The Rule of ISP
Jeff Schiller, MIT’s network manager, reflects on Internet governance and security.
One of the issues we have with the Internet is its governance. It’s moving from a very ungoverned space to what I would call governance by corporate fiat.
For example, my use of the telephone is governed by the laws of the United States and the state that I live in. But my use of my Internet connection is governed by an acceptable use policy imposed on me by my ISP, which is a commercial entity. And a lot of the things you will find in acceptable use policies are all about limiting the liability of the ISP and not about whether you have rights as a user.
Here’s an interesting story: At MIT we were being scanned by somebody who turned out to be on a cable modem in Louisville, Kentucky. And we notified their ISP that we were getting an attack. There was no one you could call at the ISP, but they did have an abuse address and they said, “Send mail to that.” So I sent mail to that. This was on a Friday. On Saturday I was thinking, “I bet this person attacking me is probably an innocent victim and their machine was compromised.” So I did some homework and actually tracked him down wound up talking to him on the phone. I said, “You know, your machine has this problems.” And then we actually figured out what the hole was where the bad guy got in, and we got that all fixed up, which was much more than the ISP would do.
About a week later I got a note from the ISP along the lines of, “We’ve terminated this customer’s service and they’ll never get service from us again.” So they didn’t make the effort to do any kind of an investigation and, you know, they probably figure, “This customer’s paying only 40 bucks a month they just get rid of him; throw him off the customer list and go on. What if the U.S. government worked that way, or if local government worked that way: If somebody accused you of a crime, would the government just take you and throw you in jail because that’s the cheapest thing they can do? Because putting you on trial would cost money? Yet that is how the Internet’s being governed.
Click
here to read an in-depth article with Jeff Schiller about security on today's
campus networks.
About the Author
Jeffrey Schiller is network manager at MIT and has managed the MIT Campus Computer Network since its inception in 1984.