Table of Contents


The Good, the Bad, and the In Between
Making Trade-offs
Today and Tomorrow: Web 1.0, 2.0, 3.0
A Look Ahead

An Explanation of the Internet, Computers, and Data Mining

Primer on the Internet
Primer on Computers
Primer on Data, Databases, and Data Mining

Norms and Markets

Norms Defined
Coordination Norms
Value Optimal Norms
Norms and Markets
Norms and Game Theory

Informational Privacy: The General Theory

Personally Identifiable: A Distinction without (Much of) a Difference
The Requirement of Free and Informed Consent
Problems with Notice and Choice
Informational Norms
Ensuring Free and Informed Consent
The Ideal of Norm Completeness

Informational Privacy: Norms and Value Optimality

Direct Marketing: Retailers as Information Brokers
Information Aggregators
The Health Insurance Industry
More Examples
Collaborate or Resist?

Software Vulnerabilities and the Low-Priced Software Norm

What Buyers Demand
Strict Liability
Product Liability for Defective Design
The Statutory Alternative
We Are Trapped and Only Legal Regulation Will Release Us
Three Examples of Value Optimal Product-Risk Norms
The Low-Priced Software Norm
We Need to Create a Value Optimal Norm—but What Should It Be?

Software Vulnerabilities: Creating Best Practices

Best Practices Defined
Best Practices for Software Development
Creating the Best Practices Software Norm
Norm Creation in Real Markets
Unauthorized Access: Beyond Software Vulnerabilities

Computers and Networks: Attack and Defense

Types of Doors
Attacks on Availability
Attacking Confidentiality: Hanging Out in the Neighborhood
Attacks on Authentication
Attacks on Integrity
Multiplying, Eliminating, and Locking Doors
Posting Guards
Loc king and Guarding Doors Is Hard and We Do a Poor Job
Should ISPs Lock Doors and Check Credentials?

Malware, Norms, and ISPs

A Malware Definition
The Malware Zoo
Why End-User Defenses Are So Weak
The “End-User-Located Antivirus” Norm
Fire Prevention and Public Health
Compare Malware
Is Better Protection Worth Violating Network Neutrality?
The Value Optimal Norm Solution

Malware: Creating a Best Practices Norm 

Current Best Practices for ISP Malware Defense
An Additional Wrinkle: The Definition of Malware Is Not Fully Settled
Defining Comprehensive Best Practices
Creating the Norm
Norm Creation in Real Markets
The End-to-End and Network Neutrality Principles
Has Our Focus Been Too Narrow?
Was Our Focus Too Narrow in Another Way?

Tracking, Contracting, and Behavioral Advertising

Behavioral Advertising and the Online Advertising Ecosystem
How Websites Gain Information about You: Straightforward Methods
Other Ways of Getting Your Online Information
What Is Wrong with Behavioral Advertising?
The Second-Order Contractual Norm
How the Norm Arises in Ideal Markets
Real Markets: How the Coordination Norm Arises
The Lack of Consent to Pay-with-Data Exchanges

From One-Sided Chicken to Value Optimal Norms

Chicken with Cars
The Pay-with-Data Game of One-Sided Chicken
Norm Creation in Perfectly Competitive Markets
Norm Creation in the Real Market
Does Facebook Play One-Sided Chicken?
Do-Not -Track Initiatives
More “Buyer Power” Approaches to Norm Generation
Two Versions of the Best Practices Statute Approach
Prisoner’s Dilemma
The Need for Trust
If We Fail to Create Norms
The Big Data Future


Notes, References, and Further Reading appear at the end of each chapter.