> Our decision today was that the risk created by the content could not be dealt with in a timely enough matter by the traditional rule of law systems.
Does Cloudflare wait for a court order before taking action when it detects a DDoS attack or when it suspects that a client is malicious?
The law is by design reactionary. In this case, I don't mean that in a bad way; what I mean is that the law is designed to respond to criminals, not to preempt them. If all of your moderation decisions, even in cases that go beyond hate speech or bigoted content into straight-up abuse of infrastructure and direct targeting of individuals -- if you need that to be reliant on a court then you are giving up the ability to prevent abuse and you can only respond to that abuse.
Do you worry about due process when someone's site is getting knocked offline by automated requests, or is your primary worry about protecting your customers?
What's even worse is that by abjugating your responsibility to protect your customers even in cases where there are clear threats, and by encouraging the law to become even faster and more trigger-happy to compensate, you encourage the creation of censorship engines that are even more dangerous than the ones that you are in charge of. We should have better laws around doxing and threatening people online, but even once we get better laws, Cloudflare is still going to have a part to play in detecting targeted attacks. No just law is going to be fast enough or nuanced enough to make these decisions for you.
You can't get rid of your responsibility to such a degree that you won't need to make moderation decisions even about non-ideological and purely abusive content like doxing forums. And by refusing to recognize your role in that process, you allow people to be completely driven offline and censored in the exact same ways that your company is dedicated to preventing. It's no different than allowing a DDoS attack on one of your clients to continue because you haven't specifically heard from a judge yet that you should stop it.
Does Cloudflare wait for a court order before taking action when it detects a DDoS attack or when it suspects that a client is malicious?
The law is by design reactionary. In this case, I don't mean that in a bad way; what I mean is that the law is designed to respond to criminals, not to preempt them. If all of your moderation decisions, even in cases that go beyond hate speech or bigoted content into straight-up abuse of infrastructure and direct targeting of individuals -- if you need that to be reliant on a court then you are giving up the ability to prevent abuse and you can only respond to that abuse.
Do you worry about due process when someone's site is getting knocked offline by automated requests, or is your primary worry about protecting your customers?
What's even worse is that by abjugating your responsibility to protect your customers even in cases where there are clear threats, and by encouraging the law to become even faster and more trigger-happy to compensate, you encourage the creation of censorship engines that are even more dangerous than the ones that you are in charge of. We should have better laws around doxing and threatening people online, but even once we get better laws, Cloudflare is still going to have a part to play in detecting targeted attacks. No just law is going to be fast enough or nuanced enough to make these decisions for you.
You can't get rid of your responsibility to such a degree that you won't need to make moderation decisions even about non-ideological and purely abusive content like doxing forums. And by refusing to recognize your role in that process, you allow people to be completely driven offline and censored in the exact same ways that your company is dedicated to preventing. It's no different than allowing a DDoS attack on one of your clients to continue because you haven't specifically heard from a judge yet that you should stop it.