

> He failed to realize that a minimal government can't be, simply because
> of the nature of the beast.

I happen to agree with this statement, but you don't defend it well. In any event, this does not go anywhere towards showing that a more monolithic government doesn't work.

Finally:

> Now tell me, are you aware of any safe method of claiming your property as
> a sovereign state?

No. In fact, this is a point I've been trying to stress with you in various other conversations on this blog. You claim that a stateless society is superior. Regardless of the truth of your position, I claim that it is impossible in our industrialized, agricultural world for a stateless society to exist in equilibrium. You cannot "check out" your property and claim it as a sovereign state as an individual, the state will prevent it. If you *could* control the government and dissolve it in favor of a stateless society, the resulting entity would be incapable of surviving the impact of the other societies in the global environment. Dissolve a strong central government and the neighboring strong central government will eat the resulting children.

> you should realize that the atrocities of governments in the 20th century has killed
> more people than all the private crime throughout history!

Your words.

quincunxJuly 5, 2006 7:04 PM

"You haven't provided much in the way of compelling evidence of this. You've also not examined the possibility that (to use your analogy's terms) it is not possible to have a race without carrying a sack, and the 50 lb sack is the lightest one available."

You sure know how to nitpick an analogy. Fine, imagine the runner has grenades thrown at him by envious people.

Please don't come up with a creative reason how having grenades thrown at you can be a benefit to your goal.

"Since "progress" is the result of the market, but there are no "free" markets, it follows that "progress" is the result of the regulated market. You contend that removing the regulation will make the market more efficient at stimulating progress, but that does not necessarily follow."

I want to remove centralized regulation by fiat, not self-regulation, motivated by profit/loss & consumer satisfaction.

I say that centralized force is a cancer, and so the best way to solve it is to get rid of it. You are telling me, that this cancer may not be so bad afterall and maybe we should just medicate it, or you are just denying the existence of the cancer to begin with.

"Since you by definition call taxation theft (whereas not everyone does), this statement is meaningless for someone who does not share your definition."

I believe I have already pointed this out to you before, if you don't think taxation is theft, then try not paying it...

BTW, historically taxation is indeed theft, that is the origin of the word.

Do you need some 'proof' or do you think you can look it up yourself?

The view that taxes a voluntary contribution to a club, or a social contract of some sort is one of the biggest hoaxes in history. It is precisely why my quote from Schumpeter was so apt.

"This is a valid point. However, you never successfully (IMO) defend the idea of distributed "third parties". Moreover, there is a blanket assumption here that "the government" is a unit (ONE)."

You can look up the many resources available online about polycentric legal systems.

You are correct, there is more than one. There is the local thugs, state thugs, regional thugs, federal thugs, and even international thugs. The spoils is distributed among the gang of thieves, sometimes they fight amongst themselves.

"This can be true, certainly, but at least here in the US the government is designed (specifically, although not necessarily with perfect efficacy), to be broken into three pieces, any two of which can over-rule the third."

These supposedly independent three pieces are funded by the same means. In case you haven't noticed - they can never restrain the power of the executive in time for it not to do any damage. Iraq ring a bell?

"You may think that Jefferson's experiment in minimal government failed, but he was intimately involved with one of the very few incidences of the creation of a governmental system, so he certainly qualifies as *an* authority."

I do not deny he has some *authority* in the matter, yet RvnPhnx was still making an appeal to him.

It would be also helpful to note that he violated the constitution several times when he was president, proving once again that power corrupts. In fact his unconstitutional purchase of the Louissiana Territory almost made New England secede from the union, something that was still possible in early 1800s, but not in 1860s.

"You cannot "check out" your property and claim it as a sovereign state as an individual, the state will prevent it."

I was mearly mocking RvnPhnx with the obvious.

The fact that you can't do with your private property as you wish further goes to show that the gov's protection of your 'private property' is a freaking joke. It says: we will persistently loot you for you own protection, but should you decide to withdraw from our services we will kill you.

"If you *could* control the government and dissolve it in favor of a stateless society, the resulting entity would be incapable of surviving the impact of the other societies in the global environment."

