Schneier: ISPs should bear security burden

Wed Apr 27 21:09:00 UTC 2005

On 27 Apr 2005, at 06:07, Owen DeLong wrote:

> ISPs transport packets.  That's what they do.  That's what most 
> consumers
> pay them to do.  I haven't actually seen a lot of consumers asking for
> protected internet.  I've seen lots of marketing hype pushing it, but,
> very little actual consumer demand.  Sure, the hype will probably 
> generate
> eventual demand, but, so far, it hasn't really.

I'm not sure I agree with this statement. Our customers are retained 
based on our value added services, including protected internet 
initiatives, more than for the Internet service we provide. Internet 
service is becoming commoditized to the end user, with multiple choices 
at competitive pricing in many markets. Consumers within single 
provider markets might expect ISPs to only "transport" packets, however 
in multi vendor markets the ISPs are being chosen for offerings above 
and beyond network access.

This is becoming especially true for companies like AOL, which are 
attempting to move their value added services independently of their 
Internet access in anticipation of dropping profit margins on network 
access as well as an attempt to break into new single vendor markets. 
Moving packets is no longer enough for ISPs.

If customer retention is based on value added services then consumers 
are making market decisions based on more than network transit. I 
expect NSPs to transport packets. I expect ISPs to provide Internet 
services, including security services.

On 27 Apr 2005, at 06:43, Owen DeLong wrote:

> I'm sorry, but, I simply do not share your belief that the educated 
> should
> be forced to subsidize the ignorant.  This belief is at the heart of a
> number of today's socialogical problems, and, I, for one, would rather 
> not
> expand its influence.

It is becoming more expensive for ISPs to cater to the educated than to 
restrict the ignorant. I appears you would prefer the ignorant bear the 
burden for the educated. Unfortunately, there are many more ignorant 
who are willing to purchase restricted internet than educated who 
require unfettered access, moreover the educated understand the value 
of unrestricted internet access. As it has a value above and beyond 
restricted access, in the sense of unrestricted traffic transport, it 
should be billed at a higher rate accordingly.

On 27 Apr 2005, at 16:33, Owen DeLong wrote:

> However, eliminating end-node abuse at the transit just adds more cost
> and is, in the long run, an ineffective solution at best, usually with
> unintended side consequences.

For many problems, eliminating the issue at the transit level increases 
cost to the transit provider but reduces cost to the consumer. This 
cost reduction can be recouped through effective marketing and having 
the customer realize those cost savings. If you reduce customer 
rollover you can tolerate or encourage core infrastructure cost 
increases as your bottom line can remain the same or increase.

---
James Baldwin
hkp://pgp.mit.edu/[email protected]
"Syntatic sugar causes cancer of the semicolon."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20050427/db311376/attachment.sig>