[80252] in North American Network Operators' Group
Re: Schneier: ISPs should bear security burden
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Apr 27 16:02:58 2005
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Steve Sobol" <sjsobol@JustThe.net>
Cc: Owen DeLong <owen@delong.com>,
"Suresh Ramasubramanian" <ops.lists@gmail.com>,
"Fergie (Paul Ferguson)" <fergdawg@netzero.net>, nanog@merit.edu
In-Reply-To: Your message of "Wed, 27 Apr 2005 15:02:09 EDT."
<ifmcvl.cm0wwg@yourwebmail.com>
Date: Wed, 27 Apr 2005 16:00:02 -0400
Errors-To: owner-nanog@merit.edu
In message <ifmcvl.cm0wwg@yourwebmail.com>, "Steve Sobol" writes:
>
>
>And I'd argue that Owen's attitude is appropriate for transit and
>business-class connections[0] - but if you're talking about a consumer ISP,
>that's different. If the Big Four[1] US cable companies followed AOL's lead,
>we'd see a huge drop in malware incidents and zombies.
>
I see your point, and I almost agree -- almost, but not quite, because
there's a very big problem: consumers have very little choice of which
broadband ISP they can subscribe to. As you note, there are very few
cable ISPs, at least one of whom is also a major content owner. The
LEcs are flexing their muscles to get rid of UNE, which may eliminate
DSL options in many places. That will leave consumers with at most two
choices, and the players in that space seem to love walled gardens. Is,
for example, p2p "abuse"? After all, it uses up bandwidth. I worry
about giving too much power to unaccountable monopolists.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