I don't want to control anything, I want people to question everything. The move towards a stateless society can only result by voicing the right idea that peace through markets is the only way to progress.

"Dissolve a strong central government and the neighboring strong central government will eat the resulting children."

Why do you say that? It's much more difficult to take over a territory with no central government. There is no central authority to take over, and use its tools to further oppress its people.

Perhaps you are not familiar with feudal warfare. It goes something like this: battle the noble, win, take over & tax the populace.

By civilization standards midevil Ireland, primarily an anarchistic society managed to ward of the anglo-saxons for a thousand years. And yes, public roads, lighthouses, etc., were all privately built.

"Your words."

Denial? Or lack of googling ability?

Pat CahalanJuly 6, 2006 12:37 PM

@ quincunx

> It's much more difficult to take over a territory with no central government.

Why do you say that?

You've brought up the example of medieval Ireland before. I would content that Ireland's ability to withstand the Vikings' depredations from 800 until 1100 (three hundred years, by my count, hardly a thousand) has everything to do with military technology and geography and nothing to do with the anarchic character of Irish society. Once military technology advanced to the point where it is feasible to transport and equip sufficient troops to overpower any one of the individual groups of Irish citizens who band together for self-defense, you can conquer the society (which indeed is what happened).

I imagine the aborigines of Australia and the native population of north and south America would dispute your claim that decentralized societies are more difficult to conquer or control. Military analysis is more complex than such a blanket statement.

Also -> you can't have it both ways. You claim that governments in the twentieth century have perpetrated atrocities outweighing thousands of years of private crime. Okay, I accept your position. Ergo, there are a great number of centralized states in the world with the moral equivalence of Gengis Khan without his morning coffee. Moreover, the killing power of those centralized state's armies vastly outweighs the killing power of a decentralized societies "personal defense groups" or whatever you want to call your decentralized police force. Or are you thinking that individual citizens should be able to equip themselves with nuclear weapons for personal defense?

Last question for you. You go to some effort to post to a great many of the threads on this blog. Your postings generally are limited to the *same* set of comments. When challenged to provide more stringent argumentation, you instead defer to exterior sources ("Head over to mises.org & lewrockwell.com, freedomainradio.com. I see no need to reinvent the wheel"). Moreover, you do this without providing any qualifications for these sources or attempting to establish their credibility, while concurrently accusing others of relying upon authorities with no credibility. You dismiss counterpoints out of hand ("The things you describe are bogey-men."). Generally speaking, you take a very combative and insulting tone with people who disagree with you.

What's your motivation? If you're trying to convince people that your position is correct, I have to tell you that I find it very unlikely that you're going to get any converts with your current methods. You decline invitations for more polite discussion. If you're just trying to rant, that's fine (but I confess I'm going to stop wasting my time trying to hold discourse with you). If you're just trying to drive traffic to anarchic or libertarian web sites, I suppose that may be working.

quincunxJuly 6, 2006 3:31 PM

"You've brought up the example of medieval Ireland before. I would content that Ireland's ability to withstand the Vikings' depredations from 800 until 1100 (three hundred years, by my count, hardly a thousand)"

I believe I have brought up Iceland before, not Ireland. You are specifically talking about Iceland, the facts are correct. I will focus on Ireland.

"has everything to do with military technology and geography and nothing to do with the anarchic character of Irish society."

That's interesting. What you are telling me is that 'military technology' just sort springs out of nowhere as if a predominantly free market had nothing to do with its development. People were free to arm themselves, and they did.

What is Ireland's major geographic advantage? Being an island? Can you tell me why inhabitants of other islands did not manage to do the same for as long?

"Once military technology advanced to the point where it is feasible to transport and equip sufficient troops to overpower any one of the individual groups of Irish citizens who band together for self-defense, you can conquer the society (which indeed is what happened)."

Not exactly. Civilizations fall because of the turmoil within. The Irish abandoned their anarchistic nature before getting conquered in the 17th century. Yes, you are correct the British weapons surpassed that of the Irish, but it should be noted that while Ireland abandoned it's free market anarchy, Britain embraced for the first time a relatively small government, ergo there was enough wealth created from this to be directed for military purposes.

