Paper - Munk School of Global Affairs, University of Toronto

Duties for Internet Service Providers

| March 2012


"Duties for Internet Service Providers" was commissioned as part of a special paper series for the second annual Cyber Dialogue forum which took place March 18–19, 2012, in Toronto, Canada. Building upon the 2011 successful dialogue — Securing the Cyber Commons? — the 2012 Cyber Dialogue addresses the question: What is Stewardship in Cyberspace?


In today's interconnected world, the Internet is no longer a tool. Rather, it is a service that helps generate income and employment, provides access to business and information, enables e-learning, and facilitates government activities. It is an essential service that has been integrated into every part of our society. Our experience begins when an Internet Service Provider (ISP) uses fixed telephony (plain old telephone service), mobile-cellular telephony, or fixed fiber-optic or broadband service to connect us to the global network.1 From that moment on, the ISP shoulders the responsibility for the instantaneous, reliable, and secure movement of our data over the Internet.



ISPs come in many forms and sizes and go by many names: the phone company, the cable company, the wireless company, etc. They are the Internet stewards: planning and managing resources, providing reliable connectivity, and ensuring delivery for traffic and services. And while the communications infrastructure security as a whole is generally believed to be robust, recent events suggest that the networks and the platforms on which Internet users rely are becoming increasingly susceptible to operator error and malicious cyber attack. In 2012, we should therefore ask whether ISPs have additional duties to ensure the reliable delivery of an essential service.

In this article, we expose the gap between ISPs' written responsibilities and the unwritten, yet expected ones. Specifically, we define eight ISP duties:

  1. Duty to provide a reliable and accessible conduit for traffic and services
  2. Duty to provide authentic and authoritative routing information
  3. Duty to provide authentic and authoritative naming information
  4. Duty to report anonymized security incident statistics to the public
  5. Duty to educate customers about threats
  6. Duty to inform customers of apparent infections in their infrastructure
  7. Duty to warn other ISPs of imminent danger and help in emergencies
  8. Duty to avoid aiding and abetting criminal activity

The latter duties are helpful in calibrating threats and funding responses to them....

The full text may be downloaded below.

1 Services include: Public-switch telephone network (dial-up); Digital Subscriber Line (DSL) (usually copper), Asymmetric Digital Subscriber Line (ADSL); broadband wireless; cable modem (cable Internet); Fiber to the Premises (FTTx) (optical fiber); Integrated Services Digital Network (ISDN) (transmission of voice, video, data, and other network services over the traditional circuits); frame relay (wide-area network); Ethernet; Asynchronous Transfer Mode (ATM); satellite Internet access; and synchronous optical networking (SONET) (using lasers over fiber).

For more information on this publication: Please contact Science, Technology, and Public Policy
For Academic Citation: Hathaway, Melissa E. and John E. Savage. “Duties for Internet Service Providers.” Paper, Munk School of Global Affairs, University of Toronto, March 2012.

The Authors