Whether you believe Julian Assange should be Time’s Man of the Year, or whether you’d like to see him tried for espionage, rape or other crimes, you have to admit the man keeps things interesting. While the revelations in Wikileaks recent releases haven’t toppled governments, or perhaps even led to major journalistic revelations, they’re forcing important discussions about secrecy, privacy, rights of free speech and the architecture of the internet.
In the wake of “cablegate”, Wikileaks’s release of secret, confidential and unclassified US diplomatic cables, the Wikileaks website has been under sustained distributed denial of service attack. Craig Labovitz, chief scientist for Arbor Networks (a leading firm focused on mitigating DDoS attacks), reports that the site experienced a 2-4Gbps attack on Sunday and a more significant 10Gbps attack on Tuesday. The analysis of Sunday’s attack is interesting in part because it shows how deep the interest in the Wikileaks documents has been – the site was generating well over 10Gbps in legitimate traffic prior to the attacks.
Labovitz references claims of responsibility from “The Jester”, a hacker who’s claimed responsibility for low-bandwidth, application specific attacks against sites he feels promote jihad or damage the US’s standing in the world. The Jester is an interesting figure – he claims to use a technique that allows users to cause serious downtime to sites without harnessing a botnet’s worth of servers – it’s unclear whether this is a technique like the known Sloloris attack, or something novel. And his choice of targets suggests a future where knowledgeable individuals are able to advance their personal political goals online without recruiting thousands of others to “help Israel win” or going on 4chan to organize attacks on the RIAA.
(Slashdot recently reported that the Jester had been arrested and had equipment confiscated in connection with an attack on Wikileaks. However, the article cited doesn’t mention an arrest. A site in the UK references the Jester’s blog as reporting an arrest by local authorities. Update, December 2: This appears to have been a hoax, and the comments thread under the Slashdot reflects this.)
In response to DDoS attacks, Wikileaks moved from servers in Sweden to Amazon’s web servers. This makes good sense – Amazon offers a “cloud” of servers with a great deal of capacity and a team of sysadmins who can fight off DDoS attacks. I’ve encouraged human rights organizations like Viet Tan to use sites like Blogger to host sensitive sites for similar reasons. Unfortunately, multi-Gbps DDoS attacks are really hard for sysadmins to fight off, and crouching behind a big rock is one good response to an attack.
It does, however, have downsides – you’re relying on that company’s continued willingness to host your site. I wrote a chapter for the recent Access Controlled volume on intermediary censorship – censorship conducted by an internet service provider or web service provider, on their own or acting on government instructions. If you’ve got a provider like Bluehost who decides they can no longer host sites owned by Zimbabweans, you may discover that the company you’re counting on to enable you to speak online is acting to silence you.
That may be what happened to Wikileaks earlier today. According to the Guardian, Sen Joe Lieberman (CT-Nutjob) is taking credit for pressuring Amazon to kick Wikileaks off its servers. Recent traceroutes for wikileaks.org and cablegate.wikileaks.org have led to servers in Sweden, suggesting that Wikileaks has changed homes.
It’s going to be very interesting to hear how Amazon justifies this decision. If the company was required by a court order to remove the content, that’s one thing. If they simply responded to pressure from a US Senator, or to boycott threats, it sends a very disturbing message: that Amazon will remove content under political pressure. Yes, Amazon is within its legal rights to refuse service to a customer… but as I’ve argued previously, they’re a private company responsible for a public space. That’s the nature of the internet – we use it as a space for public discourse, though the sites we use for much of our discussion are owned by private corporations and controlled by terms of service that are significantly more stringent than restrictions on public speech.
The rise of internet hypergiants like Amazon that host servers for hundreds of thousands of clients makes these potential conflicts more clear. If you are dissatisfied with the terms of service of your hosting provider, you can always find another… up to a point. There’s been massive consolidation in the web hosting market, and companies like Amazon are likely to control large shares of the market in the future, both because there are economies of scale in providing low-cost service, and because large server farms can more effectively defend from attacks like DDoS. But if large providers like Amazon won’t take on clients like Wikileaks, they’re forced onto smaller ISPs, which may be more costly and less able to thwart DDoS attacks.
If Amazon did respond to pressure from Lieberman, it should open a conversation about the responsibilities of cloud providers towards clients who host political content. If Amazon’s policy is “we can terminate you if we’re uncomfortable with what you say”, that cannot be acceptable to anyone who is concerned with freedom of speech online. I’m looking forward to hearing more about Amazon’s actions and justification, and to hearing from folks like Rebecca MacKinnon and Danny O’Brien who follow issues of free speech and corporate responsibility closely.
Update: It’s worth mentioning that Wikileaks is using peer to peer networks to distribute the actual cables. DDoS may be effective in removing their web presence, but it’s going to have a much harder time removing the sensitive material from the internet. The DDoS attacks are actually a useful reminder that we still don’t have a good way to serve web sites on a purely peer to peer architecture. That would be one response to the problems of consolidation I’m talking about here…
My dismay about Amazon’s apparent censorship of Wikileaks doesn’t constitute an endorsement of Wikileaks or this recent data release. I have complicated feelings about the organization and its methods. Two pieces I’ve found useful in thinking about Wikileaks:
– Dan Gillmor asks some tough questions about Wikileaks’s organizational transparency and motivations
– Blogger zunguzungu gives a close reading of an essay believed by be written by Assange in 2006 which suggests motivations for the Wikileaks project. This post is worth a close read – I find it both a satisfying explanation of some recent Wikileaks actions and a good reason for skepticism about aspects of the project.