Economics and Behavior Allan Fong CMSC 818D April 30, 2015
Decision making Economics Privacy and Security application What can be done
Decision making Economics Privacy and Security application What can be done
WHY DID YOU DO THAT?
Maslow's Hierarchy of Needs http://commons.wikimedia.org/wiki/File:Maslow%27s_Hierarchy_of_Needs.svg
Intrinsic motivation vs Extrinsic motivation
Intrinsic motivation vs Extrinsic motivation http://www.conciselearning.com/firstyearexperience.html
Intrinsic motivation vs Extrinsic motivation http://valorconnection.com/6-tips-on-how-to-build-a-super-secure-password/
Other behavior model/theories • Hawthorne effect • Group think • Anchoring • Confirmation bias https://baltimoremanagement.wordpress.com/2011/07/10/the-hawthorne-effect/
Other behavior model/theories • Hawthorne effect • Group think • Anchoring • Confirmation bias http://whatisitwellington.com/2012/10/02/groupthink-the-murderer-of-innovation- how-to-recognise-and-avoid-it/
Other behavior model/theories • Hawthorne effect • Group think • Anchoring • Confirmation bias http://posterng.netkey.at/esr/viewing/index.php?module=viewing_poster&task=vie wsection&pi=121372&ti=398218&searchkey=
Other behavior model/theories • Hawthorne effect • Group think • Anchoring • Confirmation bias http://1.bp.blogspot.com/-Hd4lm-a4rK8/T Farside comics
Asymmetric information Hyperbolic time discount Wang et al, 2014
Asymmetric information Hyperbolic time discount http://www.someecards.com/
Intuition Reasoning Wang et al, 2014
Decision making Economics Privacy and Security application What can be done
Economic model for “rational” decision making Herley, 2009
Economic models • Game Theory • Symmetric vs Asymmetric games • Zero-sum vs non-zero-sum games Adopted from: http://en.wikipedia.org/wiki/Game_theory
Stag and the Hare Tracking a stag, stag can be shared by all, need everyone to cooperate and hiding • Waiting for stag (it will come but not sure how long) • Day passes • Hares appear… • http://www.thehoneybeeandthehare.com/anthology-of-hares/ http://commons.wikimedia.org/wiki/File:Red_Deer_Stag_-_Flickr.jpg Adopted from: http://en.wikipedia.org/wiki/Game_theory
Aggregate Benefit vs Individual Benefit http://www.thehoneybeeandthehare.com/anthology-of-hares/ http://commons.wikimedia.org/wiki/File:Red_Deer_Stag_-_Flickr.jpg Adopted from: http://en.wikipedia.org/wiki/Game_theory
Prisoner’s dilemma (symmetric) Two members of a criminal gang are arrested and imprisoned. Each prisoner is in solitary confinement with no means of speaking to or exchanging messages with the other. The prosecutors do not have currently enough evidence to convict the pair on the principal charge. Each prisoner is given the opportunity either to: betray the other by testifying that the other committed the crime (for a lesser sentence), or remain silent. Adopted from: http://en.wikipedia.org/wiki/Game_theory
Prisoner’s dilemma (symmetric) Two members of a criminal gang are arrested and imprisoned. Each prisoner is in solitary confinement with no means of speaking to or exchanging messages with the other. The prosecutors do not have currently enough evidence to convict the pair on the principal charge. Each prisoner is given the opportunity either to: betray the other by testifying that the other committed the crime (for a lesser sentence), or remain silent. Here is the offer: If A and B each betray the other, each of them serves 2 years in prison If A betrays B but B remains silent, A will be set free and B will serve 3 years in prison (and vice versa) If A and B both remain silent, both of them will only serve 1 year in prison (on the lesser charge) Adopted from: http://en.wikipedia.org/wiki/Game_theory
Prisoner’s dilemma (symmetric) Two members of a criminal gang are arrested and imprisoned. Each prisoner is in solitary confinement with no means of speaking to or exchanging messages with the other. The prosecutors do not have currently enough evidence to convict the pair on the principal charge. Each prisoner is given the opportunity either to: betray the other by testifying that the other committed the crime (for a lesser sentence), or remain silent. Here is the offer: If A and B each betray the other, each of them serves 2 years in prison If A betrays B but B remains silent, A will be set free and B will serve 3 years in prison (and vice versa) If A and B both remain silent, both of them will only serve 1 year in prison (on the lesser charge) Cooperate Defect Cooperate 2,2 0,3 Defect 3,0 1,1 Adopted from: http://en.wikipedia.org/wiki/Game_theory
