Crowdsourcing cyber security: a property rights view of exclusion and theft on the information commons

Gary Shiffman; Ravi Gupta

doi:10.18352/ijc.343

Abstract

Individuals increasingly rely upon the internet for basic economic interaction. Current cyber security mechanisms are unable to stop adversaries and hackers from gaining access to sensitive information stored on government, business, and public computers. Experts propose implementing attribution and audit frameworks in cyberspace to deter, prevent, and prosecute cyber criminals and attackers. However, this method faces significant policy and resource constraints. Social science research, specifically in law and economics, concerning common-pool resources suggests an organic approach to cyber security may yield an appropriate solution. This cyber commons method involves treating the internet as a commons and encouraging individuals and institutions to voluntarily implement innovative and adaptive monitoring mechanisms. Such mechanisms are already in use and in many cases have proven more effective than attribution mechanisms in resisting and tracing the source of cyber attacks.

References

Alchian and Demsetz 1973 Alchian A Demsetz H The Property Right Paradigm Journal of Economic History 1973 33 March 1973 16 27
Back to article
Apache Apache Welcome to the Apache Software Foundation, http://www.apache.org
Back to article
Banana and Gombya-Ssembajjwe 2000 Banana A Gombya-Ssembajjwe W Gibson C McKean M Ostrom E Successful Forest Management: The Importance of Security of Tenure and Rule Enforcement in Ugandan Forests People and Forests: Communities, Institutions, and Governance 2000 Cambridge, MA MIT Press 87 98
Back to article
Bateson et al. 2006 Bateson M Nettle D Roberts G Cues of Being Watched Enhance Cooperation in a Real-World Setting Biology Letters 2006 2 3 412 414
Back to article
Baumeister and Leary 1995 Baumeister R. F Leary M. R The Need to Belong: Desire for Interpersonal Attachments as a Fundamental Human Motivation Psychological Bulletin 1995 117 495
Back to article
Beaumont 2010 Beaumont P Iran Nuclear Experts Race to Stop Spread of Stuxnet Computer Worm The Guardian 2010 September 26, 2010. http://www.guardian.co.uk/world/2010/sep/26/iran-stuxnet-worm-nuclear
Back to article
Becker 1968 Becker G Crime and Punishment: An Economic Approach Journal of Political Economy 1968 76 2 169 217
Back to article
Becker and Ostrom 1995 Becker C. D Ostrom E Human Ecology and Resource Sustainability: The Importance of Institutional Diversity Annual Review of Ecology and Systematics 1995 26 113 116
Back to article
Bochet et al. 2006 Bochet O Page T Putterman L Communication and Punishment in Voluntary Contribution Experiments Journal of Economic Behavior and Organization 2006 60 May 2006 11 26
Back to article
Bowden 2010 Bowden M The Enemy Within The Atlantic Magazine 2010 June 2010 http://www.theatlantic.com/magazine/archive/2010/06/the-enemy-within/8098/
Back to article
Buchanan 1965 Buchanan J An Economic Theory of Clubs Economica 1965 32 1 14
Back to article
Chertoff 2010 Chertoff M Foreward Journal of National Security Law and Politics 2010 4 1 1 6
Back to article
Clayton 2010 Clayton M Stuxnet Malware is ‘Weapon’ Out to Destroy...Iran’s Bushehr Nuclear Plant? Christian Science Monitor 2010 September 2010. http://www.csmonitor.com/USA/2010/0921/Stuxnet-malware-is-weapon-out-to-destroy-Iran-s-Bushehr-nuclear-plant
Back to article
Conficker Working Group 2010 Conficker Working Group Conficker Working Group. http://www.confickerworkinggroup.org/wiki/pmwiki.php 2010
Back to article
