[discuss] Who is responsible for security

Caroline Greer greer at etno.be
Sun Jan 19 17:33:42 UTC 2014

Roland, all,
ISPs are represented on this list, both via ETNO (which represents 40 telcos/ISPs from Europe and beyond) and some of our members in their own capacity. As Nick and a few others have pointed out, it's a challenging task to follow this list and integrate it with one's day job. But be assured that we are following and are ready to participate as and when needed. 
Best regards
Caroline Greer ETNO 

From: Roland Perry
Sent: Sunday 19 January 2014 10:05
To: discuss at 1net.org
Subject: Re: [discuss] Who is responsible for security

In message < at resistor.net>, at 12:04:53 
on Fri, 17 Jan 2014, S Moonesamy <sm+1net at elandsys.com> writes
>>And the measures that ISPs could take are not restricted to technical 
>>ones. ISPs tend to be over-represented on lists like this by their 
>>technical department.
>I don't think that there are ISPs [1] represented on this mailing list.

That's a pity if they aren't. ISPs make up an important part of the 
"private sector" stakeholder.

>>There's a lot ISPs could do by refraining to provide service to 
>>organisations of doubtful repute (that's the sales department), and 
>>co-operating more with law enforcement when it comes to identifying 
>>bad actors (that's the legal department).
>A company usually does not decline business from customers who will pay 
>for it.

Yes, that's the problem. They should decline to do business with 

>Note that law enforcement also covers spy agencies.

It does, but better co-operation with the police (alone) would be very 

> An ISP does not have much incentive not to collaborate with the 
>government, e.g. law enforcement, unless doing what is being asked will 
>cause a lost of revenue.

The main practical incentive is the time it will take them. On top of 
that is the propensity for legal departments to default to "no" (in case 
the disclosures cause the company to be sued).

>I was reading a European Union committee report which mentioned the following:
>  "Points out that both telecom companies and the EU and national telecom
>   regulators have clearly neglected the IT security of their users and
>   clients;"

The regulators are under-funded, and in many cases work at arms-length
from the normal police. Neither of these is helpful.

By the way, turning things a bit on their head, can I say I'm not 
speaking for myself, but for clients with the interests of vulnerable 
users at heart.
Roland Perry

discuss mailing list
discuss at 1net.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://1net-mail.1net.org/pipermail/discuss/attachments/20140119/3e65faf6/attachment.html>

More information about the discuss mailing list