On Jun 8, 2010, at 8:01 PM, Jorge Amodio wrote:
Sent from my iToilet
why you will penalize with fees the end customer that may not know that her system has been compromised because what she pays to Joe Antivirus/Security/Firewall/Crapware is not effective against Billy the nerd insecure code programmer ?
So? If said end customer is operating a network-connected system without sufficient knowledge to properly maintain it and prevent it from doing mischief to the rest of the network, why should the rest of us subsidize her negligence? I don't see where making her pay is a bad thing.
No doubt ISPs can do something, but without additional regulation and safeguards that they wont be sued for sniffing or filtering traffic nothing will ever happen. Do we want more/any regulation ? who will oversee it ?
Those safeguards are already in place. There are specific exemptions in the law for data collection related to maintaining the service and you'd be very hard pressed to claim that identifying and correcting malicious activity is not part of maintaining the service.
On the other hand think as the Internet being a vast ocean where the bad guys keep dumping garbage, you can't control or filter the currents that are constantly changing and you neither can inspect every water molecule, then what do you do to find and penalize the ones that drop or permit their systems to drop garbage on the ocean ?
Your initial premise is flawed, so the conclusion is equally flawed. The internet may be a vast ocean where bad guys keep dumping garbage, but, if software vendors stopped building highly exploitable code and ISPs started disconnecting abusing systems rapidly, it would have a major effect on the constantly changing currents. If abuse departments were fully funded by cleanup fees charged to negligent users who failed to secure their systems properly, it would both incentivize users to do proper security _AND_ provide for more responsive abuse departments as issues are reduced and their budget scales linearly with the amount of abuse being conducted. Owen
My .02 Jorge
I'm fond of getting the issues addressed by getting the ISPs to be involved with the problem. If that means users get charged "clean up" fees instead of a "security" fee, that's fine.
ISPs remain in the unique position of being able to identify the customer, the machine, and to verify the traffic. It can be done.