InfoTech and Public Policy

Today the Seattle Times covered a new Microsoft product, which was certainly not surprising given Microsoft’s large Seattle presence.  However, this new device was something of a novelty for Microsoft:  it was a software toolkit designed to help law enforcement extract information from computers that had been used in crimes.  The new software, called COFEE (Computer Online Forensic Evidence Extractor), which fits on a USB flash drive, contains tools such as password crackers, memory and hard disk readers, and internet traffic analyzers.  While this is certainly a departure from Microsoft’s more traditional products, what is even more surprising is COFEE’s cost—nothing.  Microsoft is giving it away to law enforcement around the country for free. 

It’s relatively easy to see Microsoft’s motivation for doing something like this.  By giving free support to law enforcement, Microsoft is hoping that it can help decrease (or at least slow the increase in) the number and severity of computer crimes.  Since most computer crimes in the world today target Windows or other Microsoft products (such as Internet Explorer or Outlook), Microsoft is helping mainly itself by (essentially) funding law enforcement (note that many banks and other companies that are frequently attacked use Microsoft products under their own software as well).   Thus, Microsoft’s move is very sound economically. 

While it may be sound for Microsoft to help fund law enforcement (and improve computer security in general—Microsoft has a significant number of researchers and programmers in the fields of computer security and cryptography), it is unlikely that it would ever be economically sound for just about any other company to unilaterally fund law enforcement or (public) computer security research in such a way.  With the exception of possibly Google and maybe IBM, no other companies have an incentive to do so.  This is due to the free rider problem.  For instance, if Amazon.com spends a sum of money to help fund law enforcement, it will probably benefit, but Buy.com and Amazon’s other competitors will derive just as much benefit from this action.  Thus, Amazon and the vast majority of companies out there have little reason to spend money on law enforcement or publicly available research.  Companies that rely extensively on the internet do tend to do their own private research on various topics in security, but this research has only very limited benefits (Amazon’s security research probably only deals with making your Amazon transaction secure and isn’t going to help stop viruses).       

Thus, it seems to me that both law enforcement and computer security/cryptography research are not being allocated enough resources by society.  The only players in the current system that have an incentive to allocate resources to this would be monopolists or near-monopolists like Microsoft.  So, even though I typically oppose government regulation and spending, it seems to me like government spending on increased law enforcement and computer security research would be a good thing.

This entry is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.