Affiliation:
1. Department of Information Systems and Analytics, National University of Singapore, Singapore 117417;
2. School of Management, Xi’an Jiaotong University, Xi’an 710049, P.R. China;
3. School of Business, Yonsei University, Seoul 03722, Korea
Abstract
To reduce the availability of hacking tools for use in cybersecurity offenses, many countries have enacted computer misuse acts (CMA) that criminalize the production, distribution, and possession of such tools with criminal intent. Nevertheless, our research illuminates an unintended consequence: the chilling effect of CMA enforcement on legitimate cybersecurity discussions, some of which may be desirable for cybersecurity research, within online hack forums. More importantly, this study uniquely examines the chilling effect stemming from users’ fear of legal harm. Drawing on decision-making theories related to choice under uncertainty, we derive new insights into how legal enforcement can suppress lawful acts and reveal the dynamics of social categorization online. Our research offers valuable insights for policymakers and forum administrators. Policymakers can use our findings to mitigate unnecessary uncertainty in legal enforcement such as CMA. This includes developing legal cases to prevent false prosecutions, implementing tailored communication strategies for inexperienced individuals, and considering supplementary measures like licensing and community recognition. A transparent mechanism involving a neutral panel can also be established to ensure legal interpretations align with community norms. Forum administrators, on the other hand, can provide additional information and guidelines, foster responsible online environments, and align resources with professional standards to navigate the uncertain legal landscape and mitigate the chilling effect on knowledge-sharing.
Publisher
Institute for Operations Research and the Management Sciences (INFORMS)
Subject
Library and Information Sciences,Information Systems and Management,Computer Networks and Communications,Information Systems,Management Information Systems