Deinonychus antirrhopus

Private Firms, Security, and Externalities

I found this interesting article by Peter Orszag of the Brookings Institute. In the article Orszag argues the the level of security provided by private firms to protect their property is insufficient. The reasons for this are several, here are the first two:

1. A terrorist attack is a "national" negative externality.
2. There is a second more specific negative externality in that lax security can provide terrorists with the material they need for such an attack.

I have a problem with the first claim. The first claim in more detail is,

Most broadly, a significant terrorist attack undermines the nation’s sovereignty, just as an invasion of the nation’s territory by enemy armed forces would. The costs associated with a reduction in the nation’s sovereignty or standing in the world may be difficult to quantify, but are nonetheless real. In other words, the costs of the terrorist attack extend well beyond the immediate areas and people affected; the attack imposes costs on the entire nation. In the terminology of economists, such an attack imposes a “negative externality.” The presence of this negative externality means that private markets will undertake less investment in security than would be socially desirable: Individuals or firms deciding how best to protect themselves against terrorism are unlikely to take the external costs of an attack fully into account, and therefore will generally provide an inefficiently low level of security against terrorism on their own. 3 Without government involvement, private markets will thus typically under- invest in anti-terrorism measures.⁴

For completeness here is footnote 4,

⁴ The Coase theorem shows that under very restrictive conditions, the negative externality can be corrected by voluntary private actions even if the role of government is limited to enforcing property rights. But the Coase theorem requires that all affected parties are able to negotiate at sufficiently low cost with each other. Since virtually the entire nation could be affected indirectly by a terrorist attack, the costs of negotiation are prohibitive, making the Coase theorem essentially irrelevant in the terrorism context.

My problem is exactly how is it a negative externality? Sure, it is bad, but the direct effect on me when the World Trade Center and Pentagon were hit was rather minimal. Yes, the stock market shut down for a few days, and I suppose you could argue I lost an opportunity to make money (say via my 401k), but I also lost an opportunity to lose money as well. I'm not sure I buy the "national externality" argument because this sounds more like a public good argument. I especially don't buy the argument that it has much to do with sovereignty. In looking at the four entries for the definition I'm not sure how a terrorist attack factors in,

1. Supremacy of authority or rule as exercised by a sovereign or sovereign state.
2. Royal rank, authority, or power.
3. Complete independence and self-government.
4. A territory existing as an independent state.

In looking at number 2 I think we can reject that one straight away. I'm not sure how a terrorist attack would affect numbers 3 and 4. I suppose one could argue that a terrorist attack makes it more costly for a nation to take certain actions. Thus a state is now less independent. Still I'm not sure I see how the security of private firms comes into this. This strikes me as a public goods problem and not an externality problem.

Now the second argument about the negative externality at a private firm in terms of providing the inputs for an attack is I think much better. Clearly this was indeed the case during 9/11. As such a subsidy for security for such firms could provide a solution to the problem.

However, there is another externality here, a legal one. By not allowing private firms to take certain security steps the government imposes costs on the rest of us. For example, profiling. It is a fact that all of the hijackers were of a given religion, were all male, from a given part of the world, and in fact many came from the same country. So would extra security measures imposed on those who fit a profile of the hijackers reduce the probability of an attack? If the answer is yes, but current laws prohibit this the government is not only failing to protect its citizens, but is putting its citizens at greater risk.

The third reason deals with network externalities.

Third, a related type of externality involves “contamination effects.” Contamination effects arise when a catastrophic risk faced by one firm is determined in part by the behavior of others, and the behavior of these others affects the incentives of the first firm to reduce its exposure to the risk. Such interdependent security problems can arise, for example, in network settings. The problem in these settings is that the risk to any member of a network depends not only on its own security precautions but also on those taken by others. Poor security at one establishment can affect security at others. The result can often be weakened incentives for security precautions.

Orszag uses a computer network as an example, and it isn't a bad example, but a better one, at least in terms of impact, is the electricity grid. There is indeed a network, and if one firm is lax in its security then it could concievably induce other firms to reduce their security measures. As we saw not too long ago the removal of some transmission capacity took out the entire Northeast U.S. and parts of Canada for several days. Infecting a companies computer network is bad, but taking down all the computer networks in a multi-state region is even worse.

Of course, this problem does not necessitate that there is an under-provision of security for these types of goods. For example, there are not that many electricity companies and sometimes it is possible for the efficient outcome to obtain (see this post of mine).

Orszag also covers the issue of information. The basic point is that accumulating information can be costly. Suppose there were no building codes. Finding out how sound a building was would thus require more resources. Building codes reduce the amount of resources needed to determine if a building is sound. Of course, the problem with building codes is that they also act as a barrier to entry and raises prices. So there is a potential gain in efficiency that could be made here.

Additionally firms are limited in their liability for underprovision of security. Suppose a firm suffers an attack. If the costs are high enough the firms will simply declare bankruptcy and use that to limit the losses the firm faces. This means that beyond a certain point providing additional security is less likely even if the additional security is inexpensive. A related problem is a government bailout. If the government is going to bailout a firm that is attacked or its property is used in an attack (as with the airlines on 9/11) then it is not profit maximizing to take additional security measures.

There is also the problem with incomplete markets. Reasonable security measures may require large scale co-operation that is more difficult between private parties. Think of a prisoner's dilemma game where there are n players. With more players co-operation may become problematic (i.e., obtaining the best or even simply good outcome).

Most of these reasons, can also be seen as a reply to the critique of many Austrians and/or anarcho-capitalists to the private provision of national defense. For example, the last objection is one I have felt weakens the argument for pure private provision of national defense. But also note that government is itself not a cure all. In several cases we can see where government actions have a direct impact on security issues in a detrimental way. Since our government does not seem interested in addressing these issues, it seems clear that those in government are not serious about national security.

Posted by Steve at July 22, 2004 09:58 AM