10 Comments

Summary:

The story of Wikileaks hosting its Cablegate data on Amazon EC2 strikes me on so many levels. As a journalist, American citizen, and soon-to-be J.D., I’ve thought about freedom of speech, and I’m flabbergasted that Wikileaks hosted the site with a U.S. provider on U.S. soil.

constitution

Updated: The story of Wikileaks hosting its “cablegate” data on Amazon’s EC2 is fascinating to me on many different levels. As a journalist, I feel compelled to root for Wikileaks in the name of freedom of the press, and producing an informed electorate. As an American citizen, I wonder whether maybe there’s such a thing as disclosing too much information when it comes to national security. On a more practical level, I’m flabbergasted that Wikileaks decided to host its site with a U.S.-based provider like Amazon.

Although government pressure appears to have forced Amazon to remove the site, it’s important to remember that the First Amendment does not really apply in cloud computing. Cloud providers are private companies providing a service to private citizens, and their terms of service make it crystal clear that they are the ultimate arbiters of what’s acceptable use of their servers. The Constitution protects certain speech from government censorship or prosecution, but if a company like Amazon doesn’t want to serve as the conduit for that speech, it doesn’t have to. (See Amazon’s decision in the recent flap over a book about pedophilia for further proof.)

Rackspace made this perfectly clear in September, when it bowed to public opinion and shut down Koran-burning pastor Terry Jones’s web site. That story received surprisingly little attention, but I noted at the time it was the beginning of a slippery slope with regard to freedom of speech in the cloud. Jones may be a crank, but his plan — however misguided — was perfectly constitutional, and likely would have flown under the radar if not for the demands of the 24-hour news cycle and a heightened political climate. But someone caught wind of it, outrage ensued, and the site was pulled.

Wikileaks, however, presents an entirely different situation. The reality is that freedom of speech hits a wall where national security is concerned. Not only can the government prohibit the publication if such information, but releasing it can be a criminal act. The Espionage Act — particularly 18 U.S.C. Sections 793 and 798 — makes it clear that anyone publishing information that puts national security at risk would be wise to host it outside the jurisdiction of the United States justice system. Without getting too deep into issues of personal jurisdiction and conflicts of law, breaking U.S. law by hosting information on servers located here and operated by a company incorporated here is a recipe for legal disaster.

By doing so, Wikileaks probably opened itself up to being tried in a federal court, but Amazon was always on the hook. If the government decided Wikileaks was breaking the law, and that Amazon was knowingly facilitating it, then Amazon was looking at potential federal prosecution. I have no idea what was said during that call between Amazon on Sen. Lieberman (I-Conn.), but I suspect this point was raised. Guess what: Amazon isn’t going to – and, prudence suggests, probably shouldn’t – risk its business defending charges of breaching national security.

Forget handing over administrative control to a cloud provider or waiving any legal recourse beyond the terms of the SLA. Organizations and individuals choosing cloud computing also give up some constitutional rights. Aside from freedom of speech, antiquated electronic data privacy laws also might put cloud-based data outside the bounds of Fourth Amendment protections against unreasonable search and seizure.  (Microsoft, Google and some legislators are pushing to change this, but so far it’s mostly talk and some early-stage legislation). I still think cloud computing is a transformative delivery model and the future of IT, but potential cloud users – especially those looking to push ethical buttons – would be wise to consider the legalities of what it means to do business in the cloud as well.

Update: Amazon has posted an explanation of its decision to remove WikiLeaks from its servers, saying it was not the result of government pressure, but because the organization breached the web company’s terms of service — since it did not own the rights to the information it hosted, and since the information could have led to people being harmed. The note says:

There have been reports that a government inquiry prompted us not to serve WikiLeaks any longer. That is inaccurate. There have also been reports that it was prompted by massive DDOS attacks. That too is inaccurate. There were indeed large-scale DDOS attacks, but they were successfully defended against.

Amazon Web Services (AWS) rents computer infrastructure on a self-service basis. AWS does not pre-screen its customers, but it does have terms of service that must be followed. WikiLeaks was not following them. There were several parts they were violating. For example, our terms of service state that “you represent and warrant that you own or otherwise control all of the rights to the content… that use of the content you supply does not violate this policy and will not cause injury to any person or entity.”

It’s clear that WikiLeaks doesn’t own or otherwise control all the rights to this classified content. Further, it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren’t putting innocent people in jeopardy. Human rights organizations have in fact written to WikiLeaks asking them to exercise caution and not release the names or identities of human rights defenders who might be persecuted by their governments.

Image courtesy of Flickr user Thorne Enterprises.

Related content from GigaOM Pro (sub req’d):

  1. What about if the data was encrypted on Amazon’s site and they had no idea of what was hosted? are they still liable?

    Share
  2. No legal threat was necessary, all the US Gov had to do was threaten to take their cloud business elsewhere. Any large customer has this control over their suppliers and the smaller customers just have to live with it…

    Now if Wikileaks became a bigger Amazon customer that the US Govt, the shoe might be on the other foot.

    Share
  3. In my opinion Wikileaks probably has some real good dirt on American politicians. That’s probably why there so upset, I wouldn’t be surprised if somehow there’s a connection with American banks and politicians. After all Wikileaks has said, its an “ecosystem of corruption.” My fellow Americans we need to know the truth!

    Share
  4. I’m not a lawyer, but doesn’t Section 230 of the Communications Decency Act protect Amazon from prosecution anyway?

    “(c) Protection for “Good Samaritan” blocking and screening of offensive material
    (1) Treatment of publisher or speaker
    No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

    Share
  5. [...] in the interests of their business and shareholders (within certain limits), as Derrick pointed out in his recent post. WikiLeaks' leader Julian [...]

    Share
  6. What does “owns the right of content” realy mean? If a journalist reports about a case, does she own the content? In that case, Amazon could decide to shut down any website that they think it contains information that may be questionable. In my opinion this is called arbitrary censorship.

    Share
  7. There’s a major error in this story. There was no cablegate data hosted on Amazon EC2. That data was always hosted elsewhere on a different subdomain. All that was hosted on EC2 is the wikileaks homepage which talks about their mission.

    Therefore, Wikileaks was not in violation of any law, or of amazon’s ToS.

    It is unfortunate that a company like Amazon can simply tell a blatant lie like this and most journalists and the public presume that it is true.

    If you don’t believe me, look into the issue. Amazon really should not get cut the slack they are getting here.

    Share
  8. @Liza: Very interesting. Is there a way to read further into this subject?

    Share
  9. [...] The Cloud Meets the Law: Where Wikileaks Went Wrong [...]

    Share
  10. [...] Amazon-WikiLeaks controversy shed light on the fact that many pundits appear oblivious to the legal aspects of cloud computing, [...]

    Share

Comments have been disabled for this post