I’m liveblogging WEIS 2014, as I did for WEIS 2013, 2012, 2011, 2010 and 2009. This is the thirteenth workshop on the economics of information security, and the sessions are being held today and tomorrow at Penn State. The panels and refereed paper sessions will be blogged in comments below this post.
Jim Graves, Alessandro Acquisti and I are giving a paper today at WEIS on Experimental Measurement of Attitudes Regarding Cybercrime, which we hope might nudge courts towards more rational sentencing for cybercrime.
At present, sentencing can seem somewhere between random and vindictive. People who commit a fraud online can get off with a tenth of what they’d get if they’d swindled the same amount of money face-to-face; yet people who indulge in political activism – as the Anonymous crowd did – can get hammered with much harsher sentences than they’d get for a comparable protest on the street.
Is this just the behaviour of courts and prosecutors, or does it reflect public attitudes?
We did a number of surveys of US residents and found convincing evidence that it’s the former. Americans want fraudsters to be punished on two criteria: for the value of the damage they do, with steadily tougher punishments for more damage, and for their motivation, where they want people who hack for profit to be punished more harshly than people who hack for political protest.
So Americans, thankfully, are rational. Let’s hope that legislators and prosecutors start listening to their voters.