You didn’t say anything about tax evasion in this post, which seems like an important thing to consider. Most ransomware payments are made secretly, right?
Yes, currently very few companies report paying ransom payments. When this tax is introduced the motivation for hiding payments will be even higher, and go up with the tax rate. So when you say “With each increase in tax rates, a market equilibrium will be reached where the funding of ransomware is significantly reduced” I would guess instead that reporting will go down.
You didn’t say anything about tax evasion in this post, which seems like an important thing to consider. Most ransomware payments are made secretly, right?
Is the argument roughly, “some will evade taxes, so the policy will not work as well, and therefore is not worth implementing?”
Yes, currently very few companies report paying ransom payments. When this tax is introduced the motivation for hiding payments will be even higher, and go up with the tax rate. So when you say “With each increase in tax rates, a market equilibrium will be reached where the funding of ransomware is significantly reduced” I would guess instead that reporting will go down.
Do you think sufficiently stiff penalties for non-reporting (in proportion to the payment amount, perhaps) might address this?
Maybe, although what is “sufficient” depends a lot on the rate of catching the evaders. I don’t have a good guess as to what that rate is.