Michael Geist writes:
… After Amazon pulled the plug, Wikileaks quickly shifted to a European host, demonstrating how easily sites can shift from one cloud provider to another. Although it seems counter-intuitive to consider the physical location of cloud computing equipment when discussing services that by their very definition operate across borders in the “cloud”, the Wikileaks-Amazon incident provided an important reminder that location matters when it comes to cloud computing.
Read more in the Toronto Star.
Although Michael understandably focuses on the issue with an eye towards Canadian e-commerce, the notion that location matters is precisely one of the issues that privacy advocates raised with Congress in hearings over reforming ECPA.
If American cloud service providers wish to be competitive for European commerce, they must offer, at a minimum, the privacy and security protections required by EU privacy directives, including issues of whether the provider will just turn over data and information to law enforcement or whether warrants are required. And as the Wikileaks situation highlights, the provider’s willingness to host unpopular or controversial content may also come into play.
Would a European entity want to use an American cloud service provider if at any moment, members of U.S. Congress could decide that the content should be censored and started calling your provider to dump you?
Wikileaks “Cablegate” Highlights Other Cloud Issues
The uproar over Amazon dumping Wikileaks has been intense. There are many who believe that Amazon Web Services (AWS) should have stood up for First Amendment rights since Amazon’s main business started as a bookseller and booksellers have always been fiercely protective of the First Amendment. But as EFF reminds everyone, a business has no obligation to uphold or respect First Amendment rights. The rights are with respect to what government can and cannot do.
There are many who believe that Amazon has offered lame and unsupportable excuses in dumping Wikileaks by referring to TOS violations that do not apply. For example, Amazon asserts that Wikileaks violated TOS because it does not own or otherwise control all of the rights to the content. Yet as numerous people have pointed out on Twitter and elsewhere, government documents are public domain and Amazon publishes the Pentagon Papers – a book where the publisher clearly did not own or control all rights to the papers.
Whether AWS caved to Congressional or government pressure or not (they deny it) or whether they broke their contract with Wikileaks as some allege, I think it is unrealistic to expect a business entity to fight certain battles. Maybe it’s my advanced age. Maybe some will say I’m cynical, but while I respect and admire the views of others and think it would be nice if AWS had “done the right thing,” I don’t really expect businesses to fight battles of transparency, secrecy, and the First Amendment. Indeed, I’m more disappointed with Google for failing to actively fight subpoenas to unmask users or anonymous commenters than I am with Amazon.
That said, I think it is wildly hypocritical of Amazon to host Wikileaks on Nov. 29, use Wikileaks to promote their service on Nov. 30, and then dump them on Dec. 1. Claiming that your service provided them with greater security and ability to withstand DDoS attacks seems somewhat ridiculous when the customer doesn’t have the basic security of knowing that they will not be unceremoniously dumped less than 48 hours later.
And now that PayPal has permanently restricted Wikileaks’ account, will activists also call for a boycott of PayPal? PayPal claims that Wikileaks violated AUP:
PayPal has permanently restricted the account used by WikiLeaks due to a violation of the PayPal Acceptable Use Policy, which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity. We’ve notified the account holder of this action.
The timing of this is suspicious, to say the least, as Wikileaks’ conduct has always been the same. Why didn’t PayPal restrict the account before now? Could it be political pressure at work? Sadly, that’s how it appears to me.
If there are any lessons to be learned from Cablegate (and there appear to be many), then certainly one of them should be that American e-commerce may be untrustworthy as it is too susceptible to governmental pressure and political influences.