One of the major problems with the actions surrounding WikiLeaks was that there seemed to be a marked lack of process. In some cases WikiLeaks got 24 hour notice, but they had no way of appealing or presenting their view of the case. But from the information we have seen so far, the justifications used by companies have been very thin or just outright false. Just to get everything collected in one place, I wanted to write about all the companies that removed support for WikiLeaks, and analyze their stated reasons for doing so.
Just after WikiLeaks started releasing their “cablegate” data, they decided to move their site to Amazon Web Services. The reason for this was that they had been subjected to minor DDOS attack and wanted to make sure that the site remained possible to reach. Amazon was mainly serving as the host for the website – not for the actual data (although the data is there too). The data was also available through numerous other means, such as BitTorrent.
Lieberman has confirmed that his office made a phone call to Amazon to see whether they would take down the site. Lieberman had his office do this, since he feels that WikiLeaks is distributing “illegally seized material”.
Amazon was quiet for over twenty four hours, but then issued a message explaining why they had removed the WikiLeaks site. It has several interesting nuggets. The first sentence of the message says that Amazon did not stop serving WikiLeaks because of the government inquiry. We may never know the truth here, but it’s clear that a call was made from Liebermans office, very close in time to when the service was taken down. It’s also clear that WikiLeaks has hosted content on AWS several times before (and it has gotten lots of attention those times too) – without Amazon taking this content down.
The justification Amazon is using for taking down WikiLeaks is that WikiLeaks wasn’t following their terms of service. As examples of things that go counter to the ToS, Amazon notes that WikiLeaks doesn’t own or control the rights for all their content. Of course, according to the Copyright act, copyright protection is not available for any work of the United States government, so the cables can definitely be said to be in the public domain. Even if you don’t care about that argument, there is also an argument for consistency of enforcement. Have Amazon taken down the New York Times for reporting the same material?
The other justification used is that it’s not “credible” that WikiLeaks could have carefully redacted all information that could put innocent lives in danger from their 250 000 cables. That obviously doesn’t take into account the fact that WikiLeaks haven’t released all 250 000 cables yet – a huge reason being that they are careful in redacting information that shouldn’t be there. As I write this, less than 2000 cables have been released.
At the end of the day, Amazon’s justifications look very weird. Amazon clearly has the right to enforce their terms of service however they want – until someone sues them for breach of contract, of course. But the more insidious part is that it will be very hard to trust Amazon as a host for any kind of interesting data in the future. The capricious nature of the WikiLeaks takedown should worry anyone who depend on Amazon to host their data.
Tableau Software is a small company that make it possible to do visualizations of different kinds of data and put that online. Think Excel graphs, but on a web page. WikiLeaks used Tableau to create graphs and charts of different kinds of data. These graphs contain information such as what the distribution of cables regarding different subjects are, and so on. An example of a graph can be found here.
So basically, Tableau didn’t host the WikiLeaks data at all. They hosted derivative information based on WikiLeaks data sets.
Tableau published a blog post explaining why they had removed WikiLeaks support. You can find it here. In comparison to Amazon’s press release, it feels refreshingly honest, at least. They explicitly say they removed the content based on Joe Liebermans public request for organizations to terminate their relationships with WikiLeaks. They also cite their terms of service as the reason for actually removing the data. However, that runs into the same problem as Amazon’s justifications. Tableau is saying that WikiLeaks doesn’t have the right to make this content available. But in fact, WikiLeaks right to this data is still up in the air. It could be that they are covered by the First Amendment. It could also be that they are not. But Tableau Software is not a judicial function. They can’t make that decision.
They decided to investigate WikiLeaks, and remove their data, just because Joe Lieberman said it was illegal. That seems like a very convenient power for a senator to have…
The wikileaks.org DNS name was hosted by EveryDNS.net. This company decided to remove the DNS entry for wikileaks.org citing massive DDOS attacks against WikiLeaks. Of all the attacks on WikiLeaks, this is arguably the most problematic one – even if you have a place to host your content, without a working DNS, it is much harder for people to get access to that content.
And what about the justification of EveryDNS? Their public statement clearly states that there was no political pressure involved in this decision. Instead, they say that the reason for dropping the WikiLeaks domain was that the heavy denial of service attacks against WikiLeaks threatened service for the rest of their clients. However, I keep trying to figure out how a DDOS attack could ever threaten one specific DNS provider. Isn’t the whole point of DNS that the records quickly get distributed to any DNS server that requests the entry? Unless the time to live on the WikiLeaks entry is very low, it seems, most lookups for it wouldn’t even touch the EveryDNS infrastructure. So I guess that the only way a DDOS attack could touch EveryDNS would be for the DDOS attack to be targeted against EveryDNS, not against WikiLeaks. The more I think about it, the less I understand how this justification even make sense.
