When card data is exposed in a data breach but has not yet been used to attempt fraud, the overall social costs of that breach depend on whether the financial institutions that issued those cards ...immediately cancel them and issue new cards or instead wait until fraud is attempted. This article empirically investigates the social costs and benefits of those options. We use a parameterized model and Monte Carlo simulation to compare the cost of reissuing cards to the total expected cost of fraud if cards are not reissued. The ranges and distributions in our model are informed by publicly available information, from which we extrapolate estimates of the number of credit card records historically exposed in data breaches, the probability that a card exposed in a breach will be used for fraud, and the associated expected cost of existing-account credit card fraud. We find that automatically reissuing cards may have lower social costs than the costs of waiting until fraud is attempted, although the range of results is considerably broad.
There is a widespread perception that computer crime sentencing is too harsh. But this criticism has occurred in the absence of comprehensive, multi‐year data on how computer crimes are actually ...sentenced and how those sentences compare to other, purportedly similar crimes, such as trespass, burglary, or fraud. This article uses an analysis of real‐world sentencing data to examine how the computer crimes are actually sentenced. We combined court filings and U.S. Sentencing Commission data files to build a custom data set of 1095 Computer Fraud and Abuse Act (CFAA) sentences from 2005 through 1998. Our results show that CFAA sentences are sentenced differently from trespass, burglary, or non‐CFAA fraud crimes; that sentences in which the defendant exceeded authorized access have declined over the years; and that the “sophisticated means” and “special skills” enhancements have been less routinely applied than has been assumed. These results have policy implications for how CFAA crimes are sentenced.
...they advance the understanding of the effects of privacy concerns on online social networking behavior by clarifying the interplay between dispositional privacy concerns and situational privacy ...evaluations. ...they illustrate the prevalence of both active and passive responses in protecting users against privacy risks. ...the research analyzes the characteristics of state-led cyberattacks on the basis of several significant cases, thereby extending the scope of information systems research to global societal problems. ...Lee, Shao, and Vinze (2018) probe how ICTs enhance socioeconomic restructuring and sociopolitical changes for countries in various stages of development (i.e., developing, transition, and developed).
A field trial of privacy nudges for facebook Wang, Yang; Leon, Pedro Giovanni; Acquisti, Alessandro ...
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems,
04/2014
Conference Proceeding
Open access
Anecdotal evidence and scholarly research have shown that Internet users may regret some of their online disclosures. To help individuals avoid such regrets, we designed two modifications to the ...Facebook web interface that nudge users to consider the content and audience of their online disclosures more carefully. We implemented and evaluated these two nudges in a 6-week field trial with 28 Facebook users. We analyzed participants' interactions with the nudges, the content of their posts, and opinions collected through surveys. We found that reminders about the audience of posts can prevent unintended disclosures without major burden; however, introducing a time delay before publishing users' posts can be perceived as both beneficial and annoying. On balance, some participants found the nudges helpful while others found them unnecessary or overly intrusive. We discuss implications and challenges for designing and evaluating systems to assist users with online disclosures.
PERCEPTION VERSUS PUNISHMENT IN CYBERCRIME Graves, James T; Acquisti, Alessandro; Anderson, Ross
The journal of criminal law & criminology,
03/2019, Volume:
109, Issue:
2
Journal Article
While the effectiveness of nudges in influencing user behavior has been documented within the literature, most prior work in the privacy field has focused on 'one-size-fits-all' interventions. Recent ...behavioral research has identified the potential of tailoring nudges to users by leveraging individual differences in decision making and personality. We present the results of three online experiments aimed at investigating whether nudges tailored to various psychometric scales can influence participants' disclosure choices. Each study adopted a difference-in-differences design, testing whether differences in disclosure rates for participants presented with a nudge were affected by differences along various psychometric variables. Study 1 used a hypothetical disclosure scenario to measure participants' responses to a single nudge. Study 2 and its replication (Study 3) tested responses in real disclosure scenarios to two nudges. Across all studies, we failed to find significant effects robustly linking any of the measured psychometric variables to differences in disclosure rates. We describe our study design and results along with a discussion of the practicality of using decision making and personality traits to tailor privacy nudges.
Long-standing policy approaches to privacy protection are centered on consumer notice and control and assume that privacy decision making is a deliberative process of comparison between costs and ...benefits from information disclosure. An emerging body of work, however, documents the powerful effects of factors unrelated to objective trade-offs in privacy settings. In this paper, we investigate how focusing on the process by which individuals make privacy choices can help explain the impact of rational and behavioral factors on privacy decision making. In an online experiment, we borrow from query-theory literature and measure individuals’ considerations (that is, queries) across manipulations of rational and behavioral factors. We find that effects of rational and behavioral factors are associated with differences in the order and valence of queries considered in privacy settings. Our results confirm that understanding how differences in privacy choice emerge can help harmonize disparate perspectives on privacy decision making.
PERCEPTION VERSUS PUNISHMENT IN CYBERCRIME GRAVES, JAMES T.; ACQUISTI, ALESSANDRO; ANDERSON, ROSS
The journal of criminal law & criminology,
03/2019, Volume:
109, Issue:
2
Journal Article
Peer reviewed
The U.S. Computer Fraud and Abuse Act (CFAA) is not a popular law. Enacted in 1986 to deal with the nascent computer crimes of that era, it has aged badly. It has been widely criticized as vague, ...poorly structured, and having an overly broad definition of loss that invites prosecutorial abuse. One of the problems with sentencing under the CFAA has received little attention: a misalignment between the facts that affect sentencing and the importance of those facts to the seriousness of CFAA crimes. It has been observed, for example, that CFAA sentences escalate rapidly as (easily inflated) losses increase. But this escalation may be rapid not only in an absolute sense, but in disproportion to other attributes of the crime. Other factors, such as the offender's motivation, the context of the crime, its scope, or the type of data affected, may play a larger role in the seriousness of a crime.
Trust and Trustworthy Computing Acquisti, Alessandro; Smith, Sean W; Sadeghi, Ahmad-Reza
2010, 2010-06-29, Volume:
6101
eBook
This volume contains the proceedings of the Third International Conference on Trust and Trustworthy Computing (TRUST), held at the Ritz-Carlton hotel in Berlin, Germany, June 21-23, 2010. TRUST is a ...rapidly growing forum for research on the technical and soc- economic aspects of trustworthy infrastructures. TRUST provides an interdis- plinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using, and understanding trustworthy computing systems. The third edition of TRUST welcomed manuscripts in two di?erent tracks: a Technical Strand and a Socio-economic Strand. We assembled an engaging program with 21 peer-reviewed technical papers and nine peer-reviewed soc- economic papers; eight keynotes from industry, academia, and government; and panel discussions on privacy and standards. In addition, this year, TRUST was co-located with four workshops: Trust in Cloud, Hardware Security, Emerging and Future Risks, and Anonymous Signatures. We would like to thank numerous individuals for their e?ort and contri- tion to the conference and for making TRUST 2010 possible: the Organizing Committee members-Nadine Palacios and Marcel Winandy-for their trem- dous help with all aspects of the organization;the Technicaland Socio-economic Program Committee members, whose names are listed on the following pages, together with the names of external reviewers who helped us in the process of selecting manuscripts to be included in the conference proceedings; the keynote and invited speakers; and the invited panel speakers.