The Twelfth Workshop on the Economics of Information Security (WEIS 2013)

Georgetown University, Washington, D.C.

June 11-12, 2013

The WEIS talks and presentations were live-blogged by Vaibhav Garg and Ross Anderson.

WEIS2014 will be held sometime in June. The Program Chair will be Penn State's Jens Grossklags, and the location has yet to be confirmed.

Monday, June 10

6:00pm–8:00pm Evening Welcome Reception
Georgetown Hotel and Conference Center Salon
Tuesday, June 11

8:00am–9:00am Continental Breakfast

9:00am–9:15am Welcomes

Panel: US Government Initiatives to Drive Security Investment

Tony Cheesebrough (Department of Homeland Security)
Carol Hawk (Department of Energy)
Bob Kolasky (Department of Homeland Security)
Ari Schwartz (Department of Commerce)
Leigh Williams (Department of Treasury)

10:45am–11:00am Break

Session 1: Understanding Information Security
through Economic Frameworks

Sustainability in Information Stewardship: Time Preferences, Externalities, and Social Co-ordination
Christos Ioannidis (University of Bath)
David Pym (University of Aberdeen)
Julian Williams (University of Aberdeen)

How Bad Is It? � A Branching Activity Model to Estimate the Impact of Information Security Breaches
Russell Thomas (George Mason University)
Marcin Antkiewicz (Qualys, Inc.)
Patrick Florer (Risk Centric Security, Inc.)
Suzanne Widup (Verizon Communications, Inc.)
Matthew Woodyard (Zions Bancorporation)

Cloud Implications on Software Network Structure and Security Risks
Terrence August (University of California, San Diego, Rady School of Management)
Marius Niculescu (Georgia Institute of Technology)
Hyoduk Shin (University of California, San Diego, Rady School of Management)

12:15pm–1:45pm Lunch + Keynote
Eric Zitzewitz–Forensic Economics

Session 2: The Value of Information

The More Social Cues, The Less Trolling? An Empirical Study of Online Commenting Behavior
Daegon Cho (Carnegie Mellon University)
Alessandro Acquisti (Carnegie Mellon University)

Consumer Flexibility, Data Quality and Targeted Pricing
Geza Sapi (Dusseldorf Institute for COmpetition Economics)
Irina Suleymanova (Duesseldorf Institute for Competition Economics)

Privacy Controls and Information Disclosure Behavior of Online Social Network Users
Huseyin Cavusoglu (University of Texas)
Tuan Phan (National University of Singapore)
Hasan Cavusoglu (University of British Columbia)

The value of privacy in Web search
S�ren Preibusch (Microsoft Research Cambridge UK)

3:25pm–3:50pm Break

Session 3: Cybersecurity Policy

Einstein on the Breach: Surveillance Technology, Cybersecurity, and Organizational Change
Andreas Kuehn (Syracuse University, School of Information Studies)
Milton Mueller (Syracuse University, School of Information Studies)

The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries
Joshua Kroll (Princeton University)
Ian Davey (Princeton University)
Edward Felten (Princeton University)

On the Viability of Using Liability to Incentivise Internet Security
Huw Fryer (University of Southampton)
Roksana Moore (University of Southampton)
Tim Chown (University of Southampton)

Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment
Qian Tang (University of Texas at Austin)
Leigh Linden (University of Texas at Austin)
John Quarterman (Quarterman Creations)
Andrew Whinston (University of Texas at Austin)

6:30pm Conference Reception and Dinner
Wednesday, June 12

8:00am–9:00am Continental Breakfast

Panel: Is the Market for Security Working?

Jeff Brueggeman (AT&T)
Shane Tews, (463 Communications)
Nadya Bartol (Utilities Telecom Council)

10:30am–10:55am Break

Session 4: Dynamics of Attack and Defense

Small World: Collisions Among Attacks in a Finite Population
Cormac Herley (Microsoft Research)

A Behavioral Investigation of the FlipIt Game
Alan Nochenson (The Pennsylvania State University)
JensGrossklags (The Pennsylvania State University)

Breaking our password hash habit: Why the sharing of users' password choices for defensive analysis is an underprovisioned social good, and what we can do to encourage it.
Cormac Herley (Microsoft Research)
Stuart Schechter (Microsoft Research)

12:10pm–1:10pm Lunch

Session 5:Incentives in Technology

Security Economics in the HTTPS Value Chain
Hadi Asghari (Delft University of Technology)
Michel Van Eeten (Delft University of Technology)
Axel Arnbak (University of Amsterdam)
Nico van Eijk (University of Amsterdam)

Analyzing Incentives for Protocol Compliance in Complex Domains: A Case Study of Introduction-Based Routing
Michael Wellman (University of Michigan)
Tae Hyung Kim (University of Michigan)
Quang Duong (University of Michigan)

Incentive Analysis of Bidirectional Filtering in the Internet
Mhr Khouzani (University of Southern California)
Soumya Sen (Princeton University)
Ness B. Shroff (The Ohio State University)

2:25pm–2:50pm Break

Session 6: Data Privacy Policy

Are They Actually Any Different? Comparing 3,422 Financial Institutions� Privacy Practices
Lorrie Cranor (Carnegie Mellon University)
Kelly Idouchi (Carnegie Mellon University)
Pedro Leon (Carnegie Mellon University)
Blase Ur (Carnegie Mellon University)
Manya Sleeper (Carnegie Mellon University)

Data Harvesting 2.0: from the Visible to the Invisible Web
Claude Castellucia (INRIA)
Stephane Grumbach (INRIA)
Lukasz Olejnik (INRIA)

An Experiment in Hiring Discrimination via Online Social Networks
Alessandro Acquisti (Carnegie Mellon University)
Christina Fong (Carnegie Mellon University)

Rump Session

Very short presentations of ideas and works-in-progress. With beer.

As a finale to the Rump Session and the workshop, Delft University's Hadi Asghari helped the WEIS community define itself by combining the descriptions of our research and our work into a tag cloud. This is WEIS.