I run a small Internet service provider (ISP) in the UK. We’re running into some financial problems and could do with some advice.

Our chief engineer says that we could save money by using ‘open source’ software, but I’m not sure what it means in legal terms. I know that Open Source Software gives us more flexibility as flaws can be detected easier and initial cost is free. Would you recommend we take out insurance to cover our backs?

We’re also losing a lot of money through denial of service attacks – can we stop them legally with an injunction?

We have heard through the Association of ISPs that we now have to retain user records. I know the new EC directive has been extended to ISPs and that we are to retain records for 12 months? That sounds expensive; I know why we have to do this as the government feel this will increase national security etc, however there has been debate as to whether small ISPs will be reimbursed by the government?

Can we use the data we collect to provide targeted advertising? as long as we have consent, are there any laws that cover this besides the Data Protection Act.

Finally, about network neutrality, will it affect me here in the UK and what is the current state of the law and the future for my business being a small ISP?

I run a small Internet service provider (ISP) in the UK. We’re running into some financial problems and could do with some advice.

Our chief engineer says that we could save money by using ‘open source’ software, but I’m not sure what it means in legal terms. I know that Open Source Software gives us more flexibility as flaws can be detected easier and initial cost is free. Would you recommend we take out insurance to cover our backs?


And he is right - to a degree! Insurance should come by means of support contracts - if required, but speak to your chief engineer about that... No other insurance will help get your network running again as quickly, so it should be high on the shopping list.

We’re also losing a lot of money through denial of service attacks – can we stop them legally with an injunction?Serving it too?... Upstream ISP? Or the attackers ISP? Or all the attacking ISP's should be a DDOS attack?

I suppose if you could find no other way, and you're finding the other ISP's uncooperative - it should be used as a last resort as you just can't keep losing cash like that. But its best to keep good relations, no doubt the other ISP's would like to stop the attack too. So it might be best forming contacts with these providers. Whose to say this will be the last attack coming from that network, and do you really want the bother of legal proceedings. (All that Paper work and more costs again)


Finally, about network neutrality, will it affect me here in the UK and what is the current state of the law and the future for my business being a small ISP?

Yeah I think it could How would you feel if the BBC (insert any popular website) started charging money for content delivery, Virgin Media have the cash to purchase an agreement, but can you afford it - as a small independent? Maybe you'll only afford a slower speed, whereas VM are pushing HD quality videos to their customers and in their advertising.

Network Neutrality provides a level playing field. Its your trump card as a small independent ISP up against the big boys, for heavens sake don't lose it. ;):)

Our chief engineer says that we could save money by using ‘open source’ software, but I’m not sure what it means in legal terms. I know that Open Source Software gives us more flexibility as flaws can be detected easier and initial cost is free. Would you recommend we take out insurance to cover our backs?

Initial cost isn't really free as you will need someone to install and configure it, and, as always, time is money. The saving comes from the fact the Open Source is free of software licence fees - you won't have to pay a penny in licence fees, either now or ever in the future.

Not quite sure what you mean by insurance. Certainly some companies choose to buy support for Open Source, particularly where they don't have the full range of necessary skills in house. Such arrangements can be extremely flexible, sometimes with a view to handing over to you after a period of time, once your own staff are up to speed, if that's the way you want to go. Others choose to permanently outsource certain tasks and responsibilities.

Shop around carefully, some apparently Open Source support arrangements are as guilty of vendor lock in as M$.

I thought we did need to purchase a licence, and the most common one is the General Public Licence the GPL??

No, the purpose of the GPL is to ensure that Open Source software is both free and will remain free. There is no charge for it.

Click on the link in my signature for more information.

The only thing free about open-source is the actual download, otherwise its the same as any other software in expertise, support and maintenance and updates. (in fact it may be trickier to update open source software as the developers are not really bound to providing seamless update paths)

The main issues I have had with open source software licenses are with the re-distribution of software, ie installing it or supplying it on disk to 3rd parties. If you are an ISP and supply the software on your own servers, "generally" there wont be any issues with it.

If your technical staff are keen to use, support and maintain oprn source software, you can always start by providing it as an option, obviously the total cost of running things that way need to be lower than the total cost of running the commercial licenses.

I don't wish to appear too negative, but you don't appear to know the first thing about running an ISP business; commercially, technically or regulatory - it's not as though it's a new market and you have time to learn, you don't.

It's highly competitive, price driven and a near commodity industry; unless you've got more behind you than it appears from here, you'd be better cutting your losses now.

@cjd: I think they are an ISP?
ref-"I run a small Internet service provider (ISP) in the UK"

@cjd: I think they are an ISP?
ref-"I run a small Internet service provider (ISP) in the UK"

Yes, I assumed they were. But they are also in financial trouble. I am suggesting that now would be a good time to think about whether they should carry on being a small ISP.

What OS software were you looking at using? The initial statement ' we should look at it' is great, but what - an office alternative? Apache as opesed to IIS? CRM, customer billing & management.

Open source is extremely viable in many walks of life, especially the IT arena, however, it must be done the right way and for the right reasons (when you already are a running a live operation and want to change core systems, it can cause more isuues/costs than long term savings)!

@cjd: I am pretty sure their first option would be to sort things out, hence externalising this to the forum for some help and advice. I did think your comment was a bit negative, considering you didnt provide any advice, but you're right one does needs to be realistic and take a view on things.

I will throw in a bit more on the side of open source, if you are under DoS attacks, there are defences that are localised but you should really go upstream and drop them at the router if you can.

Open Source tends to have better security options at the moment, it is sort of because real security is to complex for a consumer market, there is no money in sorting out the problem properly, so open source really fills that gap and fills it well, a lot people seem to enjoy coding solutions for security.

In your instance, you will probably want to run a variety of open source Unix systems, that makes attacks even harder, so OpenBSD round your border, admin stuff perhaps FreeBSD and a couple of Linux flavours for the servers. But you do have to configure them well, and know what you are doing.

For some good books on Unix (http://library.poisedsolutions.com/administration/operating-system/operating-system.xhtml) there is Absolute BSD (http://library.poisedsolutions.com/administration/operating-system/absolute-bsd.xhtml), Secure Architectures with OpenBSD (http://library.poisedsolutions.com/administration/operating-system/secure-architectures-with-openbsd.xhtml) and Essential System Administration (http://library.poisedsolutions.com/administration/operating-system/essential-system-administration.xhtml). The Unix systems are all very similar in day to day operation, but each one is administered in a slightly different fashion, and that gives a degree of security in itself, mono-cultures and you can be wiped out on one vulnerability.

The GPL is a license Richard Stallman created, it is not the most common license but it has been given a lot of exposure. You do have to abide by the GPL in as much as if you distribute you must make the source code available to those distirbute to and allow them distribution rights.

Most of the Open Source Licenses that matter for key systems tend to be BSD, Apache, and MIT style licenses which allow you to do anything as long as you attribute. The Linux Kernel is under GPL and well Linus may have chosen another license had he is time again, but it is working out well. And X11 often people think that maybe had it gone GPL it would have been further along, but that is just speculation.

Open Source is just that open, you should read all the licenses but in the main you will find they just allow you to have the source code for nothing, and you cannot hold people liable. The GPL comes with the extra stipulation but as an ISP you might not find that really applies.

@cjd: I am pretty sure their first option would be to sort things out, hence externalising this to the forum for some help and advice. I did think your comment was a bit negative, considering you didnt provide any advice, but you're right one does needs to be realistic and take a view on things.

Let's leave this to the OP eh? No need to depress yourself about it on his behalf.