Cloudflare Under Fire For Allegedly Providing DDoS Protection For Terrorist Websites

Cloudflare is facing accusations that it's providing cybersecurity protection for at least seven terrorist organizations. "On Friday, HuffPost reported that it has reviewed numerous websites run by terrorist organizations and confirmed with four national security and counter-extremism experts that the sites are under the protection of Cloudflare's cybersecurity services," reports Gizmodo.

"Among Cloudflare's millions of customers are several groups that are on the State Department's list of foreign terrorist organizations, including al-Shabab, the Popular Front for the Liberation of Palestine, al-Quds Brigades, the Kurdistan Workers' Party (PKK), al-Aqsa Martyrs Brigade and Hamas -- as well as the Taliban, which, like the other groups, is sanctioned by the Treasury Department's Office of Foreign Assets Control (OFAC)," reports HuffPost.

"In the United States, it's a crime to knowingly provide tangible or intangible 'material support -- including communications equipment -- to a designated foreign terrorist organization or to provide service to an OFAC-sanctioned entity without special permission," the report continues. "Cloudflare, which is not authorized by the OFAC to do business with such organizations, has been informed on multiple occasions, dating back to at least 2012, that it is shielding terrorist groups behind its network, and it continues to do so." Gizmodo reports: The issue that HuffPost raises is whether Cloudflare is providing "material support" to sanctioned organizations. Some attorneys told HuffPost that it may be in violation of the law. Others, like the Electronic Frontier Foundation, argue that "material support" can and has been abused to silence speech. Cloudflare's general counsel, Doug Kramer, told Gizmodo over the phone that the company works closely with the U.S. government to ensure that it meets all of its legal obligations. He said that it is "proactive to screen for sanctioned groups and reactive to respond when its made aware of a sanctioned group" to which it may be providing services. HuffPost spoke with representatives from the Counter Extremism Project, who expressed frustration that they've sent four letters to Cloudflare over the last two years identifying seven terrorist-operated sites without receiving a reply. Kramer would not address any specific customers or situations when speaking with Gizmodo. He said that's simply company policy for reasons of protecting privacy.

OFAC are not friendly people

[vinn01]

I know something of OFAC. They are not nice, friendly, people. If they actually had a solid case they would be coming down on Cloudflare like a ton of bricks. The fact that they are whining in letters and not prosecuting means they have no case.

It's not just providing material support, just doing business with anyone on OFAC's list of Specially Designated Nationals (SDN) is a felony. The way the law is written, if anyone sells anything to a person who's on the SDN list, as much as a sandwich or a bottle of water, that's "doing business" and therefore a felony.

OFAC actually has the fantasy that all businesses in the US will check the ID of every customer and then check the SDN database against the customer's name before doing business with them. Nevermind that there are plenty of people in the world with the same names. And nevermind that it would take 15 minutes to buy a sandwich.

Re:OFAC are not friendly people

[bill_mcgonigle]

They don't care if you sold a sandwich. They do care that if you become politically inconvenient later on they can get you off to prison for having sold that sandwich within the statute of limitations.

Re:"We found some terrorist sites!"

[dgatwood]

Can you confirm it's the terrorist organization running those websites, or some CIA operative who gets intel by running a website for them?

FTFY.

Re:Counter Extremeism Project

[Gavagai80]

Are you implying that you need more protection from an anti-terrorist group than from terrorists who would cheerfully murder you and your children?

Yes, we do. Unless you're in Syria or Afghanistan or Iraq or another county suffering from the USA's war on terror, terrorists are laughably unlikely to murder you. Granted the war on terror has made them more likely to murder you than before, but it's still absurdly unlikely. You're far, far more likely to be killed by an insect.

On the other hand, anti-terrorist groups have already robbed us of much of our liberty and are constantly probing for more ways to use the terrorist bogeyman to silence us. Like in this article, trying to further abolish content-neutral services and entrench censors where they can do whatever their masters desire.

It's not OFAC in TFS

[MikeRT]

It's HuffPo. Therefore SJW-sympathetic. So we can reliably conclude, especially given one of the links has a URL saying "don't call us Nazis just because we take their money" that this is really about building public support for making Cloudflare drop anyone who says things that are politically incorrect. Just another bait and switch.

Irony is that most of the people contributing to the content in TFS probably support those groups because they're anti-Israel.

My money is on Cloudflare keeping those sites up because someone in the SIGINT community sent them a notice informing them and saying "please keep them up and send us logs, k thx."