On Thu, 10 Jan 2008, Paul Ferguson wrote:
ISPs have really, really been absent from the discussion, for various reasons.
Cool, ISPs get double damned in only 24 hours. No matter what ISPs do or don't do, someone will think they are being excessive or not doing enough. ISPs have been active in the many security discussions and forums that have existed over the last decade (and at least one forum I think is over two decades old). Some forums are more open, other forums are more closed. ISPs tend to be quiet in forums that mostly exist to shout at ISPs. Likewise, LEA tend to be quiet in forums that shout at LEA, banks tend to be quiet in forums that shout at banks, and so on. On the other hand, if you listen carefully to what ISPs need, you can be fairly effective working with ISPs. However there are practical limits to what an ISP can do.