2nd Annual Workshop
“Economics and Information Security”

May 29-30, 2003

Robert H. Smith School of Business
Center for Public Policy and Private Enterprise

University of Maryland



“2nd Annual Workshop on
Economics and Information Security”


Robert H. Smith School of Business
University of Maryland
1412 Van Munching Hall
Rouse Room
College Park, MD 20742

May 29-30, 2003


Thursday, May 29th
8:00A - 9:00A Continental Breakfast
9:00A - 9:10A Opening Remarks
9:10A - 10:30A Session 1 - Trusted Computing and DRM
Chair - Ross Anderson, University of Cambridge
Cryptology and Competition Policy-Issues with 'Trusted Computing
Ross Anderson, Cambridge University
How Much is Stronger DRM Worth?
Stephen R. Lewis, University of Cambridge
Trusted Computing, Peer-to-Peer Distribution, and the Economics of Pirated Entertainment
Stuart E. Schecter, Harvard University
Rachel A. Greenstadt, Harvard University
Michael D. Smith, Harvard University
10:30A - 11:00A Morning Break
11:00A - 12:00P Session 2 - Security Intrusion
Chair - Bruce Schneier, Counterpane Internet Security

Quantifying the Value of IT Security Mechanisms and Setting Up an
Effective Security Architecture

Huseyin Cavusoglu, University of Texas at Dallas
Srinivasan Raghunathan, University of Texas at Dallas
Birendra Mishra, University of Texas at Dallas

Evaluating Damages Caused By Information Systems Security Incidents
Fariborz Farahmand, Georgia Institute of Technology
Shamkant B. Navathe, Georgia Institute of Technology
Gunter P. Sharp, Georgia Institute of Technology
Philip H. Enslow, Georgia Institute of Technology
12:00P - 1:30P

Lunch and Luncheon Speaker
Mainanne Emerson, Federal Reserve Board

Session 3 - Privacy Policies
Chair - Hal Varian, University of California, Berkeley
The Paradoxical Value of Privacy
Paul Syverson, Naval Research Laboratory
Why We Can't be Bothered to Read Privacy Policies Models of Privacy
Economics as a Lemons Market

Tony Vila, Harvard University
Rachel Greenstadt, Harvard University
David Molnar, Harvard University

Paying for Privacy: Consumers and Infrastructures
Adam Shostack, Informed Security

3:10P - 3:30P Afternoon Break
3:30P - 4:45P Session 4- Round Table Discussion on Options & Security
Chair - Andrew M. Odlyzko, University of Minnesota
Hal Varian, University of California at Berkeley
Lawrence Gordon, University of Maryland
4:45P - 5:30P Refreshments
6:30P - 8:00P Dinner
Friday, May 30th    
8:00A - 9:00A Continental Breakfast
9:00A -10:00A

Session 5 -Guest Speaker
John Manferdelli, Microsoft Corporation

10:00A - 10:30A Morning Break
10:30A - 12:00P Session 6 - Alternative Approaches to Security Processes
    Chair - L. Jean Camp, Harvard University
Losses, Gains, and Hyperbolic Discounting: An Experimental Approach to Information Security Attitudes and Behaviors
Alessandro Acquisti, University of California, Berkeley
Jens Grossklags, University of California, Berkeley
Making Security Manifest
Allan Friedman, Harvard University
L. Jean Camp, Harvard University
Evaluating Security Systems: A Five-Step Process
Bruce Schneier, Counterpane Internet Security
12:00P - 1:30P Lunch and Luncheon Speaker
Dean Howard Frank, University of Maryland
1:30P - 2:15P Session 7 - Asymetric Information Aspects of Information Security
    Chair - William Lucyshyn, Defense Advanced Research Projects Agency
and University of Maryland
The Economic Consequences of Sharing Security Information
Esther Gal-Or, University of Pittsburgh
Anindya Ghose, Carnegie Mellon University
Economic Aspects of Controlling Capital Investments in Cyberspace
Security for Critical Infrastructure Assets

Lawrence A. Gordon, University of Maryland
Martin P. Loeb, University of Maryland
William Lucyshyn Defense Advanced Research Projects Agency
and University of Maryland
Interfering in e-Contracting
Patrick Legros, Université Libre de Burxelles
Andrew F. Newman, Institute for Advanced Study, Princeton University
and University College London
2:50P - 3:10P Afternoon Break
  3:10P - 4:30P Session 8 - Practical Cases and Problems
Chair - Martin Loeb, University of Maryland
Security and Lock-In: The Case of the U.S. Cable Industry
Tom Lookabaugh, University of Colorado
Douglas C. Sicker, University of Colorado
We Want Security But We Hate It. The Foundations of Security Technoeconomics in the Social World
Mauro Sandrini, Teramo University
How and Why a More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH
Nicholas Rosasco University of Maryland, Baltimore County
David Larochelle, University of Virginia
  4:30P - 5:30P   Refreshments