The Twelfth Workshop on the Economics of Information Security (WEIS 2013)

Georgetown University, Washington, D.C.

June 11-12, 2013

The WEIS talks and presentations were live-blogged by Vaibhav Garg and Ross Anderson. WEIS2014 will be held sometime in June. The Program Chair will be Penn State's Jens Grossklags, and the location has yet to be confirmed.
Monday, June 10

6:00pm–8:00pm	Evening Welcome Reception Georgetown Hotel and Conference Center Salon



Tuesday, June 11

8:00am–9:00am	Continental Breakfast

9:00am–9:15am	Welcomes

9:15am–10:45am	Panel: US Government Initiatives to Drive Security Investment Tony Cheesebrough (Department of Homeland Security) Carol Hawk (Department of Energy) Bob Kolasky (Department of Homeland Security) Ari Schwartz (Department of Commerce) Leigh Williams (Department of Treasury)

10:45am–11:00am	Break

11:00am–12:15pm	Session 1: Understanding Information Security through Economic Frameworks Sustainability in Information Stewardship: Time Preferences, Externalities, and Social Co-ordination Christos Ioannidis (University of Bath) David Pym (University of Aberdeen) Julian Williams (University of Aberdeen) How Bad Is It? � A Branching Activity Model to Estimate the Impact of Information Security Breaches Russell Thomas (George Mason University) Marcin Antkiewicz (Qualys, Inc.) Patrick Florer (Risk Centric Security, Inc.) Suzanne Widup (Verizon Communications, Inc.) Matthew Woodyard (Zions Bancorporation) Cloud Implications on Software Network Structure and Security Risks Terrence August (University of California, San Diego, Rady School of Management) Marius Niculescu (Georgia Institute of Technology) Hyoduk Shin (University of California, San Diego, Rady School of Management)

12:15pm–1:45pm	Lunch + Keynote Eric Zitzewitz–Forensic Economics

1:45pm–3:25pm	Session 2: The Value of Information The More Social Cues, The Less Trolling? An Empirical Study of Online Commenting Behavior Daegon Cho (Carnegie Mellon University) Alessandro Acquisti (Carnegie Mellon University) Consumer Flexibility, Data Quality and Targeted Pricing Geza Sapi (Dusseldorf Institute for COmpetition Economics) Irina Suleymanova (Duesseldorf Institute for Competition Economics) Privacy Controls and Information Disclosure Behavior of Online Social Network Users Huseyin Cavusoglu (University of Texas) Tuan Phan (National University of Singapore) Hasan Cavusoglu (University of British Columbia) The value of privacy in Web search S�ren Preibusch (Microsoft Research Cambridge UK)

3:25pm–3:50pm	Break

3:50pm–5:30pm	Session 3: Cybersecurity Policy Einstein on the Breach: Surveillance Technology, Cybersecurity, and Organizational Change Andreas Kuehn (Syracuse University, School of Information Studies) Milton Mueller (Syracuse University, School of Information Studies) The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries Joshua Kroll (Princeton University) Ian Davey (Princeton University) Edward Felten (Princeton University) On the Viability of Using Liability to Incentivise Internet Security Huw Fryer (University of Southampton) Roksana Moore (University of Southampton) Tim Chown (University of Southampton) Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment Qian Tang (University of Texas at Austin) Leigh Linden (University of Texas at Austin) John Quarterman (Quarterman Creations) Andrew Whinston (University of Texas at Austin)

6:30pm	Conference Reception and Dinner



Wednesday, June 12

8:00am–9:00am	Continental Breakfast

9:00am–10:30am	Panel: Is the Market for Security Working? Jeff Brueggeman (AT&T) Shane Tews, (463 Communications) Nadya Bartol (Utilities Telecom Council)

10:30am–10:55am	Break

10:55am–12:10pm	Session 4: Dynamics of Attack and Defense Small World: Collisions Among Attacks in a Finite Population Cormac Herley (Microsoft Research) A Behavioral Investigation of the FlipIt Game Alan Nochenson (The Pennsylvania State University) JensGrossklags (The Pennsylvania State University) Breaking our password hash habit: Why the sharing of users' password choices for defensive analysis is an underprovisioned social good, and what we can do to encourage it. Cormac Herley (Microsoft Research) Stuart Schechter (Microsoft Research)

12:10pm–1:10pm	Lunch

1:10–2:25	Session 5:Incentives in Technology Security Economics in the HTTPS Value Chain Hadi Asghari (Delft University of Technology) Michel Van Eeten (Delft University of Technology) Axel Arnbak (University of Amsterdam) Nico van Eijk (University of Amsterdam) Analyzing Incentives for Protocol Compliance in Complex Domains: A Case Study of Introduction-Based Routing Michael Wellman (University of Michigan) Tae Hyung Kim (University of Michigan) Quang Duong (University of Michigan) Incentive Analysis of Bidirectional Filtering in the Internet Mhr Khouzani (University of Southern California) Soumya Sen (Princeton University) Ness B. Shroff (The Ohio State University)

2:25pm–2:50pm	Break

2:50pm–4:05pm	Session 6: Data Privacy Policy Are They Actually Any Different? Comparing 3,422 Financial Institutions� Privacy Practices Lorrie Cranor (Carnegie Mellon University) Kelly Idouchi (Carnegie Mellon University) Pedro Leon (Carnegie Mellon University) Blase Ur (Carnegie Mellon University) Manya Sleeper (Carnegie Mellon University) Data Harvesting 2.0: from the Visible to the Invisible Web Claude Castellucia (INRIA) Stephane Grumbach (INRIA) Lukasz Olejnik (INRIA) An Experiment in Hiring Discrimination via Online Social Networks Alessandro Acquisti (Carnegie Mellon University) Christina Fong (Carnegie Mellon University)

4:05pm–5:30pm	Rump Session Very short presentations of ideas and works-in-progress. With beer. As a finale to the Rump Session and the workshop, Delft University's Hadi Asghari helped the WEIS community define itself by combining the descriptions of our research and our work into a tag cloud. This is WEIS.