Cloudflare’s recent headline-making decision to refuse its services to KiwiFarms—a site notorious for allowing its users to wage harassment campaigns against trans people—is likely to lead to more calls for infrastructure companies to police online speech. Although EFF would shed no tears at the loss of KiwiFarms (which is still online as of this writing), Cloudflare’s decision re-raises fundamental, and still unanswered, questions about the role of such companies in shaping who can, and cannot, speak online.
The deplatforming followed a campaign demanding that Cloudflare boot the site from its services. At first the company refused, but then, just 48 hours later, Cloudflare removed KiwiFarms from its services and issued a statement outlining their justifications for doing so.
While this recent incident serves as a particularly pointed example of the content-based interventions that infrastructure companies are increasingly making, it is hardly the first:
These takedowns and demands raise thorny questions, particularly when providing services to one entity risks enabling harms to others. If it is not possible to intervene in a necessary and proportionate way, as required by international human rights standards, much less in a way that will be fully transparent to—or appealable by—users who rely on the internet to access information and organize, should providers voluntarily intervene at all? Should there be exceptions for emergency circumstances? How can we best identify and mitigate collateral damage, especially to less powerful communities? What happens when state actors demand similar interventions?
Spoiler: this post won’t answer all of those questions. But we noticed that many policymakers, at least, are trying to do so themselves without really understanding the variety of services that operate “beyond the platform.” And that, at least, is a problem we can address right now.
The Internet Is Not Facebook (or Twitter, or Discord, etc)
There are many services, mechanisms, and protocols that make up the internet as we know it. The most essential of these are what we call infrastructural, or infrastructure providers. We might think of infrastructural services as belonging to two camps: physical and logical. The physical infrastructure is the easiest to determine, such as underwater tubes, cables, servers, routers, internet exchange points (IXPs), and the like. These things make up the tangible backbone of the internet. It’s easy to forget—and important to remember—that the internet is a physical thing.
The logical layer of internet infrastructure is where things get a little tricky. No one will contest that internet protocols (like HTTP/S, DNS, IP), internet service providers (ISPs), content delivery networks (CDNs), and certificate authorities (CAs) are all examples of necessary infrastructural services. ISPs provide people with access to the physical layer of the internet, internet protocols provide a coherent set of rules for their computers to communicate effectively across the internet, and CDN’s and CA’s provide the necessary content and validity that websites need in order to remain available to users. These are essential for platforms to exist and for people to interact with them online. This is why we advocate for content-neutrality positions from these services: they are essential to freedom of expression online and should not be empowered with editorial capability to decide what can and cannot exist online, above what the law already dictates.
There are plenty of other services that work behind the scenes to make the internet work as expected. These services, like payment processors, analytics plugins, behavioral tracking mechanisms, and some cybersecurity tools, provide platforms financial viability and reveal a sort of gradient gray area between what we determine as essentially infrastructural versus not. Denying their services may have varying degrees of impact on a platform. Payment processors are essential for almost any website to collect money for their business or organization to stay online. On the other hand, one could argue that behavioral tracking mechanisms and advertising trackers also provide companies financial viability in competitive markets. We won’t argue that tracking tools are infrastructural.
But when it comes to cybersecurity tools like DDoS protection through reverse proxy servers (what Cloudflare provided to KiwiFarms), it’s not so easy. A DDoS protection mechanism doesn’t make or break a site from appearing online—it shields it from potential attacks that could. Also, unlike ISP’s or CA’s or protocols, this type of cybersecurity tool isn’t a service closely guarded and defined by authoritative entities. It is something that anyone with technical expertise (no platform is guaranteed a right to good programmers) can accomplish. In the case of KiwiFarms, they’ve transitioned to using a modified fork of a free and open source load balancer to protect against DDoS and other bot-driven attacks.
Interventions Beyond Platforms Have Different Consequences
It’s hard for infrastructure providers to create policies that uphold the requirements for content moderation as established by international human rights standards. And it’s particularly challenging to create these policies and monitoring systems when individual rights appear to conflict with one another. And the consequences of their decisions vary significantly.
