{"id":9,"date":"2008-06-22T13:32:09","date_gmt":"2008-06-22T11:32:09","guid":{"rendered":"http:\/\/www.ofcourseimright.com\/blog\/?p=9"},"modified":"2008-06-22T13:32:09","modified_gmt":"2008-06-22T11:32:09","slug":"off-to-new-hampshire","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=9","title":{"rendered":"Off To New Hampshire"},"content":{"rendered":"

Many of us are geeks.\u00a0 We like to think that just because we have a good idea other people will like it as well.\u00a0 We’re particularly bad at user interface design and understanding the underlying economic drivers for technology.\u00a0 As a case and point, why is it that IPv6 hasn’t taken IPv4’s place, even thought it has been in existence for nearly fifteen years and solves a real problem of address space shortage?\u00a0 The answer can be found, I believe, in economics, which is to say that the motivations have not been there to spend the money to get people to move from one system to the other.<\/p>\n

On Tuesday I am off to New Hampshire via Boston to attend the Workshop on Economics of Information Security (WEIS<\/a>).\u00a0 In past conferences, WEIS has covered such topics as when to disclo\"\"<\/a>se vulnerabilities, the economics of the insurance industry and cyberthreat insurance, digital media protection mechanisms, and the risks of new technology introduction.\u00a0 One past paper<\/a> that I particularly enjoyed discussed the risks of homo- versus heterogeneity in an enterprise.\u00a0 It has long been an axiom that if you wanted to protect yourself from systemic failure you used redundant systems that are built using different methods.\u00a0 In airplanes the rule is meant to keep passengers alive (although Airbus has flouted<\/a> this idea, according to the Telegraph).<\/p>\n

Cyberthreat insurance people take this to the extreme by not particularly liking even the idea of interoperability.\u00a0 Their logic goes that any interoperating system can continue a cascading failure, and that is potentially true.\u00a0 Of course, while an insurance salesman might want you to not have an accident, his management need some accidents to prove that insurance is necessary.\u00a0 The extreme case of a cascading failure, however, has insurance people shaking in their boots.\u00a0 They get away with insuring households and businesses against losses by (a) applying a reserve and (b) knowing that a fire or other natural accident can only cause so much damage in a local area.\u00a0 In the case of a computer virus, they have no reason to believe that there is any locality, and so the policies tend to be very restrictive.<\/p>\n

I have a few economic questions of my own to ask.\u00a0 What will it take to motivate the adoption by a service provider\u00a0 of a new authentication mechanism that would provide benefit to OTHER service providers?\u00a0 In other words, how will service providers serve the common good?\u00a0 In general, by the way, they do.\u00a0 They recognize rightly that if they don’t cooperate on their own they will be made to do so under far less favorable terms.\u00a0 But here is something new, and not old.\u00a0 Introduction of new technology and new ways to cooperate is not exactly what they’re all looking for.\u00a0 I am.\u00a0 If we can find improved methods of authentication for end users we can surely reduce the value a PC represents to a criminal.<\/p>\n

Of course this means we have to create a new authentication mechanism that actually does improve matters, but as my favorite theoreticians say, let’s assume that’s true, nevermind reality.\u00a0 What then has to happen for the mechanism to be adopted by consumers and providers alike?<\/p>\n

Going back to that earlier question of what will it take for IPv6 to get deployed, in this year’s WEIS Jean Camp<\/a>, Hillary Elmore<\/a>, and Brandon Stephens have produced a paper<\/a> that puts the question into a formal economics context.\u00a0 While the work is neither the beginning nor the end of the discussion, it is a very good continuation.<\/p>\n

You can soon expect a post that discusses the outcome of this year’s conference.<\/p>\n","protected":false},"excerpt":{"rendered":"

Many of us are geeks.\u00a0 We like to think that just because we have a good idea other people will like it as well.\u00a0 We’re particularly bad at user interface design and understanding the underlying economic drivers for technology.\u00a0 As a case and point, why is it that IPv6 hasn’t taken IPv4’s place, even thought … Continue reading “Off To New Hampshire”<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[10,497,12,8,496],"class_list":["post-9","post","type-post","status-publish","format-standard","hentry","category-internet-consumer-identity","tag-authentication","tag-economics","tag-new-hampshire","tag-phishing","tag-security"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/9","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9"}],"version-history":[{"count":0,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/9\/revisions"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}