On Sun, 13 Jun 2004, Paul Vixie wrote:
If you didn't do them, why do you think other people should?
so you aren't going to google for "chemical polluter business model", huh?
I hope you also google for Nonpoint Source Pollution.
ISPs don't put the pollution in the water, ISPs are trying to clean up the water polluted by others. ISPs are spending a lot of money cleaning up problems created by other people.
ISPs do put the pollution in the water. They own/run the pipes that carry the pollution into the ocean. Nobody cares about pollution inside the ISP's own network, we only care about the pollution they put into our water. They own, run, and manage the pipes that put the pollution where it can harm others. They have continuous control over the process and ultimately decide who does or does not put things into those pipes and influence the policies. I think there's a serious disconnect between how ISPs see this issue and how their customers do. I hold ISPs responsible for their customers behavior once they are aware of that behavior. It has been many years since "I just pass the traffic my customers tell me to pass" was an acceptable answer. In fact, ISPs that take that attitude are (properly) ostracized today. If an ISP knows or suspected or should know that their customer is putting pollution into the communal waters, they have an obligation to do whatever it takes to stop that pollution. If that's notifying the customer, disconnecting the customer, filtering, whatever, that's between the ISP and the customer. I'm willing to make all kinds of allowances for what is and is not possible. I don't expect a filter in minutes. I don't expect them to disconnect a customer because they couldn't reach them. However, I do expect them to track the issue with their customer until it's resolved. If they do not do so, I hold them responsible to the extent that I am able to do so. Again, as I said, this in no way diminishes the responsiblity of the customer, the author of the malware, the person who failed to install the patch, the person who misconfigured the firewall (or decided they really didn't need one). Responsibility does not have to sum to 100%, it's possible for any number of parties to be wholly responsible. It amazes me how quick ISPs are to blame others, as if this diminshes their responsibility. It does not. If I leave your car unlocked and someone steals your CDs, no amount of blame I place on the thief diminshes my responsibility. DS