As I wrote about last week, CloudFlare sure took its sweet time to discuss an issue important to a vocal subsegment of its customers—the removal of the controversial web forum Kiwi Farms.
Yesterday, after much prodding, the company finally released a statement … and well, it gives the impression of a company that wants to be strongly regulated.
It’s not just that their previously discussed security concerns aren’t there—it’s that, for some reason, the company feels like they shouldn’t have a say on content decisions at all. This becomes clear from their blog post, written by CEO Matthew Prince and global public policy head Alissa Starzak, in which they seem to want to leave the hairy decision-making on content to services that actually host content or infrastructure:
Some argue that we should terminate these services to content we find reprehensible so that others can launch attacks to knock it offline. That is the equivalent argument in the physical world that the fire department shouldn’t respond to fires in the homes of people who do not possess sufficient moral character. Both in the physical world and online, that is a dangerous precedent, and one that is over the long term most likely to disproportionately harm vulnerable and marginalized communities.
Today, more than 20 percent of the web uses Cloudflare’s security services. When considering our policies we need to be mindful of the impact we have and precedent we set for the Internet as a whole. Terminating security services for content that our team personally feels is disgusting and immoral would be the popular choice. But, in the long term, such choices make it more difficult to protect content that supports oppressed and marginalized voices against attacks.
The argument here seems to disregard both the current situation—that the community they are providing safe harbor to actively causes harm to others on the internet at a level beyond content itself—and CloudFlare’s own role in regulating that content.
CloudFlare, as a product that a significant portion of the internet uses, seems to have approached the position it’s in from the perspective of what is called a common carrier, a person or company that is responsible for distributing services, but whose rights are regulated by an outside body.
Essentially, by CloudFlare’s argument, the company is effectively operating as a common carrier that should not get involved in content decisions. However, the problem is that they haven’t done any of the regulatory work to support this case. CloudFlare is essentially asking to be treated like a common carrier without any underlying government regulation to tell them what to do or how the federal government is likely to step in and protect consumers.
This is not an uncommon situation in the internet era. When the Obama-era Federal Communications Commission attempted to enforce net neutrality, the strategy they used was to designate internet service providers as common carriers (which is, effectively, what they are), which the ISPs didn’t like, eventually leading to the Trump-era reversal of net neutrality rules. A whole lot of companies are out there carrying themselves like common carriers when in reality, they have none of the regulatory backing to actually support that case.
By making this statement, CloudFlare is making it clear that it is now one of those companies. It wants the protection of not having to make content decisions, but it has not actually done the work to be regulated in such a way, so as a result, in highly sensitive cases like Kiwi Farms where harassment is being facilitiated, it’s not like the U.S. government is going to step in and deal with it.
“Just as the telephone company doesn’t terminate your line if you say awful, racist, bigoted things, we have concluded in consultation with politicians, policy makers, and experts that turning off security services because we think what you publish is despicable is the wrong policy,” Prince and Starzak write. “To be clear, just because we did it in a limited set of cases before doesn’t mean we were right when we did. Or that we will ever do it again.”
The difference here is that the laws that regulate phone calls exist—if you harass someone over the phone, there are laws that prevent this, and as a common carrier, AT&T and Verizon are positioned in such a way that it must allow for this kind of regulation. CloudFlare is asking for something like this without doing any of the work to ensure its services are regulated under federal law. It is essentially calling itself a common carrier without actually being a common carrier. Pretending to be a common carrier without actually being a common carrier creates a no man’s land, one that strongly endangers digital users, just as we might be endangered if there were no laws on the books around phone harassment.
If you want to be a common carrier, do the work. Until then, manage your network and protect your users.
Time limit given ⏲: 30 minutes
Time left on clock ⏲: 2 minutes, 9 seconds