Why I am against pure net neutrality

While it may sound like treating all ISP traffic equally is a good idea, mandating strict net neutrality hurts computer security for all of us.Those of you who are tech heads and reside in the United States should all be familiar with the Net Neutrality debate, but for those of you who aren't, the debate centers around an ISP's ability to treat traffic differently depending upon application and purpose.

While it may sound like treating all ISP traffic equally is a good idea, mandating strict net neutrality hurts computer security for all of us. Those of you who are tech heads and reside in the United States should all be familiar with the Net Neutrality debate, but for those of you who aren't, the debate centers around an ISP's ability to treat traffic differently depending upon application and purpose. The ISPs argue that without the ability to do some form of traffic shaping, they cannot provide network access at a reasonable cost to their customers. Customers are concerned that ISPs will use traffic shaping as an anti-competitive tool to block movie downloads, restrict traffic to non-partner sites, and keep new media down.

Within bounds, and for different reasons, I have to side with the ISP's. I don't believe in filtering an application just because it generates a large amount of traffic or it competes with other media services; we don't know what technologies may be conceived of today that will be the primary means of making money tomorrow.

I do think that ISPs need to preserve the ability to do traffic shaping for security services. The last place that security-oriented provisioning can be applied is the ISPs network until we can either remotely remediate bots on home computers or end users are responsible enough to keep their systems clean. I doubt the latter will become technologically feasible anytime soon.

If you look at just the e-mail side of the house, ISPs have been non-net neutral for some time, and this has been very positive for their customers. Since spam is the most customer visible security problem, it is here that ISPs started applying traffic management techniques. They drop TCP connections at the first SYN packet if the connecting systems are on blacklists. They also tend to throttle the traffic from all systems that are not good mail senders. By focusing on stopping traffic that everyone agrees is bad, the ISPs were able to put controls in place that would cause an uproar if applied to other traffic segments.

As technology improves, ISPs will be able to provide network-based security filtering that isn't limited to anti-spam. Whatever regulations that come down from the FCC in response to previous traffic management techniques need to allow for these improved security technologies.