[28000] in North American Network Operators' Group
Re: peering wars revisited? PSI vs Exodus
daemon@ATHENA.MIT.EDU (Howard C. Berkowitz)
Tue Apr 4 14:40:43 2000
Mime-Version: 1.0
Message-Id: <v04220830b50fe37a7a29@[63.216.127.98]>
In-Reply-To: <38EA1710.437D174E@greendragon.com>
Date: Tue, 4 Apr 2000 14:37:15 -0400
To: nanog@merit.edu
From: "Howard C. Berkowitz" <hcb@clark.net>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Errors-To: owner-nanog-outgoing@merit.edu
Bill,
You raise some good points, and I'm the first to admit I don't have
all the answers. That disclaimer made, let me confuse the discussion
some more. My concerns relate to the issue of full disclosure versus
process improvement.
[snip comments about confidentiality case law.]
>
>
> > > 7. Exodus has a problem. In marking that customer confidential it
> > > appears to me that it was trying to cover up its own problem and I
> > > imagine in doing so it was making some already upset customers
> > > further upset.
> >
> > I don't see how an Exodus problem or lack thereof justifies
> > poor ethical behaviour.
> >
>Actually, as a matter of ethics, revealing the circumstances behind a
>network degradation is considered a "public service", and highly ethical.
>
>Cover-ups are unethical.
I've done a lot of medical work, and seen both coverups and serious
attempts at internal self-policing. There's a current debate about
opening the National Practitioner Data Base to the public. The
problem is that legal and market models don't necessarily improve the
process.
There is an incredible amount of defensive medicine that guards
against non-issues that still don't sound good in court. Case in
point: a malpractice attorney can make a physician look like a total
idiot by thundering "you didn't take an X-ray of my client's skull
after his car accident?" This patient was showing no symptoms.
Several large studies have demonstrated that in the absence of actual
symptoms of neurologic impairment, plain skull films have probably
never picked up anything that the examination missed. CT scanning
does have more sensitivity for things missed in exams, but you are
talking about a procedure costing $400-800 as opposed to $75 for
plain films.
Analogies are always suspect, but it worries me that some lawyer
could thunder, in court, that a provider was negligent because they
didn't log every packet.
>
>I've just heard that a bill will be introduced in Congress that would
>exempt outage and security incident reports to government from FOIA.
>This would be a disaster! Full disclosure is very important.
Look at the FAA system where there is immunity for reporting
near-misses. The intention is to fix the problem rather than assign
guilt.
What is the right balance between operational realities and the
danger of malpractice actions, or of sales using incident data out of
context to prove "my ISP is better?" No simple answers, I'm afraid.
I shudder to remember the Large Mercenary Bank that, when told that
BGP would not give them load sharing at the granularity of single
servers, responded "Clearly you aren't worth what we pay you. Please
give us the phone number of the person in charge of the Internet."
That's not an un-representative customer.
