Publication Type

Presentation

Version

acceptedVersion

Publication Date

7-2019

Abstract

To reduce the availability of hacking tools for violators in committing cybersecurity offences, many countries have enacted the legislation to criminalize the production, distribution and possession of computer misuse tools with offensive intent. However, the dual-use nature of cybersecurity technology increases the difficulty in the legal process to recognize computer misuse tools and predict their harmful outcome, which leads to unintended impacts of the enforcement on the provision of techniques valuable for information security defence. Leveraging an external shock in online hacker forums, this study examines the potential impacts of the enforcement of computer misuse on users' contribution to information security knowledge sharing characterized by distinct intents for either offensive hacking or security defence, or by a neutral intent with potential for dual-use. Via a user-level mixed nested logit model, we find that the enforcement reduces the average probability of neutral content contribution by 11.13% which provides the initial evidence of a chilling effect, together with the presence of deterrence effect on offensive hacking content and substitution effect on defensive content. Our empirical findings further suggest that the chilling effect on neutral content could be reinforced by contribution incentives in a social community, such as personal experience, audience attention and group size. Theoretical and policy implications are discussed.

Keywords

Cybersecurity, Computer Misuse, Chilling effect, Hacker Forum, Enforcement, Content Analysis

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Cambridge Cybercrime Centre 4th Cybercrime Conference 2019, July 11

First Page

1

Last Page

18

City or Country

Cambridge

Copyright Owner and License

Authors

Additional URL

https://www.cambridgecybercrime.uk/conference2019.html

Download

Share

COinS