A partial equilibrium view on security and privacy

This paper aims to propose a tool to help policy makers understand the dynamic relationships between security and privacy on a strategic (macro) level.

The methodology is ported from the discipline of Macroeconomics, and applied to the information security and privacy domain. The methodology adopted is the so‐called “cross methodology” which claims ownership of the well‐known supply/demand market equilibrium exercise.

Early evaluation reveals that this is a potentially very effective tool in understanding societal behaviour and position towards information security and privacy and therefore makes this a suitable tool for investigating and exploring scenarios that can assist in policy making.

Up to date, research on the economics of security and privacy has been primarily focusing on a micro level. The main contribution of this paper is a methodology for investigating privacy and security on a macro level. We believe that our approach in undertaking this research is new and looking at the issues and relationships between security and privacy at a macro level, gives a better understanding of the problems at hand and how to resolve them.

The proposed tool may increase the efficiency of policy making and planning as it enables the policy makers on a governmental and strategic level to run scenarios in order to investigate the effect of their decisions (for example, an introduction of a stricter law relating to computer misuse) to the delicate balance of security and privacy.