Democracy & Technology Blog Not a simple matter for ISPs to block botnet traffic
Legions of consumers are not taking reasonable steps to combat botnets, leading some some experts to suggest that ISPs should monitor broadband connections and block botnet-generated traffic.
A botnet is a network of servers or PCs that have been surreptitiously infected with malicious software for the purpose of generating Internet traffic without the owners’ knowledge or consent for some criminal purpose. Antivirus software offered by vendors such as McAfee, Microsoft or Symantec eliminate malicious software, but many consumers don’t utilize these products even when they are available for free.
Internet service providers such as AT&T and Comcast already monitor a significant amount of Internet traffic to ensure quality service, according to Bill Smith of PayPal. They can identify which servers and PCs have been infected with malware and participate in botnets (not by using deep packet inspection, but simply by looking at packet headers) and they have the ability to simply drop botnet-generated traffic.
Making ISPs take the lead in combating botnets would benefit our grandmothers, Smith says, since he doesn’t believe they can be expected to know the inner workings of a computer.
This might sound like a great idea to many in theory. Setting aside philosophical and technological considerations, it would be very complicated from a legal and economic perspective to design and implement such a policy in practice.
Smith, who participated in the Federal Communications Commission’s Nov. 5th Cybersecurity Roadmap Workshop (video available at www.fcc.gov/live), believes current law allows ISPs to filter malicious traffic, but he wants the FCC to issue some kind of declaratory ruling to reinforce this interpretation and allow more pressure for ISPs to cooperate.
Perhaps one reason ISPs have been reluctant to block packets is because the Obama administration supports network neutrality regulation, which would prevent ISPs from interfering with lawful traffic. John Morris from the Center for Democracy & Technology, another workshop participant, speculates there are no significant advocates of network neutrality regulation who would oppose ISPs, taking reasonable steps to secure networks but emphasized that ISPs shouldn’t be allowed to define the term “reasonable.” It whould be up to the FCC to decide, according to Morris. Of course, that would mean plenty of scope for lobbyists and litigators — which would mean that there is little predictability for broadband investors.
ISPs didn’t build the servers or PCs or write the software that enable botnets. They don’t certify the hardware and software that connects to their networks. We wouldn’t want them to do that — it could be extremely cumbersome. So, is it really fair to make them responsible for blocking the traffic that botnets generate?
Who will pay for that? And what if ISPs miss some malicious traffic or mistakenly target legitimate traffic? Will ISPs necessarily assume liability for making good-faith attempts to block botnet-generated traffic or for making their best efforts to communicate with and offering assistance to consumers who own possibly infected machines suspected of being part of a botnet?
Many more workshops will be needed to explore this proposal.