If you feel so strongly that I am lying to myself, then please explain what is incorrect in the following three statements: TCP is a connection-oriented protocol in the Internet Protocol Suite. TCP connections have two halves, one in each direction. Traffic is billed based on who sends more data down each half of the connection.

So how do you make sure your Internet connection doesn't have a man in the middle attack from day one?

The monetary barrier hasn't been on the very itself for at least a couple years. It's been in the fact that older TLS stacks (such as those that shipped with Windows XP and Android 2.x) couldn't handle Server Name Indication (more than one certificate per IP address), along with the disappointingly slow uptake of IPv6. So until April of this year, when XP security patches ended, each site owner needed to pay its hosting service for a separate IPv4 address.

The ISP's premises is the private property of the ISP. If Netflix wants its box sitting in Comcast's private property, it can pay rent, just as you would have to pay rent to lawfully live on private property owned by a landlord.

Since when does Comcast offer a platform for amateurs and small-time professionals to publish their videos? I thought Comcast was for the Disneys, Scrippses, and Discoverys of the media world.

Cogent offered half a year ago to pay the actual costs of the upgrade. The ISPs in question appear to want to extract a markup on top of that.

You are correct that TCP is stateful. But the fact that TCP is stateful is irrelevant. ISPs are Internet Service Providers, and Internet Protocol is stateless. From the point of view of an ISP's infrastructure, TCP is just an application that runs on Internet Protocol. Otherwise, it'd be possible to manipulate billing through the equivalent of switching between FTP's PORT and PASV commands, which change only who sends the SYN.

So why don't ISPs accept Netflix's offer to provide a caching server without charge that keeps the most popular traffic on their net?

And Netflix "calls" you back with the data.

A circuit-switched network such as the PSTN allows sending information in both directions over one "call". A packet-switched network such as the Internet, on the other hand, doesn't see "calls"; it sees "datagrams". Except for last mile customers, each side pays for how many packets it sends. Otherwise, it'd be possible to manipulate billing by doing the equivalent of the difference between PORT and PASV in FTP.

Then ask about a specific work to which Netflix has the rights and the TV provider division of the ISP does not. "I'm having trouble watching House of Cards at home. It works fine on $different_isp_next_town_over. Might this be a problem with Comcast?"

Do you really mean "every browser in the world" that supports TLS or just "every major desktop browser" that supports TLS? I was under the impression that some of the browsers that run on home entertainment hardware lacked UI for adding a certificate. For example, where might I find CA options on, say, "Internet Channel powered by Opera" for the Wii video game console?

The excuse I've seen trotted out is that a mismatch between the expected security guarantee impled by the URI scheme and the actual security guarantee of a particular connection. The http URI scheme warns the user in advance of a true lack of security, while https with an unknown certificate authority gives the user a false sense of security. StartSSL offers free personal use TLS certificates anyway.

People who just flat-out pirate a game, movie, or album have made exactly this same excuse on Slashdot.

Which court in which case used this as an argument in its opinion to dismiss an antitrust action?

Not free, but Cogent is willing to pay these costs itself. Verizon and Comcast won't take Cogent's offer; they want to charge Cogent an arguably excessive markup on top of Cogent's costs