[discuss] Who is responsible for security
greer at etno.be
Sun Jan 19 17:33:42 UTC 2014
ISPs are represented on this list, both via ETNO (which represents 40 telcos/ISPs from Europe and beyond) and some of our members in their own capacity. As Nick and a few others have pointed out, it's a challenging task to follow this list and integrate it with one's day job. But be assured that we are following and are ready to participate as and when needed.
Caroline Greer ETNO
From: Roland Perry
Sent: Sunday 19 January 2014 10:05
To: discuss at 1net.org
Subject: Re: [discuss] Who is responsible for security
In message <220.127.116.11.2.20140117113038.0b800af8 at resistor.net>, at 12:04:53
on Fri, 17 Jan 2014, S Moonesamy <sm+1net at elandsys.com> writes
>>And the measures that ISPs could take are not restricted to technical
>>ones. ISPs tend to be over-represented on lists like this by their
>I don't think that there are ISPs  represented on this mailing list.
That's a pity if they aren't. ISPs make up an important part of the
"private sector" stakeholder.
>>There's a lot ISPs could do by refraining to provide service to
>>organisations of doubtful repute (that's the sales department), and
>>co-operating more with law enforcement when it comes to identifying
>>bad actors (that's the legal department).
>A company usually does not decline business from customers who will pay
Yes, that's the problem. They should decline to do business with
>Note that law enforcement also covers spy agencies.
It does, but better co-operation with the police (alone) would be very
> An ISP does not have much incentive not to collaborate with the
>government, e.g. law enforcement, unless doing what is being asked will
>cause a lost of revenue.
The main practical incentive is the time it will take them. On top of
that is the propensity for legal departments to default to "no" (in case
the disclosures cause the company to be sued).
>I was reading a European Union committee report which mentioned the following:
> "Points out that both telecom companies and the EU and national telecom
> regulators have clearly neglected the IT security of their users and
The regulators are under-funded, and in many cases work at arms-length
from the normal police. Neither of these is helpful.
By the way, turning things a bit on their head, can I say I'm not
speaking for myself, but for clients with the interests of vulnerable
users at heart.
discuss mailing list
discuss at 1net.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the discuss