Net Neutrality Submission

I just sent this in to the FCC via

Anything that legally justifies a fast lane is unacceptable. When I pay my ISP for a certain amount of bandwidth, that places a burden on the ISP to provide acceptable service to me. If, through my connection, I’m seeking streaming from Netflix or YouTube, or downloading games from Steam or Good Old Games, or installing patches from Microsoft or Red Hat, I have paid for an expectation of acceptable connectivity to these services.

Several of the ISPs don’t seem to understand this. They seem to believe that their only requirement is that some rudimentary access is supplied despite what the customer pays for bandwidth. While right now the focus is on Netflix and other single providers, what happens if the ISPs decide to go after CDNs like Akamai? Suddenly, huge swaths of the Internet are targeted. Hundreds of thousands, even millions of sites become subject to bandwidth limitations because they choose to use more efficient CDNs.

It is up to the FCC right now to reclassify the ISPs as common carriers under Title II. We are in the midst of an upheaval at least as big as the industrial revolution, and the ISPs are led by people who really don’t seem that different from Gordon Gekko in their pursuit of ever-higher profit margins. Don’t let the Internet devolve into haves and have-nots. Don’t let the ISPs even have a chance of picking favorites. That’s not what they’re for. They’re for delivering content at the speeds that I’ve paid for. If their costs for delivering that speed goes up, that’s not the problem of Netflix or Google or Akamai. That’s between my ISP and me. Don’t let that change.

User security rebellion? Maybe you have too many rules

On a recent pen test engagement, I found myself comparing two very different security environments and drew a lesson from it that can benefit them both.  Both are familiar environments (an IT department in one case and a flight home in the other), both are heavily regulated, and both can easily irritate their users.  The actual results, though, are very, very different.  In the first case, there is widespread compliance and in the second case, there is widespread rebellion, even if at a level that’s harder to track.

Continue reading “User security rebellion? Maybe you have too many rules”