With WikiLeaks, Amazon shows its power over customers

Don't mistake cloud providers for the Swiss; they aren't neutral

WASHINGTON - Amazon is a prominent company in the U.S. Its cloud servers host the U.S. government's Recovery.gov stimulus spending Web site, and it is competing for even more federal business. It also spent about $1.5 million this year on lobbying in Washington, according to OpenSecrets.org.

So when U.S. Sen. Joseph Lieberman (Ind.-Conn.), chairman of the Homeland Security and Governmental Affairs Committee, called Amazon officials this week to complain about the company's decision to host WikiLeaks on its cloud servers, Amazon quickly pulled the plug .

WikiLeaks, which earlier this week made public a huge collection of confidential U.S. State Department diplomatic cables, had moved to Amazon's service on Monday after it was hit with aggressive denial-of-service (DoS) attacks. The DoS attacks took the site offline for several hours on Monday and hammered it again on Tuesday .

After the Amazon move, a Swedish firm, Bahnhof Internet AB, in Uppsala, began hosting the WikiLeaks site.

Not surprisingly, WikiLeaks has few friends in Washington. It's been criticized by the White House, the Pentagon, the State Department and by members of Congress for disseminating leaked government documents. But Amazon's action to abruptly cut off the site raises broader concerns about the power cloud providers have over their customers.

Robert Scott, managing partner at Scott & Scott LLP, a Dallas-based law firm that advises clients on IT contractual issues, said Amazon's cloud contract allows it to terminate hosting deals for cause and -- at its sole discretion -- anything it thinks is illegal, constitutes a regulatory violation or infringes on a third party's rights.

It was those terms that likely put the company on firm ground for taking action against WikiLeaks, said Scott. But those same terms could also be applied in less egregious situations, such as during a licensing dispute. It is "way too much power" to give a vendor "complete and sole discretion as to whether or not your content or your applications are up or not," he said.

"I look at this situation as a wake-up call [about] some of the risks that are inherent when entering into a cloud contract," said Scott.

Such contracts "give the provider of these cloud services a lot more discretion than you would ordinarily negotiate with someone who is merely providing you with access to servers that you use to store your data," said Jeffrey C. Johnson, a partner at Pryor Cashman LLP in New York who works in the law firm's intellectual property group.

The boilerplate terms of use "are written in a manner that is quite favorable to the rights and the discretion of the service provider," said Johnson.

John Watkins, a partner at Barnes & Thornburg LLP, said providers typically specify an acceptable-use policy, which, in broad terms, will generally prohibit the use of services for illegal activities, harmful activity, infringing content or offensive content. (For details see the Amazon contract's Term, Termination and Suspension section .)

While the legal risks of termination associated with cloud computing are a concern, Watkins said in an e-mail response to a question, "in most cases probably [they] rank somewhat behind security, privacy and uptime concerns, among others."

Among those who see a need for changes in the terms set by cloud providers is Mark Gilmore, president of consulting and integration firm Wired Integrations in San Jose. He reviews cloud service-level agreements as part of his work and is critical of them. "They are really geared toward the service provider and not the end user at all." And if they pull the plug "you have no recourse of action," he said.

Gilmore believes Amazon's action against WikiLeaks highlights the issue, but "there's not enough people paying attention to this kind of circumstance to put any weight or pressure on the service providers to change their business model."

Bill Roth, executive vice president of IT monitoring company LogLogic, said Amazon's action is a "diminution of their brand as sort of an open neutral provider. On the other hand, as an American citizen, I completely understand why they did it."

Even so, the Amazon move sends a message, Roth added. "Amazon is going to be watching and is going to be making a judgment" on whether the content it hosts is appropriate or not.

Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov or subscribe to Patrick's RSS feed . His e-mail address is pthibodeau@computerworld.com .

Read more about cloud computing in Computerworld's Cloud Computing Topic Center.

Copyright © 2010 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon