Wikileaks: Was Amazon’s action justified?
Wikileaks has been grabbing headlines across the globe, and has divided the world into those who laud it for standing up to free speech and others who decry it as detrimental to the national security of the United States. Without being judgmental, we present some of the issues related with cloud computing that this drama has brought to light.
The Wikileaks controversy and the subsequent action taken by certain cloud computing service providers like Amazon has brought focus to the need for an industry-wide approach to service level agreements and codes of practice.
While Amazon said that Wikileaks had violated the terms of service and hence they were justified in denying service, there have also been criticism on its actions, with Dr. Joseph Reger, Chief Technology Officer for Fujitsu Technology Solutions, going on record saying,
“Cloud computing’s reputation has been damaged.”
Dr. Reger said that Amazon’s action “is bad news for the new IT paradigm of cloud computing. If a provider can terminate its service that easily, then it is doing exactly what skeptics expect, putting the security and availability of cloud services into question.”
“Many potential customers for cloud computing services will, I fear, have been paying attention and will now be forced to reconsider whether they can afford to make their IT that dependent on a third party. Cloud-computing’s reputation has been damaged. For IT, this is the real tragedy,” he remarked.
Dr. Reger said that Wikileaks may have actually violated the terms of service but that was not something that Amazon should decide on, but rather a court of law. He said that this scenario had introduced a new threat to company data – while earlier they feared threats from hackers, now they would potentially fear the cloud computing service providers as well. He cautioned customers of cloud computing services to be extra careful when reviewing their service agreements with the providers of such services.
As for Amazon, it has responded to allegations of impropriety with the following statement on its website:
“Amazon Web Services (AWS) rents computer infrastructure on a self-service basis. AWS does not pre-screen its customers, but it does have terms of service that must be followed. WikiLeaks was not following them. There were several parts they were violating. For example, our terms of service state that “you represent and warrant that you own or otherwise control all of the rights to the content… that use of the content you supply does not violate this policy and will not cause injury to any person or entity.”
It’s clear that WikiLeaks doesn’t own or otherwise control all the rights to this classified content. Further, it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren’t putting innocent people in jeopardy. Human rights organizations have in fact written to WikiLeaks asking them to exercise caution and not release the names or identities of human rights defenders who might be persecuted by their governments.
We’ve been running AWS for over four years and have hundreds of thousands of customers storing all kinds of data on AWS. Some of this data is controversial, and that’s perfectly fine. But, when companies or people go about securing and storing large quantities of data that isn’t rightfully theirs, and publishing this data without ensuring it won’t injure others, it’s a violation of our terms of service, and folks need to go operate elsewhere.
We look forward to continuing to serve our AWS customers and are excited about several new things we have coming your way in the next few months.”
By Sourya Biswas
Principal Security Consultant at NCC Group
13+ years of experience in Client Engagement, Business Development, Project Management and Management Consulting in the Information Security & Risk Management and IT Strategy domains.
250+ articles on Cloud Computing, technical editor of a reputed textbook.
MBA (double major in Consulting & Business Leadership) on full scholarship from Notre Dame, Bachelor’s engineering degree in Information Technology from a top 10 engineering institute in India.
Professional certifications include the CISSP, CISM, PMP, PSM and several ITIL Intermediates.