For example, it’s notable that far less ink was spilled by Cloudflare and by the tech press when it made the decision to terminate service to Switter, in just one example of SESTA/FOSTA’s harmful consequences for sex workers. Yet it’s these types of sites that are impacted the most. Platforms that are based outside the global north or which have more users from marginalized communities seldom have the same alternatives for infrastructure services—including security tools and server space—as well-resourced sites and even less-resourced online spaces based in the U.S. and Europe. For those users, policies that support less intervention, and the ability to communicate without being vulnerable to the whims of company executives, may be a better way to help people speak truth to power.
Online actions create real world harm—and that can happen in multiple directions. But infrastructure providers are rarely well-placed to evaluate that harm. They may also face conflicting requirements and demands based on the rules and values of the countries in which they operate. Cloudflare noted that previous interventions led to an increase in government takedown demands.
We don’t have a simple solution to these complex problems, but we do have a suggestion. Given these pressures, the thorny questions they raise, and the importance of ensuring that users have the ability to speak up and express themselves without being vulnerable to the whims of company executives, providers that can’t answer those questions consistently should do their best to stay focused instead on their core mission: providing and improving reliable services so that others can build on them to debate, advocate, and organize. And policymakers should focus on helping ensure that internet policies support privacy, expression, and human rights.
EFF is attending this week and next a new round of negotiations over the proposed UN Cybercrime Treaty to raise concerns that draft provisions now on the table include a long list of content-related crimes that pose serious threats to free expression, privacy, and the legitimate activities of journalists,…
Since the new UN cybercrime treaty began to take shape in 2022, EFF has been fighting on behalf of users to make sure content-based crimes are excluded from the Treaty, and robust human rights safeguards and rule of law standards are the basis of any final product.There’s a lot…
Reproductive justice and safe access to abortion, like so many other aspects of managing our healthcare, is fundamentally tied to our digital lives. And since it is part of our healthcare, we should have the ability to keep it private and access information about it, even when it’s on a…
It’s been a tumultuous year for free expression globally. From internet shutdowns, crackdowns on expression and closed-door partnerships to attempts to restrict anonymity and end to end encryption, in many places, digital rights are under threat. And while the European Union has made regulatory strides, elsewhere…
Most nude content is legal, and engaging with such material online provides individuals with a safe and open framework to explore their identities, build communities, and discover new interests. However, social networks and payment processors are intervening to become the arbiters of how people create and engage…
Every year, Congress must follow through on an enormous and complicated task: agreeing on how to fund the government for the following year. The wrangling over spending often comes down to the wire, and this year, some Senators are considering shoehorning a controversial and unconstitutional bill, the Kids Online…
Independent journalists increasingly gather newsworthy information and publish it on social media, often without the involvement of traditional news media. They make important contributions to public discourse and are often the first to report newsworthy events. Courts must scrupulously safeguard their First Amendment rights to gather and publish the…
Lawsuits claiming that online services aid terrorist organizations just by hosting their content or having users who espouse the organizations’ views potentially could censor a vast amount of protected expression online, EFF and a coalition of other civil society groups argued in a brief filed this week. In Twitter…
Privacy and online free expression are once again under threat in India, thanks to vaguely worded cybersecurity directions—promulgated by India’s Computer Emergency Response Team (CERT-In) earlier this year—that impose draconian mass surveillance obligations on internet services, threatening privacy and anonymity and weakening security online.Directions 20(3)/2022 –…
Back to top
10 January, 2023
0 Comment
198 Views
The Internet Is Not Facebook: Why Infrastructure Providers Should … – EFF
by Jason Peters
Cloudflare’s recent headline-making decision to refuse its services to KiwiFarms—a site notorious for allowing its users to wage harassment campaigns against trans people—is likely to lead to more calls for infrastructure companies to police online speech. Although EFF would shed no tears at the loss of KiwiFarms (which is still online as of this writing),... Read More