The Anti-Bot Code of Conduct for Internet Service Providers
A Voluntary Industry Code to Help Reduce End-User Bots
The Federal Communications Commission’s CSRIC Working Group #7 released a new voluntary code of conduct for ISPs and network operators on March 22, 2012 as a cooperative industry-government initiative. The Anti-Bot Code of Conduct for Internet Service Providers (ABCs for ISPs), included in the FCC CSRIC Final Report of March 2012 includes the opportunity for participating network operators to be listed publicly on their own and official industry websites.
The spammers and bot-herders will have to come up with a new method should this take hold. Those ISPs voluntarily agreeing to this Code of Conduct will effect roughly ½ of all internet users in the US.
It’s in the interests of the ISPs to do this. It would cut down on a lot of traffic that passes through their nets, not willingly done by the customer. Yesterday, released to public news was the statement that the DoD should accept that it has been compromised within it’s network and is likely it will never get the network clean.
With the methods of rootkits it is beyond most average computer users to find and eliminate bot-net connections. It is possible to identify them through the traffic they send out from the users computer, which is one of the places this new Code of Conduct will make itself known. It is planned to notice the customers IP traffic and send those whose traffic closely matches known traffic to bot-nets and malware.
This means a distinct cut back on bot-net traffic if they can’t hide the flow of data. Bot-nets depend on the infection remaining un-noticed while continuing to infect others to add to the herd’s size.
My question in all this is the question of customer security from their ISPs. As long as the ISPs are dumb pipelines they are protected through DMCA safe harbors. As soon as they start manipulating the data, their status changes from dumb pipelines to one of liable for any misappropriations of that data.