"I imagine the aborigines of Australia and the native population of north and south America would dispute your claim that decentralized societies are more difficult to conquer or control."

Please avoid making comparisons to nomads and essentially primitive societies, especially since disease was the primary killer.

"Moreover, the killing power of those centralized state's armies vastly outweighs the killing power of a decentralized societies "personal defense groups" or whatever you want to call your decentralized police force."

I find this interesting, considered that the bulk of history is STATE-to-STATE warfare, where a centralized gov defeats another centralized gov. To mock the few examples were anarchistic societies eventually failed to stand up, in NO way proves that a centralized force is better.

Neither system makes a 100% guarantee that it will not be defeated, however there is plenty of evidence (you can google for it) that decentralized force (such as guerilla warfare, civil disobedience, private agencies etc..) is more resilient. Look no further than the bloody path of US foreign policy that failed to defeat such defense tactics.

Also a defeat of a decentralized system will typically only involve that geographic portion of it where the troops have taken over. The rest may be able to stand up, as there is no central seat of power (state capital) from which one can issue orders and oppress the non-soldier occupied territories.

There is also less chance of treason, as there is no political position to suck up to.

"Or are you thinking that individual citizens should be able to equip themselves with nuclear weapons for personal defense?"

Of course not, the maintenance costs of securing it would be too high. We should have it privately owned by groups, though. As MAD is a key to ensuring peace. Notice how the nations with them always attack the ones without 'em.

"Moreover, you do this without providing any qualifications for these sources or attempting to establish their credibility, while concurrently accusing others of relying upon authorities with no credibility. "

What you are telling me is that my DEFAULT position is wrong, so I have to go out of my way and prove it. My argument is that people have already ASSUMED something when they start discussion. I don't see why the whole burden of proof is on me, and yet none of it on others.

How the hell am I supposed to prove 'qualifications' when most people assume that state-funded media is the quality mark?

By state-funded I also mean the private corporations that have locked into a radio transmission rights cartel.

"You dismiss counterpoints out of hand ("The things you describe are bogey-men."). "

Well excuse me, it's not as if the person in question elaborated on the 'catch phrases' he uttered.

So why should be up to me to disprove something that DOES NOT EXIST? Is it up to the unicorn unbeliever to prove his position?

Predatory pricing is a price that a competitor can't handle, and therefore must appeal to the anti-trust thugs to put a hold on this 'competition' so that it can be redirected back to him. Predatory pricing is COMPETITION, and therefore regulating it in favor of poor competitors is ANTI-COMPETITIVE.

When competition should be curtailed in the name of competition, you know the term is meaningless gibberish.

"Generally speaking, you take a very combative and insulting tone with people who disagree with you."

Because they utter the same nonsense I used to.

"What's your motivation?"

To get people to question their indoctrinations. They don't even have to go all the way - just questioning is good enough.

"If you're trying to convince people that your position is correct, I have to tell you that I find it very unlikely that you're going to get any converts with your current methods."

Maybe. I'm trying out a new strategy, it's called don't be other people's bitch, don't run around giving them all the proof they desire, only to have them yawn, say 'well that's good and all, but I don't think humans are rational, moral, there's no such thing as economic laws, etc..'.

The new strategy is to just attack their fundamental beliefs, and see if they are at least open minded and curious.

You seem to be a good example.

It's sort of the girls-like-jerks approach.

" If you're just trying to drive traffic to anarchic or libertarian web sites, I suppose that may be working."

I'm sure you know that's partially true.

peachpuffJuly 7, 2006 12:46 AM

@ quincunx

What exactly is your position on the economics of information security? I don't see how getting rid of government (banning it?) would help in that area.

quincunxJuly 7, 2006 7:33 PM

@ peachpuff,

In brief I elaborate on Engberg, and apply the historic record to say that the market for risk-assessment, the very thing that would make proper financial/security tradeoff calculation possible, is severely hampered by persistent government intervention in several areas. These areas include its role in the monopolization of the money supply, fractional reserve banking, depositor 'insurance' (a fraud, really), and financial institutions in general. Other areas include anti-trust laws (which are inherently anti-competitive, despite all the rhetoric), trading regulation (which creates the principle-agent problem), as well as other specific regulations in various industries.

