Re: Schneier: ISPs should bear security burden

["Steven M. Bellovin" <smb () cs columbia edu>]

In message <ifmcvl.cm0wwg () yourwebmail com>, "Steve Sobol" writes:
>
 
> And I'd argue that Owen's attitude is appropriate for transit and
> business-class connections[0] - but if you're talking about a consumer ISP,
> that's different. If the Big Four[1] US cable companies followed AOL's lead,
> we'd see a huge drop in malware incidents and zombies.

I see your point, and I almost agree -- almost, but not quite, because 
there's a very big problem: consumers have very little choice of which
broadband ISP they can subscribe to.  As you note, there are very few 
cable ISPs, at least one of whom is also a major content owner.  The 
LEcs are flexing their muscles to get rid of UNE, which may eliminate 
DSL options in many places.  That will leave consumers with at most two 
choices, and the players in that space seem to love walled gardens.  Is, 
for example, p2p "abuse"?  After all, it uses up bandwidth.  I worry 
about giving too much power to unaccountable monopolists.

                --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb