Cloudflare, a San Francisco content delivery network rumored to be prepping for a $3.5 billion IPO, is no stranger to controversy over its absolutist free-speech policies–and often embraces the debate.
The latest flashpoint was a December Huffington Post article reporting that the company provides its web-traffic optimization and security protection to seven entities on the U.S. State Department’s list of foreign terrorist organizations–including al-Shabab, the al-Aqsa Martyrs Brigade, and Hamas. U.S. law forbids providing “material support or resources” to these groups.
Cloudflare says it accepts complaints on sites but defers to law enforcement, and that legal requests “must strictly adhere to the due process of law and be subject to judicial oversight,” per its latest transparency report.
A notable exception was in 2017, when CEO Matthew Prince personally kicked infamous neo-Nazi site the Daily Stormer off the service–which he described as a cautionary tale on why companies should not make subjective decisions about content.
Cloudflare general counsel Doug Kramer tells Fast Company that the U.S. government has not contacted the company regarding any sites or organizations mentioned in the Huffington Post article.
But something has changed. The Counter Extremism Project (CEP), a nonprofit that tracks such groups, has alerted Fast Company that at least three sites mentioned in the Huffington Post article no longer use Cloudflare: Hamas (Hamas.ps), the Popular Front for the Liberation of Palestine (pflp.ps), and the English-language Taliban site (alemarah-english.com).
“I’m curious as to the reasoning for that,” says CEP content review specialist Joshua Fisher-Birch, who noticed the changes. His curiosity might not be satisfied: His group has sent several letters to Cloudlflare over the past two years, alerting it to some of these organizations, as well as others, such as the white supremacist Nordic Resistance Movement, using the company’s web services, but has not received any reply from Cloudflare.
“When we receive notices of this kind, we direct individuals and organizations to file abuse complaints through our general abuse process,” writes Doug Kramer in an email to Fast Company.
He continues: “If we determine that a complaint is legitimate, we take appropriate action, including reviewing the complaint to assess whether it triggers any obligations under our sanctions policy and forwarding relevant information to the hosting provider. While we review all reports, we don’t necessarily provide personalized replies in every case.”