Author(s)
Robert W. Hahn and Anne Layne-Farrar
Source
Harvard Journal of Law & Technology, Vol. 30, No.1, Fall 2006
Summary
This paper assesses how problems with computer security affect consumers and businesses.
Policy Relevance
Business responses to computer security problems are often effective, while laws targeting "cyber crimes" are often not.
Main Points
- There are many different types of computer attacks, different types of harm, and different kinds of “cyber criminals.”
- Problems such as lack of consumer information do arise, but are not universal and are being addressed by markets, as new security services and software develops.
- Businesses have good reasons to be careful with computer security, and innovative market-based solutions have emerged such as “Bug Bounties” for rewarding those who report security holes first.
- Laws creating new cyber crimes have been ineffective, except for those encouraging focus on research, mandatory reporting for serious breaches, and security requirements for government agencies.
- Broad government intervention would be hard to justify, but it would be useful for government to collect more detailed data.
