[Politech logo]

Politech is the oldest Internet resource devoted to politics and technology. Launched in 1994 by Declan McCullagh, the mailing list has chronicled the growing intersection of law, culture, technology, and politics. Since 2000, so has the Politech web site.

CEI on cybersecurity: private insurance, not government regulation


-------- Original Message --------
Subject: 	note from Wayne Crews at Competitive Enterprise Institute re:
cybersecurity policy/regulation
Date: 	Tue, 31 May 2005 16:19:38 -0400
From: 	Wayne Crews <wcrews@cei.org>



Dear Friends--I thought this new report from CEI on the questions of
liability and the role of insurance in cybersecurity might be of some
interest to you (see below). You're likely well aware of the hearings
and conferences that abound on this topic, and the debate over the
relative roles of regulations and market discipline. (We emphasize
boosting the latter.)  An earlier, related report explored the role of
anonymity online and the distinction between political and commercial
anonymity ("Cybersecurity and Authentication: The Marketplace Role in
Rethinking Anonymity—Before Regulators Intervene"
http://www.cei.org/pdf/4281.pdf.  Future analyses will explore the role
of telecom deregulation in cybersecurity and critical-infrastructure
security, as well as the appropriateness (and inappropriateness) of
"cyber-vigilantism." Here's hoping we can resolve cyber-hazards with
minimal unintended consequences.

Best, wayne
__________________________________________
Clyde Wayne Crews Jr.
VP for Policy, Director of Technology Studies
Competitive Enterprise Institute <http://www.cei.org/>
202.331.2274
mobile 202.251.4298

Subscribe to /c:\spin/ and other CEI policy newsletters
at http://www.cei.org/email/signup.cfm
______________________________________________
/The more corrupt the state, the more numerous the laws./
-Tacitus   56 - 120 A.D.



*Managing Cybersecurity for Businesses and Consumers*

/Study: Why Rules on Liability and Insurance Should Be Set by Market
Players, Not Feds /

Washington, D.C., May 31, 2005—Computer security and liability are
elements of what in today’s highly-networked economy we call
cybersecurity. While cybersecurity has become a focus of policymakers,
it is an economic and legal arena too dynamic and important to fall
under an inflexible set of federal rules, according to a new study
<http://www.cei.org/gencon/025,04569.cfm> by Competitive Enterprise
Institute Vice President for Policy Clyde Wayne Crews, Jr
<http://www.cei.org/dyn/view_expert.cfm?expert=34>. Crews advises
letting market players negotiate among themselves the most efficient
agreements and remedies to cybersecurity threats.

“We face unprecedented information security vulnerabilities in our
hyper-networked, global economy. Leaving the path clear for private,
technical, market, and contractual solutions, and avoiding governmental
mandates that impede contractual liability and insurance markets, should
take priority,” writes Crews.

With high-profile customer security breaches at major corporations
arousing national interest in the issue, it becomes all the more
important to head off panicked regulatory policies being proposed simply
in the name of doing “something” about the problem. A new market for
risk assessment and management is already beginning to evolve; a set of
rules issued from Washington would likely destroy the benefits of those
creative responses.

“Embracing legislation or mandates can mean locking in collective
‘solutions’ that may be hard to correct, undermining information
security rather than enhancing it. Policymakers, along with the
computing and infrastructure industries, should think carefully before
implementing further federal regulation over risk allocation,” Crews
continues.

Read the full text [pdf] of /Cybersecurity Finger-pointing: Regulation
vs. Markets for Software Liability, Information Security, and Insurance
/online <http://www.cei.org/pdf/4569.pdf>. Other CEI reports on
cybersecurity include /Cybersecurity and Authentication: The Marketplace
Role in Rethinking Anonymity—Before Regulators Intervene
<http://www.cei.org/gencon/025,04281.cfm/>/



CEI is a non-profit, non-partisan public policy group dedicated to the
principles of free enterprise and limited government.  For more
information about CEI, please visit our website at www.cei.org
<http://www.cei.org/>.


Posted by Declan McCullagh on Jun 01, 2005 in category economics


Get a Politech feed through RSS or Atom [RSS] [Atom]

The Politech general information pages and photographs are copyrighted by Declan McCullagh. Original posts distributed to the mailing list are licensed under a Creative Commons License.
Creative Commons License