Reflecting on regulations and markets and (cyber)security

[David Farber <dave () farber net>]

Begin forwarded message:

From: "Bob Frankston" <Bob19-0501 () bobf frankston com>
Date: April 1, 2009 9:56:02 PM EDT
To: <dave () farber net>, "'ip'" <ip () v2 listbox com>
Subject: Reflecting on regulations and markets and (cyber)security

I feel obliged to respond to some of the recent posts about market  
failures and attempts to blame “them” for cyber-security failures.

We need to be careful about confusing economists’ models with reality.  
It’s like confusing the Regulatorium’s term “call completion” with the  
normal social meaning. The former is about the other phone ringing and  
the latter is about having the call answered by another human. In  
reading about “market failure” the economists’ use of the term seems  
to be quaint at best. I’m not sure what is meant by “free market  
theory” either. They both seem to assume there are simple absolute  
metrics of the kind I associate with intelligent design.

In practice markets, like evolution, don’t have any particular  
direction or promises. And there are many ecological niches and market  
configurations. Let’s not confuse a few examples and simplistic models  
with the larger concepts. What we can do is try to understand how  
systems work and how they respond to constraints. It’s also important  
to understand the specifics of different configurations and identify  
our metrics.

I consider telecom to be a dysfunctional marketplaces because it  
creates an inherent conflict of interest in its current configuration  
and captures value that would create more value to society if we had a  
different funding model. I posted comments about Walgreens’ pricing of  
memory stick to show that particular inefficiencies are normal and we  
need to be wary about judging markets.

Markets necessarily exist within the context of governments. Jared  
Diamond’s books, Guns, Germs and Steel, and Collapse provide useful  
lessons in governance and markets. The cooperation that we associate  
with functioning markets are a form of governance. But governance in  
itself doesn’t guarantee that markets will function well according to  
measures like minimizing pollution. As with evolution our ability to  
predict results let alone assure them is very limited.

The tirade against Windows ignores realities and the basics of  
business. One is the question of what measure we use for “best” –  
adopting a platform and having a body of knowledge about how to use it  
is, in itself, a very positive reason for adopting a given operating  
system. You can’t compare the bits out of context. The second point is  
barriers to entry are indeed part of doing business. While I complain  
about telecom holding value captive, it’s a very specific example.  
Businesses need to capture at least some of the value of their efforts  
and you need a long time base for products. In fact customers complain  
if the update cycle for products is too fast. Stability in itself is a  
value.

Cyber-security isn’t a simple thing and it’s about more than the  
network. It’s also about social patterns and usage. There is a role  
for laws and regulations but I’d be very wary about assuming we can  
legislate a solution to complex problems.

I share some of the others’ frustrations though, as Mark Stahlman has  
point out Windows is not necessarily naïve. I don’t see why we would  
assume that Unix is necessarily more “secure”. I tend to think that  
improvement lies in the direction of rethinking the role of operating  
systems rather than choosing a “better” one. But that’s another topic.






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com