Thursday, December 23, 2010

Mirror sites for Assange have plugs pulled by "fearful" ISP's or hosts that act like they're "caught in the middle"

Marcia Hoffman at Electronic Frontier Foundation has an important perspective on an incident where a site supposedly hosting a “Wikileaks Mirror” was taken down because the hosting company “SiteGround” said the customer was violating TOS, but that was because of a complaint from an upstream provider, SoftLayer, which would not talk to the webmaster. Eventually Site Ground told the customer that the upstream provider was worried about the potential for "attracting" DDOS (distributed denial of service) attacks.

The story is titled “Wikileaks Mirror Taken Down: Host Buckles Under Demands from Upstream Provider” link here.  Hoffman writes “Will a news organization that posts cables and provides journalistic analysis be next? Or a blogger who posts links to news articles describing the cables? If intermediaries are willing to use the potential for future DDOS attacks as a reason to cut off users, they can cut off anyone for anything.”  Hoffman writes that your free speech and distribution online are only as strong as the weakest intermediary.

In fact, Steve Ragan has a more detailed story on Tech Herald, Dec. 23, (website url) here  in which he writes that on at least three occasions (since Dec 23) sites have been taken down for hosting Wikileaks mirror content because of pressure from hosting providers. He gives more details on the SiteGround incident (right now the site “markmmccoy.org” goes to SiteGround hosting) and mentions another case where a someone had a plug pulled for linking to another page with over 2000 mirrors. There is a letter on PasteBin which shows how a customer was contacted (link ) and shows that hosting companies are concerned that an upstream provider could pull the plug on all customers on the same shared hosting server (especially in a DDOS or any other "nuisance" scenario). Admittedly, it appears that the hosting company counseled the customer on the likelihood of a worm infection, also (and there has been talk of service hosts, ISP's and telecommunications providers disconnecting customers who repeatedly have infected sites or even personal computers).

One potential risk for many shared hosting accounts is that a user could exceed his or her bandwidth limit, even though major hosting companies generally enormously increased these limits around 2005. Excess usage could incur large charges, and the excess could continue for several hours before it is caught and stopped. That could provide a natural market incentive for webmasters not to become targets of DDOS’s -- but if you were so "popular" that you didn't take a risk, would you have anything valuable to say?

But the whole discussion carries on a bad taste: it sounds like hosting companies or upstream providers giving in to bullies (even if those are minions of the federal government). That’s like letting parents, teachers and school administrators give in, and we know where that leads.

I don’t troll the web for classified information or go looking for it, but I do have the impression that 90% or so of what was “leaked” shouldn’t have been classified to begin with; this sounds like a coverup. I’ve had security clearances before, and one thing you learn is the dangers of overclassification, which leads to a loss in credibility. On the other hand, when a piece of information is so secret, why is the government so careless with letting it leak in the first place?

And protecting classified information is a problem that is distinct from protecting consumer personal information, or PII – related to privacy and “identity security” issues on the Web, which occurs everywhere, regardless of having a clearance.

Nevertheless, someone in my “situation” does get “tips” sent sometimes (I could say, like Zuckerberg, “I don’t know why” and “They ‘trust’ me”) and I have actually shared a few of them with law enforcement over the years, without publishing them – if common sense told me they were credible and dangerous. (In fact, some “ordinary people” may have gotten emails before 9/11 warning of an event – and thought the emails were spam sent by a virus.) In April 2002, a page on one of my other sites, discussing the possible consequences of nuclear material in the wrong hands, was hacked, which was tracked to a hosting company leaving a Unix SITE command open. At the time, this was a novel experience for me, and I had to contemplate the idea that a “controversial” website could attract risk to a shared host. Nothing “happened” at the time, but the idea that ISP’s or hosting companies could feel “caught in the middle” has been around for a long time, since 9/11 (when there was talk of misuse for steganography), and I have been concerned about it before.

This whole WikiLeaks matter reminds me that there are people who like to model, analyze and publish things, to “keep them honest” (Anderson Cooper’s favorite phrase on his CNN AC360 program) but who don’t like to have to achieve things just by negotiating social hierarchies. After all, the founder of Facebook preferred to model social relationships on a computer server than engage them himself.

No comments: