Should your ISP monitor your connection?

One topic that is sure to get an emotive reaction is the idea of authorities spying on you. Likewise many people might feel uncomfortable about ISPs monitoring customers' broadband lines. But there is an increasing call for ISPs to track and monitor more and more. We use Deep Packet Inspection (DPI) to identify what applications our customers are using on their connection. But we don't do this to spy on people or report back to anyone on what our customers are looking at. Likewise we don't, and can't, use our traffic management system to track copyright material. DPI allows us to make sure that time sensitive applications get priority on our network. But we're considering when there might be a good reason to monitor what websites customers are visiting and track in more detail what is happening on our customers' broadband lines. There are two distinct areas of debate emerging where there might be good reason for ISPs to take more detailed look at customer usage. Safer surfing for children Firstly online safety for children. The Byron review was commissioned by the government last year and published at the end of March. It examines the effects on children of violence and sexual images in video games and on the internet. It made a number of recommendations, one of which has particular relevance for ISPs:

"[There should be] better information for parents on how to block children accessing some websites. Byron has been struck that the technology exists to impose timers and filters, but there has been little take-up, knowledge or development of the technology"

In the wake of this there were a number of calls for ISPs in particular to take responsibility for preventing kids seeing nasty stuff online. We disagree with this and Neil Laycock, our CEO wrote to the Financial Times saying so. We believe responsibility lies primarily with parents for making sure their children are safe online. Information and education are of course key. Dr Byron summarised things from a child's viewpoint:

"Kids don’t need protection we need guidance. If you protect us you are making us weaker we don’t go through all the trial and error necessary to learn what we need to survive on our own…don’t fight our battles for us just give us assistance when we need it."

As an ISP information and education is something we can and do help with. But we're also now looking at what tools we could also provide parents with to assist them in their role. This could include parental control software on PCs combined with network-based tools to monitor and/or block certain types of content. Blocking the bots The second area where ISPs are being called on to take action is to block zombie networks or botnets. Bob Pullen has written a very interesting piece about Kraken, the biggest zombie network found so far. ISPs could also play a role here, in automatically detecting and blocking suspicious traffic. But port-blocking or traffic blocking is not a simple subject. Some of our customers have lots of legitimate reasons why they want certain ports open. And who decides what is suspicious? Even the experts can't decide on this. An article on the BBC last week where hackers warn about potential attacks on high-street brands highlighted the different views on ISPs' responsibilities.

"I think it's unacceptable that ISPs are content to let their customers be part of bot-nets." Angus Pinkerton, of Lynks Security Consulting

Contrasting his opinion:

"I don't think the ISPs should have any role in security" Roberto Preatoni, founder of the cyber crime monitoring site, Zone-H, and WabSabiLabi

So what? We really like the idea of giving our customers the tools where they can keep themselves safe online, be that protection from bots, trojans, viruses or spam, or unwanted content or indeed unwanted contact. We already monitor out-going email volumes for business customers and look for unusual patterns that might indicate a compromised network being used to send spam emails. We contact half a dozen customers a week where we think they might have a problem and those customers are always very grateful for the call, even if we've got it wrong. In our plans for 2008/09 post we've stated our intention to develop online safety and security tools for customers. These are likely to be a combination of network-based monitoring and customer equipment based services. Evolving our network management tools to be able to spot unusual patterns is something we're working on - much like when your credit card company calls you to check it's really you using your credit card in a particular store if they think it doesn't fit with your normal buying habits. But are we over-stepping the line here? Do you want us to look out for nasties on your behalf or would you rather we left you alone? Our product team would love to know what you think, to help us develop the right safety and security tools that would really help you.