According to TechCrunch, Amazon has taken the WikiLeaks website off its EC2 servers –
“Wikileaks’ illegal, outrageous, and reckless acts have compromised our national security and put lives at risk around the world. No responsible company – whether American or foreign – should assist Wikileaks in its efforts to disseminate these stolen materials. I will be asking Amazon about the extent of its relationship with Wikileaks and what it and other web service providers will do in the future to ensure that their services are not used to distribute stolen, classified information.”
Regardless of your personal, political or patriotic position on the WikiLeaks saga; as a consumer of cloud computing services you have to feel comfortable that your business is your business and should only be taken down by someone that has legal authority – not your hosting provider under pressure from their government.
This action plays to the fears of geographic location of your data and the influence of the authorities and laws in the country that happens to host your servers. Or, as in this case, the location of the business that hosts your servers – regardless of where the data is hosted.
I have always thought that, in terms of application hosting, your data is more safe in Zimbabwe than the US – at least Zimbabwe would give politicians the finger. What we politically consider to be rogue nations are, in terms of ownership of data assets, the friendliest and the rogue nations are those that exert their influence over something belonging to someone else. Also, lets bear in mind, we are not talking about Amazon making the disputed data unavailable, but the whole damned system – they have turned off the running processes.
Did WikiLeaks violate the licence agreement with Amazon? Apparently it did because Amazon considered the data to be ‘stolen’. Did Amazon satisfy their SLA, or did they just turn it off and leave WikiLeaks hanging? Since when does American patriotism override contractual (implied or otherwise) arrangements?
I’m not trying to debate the legal issues of the hosting or the WikiLeaks data. I am observing that if the data is on-premise only a court order, issued in the country that the data resides, can take it down. On the public cloud, it seems that data can be taken down without any legal process. Your applications and data are simply not safe on the public cloud. Period.
Good luck to anyone who has a meeting lined up with executives to tell them that their applications are safe running on any public cloud.
Amazon have fucked us all over with this one.
Update 1: Carl Brooks has more detailed coverage of the story and suggests that “AWS was supplying only incidental, not critical, services to WikiLeaks”, so the takedown is technically not a big deal. But the perception about public cloud vulnerability remains – which what Senator Lieberman wants.
Update 2: Amazon’s response is now here
Follow up: Did Wikileaks Outwit Amazon?