Let us say that a given financial institution calculates that its poor security is probably responsible its loss of business to the tune of $10 million. It would be in its best interest to invest UP TO 10 million to get better security. Think of it as reducing shrink.

Keep in mind that all financial institutions are heavily regulated. They are told what amount of cash to keep on reserve (10% today), they are told that should they start going belly up, the gov will print up to $100,000 to each depositor (FDIC), and they borrow credit created by the FED out of thin air at artificially low interst rates.

Now what kind of incentives does that produce?

You can create credit on top of your reserves, and should you start to become insolvent you will be bailed out! In fact this is exactly what happened when the gov raised 'insurance' to 100K in the 1980s - we got the Savings & Loan crisis by end of that decade.

Now of course, we do realize that financial institutions are still competitive in the sense that they would prefer not to prospectively lose $10 million from security incompetence, but they are essentially secure from failure, and hence their eagerness to establish proper security is heavily reduced.

If you are a financial institution in the current climate what can you do to beef up the illusion of security while taking very little responsibility yourself?

Socialize it!

You get the government to establish security standards, and a whole regulatory board (perhaps headed by the aspiring Bruce Schneier [joking]) so that you no longer have to compete with other institutions in the area of security. Some of the regulation costs may be shouldered by financial institutions, yet such thing is not a problem, and historically has not been a problem, for the costs of regulations are easily absorbed by the bigger institutions. This regulation, just like all others has the effect of cartelizing the industry being regulated, by increasing the cost to entry in a given field. Over time what will happen, I think it's pretty obvious, and has happened, is that this regulatory agency will be captured by the industry. The 'security standards' in place will be used to further thwart the privacy of consumers, the greatest risk bearers of all. This will bring us one step closer to where the US is already heading: economic fascism, a system of privatized profits, and socialized losses.

Because the administration of security is socialized, there is absolutely no need to compete in this area, and any problem of security will be resolved at taxpayers' expense. Financial institutions simply need to follow the regulation to a tee, after which they can excuse themselves from any responsibility. This is what I call cover-your-ass mentality (thanks to Bruce).

The risk assumed by consumers, tax payers, financial institutions, and government will probably look something like this: Government (0%), Financial Institutions (5%), Tax Payer (35%), Consumer (60%).

One may think I'm making numbers up, but they are not baseless, only the last two may be somewhat inaccurate.

We know that Gov will have 0% risk, since the regulatory body is not voted in, but appointed. Their only worry is that of individuals being fired for getting too much bad publicity. But the money they acquired (mostly through corruption) is never taken back.

Financial institutions only fear is that of screwing up big time in the eyes of the public and ending up in a litigation with the gov. Don't worry, if the gov wins (it usually does, since it is a monopolist judge also trying to cover up its own ass), rest assured that most of the money will simply go to political coffers, very little to the consumers.

The last two are difficult to gauge amongst themselves, but it is obvious that they will be the most bilked.

OK, so far so good, but what the hell does anti-trust laws have to do with it?

Well, there are two views on what competition is. The right view is that whatever is profitable (that is, what consumers are voluntarily willing to spend their earned money on) is competitive. The wrong view is that size (as well as other superficial qualities) is what determines competition. This wrong view came out as a ex-post-facto rationale for government intervention. It was developed by state-subsidized economists & anti-trust regulators in the 1920's & 30's, i.e. political rent-seekers, long after interventionist policy was already established in the US.

The wrong view does has a shred of legitimacy, but it itself is caused by putting the wrong view to practice. This means that trying to solve the alleged problems arising from the right view, by using the wrong view, in the long run exacerbates the very thing the wrong view was trying to eliminate. At which point the wrong view has gained some legitimacy at pointing out the size disparity created by its own application. Heavily regulated industries, get a cartel conferred to them in the name of competition, because the regulation itself imposes strict barriers to entry (something the wrong view alleges to care about, mind you), either outright by 'license fees' or through ridiculous bureaucratic hurdles. This process hamperes competition in the free market system in allocating resources to their most proper use.

What kind of incentives does this create?

