North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Schneier: ISPs should bear security burden

  • From: James Baldwin
  • Date: Thu Apr 28 12:20:16 2005

On 28 Apr 2005, at 11:51, [email protected] wrote:

It would seem that relocating the costs of doing extra (filtering, etc)
*should* be passed on to the people who necessitated the extra handling by
running software that needs extra protection. As it stands, you're charging
the people who (in general) aren't the problem more for you *not* to do
something...
"Extra" in the sense of this statement is incorrect. If filtered connectivity is the norm in our environment, then I would be charging people who require unfiltered access more to make an exception for them and allow them more flexible connectivity. Exceptions, even in the form of removing restrictions, are something.

Car insurance companies figured this out long ago: They charge extra premiums
to those customers who incur them more cost - that's why male teenagers pay
more than middle-aged people, and why people with multiple tickets pay more.
This is a poor analogy, which is why I have avoided them thus far. It is easier to assess blame in automobile incidents. It is, more often than not, the fault of a driver of one of the involved automobiles, not some nebulous third party. Insurances companies maintain records of traffic offenses on customers and check traffic records for prospective customers, there is no comparison within network abuse. It is difficult to assess responsibility in network abuse.

Increasing the price point, or penalizing the customer, for network traffic generated by malware is an excellent way to promote churn and reduce revenue. It is more profitable to restrict customers from generating unfriendly network traffic in the first place than penalize them after the fact.

Would any car insurance company be able to stay in business long-term if they
raised the premium for middle-aged men driving boring Toyota sedans because
somebody else's teenager wrapped their Camaro around a tree? Why is it
perceived as reasonable in this industry?
Again, this is a poor analogy. I am not penalizing customers who act responsibly. There is no direct correlation between users who are responsible and users who require unfiltered internet access. There are millions of subscribers who are responsible using filtered internet connectivity and they are not penalized for it. In fact, they are rewarded as they are paying a lower price point for this adequate and restricted service.

Please, stop making the assumption that all responsible users require unfiltered internet access.
---
James Baldwin
hkp://pgp.mit.edu/[email protected]
"Syntatic sugar causes cancer of the semicolon."

Attachment: PGP.sig
Description: This is a digitally signed message part