North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Points on your Internet driver's license (was RE: Even you can

  • From: David Schwartz
  • Date: Sat Jun 12 21:43:38 2004

> On Sun, 13 Jun 2004, Paul Vixie wrote:

> > > If you didn't do them, why do you think other people should?

> > so you aren't going to google for "chemical polluter business
> model", huh?

> I hope you also google for Nonpoint Source Pollution.

> ISPs don't put the pollution in the water, ISPs are trying to clean up
> the water polluted by others.  ISPs are spending a lot of money cleaning
> up problems created by other people.

	ISPs do put the pollution in the water. They own/run the pipes that carry
the pollution into the ocean. Nobody cares about pollution inside the ISP's
own network, we only care about the pollution they put into our water. They
own, run, and manage the pipes that put the pollution where it can harm
others. They have continuous control over the process and ultimately decide
who does or does not put things into those pipes and influence the policies.

	I think there's a serious disconnect between how ISPs see this issue and
how their customers do. I hold ISPs responsible for their customers behavior
once they are aware of that behavior. It has been many years since "I just
pass the traffic my customers tell me to pass" was an acceptable answer. In
fact, ISPs that take that attitude are (properly) ostracized today.

	If an ISP knows or suspected or should know that their customer is putting
pollution into the communal waters, they have an obligation to do whatever
it takes to stop that pollution. If that's notifying the customer,
disconnecting the customer, filtering, whatever, that's between the ISP and
the customer. I'm willing to make all kinds of allowances for what is and is
not possible. I don't expect a filter in minutes. I don't expect them to
disconnect a customer because they couldn't reach them. However, I do expect
them to track the issue with their customer until it's resolved. If they do
not do so, I hold them responsible to the extent that I am able to do so.

	Again, as I said, this in no way diminishes the responsiblity of the
customer, the author of the malware, the person who failed to install the
patch, the person who misconfigured the firewall (or decided they really
didn't need one). Responsibility does not have to sum to 100%, it's possible
for any number of parties to be wholly responsible.

	It amazes me how quick ISPs are to blame others, as if this diminshes their
responsibility. It does not. If I leave your car unlocked and someone steals
your CDs, no amount of blame I place on the thief diminshes my
responsibility.

	DS