If the financial institution is being careless with its security measures, another forsighted company will wish to acquire it, resolve the security measures quickly, and realize a profit. This forsighted company is thwarted in this effort by the layers of bureaucratic red tape that are associated with mergers. In the mean time that financial institution continues to take their sweet time not resolving the problem, because their is effectively no punishment, and possibility of failure.

What about trading rules, how does that affect the playing field?

What the SEC has effectively managed to do, is to empower the managers at the expense of shareholders. This is known as the principal-agent problem. Any individual or company that wishes to acquire a large portion of stock through a proxy fight, in order to make the acquired company more efficient and realize a profit, is thwarted by bureaucratic red tape of the SEC. This proxy fight phenomena has been pejoratively called 'hostile takeover', and this whole process has been enshrined in socialist jargon as some sort of 'greed' tactic. Those who think there is something wrong in 'hostile takeovers' have fallen hook, line, and sinker for the wishes of self-interested managers. The proxy fight is exactly what put fire under asses of managers to get their act together and resolve their inefficiencies. This market process has been thwarted in favor of inefficient and incompetent managers, at the expense of the shareholders and the general public.

It is not easy to explain all the many ways that government regulation hampers the market process of risk-allocation, as well as hampering the availability of a stable monetary unit in the marketplace. That would require reading way too many books. I hope I have done a decent job in explaining some of the ways that putting security legislation will do absolutely nothing to solve the various existing problems, and in fact may even make them worse.

In a genuine free market the financial institution would just pay up to $10 million dollars to solve the shrinkage problem. And if they didn't somebody else would, and they would acquire more profits. Others would follow in the footsteps of profit generated by consumer demand for the proper level of risk-assessment.

The more complicated things become the more likely it is for a business to INTERNALIZE services, to make it easier for consumers. Not all will follow the same route, while some may compete for price, others will compete for quality of service. Only in a free market can the proper trade off be made.

I may have to elaborate more on the last part. I get the feeling Pat Cahalan, as he has previously done, will point out that I have a good argument against regulation, but have done nothing to prove that its absence is better.

To this I say that it logical follows that removing barriers to choice obviously allows freedom to choose. The question now becomes how do you get people to visist your shop. and not someone else's? I think it's easy to see that you will have to provide the best service at the least risk to consumers.

To think that some government regulation is better than none is to think that a slave would be better off with an ice tray, a comfy bench to lean on, and a lighter whip, then just removing the slave owner from the picture entirely.

---

My position on economics of information security is to allow the economics aspect of it to actually function. Therefore I support Free Market Anarchism, the only position that will actually work because the freedom to choose is an inherent aspect in this system.

peachpuffJuly 9, 2006 5:55 PM

What if the $10 million problem costs $20 million to fix? What if it costs the public $200 million in stolen money?

I don't believe that choice, competition, and freedom are simple quantities that we have either more or less of. In your slave example, removing the slave owner means removing his option to own slaves and overriding his choice to do so. It should be done, and the government should do it.

quincunxJuly 10, 2006 2:09 PM

What if the $10 million problem costs $20 million to fix? What if it costs the public $200 million in stolen money?

First of all there is no permanent fix in a changing world. The best solution will be sought after those who want profits.

"I don't believe that choice, competition, and freedom are simple quantities that we have either more or less of. "

There are not quantitative, they are qualitative.

"In your slave example, removing the slave owner means removing his option to own slaves and overriding his choice to do so. It should be done, and the government should do it."

The government is the slave owner. Duh.

quincunxJuly 10, 2006 2:10 PM

What if the $10 million problem costs $20 million to fix? What if it costs the public $200 million in stolen money?

First of all there is no permanent fix in a changing world. The best solution will be sought after those who want profits.

"I don't believe that choice, competition, and freedom are simple quantities that we have either more or less of. "

They're are not quantitative, they are qualitative.

"In your slave example, removing the slave owner means removing his option to own slaves and overriding his choice to do so. It should be done, and the government should do it."

The government is the slave owner. Duh.

peachpuffJuly 12, 2006 4:22 PM

I'm aware that you are criticizing government by comparing it to a
slave owner. I was trying to criticize your comparison by pointing
out what happens with real slave owners.

