[e2e] Re: crippled Internet

Ted Faber faber at ISI.EDU
Wed Apr 18 16:56:03 PDT 2001

On Wed, Apr 18, 2001 at 04:10:19PM -0700, Mike Fisk wrote:
> On Wed, 18 Apr 2001, Ted Faber wrote:
>>[My Mom should be financially responsible if her machine gets hacked?]
> Many folks have suggested that the security/quality of software won't be
> improved until the financial effects of poor quality software are felt by
> customers.  This is usually mentioned in the context of CFOs looking at
> ownership costs, but it could apply to consumers as well.  If network
> providers, the victims, law enforcement, and other parties are to spend
> money reacting to such incidents, why not place some of the burden on the
> owners of systems that enable such attacks?

Keeping individual network nodes secure is such an arms race that
requiring individual commodity users to keep on top of it is
excessive.  The benefit of having a computer in your house to read
e-mail and buy books from Amazon is only worth so much hassle, and if
the risks are financially significant, users will simply stop using
the service.  Driving away most of the Internet's users will make it
more secure, but less useful.

Consider the credit card industry.  The financial effects of credit
card fraud are at least as significant as Internet security, and the
result hasn't been increased liability of cardholders who don't
properly protect their card information, but the opposite.  User fees
and interest rates get a little higher, and if a card is compromised
the credit card company usually detects it and indemnifies the
manufacturers.  That service is paid for by higher interest rates and
user fees.  That seems like a more likely model than requiring users
to become security experts.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20010418/6c2fbc38/attachment.bin

More information about the end2end-interest mailing list