Conficker Working Group Lessons Learned Document 2010 Conficker Working Group Conficker Working Group Lessons Learned Document 2010 June 17. http://www.confickerworkinggroup.org/wiki/uploads/Conficker_Working_Group_Lessons_Learned_17_June_2010_final.pdf
Back to article
Deibert and Rohozinski 2010 Deibert R Rohozinski R Risking Security: Policies and Paradoxes of Cyberspace Security International Political Sociology 2010 4 1 15 32
Back to article
Economides 2008 Economides N “Net Neutraliy”, Non-Discrimination and Digital Distribution of Content Throughout the Internet Journal of Law and Policy for the Information Society 2008 4 209 233
Back to article
Goldsmith 2010 Goldsmith J Can We Stop the Global Cyber Arms Race? Washington Post 2010 February 1, 2010. http://www.washingtonpost.com/wp-dyn/content/article/2010/01/31/AR2010013101834.html
Back to article
Gorman et al. 2009 Gorman S Dreazen Y Cole A Insurgents Hack U.S. Drones Wall Street Journal 2009 December 17, 2009: A1
Back to article
Gray 1971 Gray C The Arms Rache Phenomenon World Politics 1971 24 39 39 79
Back to article
Greene 2009 Greene T Conficker Talk Sanitized at Black Hat to Protect Investigation Network World 2009 July 31, 2009. http://www.networkworld.com/news/2009/073109-black-hat-conficker-talk.html
Back to article
Hahn and Wallsten 2006 Hahn R Wallsten S The Economics of Net Neutrality The Economists Voice Article 2006 3 6 1 7
Back to article
Hardin 1968 Hardin G The Tragedy of the Commons Science 1968 162 1243
Back to article
Hayes and Ostrom 2005 Hayes T Ostrom E Conserving the World’s Forests: Are Protected Areas the Only Way Indiana Law Review 2005 38 595 617
Back to article
Heller 1998 Heller M The Tragedy of the Anticommons Harvard Law Review 1998 111 621 621 688
Back to article
Hess and Ostrom 2007 Hess C Ostrom E Hess C Ostrom E Introduction: An Overview of the Knowldge Commons Understanding Knowledge as a Commons 2007 Cambridge, MA MIT Press 4 6
Back to article
Homeland Security and Defense Business Council 2010 Homeland Security and Defense Business Council The 9/10/11 Project: Cyber Security 2010 http://homelandcouncil.org/pdfs/pdfs/hsdbc_cyber_security_91011_projectmonograph.pdf
Back to article
Honeynet Project 2008 Honeynet Project Developments of the HoneyD Virtual Honeypots 2008 http://www.honeyd.org/
Back to article
Honeynet Project 2010 Honeynet Project About the Honeynet Project 2010 2010 http://www.honeynet.org/about
Back to article
Hunker 2008 Hunker J Role and Challenges for Sufficient Cyber-Attack Attribution Institute for Information Infrastructure Protection, January 2008 2008
Back to article
Hurwitz 2009 Hurwitz R “The Prospects for Regulating Cyberspace: A Schematic Analysis on the Basis of Elinor Ostrom,” General Framework for Analyzing Sustainability of Social Ecological Systems Science 2009 vol. 325 July 24, 2009 419 422 http://web.mit.edu/ecir/pdf/hurwitz-ostrom.pdf
Back to article
IBM 2010 IBM Meeting the Cybersecurity Challenge: Empowering Stakeholders and Ensuring Coordination White Paper, February 2010 2010
Back to article
Jacobs 1961 Jacobs J The Death and Life of Great American Cities 1961 New York Random House
Back to article
Jacobs and Helft 2010 Jacobs A Helft M Google, Citing Attack, Threatens to Exit China New York Times 2010 January 13, 2010: A1
Back to article
Kranich 2007 Kranich N Hess C Ostrom E Countering Enclosure: Reclaiming the Knowledge Commons Understanding Knowledge as a Commons 2007 Cambridge, MA MIT Press
Back to article
Krebs 2009 Krebs B Flaw in Conficker Worm May Aid Cleanup Efforts Washington Post 2009 March 30, 2009. http://voices.washingtonpost.com/securityfix/2009/03/flaw_in_conficker_worm_may_aid.html
Back to article
Kshetri 2005 Kshetri N Pattern of Global War and Crime: A Conceptual Framework Journal of International Management 2005 11 541
Back to article
