Schneier: ISPs should bear security burden

• Previous message (by thread): Schneier: ISPs should bear security burden
• Next message (by thread): Schneier: ISPs should bear security burden
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 28 Apr 2005, at 11:51, Valdis.Kletnieks at vt.edu wrote:

> It would seem that relocating the costs of doing extra (filtering, etc)
> *should* be passed on to the people who necessitated the extra 
> handling by
> running software that needs extra protection.  As it stands, you're 
> charging
> the people who (in general) aren't the problem more for you *not* to do
> something...

"Extra" in the sense of this statement is incorrect. If filtered 
connectivity is the norm in our environment, then I would be charging 
people who require unfiltered access more to make an exception for them 
and allow them more flexible connectivity. Exceptions, even in the form 
of removing restrictions, are something.

> Car insurance companies figured this out long ago:  They charge extra 
> premiums
> to those customers who incur them more cost - that's why male 
> teenagers pay
> more than middle-aged people, and why people with multiple tickets pay 
> more.

This is a poor analogy, which is why I have avoided them thus far. It 
is easier to assess blame in automobile incidents. It is, more often 
than not, the fault of a driver of one of the involved automobiles, not 
some nebulous third party. Insurances companies maintain records of 
traffic offenses on customers and check traffic records for prospective 
customers, there is no comparison within network abuse. It is difficult 
to assess responsibility in network abuse.

Increasing the price point, or penalizing the customer, for network 
traffic generated by malware is an excellent way to promote churn and 
reduce revenue. It is more profitable to restrict customers from 
generating unfriendly network traffic in the first place than penalize 
them after the fact.

> Would any car insurance company be able to stay in business long-term 
> if they
> raised the premium for middle-aged men driving boring Toyota sedans 
> because
> somebody else's teenager wrapped their Camaro around a tree?  Why is it
> perceived as reasonable in this industry?

Again, this is a poor analogy. I am not penalizing customers who act 
responsibly. There is no direct correlation between users who are 
responsible and users who require unfiltered internet access. There are 
millions of subscribers who are responsible using filtered internet 
connectivity and they are not penalized for it. In fact, they are 
rewarded as they are paying a lower price point for this adequate and 
restricted service.

Please, stop making the assumption that all responsible users require 
unfiltered internet access.
---
James Baldwin
hkp://pgp.mit.edu/[email protected]
"Syntatic sugar causes cancer of the semicolon."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20050428/bad5a4d8/attachment.sig>

• Previous message (by thread): Schneier: ISPs should bear security burden
• Next message (by thread): Schneier: ISPs should bear security burden
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]