Decision making Economics Privacy and Security application What can be done
Total Cost Total Benefit Herley, 2009
Total Cost Total Benefit Direct vs Indirect Herley, 2009
Length Total Benefit Composition Dictionary membership Don’t Write it Down Don’t Share it with anyone Change it often Don’t reuse passwords Potential? Any? Evidence?? Keyloggers, brute force, etc. Total Cost Password Rules Herley, 2009
Numeric IP Total Benefit Address-bar typos Incorrect top-level domains Host rather than path Punctuation Right to left domains User benefit vs institution benefits (banks) Close to zero benefit for Users Total Cost “Phishing” Rules Herley, 2009
Total Benefit Understand SSL and how to check Check for a certificate Almost all cert errors are false positives Total Cost Certificate Error Rules Herley, 2009
http://www.paintsquare.com/blog/?fuseaction=view&blogID=166
Recommendations • Better understand of actual harm • User education of cost on system/population • Get rid of irrelevant advice • Prioritize advice
… “rational” rejection of security advice by users Herley, 2009
Ultimatum game (asymmetric) You and Lisa are playing a game. An experimenter puts 100 one dollar bills on a table in front of them. Lisa can divide the money between herself and you however she chooses. You then decides whether to accept her division , in which case each keeps the money as Lisa divided it, or to reject the division , in which case neither receives any money. For example, Lisa divides the money into one stack worth 65 dollars and one worth 35 dollars. She offers the smaller amount to you. If you accepts, you keeps 35 dollars and Lisa keeps 65 dollars. If you rejects the division, neither you nor Lisa receive anything. What would you do? Adopted from: http://en.wikipedia.org/wiki/Game_theory
Ultimatum game (asymmetric) Will you accept if accept if…. Adopted from: http://en.wikipedia.org/wiki/Game_theory
Ultimatum game (asymmetric) Will you accept if accept if…. If you are acting “rationally”, you should accept any division in which Lisa offers you at least one dollar, since doing so leaves you with more money than you would have had otherwise. Adopted from: http://en.wikipedia.org/wiki/Game_theory
Ultimatum game (asymmetric) Will you accept if accept if…. If you are acting “rationally”, you should accept any division in which Lisa offers you at least one dollar, since doing so leaves you with more money than you would have had otherwise. Even a division which gives Lisa 100 dollars and you zero it costs you nothing, so you have no purely rational reason to reject it. Adopted from: http://en.wikipedia.org/wiki/Game_theory
Ultimatum game (asymmetric) Will you accept if accept if…. If you are acting “rationally”, you should accept any division in which Lisa offers you at least one dollar, since doing so leaves you with more money than you would have had otherwise. Even a division which gives Lisa 100 dollars and you zero it costs you nothing, so you have no purely rational reason to reject it. If Lisa knows that you will act rationally, and if she acts rationally herself, then she should offer you one dollar and keep 99 for herself. Adopted from: http://en.wikipedia.org/wiki/Game_theory
Ultimatum game (asymmetric) Will you accept if accept if…. If you are acting “rationally”, you should accept any division in which Lisa offers you at least one dollar, since doing so leaves you with more money than you would have had otherwise. Even a division which gives Lisa 100 dollars and you zero it costs you nothing, so you have no purely rational reason to reject it. If Lisa knows that you will act rationally, and if she acts rationally herself, then she should offer you one dollar and keep 99 for herself. In practice, divisions which you regards as unfair are generally rejected. Adopted from: http://en.wikipedia.org/wiki/Game_theory
“rational” or “not rational” • Driving a car to school if you live 2 blocks away. • Spending $4 for coffee at a coffee bar over $1.50 at CyberCafe. • Leaving your laptop in your car while shopping. • Posting your telephone number on-line. http://yalt.crcna.org/lost-dogs-and-lost-people/
Decision making Economics Privacy and Security application What can be done
Can you please change?
http://www.dnainfo.com/new-york/20150227/greenwich-village/burglars-target- village-residents-who-leave-doors-unlocked-police-say
Recommend
More recommend