When Wikileaks released the documents from US State Department, it faced DDOS attacks from people who didn’t like what they were doing. To counter the DDOS attacks, Wikileaks moved to AWS for their hosting needs, a move touted by some in the Clouderati as a validation of public cloud computing. Today, the Wikileaks site is down and according to reports quoting Sen. Joe Liberman, it was taken down by Amazon.
This morning Amazon informed my staff that it has ceased to host the Wikileaks website. I wish that Amazon had taken this action earlier based on Wikileaks’ previous publication of classified material. The company’s decision to cut off Wikileaks now is the right decision and should set the standard for other companies Wikileaks is using to distribute its illegally seized material. I call on any other company or organization that is hosting Wikileaks to immediately terminate its relationship with them. Wikileaks’ illegal, outrageous, and reckless acts have compromised our national security and put lives at risk around the world. No responsible company – whether American or foreign – should assist Wikileaks in its efforts to disseminate these stolen materials. I will be asking Amazon about the extent of its relationship with Wikileaks and what it and other web service providers will do in the future to ensure that their services are not used to distribute stolen, classified information.
Without getting into the moral debate of whether Wikileaks did something wrong or not, I am going to address another potentially explosive topic. Please keep in mind that we all take positions on various issues based on our political leanings but I want the debate on the topic to be above such political leanings and based on the big picture. I strongly feel about the issues I discuss in this post but I am trying to be objective in the discussion here even if some of my arguments goes against my own beliefs. I hope CloudAve readers also take the same approach. I request the cooperation of all CloudAve readers in this regard.
If Amazon has thrown out Wikileaks over the political mood in the country, I would like to take a look at Amazon’s move from the point of view of the future of public cloud computing. There is a possibility that Amazon has taken down the Wikileaks site because of Economic Denial Of Service attempts (EDOS) against the site. Chris Hoff has long talked about this danger facing public cloud users and I have also covered Hoff’s post here at CloudAve. If the huge unpaid bills (or amount owed hitting a risky ceiling) is an issue, then the news is a non issue. However, if Amazon has kicked them out owing to majoritarian sentiment against Wikileaks, it is troublesome from the point of view of the public clouds. It is not just Amazon’s handling of the issue that concerns this discussion but also the Rackspace’s handling of Florida pastor’s website. Rackspace threw away the website because of political outcry over the issue. In both cases, it appears that the majoritarian morals and ethics has put pressure on the businesses to kick out their customers. Please don’t turn the discussion away by talking about whether Wikileaks did something illegal or not. I am not going into that discussion at all. My argument in this case is that this could be an example of a business throwing out their client before the due legal process is completed and just based on the political outcry from the majority in the country. If this is the case, my next question is “what does it mean to the future of public cloud computing?”.
Imagine a scenario where an enterprise hosting all their IT on public clouds suddenly upsets majority of people due to their, otherwise legally valid, action. Let us say the public outcry over their action forces the public cloud provider to kick the enterprise out of their cloud. Imagine the fate of their business. How can enterprises trust public clouds when such a possibility exist? I would love to hear your views on whether public cloud providers should wait for the due legal process to complete or act unilaterally based on the worries about the impact of majoritarian political outcry on their brand. Remember, when we ask organizations to risk their very existence on public clouds, the actions of public cloud providers should be more responsible and more sensitive to the impact on their clients. I would love to hear your views on this topic and how public cloud providers can mitigate the concerns of the businesses (enterprises, in particular) about such risks to their very existence. In short, my question is that if majoritarian sentiments can force the businesses to act one way or other, where do we really draw a line. And a specific followup to the previous question is how can public cloud providers get enterprises to trust them. Feel free to add your thoughts.
Update: Let me also be clear here. These providers may have TOS that would let them kick out their customers legally. I am just talking from the point of view of the consequences of such actions by the providers on the future of cloud computing.
