Very cool and Important topic for a workshop. SF crew, check it! Members of the program committee include Hal Varian, Ross Anderson, Li Gong, Andrew Odlyzko, and Bruce Schneier. Get to work on your position paper ... time's a-wasting!

"Do we spend enough on keeping `hackers' out of our computer systems? Do we not spend enough? Or do we spend too much?

Many system security failures occur not so much for technical reasons but because of failures of organisation and motivation. For example, the person or company best placed to protect a system may be insufficiently motivated to do so, because the costs of system failure fall on others. Such perverse incentives raise many issues best discussed using economic concepts such as externalities, asymmetric information, adverse selection and moral hazard. They are becoming increasingly important now that information security mechanisms are not merely used to protect against malicious attacks, but also to protect monopolies, differentiate products and segment markets. There are also interesting security issues raised by industry monopolization and the accompanying reduction in product heterogenity. For these and other reasons, the confluence between information security and economics is of growing importance.

We are organising the first workshop on the topic, to be held in the School of Information Management and Systems at the University of California, Berkeley, on the 16th and 17th May 2002. In order to keep the event informal and interactive, attendance will be limited to about 30-35 participants. If you would like to participate, please send us a position paper (of 1-2 pages) by the 31st March 2002.

We welcome interest not just from economists and information security professionals, but from people with relevant experience, such as in the insurance industry, corporate risk management, or law enforcement agencies.