With WikiLeaks, Amazon Shows Its Power Over Customers

Amazon's decision to pull its hosting of Wikileaks underscores the risks companies face when moving to the cloud.

By Patrick Thibodeau
Thu, December 02, 2010

Computerworld — WASHINGTON - Amazon is a prominent company in the U.S. Its cloud servers host the U.S. government's Recovery.gov stimulus spending Web site, and it is competing for even more federal business. It also spent about $1.5 million this year on lobbying in Washington, according to OpenSecrets.org.

WikiLeaks Incidents Stoke IT Security Angst

So when U.S. Sen. Joseph Lieberman (Ind.-Conn.), chairman of the Homeland Security and Governmental Affairs Committee, called Amazon officials this week to complain about the company's decision to host WikiLeaks on its cloud servers, Amazon quickly pulled the plug .

WikiLeaks, which earlier this week made public a huge collection of confidential U.S. State Department diplomatic cables, had moved to Amazon's service on Monday after it was hit with aggressive denial-of-service (DoS) attacks. The DoS attacks took the site offline for several hours on Monday and hammered it again on Tuesday .

After the Amazon move, a Swedish firm, Bahnhof Internet AB, in Uppsala, began hosting the WikiLeaks site.

Not surprisingly, WikiLeaks has few friends in Washington. It's been criticized by the White House, the Pentagon, the State Department and by members of Congress for disseminating leaked government documents. But Amazon's action to abruptly cut off the site raises broader concerns about the power cloud providers have over their customers.

Robert Scott, managing partner at Scott & Scott LLP, a Dallas-based law firm that advises clients on IT contractual issues, said Amazon's cloud contract allows it to terminate hosting deals for cause and -- at its sole discretion -- anything it thinks is illegal, constitutes a regulatory violation or infringes on a third party's rights.

It was those terms that likely put the company on firm ground for taking action against WikiLeaks, said Scott. But those same terms could also be applied in less egregious situations, such as during a licensing dispute. It is "way too much power" to give a vendor "complete and sole discretion as to whether or not your content or your applications are up or not," he said.

"I look at this situation as a wake-up call [about] some of the risks that are inherent when entering into a cloud contract," said Scott.

Such contracts "give the provider of these cloud services a lot more discretion than you would ordinarily negotiate with someone who is merely providing you with access to servers that you use to store your data," said Jeffrey C. Johnson, a partner at Pryor Cashman LLP in New York who works in the law firm's intellectual property group.

Continue Reading

Originally published on www.computerworld.com. Click here to read the original story.
Our Commenting Policies