Related articles
- Wikileaks kicked out of Amazon’s cloud (arstechnica.com)
- Wikileaks is now hosted by Amazon after massive DDoS attack (geek.com)
- Wikileaks Booted From Amazon Servers (fastcompany.com)
- Reports: WikiLeaks plugs into Amazon.com’s cloud (techflash.com)
- Amazon.com Drops Wikileaks (readwriteweb.com)
- Wikileaks & Amazon – and Why That Was Good for the Rest of Us. (cloudave.com)
I came to similar conclusions here. http://bit.ly/eZXYsl
Until Amazon presents an acceptable explanation – maybe Wikileaks broke the rules in the TOS – I will:
1. Cancel all internal work aiming at trying to include cloud services in our IT strategy.
2. Buy my books in other places.
3. Closely monitor how other supliers react. This could be a blow to the whole concept of cloud computing.
A lot of blurb around one simple question:
“What will a service provider do, when one customer becomes a liability to the provider and endangers the entire core business of the service provider?”
Answer: Make a smart decision about the liability. AWS got rid of it and I probably would have done the same.
I really don’t understand what problem you are projecting into this specific event.
A cloud service provider is simply a service provider. The enter into binding agreements with customers based on contract law. Just like any other business in the free world.
And contracts are either enforceable or not, depending on various conditions (performance, delivery, non-violation of public policy, etc.).
Where is the problem with that???
There is a difference between Cloud service providers and others.
Any customer can become a liability if a vocal violent minority do not like, say, your ideas. The question is did Amazon follow due process? Was Amazon subject to a legal injunction? The answer seems to be “no” and in that case every, at least Amazon, cloud computing customer has to reconsider their use of public clouds.
A cloud service provider is a public utility that is licensed by the state and has a partial monopoly because their customers cannot easily switch to another provider. Imagine if Google suddenly decided to cancel your email account because the government complained about you.
(Oops. sorry they tried that in China. But then they quit because the govt tried to verify it. Or something).
Or maybe not even the government but just some organization that does not like you.
Taking the classic libertarian pov, they should be allowed to do it if the contract you signed does not prevent it. But that sounds like classic “it’s in the fine print” chicanery.
I guess, caveat emptor rules again. At least in the libertarian world.
Interesting post. And the comments are interesting as well. What I think needs to be kept in mind here is that this really has nothing to do (specifically) with Cloud – it has to do with keeping your promises to your customers, and keeping them online. A massive DDoS attack is a problem for a larger customer base than just the target.
Almost (probably all) hosting providers make this clear in their “Terms of Use” or “Acceptable Use Policies”.
And if you were hosting this site in house, and a similar attack occurred, you would probably do what AMZ did – shut the site down so the rest of your network would function. Shut the site down so your other internal functions would stay online, and your other internal customers could remain productive.
It doesn’t matter in this case if it is in-house, traditionally hosted, or in “the cloud” – self-preservation rules apply to all.
This isn’t a cloud story. This is an age old story of doing what makes sense to service the majority of your customers – something most customers would expect a hosting company to do. Or any company, for that matter.
Rob La Gesse
Chief Disruption Officer
Rackspace Hosting
210-845-4440
@kr8tr on Twitter
rob@rackspace.com
Thanks for your comment. I agree about your argument in traditional hosting world but not in public clouds. Amazon has categorically stated that they didn’t shut down due to DDOS and have made it clear that they can withstand any such attacks. As I stated in my comment in another post, a public cloud provider admitting difficulty in scaling to mitigate the impact of DDOS goes against the very idea of cloud.
Great question and responses on both sides.
I think the core of this discussion is whether Amazon started down a slippery slope.
Yes WikiLeaks is engaged in questionable activity, and MAY have been terminated based on the BELIEF they are in the possession of material they should not have.
We could debate whether that has been substantiated by the appropriate parties before Amazon took action. We could debate the economic impact and whether this was legal grounds for Amazon’s actions.
The author’s point; however, is that any company using public cloud services has some unique risks to consider. Events like this highlight those risks, thus may inhibit organizations from migrating to the cloud. One poster has already said as much (although he should consider many of these risks don’t apply to a private, internal cloud.)
Amazon may have just set the prescedent that citizens can force any organization out of business permanently, simply by launching a short-term denial of service attack against them, then letting the hosting provider do the rest out of convenience and in the name of the rest of their customers.
If you have ever been responsible for or relied on an organization’s IT services, you realize how distressing this is.