[discuss] Who is responsible for security

Roland Perry roland at internetpolicyagency.com
Fri Jan 17 18:16:54 UTC 2014

In message < at resistor.net>, at 08:18:58 
on Fri, 17 Jan 2014, S Moonesamy <sm+1net at elandsys.com> writes
>>Anything that's not on the edge.
>There has been a move from the open access approach due to the level of 
>abuse.  It was initiated by groups not represented on this mailing 
>list.  One of the issues is that nobody takes responsibility for "not 
>on the edge" security.  It is only after the problem gains prominence 
>that a national authority (or body) will step in to find a solution. 
>One or more standards are published.  Nothing much gets done after that 
>unless some informal group considers the problem as acute or there is 
>money to be made.  The next problem happens and the usual path is followed.
>Consumers ends up paying the price for all this.  In some countries 
>consumers have some sway in the political process to bring the problems 
>to the attention of the authorities.  In some countries consumers have 
>little or no sway in the political process due to lack of interest, 
>lack of accountability, or because the system works against them.

And the measures that ISPs could take are not restricted to technical 
ones. ISPs tend to be over-represented on lists like this by their 
technical department.

There's a lot ISPs could do by refraining to provide service to 
organisations of doubtful repute (that's the sales department), and 
co-operating more with law enforcement when it comes to identifying bad 
actors (that's the legal department).
Roland Perry

More information about the discuss mailing list