Landler and Markoff 2007 Landler M Markoff J Digital Fears Emerge After Data Siege in Estonia New York Times 2007 May 29, 2007. http://www.nytimes.com/2007/05/29/technology/29estonia.html
Back to article
Lynn 2010 Lynn W Defending A New Domain: The Pentagon’s Cyberstrategy Foreign Affairs 2010 October 2010
Back to article
Markoff 2008 Markoff J Before the Gunfire, Cyberattacks New York Times 2008 August 13, 2008: A1
Back to article
Markoff 2009 Markoff J Computer Experts Unite to Hunt Worm New York Times 2009 March 18, 2009: A17
Back to article
McMillan 2009 McMillan R Group takes Conficker Fight to a New Level Network World 2009 March 31, 2009. http://www.networkworld.com/news/2009/040109-group-takes-conficker-fight-to.html
Back to article
Murchu 2010 Murchu L. O Stuxnet P2P Component. http://www.symantec.com/connect/blogs/stuxnet-p2p-component 2010
Back to article
Nagendra et al. 2005 Nagendra H Karmacharya M Karna B Evaluating Forest Management in Nepal: Views Across Space and Time Ecology and Society 2005 10 24 1 16
Back to article
Nepstad et al. 2006 Nepstad D Schwartzman S Bamberger B Santilli M Ray D Schlesinger P Lefebvre P Alencar A Prinz E Fiske G Rolla A Inhibition of Amazon Deforestation and Fire by Parks and Indigenous Lands Conservation Biology 2006 20 1 65 73
Back to article
Olson 1993 Olson M Dictatorship, Democracy and Development American Political Science Review 1993 87 3 567 576
Back to article
Oracle Oracle Oracle and Java, http://www.oracle.com/us/technologies/java/overview/index.html
Back to article
Organization for Economic Co-Operation and Development 2008 Organization for Economic Co-Operation and Development The Future of the Internet Economy 2008 http://www.oecd.org/sti/interneteconomy/40780975.pdf. June 2008
Back to article
Ostrom 2003 Ostrom E Ostrom E Walker J Walker J Towards a Behavioral Theory Linking Trust, Reciprocity and Reputation Trust and Reciprocity: Interdisciplinary Lessons from Experimental Research 2003 New York, NY Russell Sage
Back to article
Ostrom 2009 Ostrom E A General Framework for Analyzing Sustainability of Social-Ecological Systems Science 2009 325 July 2009 419 422
Back to article
Ostrom and Nagendra 2006 Ostrom E Nagendra H Insights on Linking Forests, Trees and People from the Air, on the Ground and in the Laboratory PNAS 2006 19224 19231 December 2006
Back to article
Rampell 2008 Rampell C How It Does It: The RIAA Explains How it Catches Alleged Music Pirates The Chronicle of Higher Education 2008 May 13, 2008. http://chronicle.com/article/How-It-Does-It-The-RIAA-Ex/786/
Back to article
Rattray et al. 2010 Rattray G Evans C Healey J Denmark A.M Mulvenon J “American Security in the Cyber Commons” Contested Commons: The Future of American Power in a Multipolar World 2010 Washington, DC Center for a New American Security http://www.cnas.org/files/documents/publications/CNAS%20Contested%20Commons_1.pdf
Back to article
Resnick and Zeckhauser 2002 Resnick P. Zeckhauser R Baye M Maxwell J Trust Among Strangers in Internet Transcations: Empirical Analysis of eBay’s Reputation System, Vol. 11 The Economics of the Internet and e-Commerce (Advances in Applied Microeconomics) 2002 Bingley, UK Emerald Group
Back to article
Schatz 2010 Schatz A Net Neutrality Activists Target Google as Talks Heat Up Wall Street Journal 2010 September 20, 2010. http://blogs.wsj.com/digits/2010/09/20/net-neutrality-activists-target-google-as-talks-heat-up/
Back to article
Schneier 2009 Schneier B Who Should Be in Charge of Cybersecurity? 2009 http://www.schneier.com/essay-265.html
Back to article
Sefton et al. 2006 Sefton M Shupp R Walker J The Effect of Rewards and Sanctions in Provision of Public Goods CAEPR Working Paper 2006 August 29, 2006. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=932683
