North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: peering wars revisited? PSI vs Exodus

  • From: Howard C. Berkowitz
  • Date: Tue Apr 04 14:41:43 2000


You raise some good points, and I'm the first to admit I don't have all the answers. That disclaimer made, let me confuse the discussion some more. My concerns relate to the issue of full disclosure versus process improvement.

[snip comments about confidentiality case law.]

 > > 7.  Exodus has a problem. In marking that customer confidential it
 > > appears to me that it was trying to cover up its own problem and I
 > > imagine in doing so it was making some already upset customers
 > > further upset.
 >         I don't see how an Exodus problem or lack thereof justifies
 > poor ethical behaviour.
Actually, as a matter of ethics, revealing the circumstances behind a
network degradation is considered a "public service", and highly ethical.

Cover-ups are unethical.
I've done a lot of medical work, and seen both coverups and serious attempts at internal self-policing. There's a current debate about opening the National Practitioner Data Base to the public. The problem is that legal and market models don't necessarily improve the process.

There is an incredible amount of defensive medicine that guards against non-issues that still don't sound good in court. Case in point: a malpractice attorney can make a physician look like a total idiot by thundering "you didn't take an X-ray of my client's skull after his car accident?" This patient was showing no symptoms.

Several large studies have demonstrated that in the absence of actual symptoms of neurologic impairment, plain skull films have probably never picked up anything that the examination missed. CT scanning does have more sensitivity for things missed in exams, but you are talking about a procedure costing $400-800 as opposed to $75 for plain films.

Analogies are always suspect, but it worries me that some lawyer could thunder, in court, that a provider was negligent because they didn't log every packet.

I've just heard that a bill will be introduced in Congress that would
exempt outage and security incident reports to government from FOIA.
This would be a disaster!  Full disclosure is very important.
Look at the FAA system where there is immunity for reporting near-misses. The intention is to fix the problem rather than assign guilt.

What is the right balance between operational realities and the danger of malpractice actions, or of sales using incident data out of context to prove "my ISP is better?" No simple answers, I'm afraid.

I shudder to remember the Large Mercenary Bank that, when told that BGP would not give them load sharing at the granularity of single servers, responded "Clearly you aren't worth what we pay you. Please give us the phone number of the person in charge of the Internet." That's not an un-representative customer.