Cloudflare is giving cybersecurity cover to several foreign terrorist groups under U.S. State Department sanctions, a new report alleges.
Among Cloudflare’s millions of customers are some notorious terror organizations, including the Taliban, al-Shabaab, the Popular Front for the Liberation of Palestine, al-Quds Brigades, the Kurdistan Workers’ Party, al-Aqsa Martyrs Brigade and Hamas, according to a HuffPost report. All but the Taliban are listed on the State Department's terrorist list.
This may not be a good thing for Cloudflare, considering that the website traffic optimizer, which claims to handle 10 percent of all internet requests, is said to be lining up a $3.5 billion initial public offering. Some institutional investors may not like it. More than a few of the sanctioned sites are down right ugly, used for propaganda, as a home for terrorists claiming responsibility for attacks, to applaud violence against Americans and used as a recruitment tool for members and money.
Cloudflare has reportedly not received authorization from the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) to provide DDoS services to those organizations, which may amount to a crime.
From the HuffPost report:
In the United States, it’s a crime to knowingly provide tangible or intangible “material support” — including communications equipment — to a designated foreign terrorist organization or to provide service to an OFAC-sanctioned entity without special permission. Cloudflare, which is not authorized by the OFAC to do business with such organizations, has been informed on multiple occasions, dating back to at least 2012, that it is shielding terrorist groups behind its network, and it continues to do so.
Doug Kramer, Cloudflare’s general counsel, told the HuffPost that the company is “very aware of its obligations under the sanction laws. We think about this hard, and we’ve got a policy in place to stay in compliance with those laws.” Kramer had no word on Cloudflare’s dealings with the terrorist groups’ websites. “We try to be neutral and not insert ourselves too much as the arbiter of what’s allowed to be online,” he said.
The policy comes from the top with more than a little bit of free speech absolutism mixed in. Cloudflare CEO Matthew Prince believes that the company isn’t in the content policing business, a position he’s defended for at least the last half dozen years, relying on official policy to terminate its services pretty much just because it feels like it. Or because there’s principle behind it. A little bit of both occurred last year, when Prince axed the neo-Nazi website the Daily Stormer. In an internal email, Prince wrote to employees: “I think the people who run The Daily Stormer are abhorrent. But again I don’t think my political decisions should determine who should and shouldn’t be on the internet.” (via HuffPost)