Why LulzSec Was Un-Hackable, And Why That's A Good Thing
from the neutrality,-naturally dept
UPDATE: As several people have pointed out, the news broke that several LulzSec members were arrested this morning, and that the leader of the group had been working as an FBI informant. We'll have more commentary on this later.
The question of service provider neutrality is central to every debate about internet policy. From PayPal cutting off Wikileaks to Twitter pushing back against the feds to the new Righthaven's "spineful" hosting, the responsibility of companies to neutrally protect their customers is a contentious topic.
New Scientist has an interview with Matthew Prince, the CEO of CloudFlare, a network security/performance service for websites. One of their recent high-profile customers was LulzSec, the controversial hacker group that executed a string of takedowns and data breaches last year, but whose own website proved impervious to constant hacking attempts because of CloudFlare. Prince talks about their decision to treat LulzSec the same as any other client:
Internally, we had a debate about the right thing to do. It's important to note that because of the way CloudFlare works, no hacking activity was launched from our network – it was simply a matter of publishing information. So hacking happened in other places and then when they published the information about their exploits it would pass through the CloudFlare network.
So in that sense we're more akin to network provider than a hosting provider. If we were to terminate Lulz Security as a client that wouldn't make the content go away, it wouldn't take it off the internet, it would just make it slow and more vulnerable to attacks. Our goal is to power a better internet. There are a lot of things on the internet that I personally find quite troubling and the list of those things is maybe very different from yours, but our role as a company wasn't to play internet censor.
It's good to see companies standing firm on this point. Anyone who understands the internet knows that it runs on fundamental principles of neutrality. Similarly, anyone who understands innovation online knows how vital it is that companies are able to build off the services of others without fear of discrimination. Sometimes this puts service providers in a tough spot, because the pressure placed on them can be intense—but the ones who navigate the situation without betraying their customers send a powerful message about their commitment to internet ideals.
Interestingly, Prince also explains that because of the way CloudFlare security works, the aggression from the
white-hat hacker community (Update: a commenter raised the question: is this really white-hat? That's a great point, and also a separate debate, so I'll just call them 'hackers' for now) against LulzSec actually helped improve security online:
... the attacks against their website just went through the roof. We were actually able to track what those attacks were and provide better and better security over time to help everyone who was on our network.
CloudFlare's core value comes from the fact that every website that is part of our system helps contribute data in order to better protect other websites. As one website gets attacked, the knowledge about that attack is immediately shared with the rest of the websites, so that the system gets smarter and smarter over time.
Stories like this also show that while net neutrality is an important concept, regulating it is ultimately less than ideal. When permitted to function without interference, the nature of the internet already encourages and rewards neutrality, with everyone benefiting the most when nobody discriminates.