Don't punish ISPs for the wrongdoings of others!

Notes: 

This was written in response to an item on Philip Virgo's blog When IT Meets Politics contributed by Lord Errol.

I hope Lord Errol won't mind me disagreeing with him on one point - trying to saddle the communications providers with liability is the slippery slope to a lot of bad things. Once the "common carrier" status is broken, for whatever good reason, a whole can of worms is opened that would increase the providers' liability, push up their insurance premiums, force the smaller ones out of business and, eventually, be anti-competitive and counter-productive.

My view is that communications providers need more and clearer immunity, not less. It's not their fault (in the sense they don't originate it) and there's not really that much they can do about it. To attempt to do so would impose a huge administrative burden and cost. Look at Yahoo - big resources, much trumpeted smart Spam filtering and yet loads of it still gets through because the truth is the bad guys have more motivation and resources.

There are some things ISPs, etc, can do that don't interfere with their common carrier status but which do mitigate the impact of Spam and one of its most common origins, compromised client machines ("bots").

Spam could have been dramatically reduced ten or more years ago when the discussions about email sender authentication were going on but the industry conspicuously failed to agree on a common standard. The truth is industry wants Spam but they want it to be their Spam.

As for the bots, that's largely a problem caused by software and system providers supplying machines that are insecure by design or configuration. When I installed a standard Windows XP PC on a broadband modem (as opposed to a router/firewall) for a friend a few years ago, it was attacked and compromised within five minutes.

ISPs can do inbound port blocking although firewall/router boxes have largely made this unnecessary. Ultimately, the ISPs cannot be liable for users browsing carelessly or opening email attachments thoughtlessly. Maybe, the new version of Internet Explorer will help but neither ISPs, software vendors or system suppliers can prevent people being stupid.

Above all, we must not give in to the cries of "something should be done", fuelled by eye-catching headlines, and fall into the trap of legislating in haste. There is far too much bad publicity about the Internet and not enough good publicity - it's all too easy to forget the great good that it has brought about in its 30+ years of existence. Don't let a few crooks spoil all that.