What’s Your Hosting Company’s Average Subpoena Response Time?
TL;DR: Your hosting company’s willingness (or unwillingness) to comply with Subpoenas may soon be seen as a competitive feature.
Bluehost, the web hosting service which powers more than 1.9 million sites globally, making it one of the top 20 largest hosting companies in the world and approximately 2% of the internet’s traffic (link removed), recently came under fire for its decision to depart from well-established internet standards and reveal the identity of one of its subscribers, over what later proved to be an unfounded suit.
From a technical standpoint, Bluehost is one of the good guys. I’ve hosted sites with them since 2005 and looking back at the past six months, I’ve enjoyed a 99.79% uptime, with an average response time just under a second. But that’s half the equation. Web hosting is not simply a cost-benefit analysis of price to uptime and responsiveness. There’s a third factor there: trust.
Why does a hosting company require trust? In December, a fake news release was published on a Bluehost powered site by an anonymous satirical group, stating that after “a recent internal and thorough company review,” Koch Industries, an oil processing company, would be “restructuring its support of climate change research and advocacy initiatives.”
The problem occurred, however, when Bluehost was over eager to comply with Koch’s subpoena demanding the identity of the anonymous poster, arguing, “[w]e are not in the business of harboring, you know, felons and crooks. We are not about that. This isn’t WikiLeaks… [w]e comply with the law here.”
Bluehost knew that the customer wanted to be anonymous (they had opted into Bluehost’s domain protection program), however, the law here depends on Bluehost providing their client with knowledge of the subpoena, so that a timely objection can be heard by the issuing judge. In the words of the site’s own counsel:
The judge ruled that [Bluehost’s customer,] Youth for Climate Truth had a First Amendment right to issue a satirical press release and site – in which the group impersonated Koch and announced that the company had reversed its position on climate change – in an effort to call attention to Koch’s notorious bankrolling of efforts to deny climate change.
The problem here arises not from Koch trying to use its legal muscle to silence political satire, but from Bluehost’s over willingness to comply with a request to identify the anonymous satirist.
In Bluehost’s defense, the suit came at the height of the Wikileaks debacle, a time when the industry’s top names were identifying otherwise anonymous customers, but at the same time, as political interactions move increasingly online, our marketplace of ideas relies increasingly on hosting companies and internet services providers to remain good political citizens (not simply corporate ones).
While technology may lend voice to otherwise marginalized political groups, it does not come without risk. In a shared hosting environment like Bluehost, “your” site, is not necessarily “your” site. Will we begin to see subpoena response times along the list of benchmarks and features when evaluating hosting companies? Probably not. But if you are planning on leveraging shared servers — be they Bluehost, Twitter, or YouTube — to blog about anything more than say, DC Summer Interns, perhaps you should take a look at your hosting company’s legal record before you click submit.
If you enjoyed this post, you might also enjoy:
- Why open source
- Ten ways to make a product great
- 15 rules for communicating at GitHub
- The difference between 18F and USDS
- How I over-engineered my home network for privacy and security
- Five best practices in open source: external engagement
- 19 reasons why technologists don't want to work at your government agency
- Four characteristics of modern collaboration tools
- Twelve tips for growing communities around your open source project
- Why everything should have a URL
- The three biggest challenges in government IT
Ben Balter is Chief of Staff for Security and Engineering at GitHub, the world’s largest software development platform. Previously, as a Staff Technical Program manager for Enterprise and Compliance, Ben managed GitHub’s on-premises and SaaS enterprise offerings, and as the Senior Product Manager overseeing the platform’s Trust and Safety efforts, Ben shipped more than 500 features in support of community management, privacy, compliance, content moderation, product security, platform health, and open source workflows to ensure the GitHub community and platform remained safe, secure, and welcoming for all software developers. Before joining GitHub’s Product team, Ben served as GitHub’s Government Evangelist, leading the efforts to encourage more than 2,000 government organizations across 75 countries to adopt open source philosophies for code, data, and policy development. More about the author →