EasyDNS is another DNS provider that got mixed up with EveryDNS – and incorrectly reported as the company that dropped WikiLeaks support. They decided that they had already gotten the bad rep for dropping WikiLeaks, so they could just as well go ahead and host the WikiLeaks DNS entries after EveryDNS dropped them. EasyDNS have reported DDOS attacks, but they haven’t reported it being a problem for their infrastructure.
All of these pieces come together to a picture that just doesn’t make sense. If I’m wrong – can someone explain to me how a DDOS attack can threaten a DNS provider?
On the 3rd of December, PayPal cut off the account of Wau Holland Foundation, an account that had redirected donations to WikiLeaks. PayPal being what it is, I would assume that a large fraction of the donations for WikiLeaks used to come through this channel – and since WikiLeaks doesn’t make money by itself, it lives or dies by donations. The reason PayPal cited was that it was used for activities that encouage, promote, facilitate or instruct others to engage in illegal activity. At a later date, the VP of PayPal clarified that the reason they felt it was illegal content was based on a letter from the State Department to WikiLeaks where the State Department claimed the cables were illegal.
Simply put, the State Department declared something illegal, and the flow of money to WikiLeaks immediately dried up.
It is interesting to note that Wau Holland Foundation are filing legal action against PayPal for blocking its account, and also for libel due to PayPal’s allegations of illegal activity.
PostFinance is a Swiss bank that on the 6th of December froze all the assets of Assange. Their reason for doing this was that Assange had provided false information about his place of residence when opening the account. This might well be true – but it’s hard to not consider how many other people with accounts in Switzerland use their lawyers address as their place of residence. The timing of this action also strains credulity. Why now, PostFinance?
PostFinance happen to be a state run financial institution. The Swiss government have refuted allegations of foul play. However, the Pirate Party in Switzerland claims that the bank didn’t follow a clear legal process when closing the account. There is also the possibility of PostFinance violating client confidentiality laws by releasing information about its business relationship with Assange through a press release.
Further pushing on the limits of coincidence, the same day MasterCard decided to take action against WikiLeaks, by ensuring that MasterCard products can’t be used to donate money to WikiLeaks. Their reason for doing so echo PayPals – MasterCard has rules that prohibit customers from directly or indirectly engaging in or facilitating any action that is illegal.
As many observers have noted, it is still possible to use MasterCard to donate to the Klu Klux Klan.
The next day, Visa Europe decided to follow MasterCard in suspending payments to WikiLeaks pending “further investigations”. As far as I can tell, these further investigations are still pending – and Visa still aren’t processing payments to WikiLeaks. The suspension was initially limited to a weeks time, but it doesn’t seem to have been lifted at this point.
Bank of America
Last week Bank of America announced that they would stop processing any transactions of any type that they have reason to believe are intended for WikiLeaks. Exactly what that means is quite unclear. Bank of America claims that WikiLeaks might be engaged in activities that are inconsistent with their internal policies for processing payments.
I don’t know about you – but the longer this goes on, the more vague the justifications of these companies have become.
A few days before Christmas, Apple decided to remove a WikiLeaks IPad and IPhone application from their App Store. The most confusing thing about this incident is that the app was actually allowed in the App Store for a few days before getting removed. Apple have a reputation for enforcing their developer guidelines very strictly for the App Store. So when Apple removed the application after the fact, based on the developer guidelines, it looked quite weird. If Apple hadn’t allowed the application in the first place though, noone would have been very surprised.
The reasoning Apple cited for removing the app was that applications must comply with all local laws and may not put an individual or group in harm’s way. Exactly which part Apple feels apply to WikiLeaks wasn’t clear from the public statements.
Summary – common themes
Now, almost a month after these series of events started, it gets increasingly hard to justify the WikiLeaks denial of service. Looking back through the behavior of all these parties, I can’t help but notice the common theme – the assumption that WikiLeaks is illegal. This assumption comes from public pronouncements from the State Department and from Senator Joe Lieberman. But the State Department is part of the executive wing of the US government. And the senate is part of the legislative part of the US government. That simply means that neither of these sources can pronounce whether something is illegal or not. Having the State Department and senators pronounce that something is illegal, and then have companies acting on these pronouncements is tantamount to removing the democratic underpinnings of society, and is a very dangerous path to take.
We don’t know how much back room deals have been made to orchestrate the recent events. In come cases it’s obvious that we don’t know everything – in other cases there is a large possibility that the State Department and Joe Liebermans public actions have been enough for the above companies. Either alternative scares me.