nanog mailing list archives
Re: Schneier: ISPs should bear security burden
From: James Baldwin <jbaldwin () antinode net>
Date: Thu, 28 Apr 2005 12:18:17 -0400
On 28 Apr 2005, at 11:51, Valdis.Kletnieks () vt edu wrote:
It would seem that relocating the costs of doing extra (filtering, etc)*should* be passed on to the people who necessitated the extra handling by running software that needs extra protection. As it stands, you're chargingthe people who (in general) aren't the problem more for you *not* to do something...
"Extra" in the sense of this statement is incorrect. If filtered connectivity is the norm in our environment, then I would be charging people who require unfiltered access more to make an exception for them and allow them more flexible connectivity. Exceptions, even in the form of removing restrictions, are something.
Car insurance companies figured this out long ago: They charge extra premiums to those customers who incur them more cost - that's why male teenagers pay more than middle-aged people, and why people with multiple tickets pay more.
This is a poor analogy, which is why I have avoided them thus far. It is easier to assess blame in automobile incidents. It is, more often than not, the fault of a driver of one of the involved automobiles, not some nebulous third party. Insurances companies maintain records of traffic offenses on customers and check traffic records for prospective customers, there is no comparison within network abuse. It is difficult to assess responsibility in network abuse.
Increasing the price point, or penalizing the customer, for network traffic generated by malware is an excellent way to promote churn and reduce revenue. It is more profitable to restrict customers from generating unfriendly network traffic in the first place than penalize them after the fact.
Would any car insurance company be able to stay in business long-term if they raised the premium for middle-aged men driving boring Toyota sedans becausesomebody else's teenager wrapped their Camaro around a tree? Why is it perceived as reasonable in this industry?
Again, this is a poor analogy. I am not penalizing customers who act responsibly. There is no direct correlation between users who are responsible and users who require unfiltered internet access. There are millions of subscribers who are responsible using filtered internet connectivity and they are not penalized for it. In fact, they are rewarded as they are paying a lower price point for this adequate and restricted service.
Please, stop making the assumption that all responsible users require unfiltered internet access.
--- James Baldwin hkp://pgp.mit.edu/jbaldwin () antinode net "Syntatic sugar causes cancer of the semicolon."
Attachment:
PGP.sig
Description: This is a digitally signed message part
Current thread:
- Re: Schneier: ISPs should bear security burden, (continued)
- Re: Schneier: ISPs should bear security burden James Baldwin (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Adi Linden (Apr 28)
- Re: Schneier: ISPs should bear security burden Iljitsch van Beijnum (Apr 28)
- Re: Schneier: ISPs should bear security burden Adi Linden (Apr 28)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 28)
- Re: Schneier: ISPs should bear security burden John Dupuy (Apr 28)
- Re: Schneier: ISPs should bear security burden william(at)elan.net (Apr 28)
- Message not available
- Re: Schneier: ISPs should bear security burden James Baldwin (Apr 28)
- Re: Schneier: ISPs should bear security burden Valdis . Kletnieks (Apr 28)
- Re: Schneier: ISPs should bear security burden James Baldwin (Apr 28)
- Re: Schneier: ISPs should bear security burden Andy Johnson (Apr 28)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 28)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 28)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 28)
- Message not available
- Re: Schneier: ISPs should bear security burden Jay R. Ashworth (Apr 30)
- Re: Schneier: ISPs should bear security burden Robert M. Enger (Apr 30)
- Re: Schneier: ISPs should bear security burden Suresh Ramasubramanian (Apr 30)
- Message not available
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)