I don’t know enough about attacker motivations and economics, or what is the elasticity of attempts to extort (nor about elasticity of victims who choose to pay). It certainly won’t solve the problem. It MAY reduce the incidence, or it may just make it more expensive for victims and slightly less profitable (but sill way positive) for attackers.
I do wonder why it’s preferable to tax at punitive rates, but not to just outlaw entirely. Philosophically, sin taxes are annoying, because they assert a sin without much justification or calculation of “how bad is it”. When framed in a Pigou contex (tax enough to be neutral about the externality), it’s a much stronger theory. In this case, it’s very hard to calculate the pigouvian cost (externality value) of paying a given ransomware demand, so taxation seems a weaker tool than just outlawing it (note: I don’t know enough to really advocate for this either, I’m just comparing the two).
Thank you for the feedback; I’ve updated the post for another attempt on improved clarity with your concerns in mind. I think the optimal tax amount could be empirically determined. The use of the word “sin” carries baggage that could be avoided without its use; there is no retributive intent or even need to match the extent of negative externality; rather, there is just some theoretical tax rate and increase timeline that would reduce net harm. An empirical approach could explore various rate increases and their effects, using various proxies of both payment and compliance to estimate how the market is impacted.
I don’t know enough about attacker motivations and economics, or what is the elasticity of attempts to extort (nor about elasticity of victims who choose to pay). It certainly won’t solve the problem. It MAY reduce the incidence, or it may just make it more expensive for victims and slightly less profitable (but sill way positive) for attackers.
I do wonder why it’s preferable to tax at punitive rates, but not to just outlaw entirely. Philosophically, sin taxes are annoying, because they assert a sin without much justification or calculation of “how bad is it”. When framed in a Pigou contex (tax enough to be neutral about the externality), it’s a much stronger theory. In this case, it’s very hard to calculate the pigouvian cost (externality value) of paying a given ransomware demand, so taxation seems a weaker tool than just outlawing it (note: I don’t know enough to really advocate for this either, I’m just comparing the two).
Thank you for the feedback; I’ve updated the post for another attempt on improved clarity with your concerns in mind. I think the optimal tax amount could be empirically determined. The use of the word “sin” carries baggage that could be avoided without its use; there is no retributive intent or even need to match the extent of negative externality; rather, there is just some theoretical tax rate and increase timeline that would reduce net harm. An empirical approach could explore various rate increases and their effects, using various proxies of both payment and compliance to estimate how the market is impacted.