Back to article
Shachtman 2010 Shachtman N Spooks in the Machine: How the Pentagon Should Fight Cyber Spies Progressive Policy Institute 2010 http://www.progressivefix.com/wp-content/uploads/2010/01/Spooks-in-the-Machine_Jan2010.pdf
Back to article
Siemens 2011 Siemens Information Concerning Malware/Virus/Trojan April 2011 http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&objid=43876783&nodeid0=10805583&caller=view&lang=en&siteid=cseus&aktprim=0&objaction=csopen&extranet=standard&viewreg=WW
Back to article
Symantec Corporation 2010 Symantec Corporation 2010 Cybercrime Report: United States 2010 http://www.symantec.com/content/en/us/home_homeoffice/media/pdf/cybercrime_report/Norton_USA-Human%20Impact-A4_Aug4-2.pdf
Back to article
Takahashi 2011 Takahashi D Amazon cloud server was used to attack Sony VentureBeat 2011 May 14, 2011, http://venturebeat.com/2011/05/14/amazon-cloud-server-was-used-to-attack-sony/
Back to article
The White House “Cyberspace Policy Review” 2009 The White House Cyberspace Policy Review 2009 http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf
Back to article
Their 2009 Their D Remarks by the President on Securing Our Nation’s Cyber Infrastructure 2009 May 29, 2009. http://www.whitehouse.gov/the-press-office/remarks-president-securing-our-nations-cyber-infrastructure
Back to article
Their 2012 Their D The Return of SOPA? Controversial Bill Sponsor Lamar Smith to Chair House Tech Committee Forbes 2012 November 29, 2012, http://www.forbes.com/sites/davidthier/2012/11/29/the-return-of-sopa-controversial-bill-sponsor-lamar-smith-to-chair-house-comittee-on-science-space-and-technology/
Back to article
United Press International 2009 United Press International Conficker Cabal Goes After Computer Worm 2009 March 25, 2009. http://www.upi.com/Top_News/2009/03/25/Conficker-Cabal-goes-after-computer-worm/UPI-14801237929348/
Back to article
United States Department of Defense 2010 United States Department of Defense “Quadrennial Defense Review.” 2010 http://www.defense.gov/qdr/images/QDR_as_of_12Feb10_1000.pdf
Back to article
United States Department of Homeland Security 2008 United States Department of Homeland Security Neighborhood Network Watch 2008 March 18, 2008. http://www.dhsnnw.org/
Back to article
United States Government 2011 United States Government OnGuard Online 2011 http://www.onguardonline.gov/
Back to article
United States House Committee on Science and Technology 2010 United States House Committee on Science and Technology Planning for the Future of Cyber Attack Attribution July 2010 http://science.house.gov/sites/republicans.science.house.gov/files/documents/hearings/071510_Giorgio.pdf
Back to article
Van Vugt 2009 Van Vugt M Averting the Tragedy of the Commons: Using Social Psychological Science to Protect the Environment Current Directions in Psychological Science 2009 18 2009 169
Back to article
Vermeij 2008 Vermeij G Sagarin R Taylor T Unpredictability and Evolution: Policy and the History of Life Natural Security: A Darwinian Approach to a Dangerous World 2008 Berkeley University of California Press
Back to article
Wheeler 2003 Wheeler D Techniques for Cyber Attack Attribution Institute for Defense Analysis 2003 October 2003. http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA468859&Location=U2&doc=GetTRDoc.pdf
Back to article
World Wide Fund 2004 World Wide Fund for Nature Are Protected Areas Working? An Analysis of Forest Protected Areas June 2004 assets.panda.org/downloads/areprotectedareasworking.pdf
Back to article
Wortham 2009 Wortham J Online Attack Silences Twitter for Much of Day New York Times 2009 August 6, 2009: B7
Back to article