March 26, 2009
Sarah Zatko, a doctoral student at CAS Computer Science Department of the College of Arts and Sciences, won the Best Student Paper award at the MIT Spam Conference, March 26, 2009, (http://projects.csail.mit.edu/spamconf/agenda.html ). The paper, entitled “Markets Can Cure Spam Zombies Too”, is in collaboration with Professor Marshall Van Alstyne from the Information Systems Department of the School of Management who made this truly interdisciplinary work possible.
Abstract
Markets Can Cure Spam Zombies Too
Marshall Van Alstyne & Sarah Zatko
MIT Spam Conference, March 26, 2009,
http://projects.csail.mit.edu/spamconf/agenda.html
Can markets really solve the spam problem? Using sidepayments, Loder et. al [2] argue that attention markets can clear this information pollution, perhaps even better than any filter. But, what about fraud? Criminals send most spam using compromised machines called “zombies.” Won’t markets just invite these gremlins to seize real currency instead of CPU cycles [1]?
By using markets, the answer should be “No!” This seeming weakness provides leverage for an even greater strength. Consider how markets might first clear spam and then clear zombies too.
Markets can clear spam by recovering hidden information. No one knows the content of a message better than its author. So, use a revelation mechanism to force disclosure of sender private knowledge. Does a message contain spam or not? Knowing the answer, will the author place a bet on this fact? If a sender refuses to bet on what he already knows, then he signals his message contains spam.
This mechanism uses two Nobel Prize winning ideas, property rights (the Coase Theorem), and signaling / screening (Akerlof, Spence and Stiglitz) to create a right to avoid useless interruption. The approach screens messages from strangers who refuse to bet their content is not spam. When a recipient declares a message spam, this also signals her position on topics that waste her time. Attention bonds also avoid the recurring failure of content filters that need computers to understand English. The result is that, in theory, we reduce inbox spam, reward users with seized bets, and convey their preferences so they receive the mail they want.
In practice, attention bonds have been criticized for giving spammers a chance to seize bets or bet with other people’s money. But this is not how zombies work. Instead, zombies require (i) they remain undetected by average users and (ii) that when detected, average users lack the expertise to remove them [5]. A remedy can vanquish zombies by combining new theories of “two-sided networks” with established methods of fraud prevention. Markets might then provide three interlocking benefits – better detection, fraud insurance, and incentives matched to expertise.
First, stealing currency creates an audit trail. Spammers can no longer hide repeated or bulk theft of CPU cycles in periods of idle time. Identifying compromised computers can rely on the same mechanisms as those used to detect credit card fraud. Grandma did not buy 3 plasma TVs or send 5000 messages! Seeing the analogy between spending and sending allows us to attack the problem using the well-developed fraud prevention tools already deployed by the telecom and banking industries.
Second, this creates a market for insurance that protects users. Most credit card companies indemnify cardholders against fraud. Why? The expected value of increased business more than covers the expected cost of increased losses. Internet Service Providers (ISPs) that follow this example can cut their spam costs and capture banking revenues. Further, ISPs should condition the offer of fraud insurance on a grant of authority to maintain basic security on users’ machines. Customers who prefer to handle their own security may do so but they forfeit the free insurance. Such user subsidies are the essence of the free Internet pricing strategies established under “two-sided network” theory [3, 4].
Third, the proposed mechanism realigns ISP incentives to address both zombie problems. Transactions no longer remain hidden, and responsibility for correcting the problem shifts from inexpert users to expert ISPs who are fully capable of dispatching zombies. Machines become harder to infect because antivirus protection is up-to-date; infected machines become easier to identify; and incentives to correct infections shift to parties equipped to fix them.
[1] Lim, Jamus Jerome. (2008) “Zombies May Mean Attention Bonds Will Not Cure Spam.” Economists’ Voice: Letters, Vol. 5 [2008], Iss. 2, Art. 5.
[2] Loder, Theodore; Van Alstyne, Marshall; Wash, Rick, (2006) “An Economic Response to Unsolicited Communication.” Advances in Economic Analysis & Policy, Vol. 6 [2006], Iss. 1, Art. 2.
[3] Parker, Geoffrey and Van Alstyne, Marshall. (2005) “Two Sided Network Effects: A Theory of Information Product Design.” Management Science, Vol. 51 [2005] , Iss. 10, pp. 1494 – 1504.
[4] Rochet, J.C. and J. Tirole (2003). “Platform Competition in Two-Sided Markets.” Journal of the European Economic Association, MIT Press, vol. 1 (4), pp. 990 – 1029.
[5] van Eten, Michel J.G.; Bauer, Johannes M., (2008) “Economics of Malware: Security Decisions, Incentives and Externalities.” Research report of the Organization for Economic Cooperation and Development (OECD) – STI Working Papers 2008/1: May 29.