I'm saying that not all limitations imposed from the outside are the
same (or different merely in degree). When a slave owner (a real one)
makes someone a slave, that is different than a government throwing
the slave owner in jail for owning a slave.

The simple formula that all limitations are bad fails. Giving free
reign to the slave owner's profit motive leads to a bad result.

quincunxJuly 12, 2006 4:55 PM

peachpuff, I think you have trouble understanding that I was advocating Natural Law. Natural Law does not have slave ownership - because it would be within anyones' right (including the slave) to abridge this non-right of the slave owner.

"The simple formula that all limitations are bad fails. Giving free
reign to the slave owner's profit motive leads to a bad result."

Yes, but it is still a non-sequitor to conclude that only a MONOPOLY judge funded by coercion is the only way to enforce laws.

I never made a claim that limitation is a bad thing.

In fact I advocate limitation by market forces. Market forces tell me that I can't profitably operate a lumber company on my 2500 sq ft of land in a city environment.

Doing so is illegal, but does it need to be? I would be wasting my resources in trying to do that, and therefore I never will. If we also include the fact that noise rights were homesteadable just like they were in the early 1800s, I would never be able to get the project started since I would have to pay off my neighbors heavily.

There are many ways to have 'limitations' via market forces, in my opinion and by histotic record, compulsion is the most anti-social way of doing it.

peachpuffJuly 14, 2006 3:36 AM

It's not enough to declare that someone has a right. What will you do when market forces favor slavery? Declare that your theory of allowing it is still perfect because the perpetrator is following a different theory? That doesn't help the slave.

quincunxJuly 14, 2006 2:41 PM

In what way can the "market" favor slavery?

I don't remember a market in slavery that was not backed by state policy, can you?

Everyone has the right to purchase protection services, and those can not will always get by on charity or mutual insurance organizations.

I am telling you that you are a slave to your country ALREADY, so why are you worried about the free market?

peachpuffJuly 14, 2006 10:26 PM

The market can favor slavery the same way it can favor anything else: by making it profitable. Many slave owners and slave traders have gotten rich off of slavery, and none of them were required by law to do so. They were simply allowed.

In my country (the USA) there was a slavery industry so strong, so profitable, that it fractured the government's power when threatened by the government's policies.

The bottom line is that you have nothing to offer. Governments are started and continued by people. It makes no sense to claim that government is a source of evil and people are not. It makes no sense to assume that people without a government will never choose to start one. Where do you think the ones we have now came from?

quincunxJuly 17, 2006 12:53 PM

"The market can favor slavery the same way it can favor anything else: by making it profitable. Many slave owners and slave traders have gotten rich off of slavery, and none of them were required by law to do so. They were simply allowed."

Except that you forget that it was becoming apparent in the late 1800s that slavery was a poor way to develop.

They were not required to own slaves, but they socialized the enforcement of slavery. You don't seem to understand that if every slave owner had to have his own policing agency, it would become apparent that slavery is NOT profitable. By forcing non-slave owners to pay for your government-backed privilege is the method by which most governments reinforce evil.

"In my country (the USA) there was a slavery industry so strong, so profitable, that it fractured the government's power when threatened by the government's policies."

Slavery was around everywhere - it was NOT because of magical government action that it actually disappeared. It was because it was not profitable anymore.

Labor needs capital to be productive. Non-free labor is not productive. Cuba went from being the 8th richest nation in the world in 1955 to one of the poorest, simply by instituting socialism (i.e. slavery).

"The bottom line is that you have nothing to offer."

I just want people to question what they learned at their indoctrinations camps.

If term anarchism does not appeal to you, then you can call it 'free government'.

"Governments are started and continued by people."

Right, except there is no CONSENT, never was and never will be. It is a fake contract backed by nothing but force.

"It makes no sense to claim that government is a source of evil and people are not."

I never claimed such a thing. My contention is that if some people are evil, then the last thing that is wanted is free entry into a territorial monopoly on force. I propose a free market solution, so that the Iron Law of Oligarchy will apply to a constantly rotating set of 'rulers' who derive their income through giving customers what they want at the lowest price, as apposed to an entrenched bureaucracy that has absolutely not economic means to figure out what people want, but generally proceeds anyway under the pretense of knowledge.

" It makes no sense to assume that people without a government will never choose to start one. Where do you think the ones we have now came from?"

Doctrines, mysticism, irrationality, violence, emotionally appealing rhetoric.

The US constitution was signed by 56 men, therefore only 56 men have a government.

You see how that works?

Imagine you decide to form your own country. The way it has worked historically, is that you go over to your neighbor and beat him to submission, and then ask him to pay you for his protection services. Others will get the message and follow you.

The idea that people somehow 'create' government as some sort of immaculate conception arising spontaneously is the saddest joke that people still believe. And if you want to know why they do, it's because a lot of taxpayer money is spend on duping the public over & over again.

A private business has no reason to indoctrinate children for 13-25 years, but a government does.

peachpuffJuly 21, 2006 7:50 PM

I've tried to be extremely clear but you continue to misunderstand me.

The flaw in your position is that you want to remove government and make everyone free: free to own slaves, free to beat their neighbors and start a bad government without consent, etc. You claim it won't happen because it's never cost effective, then in the next paragraph you complain about how it's happened in the past. (In the case of slavery, you even say that it stopped because it wasn't cost effective *anymore*.)

Please stop assuming that I'm indoctrinated and spouting nonsense and pay attention to what I'm actually saying. Anarchy is an inherently temporary state. It has a track record of being immediately followed by things far worse than our current system.

Bruce SchneierJuly 24, 2006 1:45 AM

"A private business has no reason to indoctrinate children for 13-25 years, but a government does."

You're kidding, right? Have you ever seen an advertisement?

quincunxJuly 24, 2006 10:26 PM

@peachpuff

"free to own slaves, free to beat their neighbors and start a bad government without consent, etc."

I think it is you who is having trouble interpreting what i'm saying. I'm not a relativist - I suggest natural law. Natural law is the non-aggression axiom. You are not free to own slaves because it's a violation of the pre-slaves' right. And therefore the pre-slave is within his rights to defend himself or contract with someone who will do it for him.

"You claim it won't happen because it's never cost effective, then in the next paragraph you complain about how it's happened in the past. (In the case of slavery, you even say that it stopped because it wasn't cost effective *anymore*.)"

Slavery was always a state sponsored institution. It went away DESPITE laws that were around to SECURE it. The same thing would have happened in the US if the government stopped subsidizing slave owners.

I don't see how I'm being inconsistent. The problem of slavery was simple refusable to apply the general moral law to every human being. The government had a heavy hand in creating divisiveness among the population.

We don't have slavery now, not because of lack of anarchy.

"Anarchy is an inherently temporary state. It has a track record of being immediately followed by things far worse than our current system."

This one I find extremely amusing. The thing after Anarchy has always been the State. That is: our system. So I guess in a sense you are right.

The united states was originally extremely anarchic in nature, and the anti-federalists wanted it to be that way, but alas we got a strong central state instead.

@Bruce

I think you should learn the difference between advertising and propaganda.

For example: advertising does not steal your money and tells you that it's good for you. In fact, at best all it can do is appeal to your self interest. You are not compelled to buy anything or even watch the damn thing. Propaganda on the other hand is systematically justifying theft or future theft. The role of propaganda is too eliminate choice! Advertisement is all about choice.

Bruce, when you find me a private company that compels you under legal force to visit their office and show you advertisements 6 hours a day, 180 days a year - then you may have a point.

K. Signal EingangNovember 22, 2006 3:52 PM

"Bruce, when you find me a private company that compels you under legal force to visit their office and show you advertisements 6 hours a day, 180 days a year - then you may have a point."

quincunx, you are clearly one of a kind. Most people would be embarassed to admit they were cribbing their entire political philosophy from Pink Floyd's "Another Brick In The Wall pt II".

fubarApril 24, 2007 3:40 PM

|what is the effect of industry/ economy
| and government
|
| Posted by: Anonymous at
| April 4, 2007 07:48 PM

an integral analysis (Jean Gebser, Sri Aurobindo, Ken Wilber, etc.) would look at the history of how societies develop/evolve, including the part left out in conventional approaches: spiritual development.

democracy is part of modernism, along with reason/science, technology, industrialization, and separation of church and state.

modernism rejects traditional authority: high ecclesiastics, aristocracy.

natural law was a pivotal concept, it rejects traditional authority ("divine right of kings"), and frees people to believe what they want, think what they want, and engage in economic activities without feudal/imperial control/restrictions.

