Essential internet infrastructure should not be content-neutral.
Content neutrality is a higher bar than you think it is. Content-neutral means the rules cannot take content into account at all.
If the content is millions of ssh login requests on thousands of servers with ec2-user and the top 10000 most used passwords, the infrastructure should be able to block that.
Content-neutrality would probably make it illegal to prevent DDoS attacks. At some levels of infrastructure, sure, but broadly speaking, content-neutrality seems like a bad requirement.
DDoS generally has little to do about the content of the traffic. It's more about volume and traffic pattern.
Anyway, I think the details are in intent and the nature of the communication. Service providers shouldn't actively block communications where the only intent of the communication is consensual exchange of information between two or more parties (such as visiting a website) regardless of the content of the exchanged information.
SPAM would qualify as non-consensual from one party, so it would be exempt.
The intent of DDoS isn't to exchange information, so it would also be exempt.
I'm sure that it would need pages legalese to make this work, like ironing out the circumstances when ISPs can assume intent or consent. SPAM block lists should be reasonable.
Your examples are people forcing packets to a network node, content neutrality is about receiving what you wish from a server whose operator has chosen to serve that content.
Stopping people who are actively committing crimes is not preventing free movement on a right of way. Or rather, it is in layman's terms, but free movement does not include the commission of crimes. In the same way stopping brute force attempts is not the same as inhibiting net neutrality.
Viewpoint neutrality is debatable though, in this situation, HE could argue that they aren't banning based on viewpoint but rather the nature of the content, and point to other websites sharing similar viewpoints that they carry. It just seems like a half-step that pleases no one and does nothing. Let private companies be private companies, we don't need the unelected bureaucrats to tell us how to run DDOS protection or route traffic.
Content neutrality is a higher bar than you think it is. Content-neutral means the rules cannot take content into account at all.
If the content is millions of ssh login requests on thousands of servers with ec2-user and the top 10000 most used passwords, the infrastructure should be able to block that.
Content-neutrality would probably make it illegal to prevent DDoS attacks. At some levels of infrastructure, sure, but broadly speaking, content-neutrality seems like a bad requirement.
Viewpoint-neutral, however, is a better goal.
https://www.law.cornell.edu/constitution-conan/amendment-1/o...