Contact for Interviews:     <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />Richard Morrison, 202.331.2273 

Washington, D.C., May 31, 2005—Computer security and liability are elements of what in today’s highly-networked economy we call cybersecurity. While cybersecurity has become a focus of policymakers, it is an economic and legal arena too dynamic and important to fall under an inflexible set of federal rules, according to a new study by Competitive Enterprise Institute Vice President for Policy Clyde Wayne Crews, Jr. Crews advises letting market players negotiate among themselves the most efficient agreements and remedies to cybersecurity threats.

“We face unprecedented information security vulnerabilities in our hyper-networked, global economy. Leaving the path clear for private, technical, market, and contractual solutions, and avoiding governmental mandates that impede contractual liability and insurance markets, should take priority,” writes Crews.

With high-profile customer security breaches at major corporations arousing national interest in the issue, it becomes all the more important to head off panicked regulatory policies being proposed simply in the name of doing “something” about the problem. A new market for risk assessment and management is already beginning to evolve; a set of rules issued from Washington would likely destroy the benefits of those creative responses.

“Embracing legislation or mandates can mean locking in collective ‘solutions’ that may be hard to correct, undermining information security rather than enhancing it. Policymakers, along with the computing and infrastructure industries, should think carefully before implementing further federal regulation over risk allocation,” Crews continues.

Read the full text [pdf] of Cybersecurity Finger-pointing: Regulation vs. Markets for Software Liability, Information Security, and Insurance online.

Other CEI reports on cybersecurity include Cybersecurity and Authentication: The Marketplace Role in Rethinking Anonymity—Before Regulators Intervene, also by Clyde Wayne Crews, Jr.