Schneier: ISPs should bear security burden
James Baldwin
jbaldwin at antinode.net
Thu Apr 28 16:18:17 UTC 2005
On 28 Apr 2005, at 11:51, Valdis.Kletnieks at vt.edu wrote:
> It would seem that relocating the costs of doing extra (filtering, etc)
> *should* be passed on to the people who necessitated the extra
> handling by
> running software that needs extra protection. As it stands, you're
> charging
> the people who (in general) aren't the problem more for you *not* to do
> something...
"Extra" in the sense of this statement is incorrect. If filtered
connectivity is the norm in our environment, then I would be charging
people who require unfiltered access more to make an exception for them
and allow them more flexible connectivity. Exceptions, even in the form
of removing restrictions, are something.
> Car insurance companies figured this out long ago: They charge extra
> premiums
> to those customers who incur them more cost - that's why male
> teenagers pay
> more than middle-aged people, and why people with multiple tickets pay
> more.
This is a poor analogy, which is why I have avoided them thus far. It
is easier to assess blame in automobile incidents. It is, more often
than not, the fault of a driver of one of the involved automobiles, not
some nebulous third party. Insurances companies maintain records of
traffic offenses on customers and check traffic records for prospective
customers, there is no comparison within network abuse. It is difficult
to assess responsibility in network abuse.
Increasing the price point, or penalizing the customer, for network
traffic generated by malware is an excellent way to promote churn and
reduce revenue. It is more profitable to restrict customers from
generating unfriendly network traffic in the first place than penalize
them after the fact.
> Would any car insurance company be able to stay in business long-term
> if they
> raised the premium for middle-aged men driving boring Toyota sedans
> because
> somebody else's teenager wrapped their Camaro around a tree? Why is it
> perceived as reasonable in this industry?
Again, this is a poor analogy. I am not penalizing customers who act
responsibly. There is no direct correlation between users who are
responsible and users who require unfiltered internet access. There are
millions of subscribers who are responsible using filtered internet
connectivity and they are not penalized for it. In fact, they are
rewarded as they are paying a lower price point for this adequate and
restricted service.
Please, stop making the assumption that all responsible users require
unfiltered internet access.
---
James Baldwin
hkp://pgp.mit.edu/[email protected]
"Syntatic sugar causes cancer of the semicolon."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20050428/bad5a4d8/attachment.sig>
More information about the NANOG
mailing list