Home » Data Protection » Network Security

Pipe Cleaners: Telcos Offer Managed Security Services

AT&T and other telcos want to clean up your Internet traffic - for a fee. A look inside in-the-cloud scrubbing services.

“I don’t think there’s a single carrier that would do that, only because that’s pretty presumptuous,” Amoroso says. “If there was some general council in Geneva, some tribunal that decided all carriers must do the following, it would be easy enough to do. But I don’t think that’s a role that the carrier has been asked to do or would be comfortable doing.”

Even deleting the most egregious traffic can raise issues. Amoroso says there have been cases where AT&T terminated a portion of an agreement with a customer who was on the blacklist of spammers—in other words, a customer whose every outgoing e-mail AT&T would normally delete.

Understandably, AT&T wants to distance its security operations from the net neutrality controversy as much as possible. After one interview with CSO, a public relations professional called to emphasize that cleaning up traffic for security reasons is entirely different from segmenting different types of traffic into high-speed lanes. But the fact remains that both activities involve value judgments about which traffic deserves to go where and when. And that further complicates Amoroso’s lofty version of the “cleaner” Internet of AT&T’s future.

“Filtering out traffic makes the carriers less neutral, no doubt about it,” Oxford University’s Zittrain says. And the more the carriers do so, he predicts, the more difficult it may become. “They are holding back not because of some ideological principle like a belief in net neutrality,” Zittrain continues, “but because they see no reason to get into a customer-service nightmare of quarantining their compromised subscribers and then helping them to fix their machines.”

Technically speaking, Internet carriers such as AT&T, looking out at their charts of DoS attacks and spam and unfolding worm- and bot-related activity, may indeed be in the best position to fix the Internet. But actually doing so, outside the prescribed version of the Internet that businesses want to make available, simply may not be a task that they are in a position to accomplish.

“People want simplicity, but they also want flexibility,” says Andrew Odlyzko, director of the Digital Technology Center at the University of Minnesota, who worked in research at AT&T Bell Labs for 26 years. “That’s the conflict. If the telecom environment were stable and predictable, then the smart Ma Bell network”—in which Internet users are carried from one clean and safe place to another—“would make a lot of sense. People don’t want to worry about the complexity of spyware, viruses, corrupt files. But they want new services, like YouTube. So you have this tension. It’s there, and it will continue to be there.