Network Responses to Network Threats: The Evolution into Private Cyber-Security Associations

46 Pages Posted: 28 Jul 2004

See all articles by Amitai Aviram

Amitai Aviram

University of Illinois College of Law

Date Written: July 2004


The enforcement of certain norms on network participants - such as norms supporting information exchange and governing access to the network - is critical in ensuring the security of the network. While a public norm enforcer may be feasible in many situations, private norm enforcement may, and frequently does, complement or substitute public enforcement. Private enforcement of cyber-security is often subsidized, primarily in non-pecuniary manners (e.g., by exemption from antitrust laws). These subsidies may be necessary to capture the positive externalities of providing security to the network, but they also bias private parties' incentives and may result in the formation of inefficient security associations that are beneficial to their members only due to the subsidy. To mitigate this concern, subsidies should be awarded only to associations that are likely to be effective in enforcing norms on the network participants. This Article offers a framework that assesses the likelihood that an association would become an effective norm enforcer.

Norms that are expensive to enforce are rarely enforced by newly-formed private legal systems (PLSs), because the effectiveness of mechanisms used to secure compliance (e.g., the threat of exclusion) depends on the PLSs' ability to confer benefits on their members, and newly-formed PLSs do not yet confer such benefits. Pre-existing functionality inexpensively enhances a PLS' ability to enforce norms, and therefore most PLSs rely on preexisting institutions that already benefit members, typically by regulating norms that are not very costly to enforce. The threat of losing these benefits disciplines members to abide by the PLS' rules, thus permitting the PLS to regulate behavior.

Network security norms are usually expensive to enforce, and thus a private association enforcing them would be more successful and thus more deserving of public subsidies if it relied on a suitable pre-existing functionality. The Article suggests criteria for assessing the effectiveness of pre-existing functionalities.

JEL Classification: D23, K20, K42, L14

Suggested Citation

Aviram, Amitai, Network Responses to Network Threats: The Evolution into Private Cyber-Security Associations (July 2004). Available at SSRN: or

Amitai Aviram (Contact Author)

University of Illinois College of Law ( email )

504 E. Pennsylvania Avenue
Champaign, IL 61820
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics