There’s a lot of ways to silence dissident voices online. My colleagues involved with the Open Net Initiative have done pioneering work documenting the ways that governments restrict their citizens’ ability to access certain online content. But while the government of Ethiopia can block access to blogs that criticize Meles Zenawi within the country, they have a much harder time preventing people around the world from reading a blog hosted in the US that’s critical of the Ethiopian government.
In recent years, governments and other actors have started focusing on silencing speech at its source – the server that hosts the speech. Troubled by documents hosted by Wikileaks, Bank Julius Baer & Co., a Swiss and Cayman Islands private bank obtained a court order forcing Wikileaks’s domain name registrar to redirect traffic to the site to an empty page; after a court hearing, the US federal judge withdrew the court order and allowed the site to reopen.
Not all attacks use the US legal system. Irrawaddy, a website run by Burmese exiles to report on news inside and outside Burma, has suffered widespread distributed denial of service (DDOS) attacks over the past several months. These attacks make the site inaccessible and have the added effect of upsetting Irrawaddy’s hosting provider, who hosts the site on a server and subnet used by other clients, all of whom are affected by the attack. The nature of DDOS attacks is such that it’s very difficult to determine where they originate – it’s unclear whether independent pro-Burmese citizens are trying to attack Irrawaddy or whether someone supported by the Burmese junta is using DDOS to attack a vocal and visible critic.
Of course, you don’t have to block access to a web host – you can just convince the web host to pull the plug on a site. That appears to be what’s happened to my friends with Kubatana, a leading Zimbabwean NGO. Kubatana supports and trains NGOs in Zimbabwe, hosting websites for prominent activist organizations like Women of Zimbabwe Arise. For the past two years, Kubatana has hosted a joint blog for a wide range of Zimbabwean citizens, some who wrote anonymously, and others who wrote under their names – it’s been one of the key sources of information and perspective for people around the world who follow Zimbabwe, and a critical outlet for Zimbabweans who have few other ways to communicate.
Earlier this week, Kubatana’s blog site, as well as a couple of sites hosted on behalf of activist organizations, went dark. Visitors to the blog received a message that the webhost, Bluehost, had disabled the account. When the folks who run Kubatana asked why their account had been suspended, they were informed that an “internal review” revealed that Kubatana was a Zimbabwean organization, and Bluehost’s regulations prohibit them from doing business with ten countries that are subject to US government trade sanctions. (More in a moment about why sanctions on Zimbabwe’s rulers don’t mean sanctions on all Zimbabweans.)
I find it very hard to believe that Bluehost spontaneously decided to review Kubatana’s account – I suspect that someone frustrated by content on Kubatanablogs contacted BlueHost, leading to an account review where Bluehost decided to terminate hosting based on their reading of a trade sanctions provision.
This isn’t a new tactic – when I helped run Tripod.com, we routinely fielded cease and desist letters from companies that didn’t like webpages criticizing their services – they’d claim their trademark was being abused on the page in question and demand its removal. Their hope was that the hosting provider wouldn’t bother to look closely at the situation and would simply give up their customers rather than face involvement in a legal action. We got very good at standing up to these bullshit letters and offering advice to our customers on how to fight the complaints – these days, we’d likely just send them to the Citizen Media Law Project at Harvard. But not every hosting provider is willing to go through the basic effort of protecting their customer’s speech rights – if it looks like it’s going to take more than a few minutes of time to resolve a situation, it may be worth losing the customer rather than analyzing the complaint.
Yes, there are US sanctions on Zimbabwe. Three executive orders – 13288, 13391 and 13469 – outline those sanctions, which are administered by the US Treasury’s Office of Foreign Assets Control. These orders aren’t easy reading, but they specify a group of people targeted by these sanctions:
Any person determined by the Secretary of the Treasury, after consultation with the Secretary of State:
(i) to be a senior official of the Government of Zimbabwe;
(ii) to be owned or controlled by, directly or indirectly, the Government of Zimbabwe or an official or officials of the Government of Zimbabwe;
(iii) to have engaged in actions or policies to undermine Zimbabwe’s democratic processes or institutions;
(iv) to be responsible for, or to have participated in, human rights abuses related to political repression in Zimbabwe;
(v) to be engaged in, or to have engaged in, activities facilitating public corruption by senior officials of the Government of Zimbabwe;
(vi) to be a spouse or dependent child of any person whose property and interests in property are blocked pursuant to Executive Order 13288, Executive Order 13391, or this order;
(vii) to have materially assisted, sponsored, or provided financial, material, logistical, or technical support for, or goods or services in support of, the Government of Zimbabwe…
Because it’s hard to know who’s “materially assisted” the government of Zimbabwe, the Treasury provides a handy list of “Specially Designated Nationals”, who US individuals and organizations are prohibited to do business with. It’s a long list, but that’s what the “Find” command is for… and you won’t find Kubatana, Women of Zimbabwe Arise, or the principals behind the projects on the list. (And rightly so – they’re fighting the regime that the US is sanctioning.)
My friends at Kubatana explained this to Bluehost. They sent them the relevant documents and asked them to check the SDN list. Bluehost insisted that they couldn’t do business with the residents of ten sanctioned nations, including Zimbabwe. Kubatana got the US embassy in Zimbabwe to write to Bluehost, explaining the situation. Blue host insisted they couldn’t make any exceptions.
Now, during a week that’s featured the emergence of a power-sharing government and the arrest of a prominent MDC activist, Kubatana finds itself silenced and on the sidelines when their voice is most important. I’m helping Kubatana find a new blog host, one that actually bothers to understand trade sanctions and sees a value in protecting free speech – I recommended Rimu Hosting, a New Zealand-based company that hosts this blog and all Global Voices sites.
If you maintain a sensitive blog or website, a site likely to anger a corporation or a government, do not assume that your hosting provider will help you defend your rights. Some hosting providers take this very seriously and will work with you to ensure you have an opportunity to respond to legal threats or complaints. Others will conclude that working with you is too much trouble and cut you loose.
I don’t think that Bluehost is somehow opposed to civil society in Zimbabwe. I think they’re lazy, and decided that actually responding to Kubatana’s explanations wasn’t worth their time. I think they failed to escalate the situation beyond an “abuse” person who was working from a script which offered no flexibility. And I think they concluded – perhaps correctly – that denying Zimbabwean activists a platform for speech wouldn’t adversely affect their business. I hope they read this post, I hope they’re ashamed of how they acted, and I hope they apologize to my friends.
If you run a site like Kubatana, look for a hosting provider that understands your business and has your back. There are lists out there of “free speech” webhosts – I don’t know how valuable they are, and the one linked above makes the same “sanctioned nation = banned nation” error that Bluehost made. Instead, I’d suggest you look for a hosting company run by human beings, not by notebooks filled with rules and procedures. (Barry Schwartz would suggest that you’re looking for a company run by practical wisdom, not by rules.)
This likely means working with a small company, where you’ve got a personal relationship with managers, and where you can explain the threats and problems associated with your site. Rimu knows that Global Voices is going to get blocked in some countries, and these blocks might affect other customers. They know we face DDOS attacks. In other words, they know we’re a pain in the ass to host. But they’re willing to take on the work because they believe in what we’re doing and in protecting our right to do so.
Does your hosting provider have your back? Rimu does. Bluehost doesn’t. Let’s hope that people who are brave enough to speak against repressive governments can find webhosting companies brave enough to let them do so.
Update – Kubatana’s blog site is back up, just not on Bluehost. Bev Clark tells us that Bluehost’s CEO has complained to her that Kubatana supporters are “spamming” him and Bluehost’s abuse department with comments about their decision. I attempted to post to CEO Matt Heaton’s blog, asking him to address the situation – the comment never made it out of moderation. Guess Bluehost really doesn’t want to talk about this issue.
Update 2, February 22, 2009 – Bev Clark from Kubatana heard from Bluehost offering to reinstate her account. Bluehost received an email and phonecall from the US Treasury Department confirming that they were not, in fact, on the list of persons Bluehost could not do business with. Bev and Kubatana have chosen not to go back to Bluehost, though Women of Zimbabwe Arise are remaining Bluehost customers.
While I’m glad that Bluehost finally saw the light, I will not recommend them to individuals looking for human rights hosting – the assumption that Kubatana was in the wrong, the unwillingness to listen to their explanation and the hostility of CEO Matt Heaton to customer complaints leads me to conclude that I wouldn’t recommend their services.
Ethan, excellent post as always. What would you expect out of the ‘larger’ companies providing cloud services e.g. Amazon,Google,Microsoft hosting practices? In your opinion would they have more informed ‘ban’ policies and tell unfounded complaints to bugger off (making the procedure driven nature work to the activists’ advantage) and better resistance to DDOS? Or do you expect them to have even lower tolerance for inconveniences, and increased risks being owned by US-based companies?
Do you know of someone actually trying these options out empirically?
That’s a really interesting question, Eduardo. My guess is that it has a great deal to do with corporate culture. Tripod was pretty damned large, and we continued fighting frivolous cease and desists because we felt it was the right thing to do. My guess is that a company that’s got really good support escalation will figure out when an issue like this needs to go to the general counsel, and which can be blown off by abuse personnel.
I’d really like to see companies like Google take a stand, making it clear that they see protecting user rights to be part of “don’t be evil”, but I certainly understand that this isn’t an easy or cheap stance to take.
Thanks for the comment.
I’m a longtime Bluehost customer. About to send them an email… Unacceptable. They respond favorably or I find another hosting company. And suggest that others do the same.
According to my Zim friends, several Kubatana readers sent notes to Bluehost complaining about the blog shutdown. Bluehost then complained to Kubatana that its supporters were “spamming” the company. I’m not sure you’re likely to get much of a response, but perhaps if a lot of people let Bluehost know, they’ll take the situation more seriously.
My letter to Bluehost: http://www.facilitatingchange.org/2009/02/an-open-letter-to-bluehost-your-values-matter/
Others feel free to copy and send. Now that’s some “trouble ticket” :)
Ethan, thanks for shedding some light on Bluehost and their actions regarding Kubatana. This is willful, ignorant action at the least, and they should be ashamed.
Hmmm. Comment on my blog that my letter is spam: http://www.facilitatingchange.org/2009/02/an-open-letter-to-bluehost-your-values-matter/comment-page-1/#comment-312
Pingback: Bluehost is Silencing Zimbabweian Bloggers | Tunafunga Pamoja
Ethan, thank you for informing us about this. This is ridiculous. Absolutely ridiculous. I am surprised at how surprised I am! What is Bluehost thinking? That is intellectual laziness of the worst kind! I used to have over 10 sites on BlueHost – including Mentalacrobatics and KenyaUnlimited but I moved them years ago mainly because of the mysterious CPU exceed errors, last week I helped a Kenyan blogger move her site from BlueHost for the same reasons. Those were technological problems. This is much more important that that. I currently host around 3 sites on BlueHost and you can be sure that by this time next week, when I am back in Nairobi, none of them will be on BlueHost! Shame on them. Yeah I know that Africans may not constitue a lot of their revenue but they will not be getting USD 300+ from me this year and I urge all of you who may be on BlueHost to move as well.
In fact, I think I will offer a free service to help people transfer their accounts from BlueHost once they pay their hosting fees elsewhere or maybe my webhost and GV’s webhost can get involved in this.
We may not have the financial influence to rock BlueHost but we can certainly make noise. I think BlueHost is an official WordPress hosting partner – so I will write to WordPress too.
One thing about Bluehost though, is that the CEO has an active blog himself, so why not let him know directly by leaving a comment over there:
http://www.mattheaton.com/
If it’s true that the action was taken by “an ‘abuse’ person who was working from a script” then it might be easily reversed.
I feel like swearing. I just transferred my sites to Bluehost, but had a discussion with the other people using my server area whether it would be a good idea to go “American”. The previous transfer was a big hazzle, so I’m not really keen on switching again one month after the first one. But this is worrying to the point of being unacceptable, and I really have to reconsider going “American” again if this is what we get out of giving our business to companies in the home of the brave and land of the free.
I use godaddy and would hate to see them coming under pressure from governments like this.
Read my bad experience with bluehost. I believe I was censored because I live in an area that is unpopular with the Mormon owned company
Pingback: Kubatana.net speaks out from Zimbabwe » Blog Archive » Curve balls and blue beards
looks like they say it pretty loud and clear right here in their t.o.s.:
PROHIBITED PERSONS (COUNTRIES, ENTITIES, AND INDIVIDUALS)
1. Sanctioned Countries. The government of the United States of America, through various of its offices and agencies, including but not limited to, through one or more Executive Orders of the President of the United States, through rules and regulations of the United States Department of State, Department of the Treasury, and Department of Commerce, has determined that, with respect to all or certain commercial activities that would otherwise occur between i) the United States, its citizens or residents on the one hand and ii) the governments, citizens, or residents of certain other countries (“Sanctioned Countries”) on the other hand, said commercial activities are to be prohibited, embargoed, sanctioned, banned, and/or otherwise excluded. Sanctioned Countries presently include, among others, Balkans, Belarus, Burma, Cote d’Ivoire (Ivory Coast), Cuba, Democratic Republic of the Congo, Iran, Iraq, former Liberian Regime of Charles Taylor, North Korea, Sudan, Syria, and Zimbabwe. “Sanctioned Countries” shall be deemed automatically to be added to or otherwise modified from time to time consistent with the determination(s) of the government of the United States, and shall include all other countries with respect to which commercial activities are prohibited, embargoed, sanctioned, banned and/or otherwise excluded by determination(s) of the government of the United States from time to time.
1. Each Sanctioned Country, all governmental, commercial, or other entities located therein, and all individuals located in any Sanctioned Country are hereby prohibited from registering or signing up with, subscribing to, or using any service of BlueHost.Com.
2. Each individual which is a National or Citizen of a Sanctioned Country is hereby prohibited from registering or signing up with, subscribing to, or using any service of BlueHost.Com, regardless of where said individual is located.
2. Prohibited Organizations/Entities. The government of the United States of America, through various of its offices and agencies, including but not limited to, through one or more Executive Orders of the President of the United States, through rules and regulations of the United States Department of State, Department of the Treasury, and Department of Commerce, has determined that certain organizations and/or entities (collectively “Prohibited Organizations/Entities” and individually “Prohibited Organization/Entity”) are to be prohibited, embargoed, sanctioned, banned, and/or otherwise excluded from all or certain commercial transactions with the United States, its citizens and residents. The Prohibited Organizations/Entities are those as set forth in the applicable records of the government of the United States, including without limit those set forth at: http://www.ustreas.gov/ofac; and, http://www.ustreas.gov/offices/enforcement/ofac/programs/terror/terror.pdf, as said determinations and resulting records may be amended, updated, or otherwise modified from time to time.
1. Each Prohibited Organization/Entity is hereby prohibited from registering or signing up with, subscribing to, or using any service of BlueHost.Com.
not sure how much more clear it could really get no offence. i’ve asked regarding this issue and apparently they track your ip back to the country.
I agree that it’s clear in their TOS. I think their TOS is poorly written and doesn’t draw a correct distinction between a sanctioned country and sanctioned people – in most of those cases, the whole country isn’t under sanction, just specific individuals.
My question is why they didn’t have problems taking money for years from people coming from a Zimbabwean IP, if this is a part of the TOS they’re so serious about enforcing so inflexibly.
Why don’t we just ask them why they don’t make that distinction?
We did, Geir, through multiple channels. Their CEO has referred to those questions as spam, and won’t approve comments on his blog on the topic. And they’ve told Kubatana that they’re not willing to reconsider working with Zimbabwean organizations. Communication with Bluehost included walking through the US executive orders that govern this situation as well as getting a letter from the US embassy in Harare explaining that my friends were not targetted by the sanctions. Bluehost has shown no interest in engaging on the topic.
I love getting bluehost customers :)
Our website is a mess, but we do host anything so long as it’s legal in the US.
Pingback: کمانگیر » Blog Archive » Links for 2009-02-23 [del.icio.us]
Pingback: …My heart’s in Accra » Iranian blogs also at threat at Bluehost
Pingback: Links for 26_Feb_09 « The Centre for Investigative Journalism News Blog
Pingback: Web hosts systematically silencing international dissident blogs
Pingback: Bluehost To Sack Iranian Blogs : Committee to Protect Bloggers
Pingback: …My heart’s in Accra » LinkedIn briefly blocks Syria, more confusion over trade/commerce regulations
This is my first time to hear about it and I find it quite bemusing that a hosting company would do something like that especially to a site like Kubatana. They are after all an organisation that does not in any way stand for what the likes of the Mugabes of the world stand for. Bluehost should have used their own judgement because I am sure they would not face any sort of charges if the US government knew that they were doing business with such an organisation even if it is from Zimbabwe.
Pingback: Internet & Democracy Blog » US Loosens Internet Restrictions on Iran and Cuba
Pingback: The Sesawe blog » Blog Archive » Censorship in the West
Pingback: The Sesawe blog » Blog Archive » Circumvention legality
Pingback: Internet & Democracy Blog » US Set to Relax Internet Restrictions Towards Iran, Syria and Cuba
Pingback: Left to chance » Better U.S. Net Rules for Iran, Cuba and Syria
Pingback: Better U.S. Net Rules for Iran, Cuba and Syria | Yooxe
Pingback: An open letter to Bluehost: Your values matter | Facilitating Change
Comments are closed.