The complication is that at the historical point that modernism (democracy) emerged (in europe), so did nationalism and european imperialism.

Weirdly, reason, science, technology and industry contributed to the expansion of imperial power and the moment that it also gave birth to modernist democracy. The tension between imperial and democratic paradigms in modernist societies continues to this day.

Also weirdly, the USA is a modernist society built on pre-modern (feudal) political and legal institutions, which are decentralized (going back to the Vikings?).

Most other modernist societies, especially european, are centralized (going back to the Romans).

So, the arguments here about legislative and regulatory security solutions vs. "market" solutions are examples of an old debate about paradigms.

Integralism is holistic, and describes the regressive tendencies in the earlier paradigms. Being holistic, integralism recognises what is valid and what is not valid in the earlier paradigms.

lyniFebruary 1, 2008 5:58 AM

i can ask who knws bout lack of security and its effects on industy,economy and government...email me and tel me bout it...thx alots..i reali need sum information bout this topic...thx alot..my email is thenlingni8@hotmail.com

geekApril 4, 2009 8:40 AM

what are effects of lack of security to the economy??? straightforward points preferred. thank you.

idea-generatorOctober 25, 2011 7:14 PM

@Pat Callahan

{re: economics and computer security being a new idea}

On June 30, 2006 1:45 PM Pat Callahan stated:

"For those of you claiming (rightly or wrongly) that people in the trenches have know this for decades or that you personally have known this for some period of time, "new idea" in an academic sense has a particular meaning.

@ Underpaid
> We just don't have the spare time to publish papers on the topic

Well, then, in the academic sense you didn't have the idea. You can come up with the world's greatest theory and rigorously define and fine-tune it, but if you don't publish it for the academic community to digest, agree with, attack, or consider, it's not your idea. (this is how academia works, you can dislike it if you want, but that's the practical reality)."

Oh, that's right, Pat. Lest we forget, it's more important to scratch our heads and murmur about, hypothesize, read, surmise and document all about our theory and have a handful of self-proclaimed "academic-guru's" agree with it for it to be your idea.

I forgot that it's utterly useless for the men and women in the trenches to design and engineer the spot-on solutions and fixes that should-have-been or need-to-be implemented in REAL-TIME, as the 20th+ century requires.

I also forgot about all of the start-up companies that created software, hardware, protocols, programming languages, business process engineering methods, etc., that had no roots in the academic world who never published their methods for the academic community to digest, agree with, attack, or consider.

I guess those ideas are not theirs, either.

Hm. I suppose individuals with copyrights and patents who have yet to submit their work and/or "theories" to the academic community cannot claim rights to their ideas, either.

Fascinating, Pat. Simply fascinating, indeed.

Fortunately, for you and your "like it or not" mentality, a few elegant strokes on the keyboard and a click of 'ye old mouse button will indubitably result in the determination of the true original owner/author/originator/inventor(s) of any idea or concept(s) that materialize or have yet to materialize outside of the walls of the Almighty University who's purpose and time of arrival for real world application met the dire needs of the "working class community", rather than waiting upon the arrival of the "academia committee(s)" commencement of chin stroking, back patting, and a glass of wine with a "three cheers for publication acknowledgment!" for a (usually) untested "theory", and no practical real-world solution to be implemented.

BUT, you get to *own* the idea. BRAVO, 'mate!

Not to discredit the academic community (how can I? I am among them! Even if I weren't, how could I?); however, you can't possibly throw out a comment such as the one above with such a haughty tone and negative social inference without expecting some sort of backlash yourself, Pat, albeit 3 years and 8 months later.

Yes, having an idea "published" in some form or another is ideal, however, the academia community is by far not the only establishment qualified nor always the most suitable (or only, if so) community to witness and/or "be the judge" of an idea's worth, weight, or successful execution, NOR does it qualify nor quantify the existence of one's right to an idea.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..