A rumor circulating today that Amazon Web Services is involved in the ongoing saga of international whistleblowing website WikiLeaks appears to be true. Senator Joe Lieberman, Chairman of the Senate Committee on Homeland Security and Governmental Affairs, contacted Amazon several days ago through his office to ask about reports that WikiLeaks was using Amazon's cloud computing service.
The Senator hopes this sends a clear message to other companies about their responsibilities to not host WikiLeaks in the first instance.
Leslie Phillips, communications director for Senator Lieberman,
Amazon responded to the Senator's office today and told staffers, apparently by phone, that it had stopped supplying WikiLeaks with services.
"Amazon's phrasing was that it had terminated its relationship with WikiLeaks," said Leslie Phillips, communications director for Senator Lieberman.
It's unclear what services Amazon Web Services (AWS) was providing WikiLeaks, but it is in no way a crippling blow for the provocative website. Alex Norcliffe, a technologist and blogger at BoxBinary, first noted the fact that WikiLeaks was using an IP address that belonged to Amazon Web Services in late October. The IP address was located in the United States, and WikiLeaks removed it as soon as that fact came to light.
Norcliffe posted again on November 28, noting that the "Cablegate.WikiLeaks.org" domain was again pointing to an IP address in a U.S. Availability Zone, as well as two EU Zone addresses in Ireland. It now points to WikiLeaks' main servers in Stockholm, Sweden. This time, however, the EU Zone AWS IP addresses went with it, and no part of WikiLeaks.org's public-facing website is using AWS IP addresses.
Lieberman's office speaks about WikiLeaks
Despite repeated calls and emails, Amazon did not return requests for comment by press time. But it appears that the U.S. government, courtesy of the Chairman of the Homeland Security Committee, leaned on the online retail giant and cloud pioneer to ban a paying customer for political reasons.
"I would reiterate that the Senator hopes the Amazon situation sends a clear message to other companies about their responsibilities to not host WikiLeaks in the first instance," said Leslie Phillips. Phillips said that no matter what level of actual service Amazon had provided to WikiLeaks, the point was to make clear the government's displeasure and future expectations that service providers would refuse WikiLeaks as a customer.
She said that making inquiries on this matter, which involved the release of a tidal wave of classified documents into the public domain, fell into the committee's jurisdiction of cyber and homeland security. She was quick to add that Senator Lieberman was not taking a stance on possible indictment or prosecution of WikiLeaks or WikiLeaks' elusive founder, Julian Assange.
"The senator is a senator, not a sheriff, nor a prosecutor!" she said in an email.
What to take from Amazon's actions
A few things can be gleaned from the situation so far. One is that AWS was supplying only incidental, not critical, services to WikiLeaks. We don't know exactly what WikiLeaks was doing with those IP addresses in the US; they were part of a round-robin DNS scheme, according to Alex Norcliffe, so they definitely routed requests to appropriate destinations.
The senator is a senator, not a sheriff, nor a prosecutor!
Leslie Phillips via email,
They could have been used for content distribution purposes, to cache material and speed up the website for U.S. viewers. It also could have been a simple relay, or an application the site used to forward requests elsewhere. WikiLeaks redirected all the compromised domain names to European addresses, and the site is running more or less normally despite its claims of being attacked and receiving very high traffic. Anyone curious about the public domains currently handled by WikiLeaks or their Internet history can look for themselves on Netcraft.
All that's certain about the technical details is that a few WikiLeaks domain names lived in the U.S. There is very little chance WikiLeaks was ever vulnerable to being damaged or shut down through the use of AWS. Its primary hosting and data repository remains (as it has for several years) in Sweden, a country with better data protection and privacy laws than the U.S.
The other thing we know for certain is that the U.S. government considers it appropriate to make inquiry into where and how politically sensitive material is being handled by U.S. service providers. And we now know Amazon Web Services, apparently, will preemptively bow to that pressure and kick a paying customer off its wires without so much as a warrant or a court order.
Carl Brooks is the Senior Technology Writer for SearchCloudComputing.com. Contact him at email@example.com.
Dig deeper on AWS compliance, governance, privacy and regulations