Cloudflare, the industry-standard for website protection, is storing the online content of a banned neo-Nazi terrorist organisation on UK soil and illegal Holocaust denial content across Europe.

Last week, the importance of tackling online hate was once again thrown into stark relief when the murder trial of Darren Osborne heard how his deadly hatred of Muslims was the result of online radicalisation. A terrible reminder that online hate can have tragic real world repercussions.

HOPE not hate is calling on the UK Government to take action against far-right websites – including several of the most extreme neo-Nazi and Holocaust denial websites in the world – that operate using European-based ‘edge servers’ and so are likely liable to laws in their respective European countries.

For many years the UK Government has been unable to act to prevent this kind of extremist content, as the websites in question have relied on US-based servers that are beyond its jurisdiction. But now HOPE not hate can confirm that leading web services and security company, Cloudflare, operates using ‘edge servers’ that store web content locally on servers within Europe, and notably on UK soil.

Cloudflare is an internet services company based in San Francisco that provides Distributed Denial of Service (DDoS) mitigation – protection against attacks designed to stop websites from functioning by flooding them with traffic as well as performance optimization of websites.

It provides protection to circa 100,000 of the top million most-visited websites and over six million others (Alexa). Yet among its clients benefitting from cybersecurity and content delivery optimisation are some of the most extreme, hateful, violent, and even illegal organisations anywhere in the world.

We can exclusively reveal that the web content of NS131, a neo-Nazi terror organisation banned in the UK, is being stored by Cloudflare in London and Manchester and delivered to users in the UK.

HOW DOES CLOUDFLARE OPERATE?

© Cloudflare

The Southern Poverty Law Centre (SPLC), a US civil rights organisation, describes Cloudflare as acting “as an intermediary layer between a website and all of its traffic, including normal visitors, crawlers and bots, and attackers.”

To optimise the speed of content delivery to a normal user, Cloudflare owns and operates data centers around the world – known as ‘edge servers’. These edge servers cache (store locally) static web content including images and Javascript (a common website programming language) in order to create an uninterrupted user experience. The Cloudflare Global Anycast Network, as it is called, is powered by 119 data centers around the world including 30 in Europe, two of which are here in the UK in London and Manchester.

Single server (left) versus Content Delivery Network (CDN) (right). © Kanoha

We’ve compiled an extensive list of hate groups that currently enjoy protection from Cloudflare’s DDoS mitigation, including:

  • Major neo-Nazi forum Stormfront
  • Key alt-right websites – Richard Spencer’s AltRight
  • European far-right parties – the British National Party and the Swedish Democrats
  • The Westboro Baptist Church site godhatesfags

As evidenced by the who’s who of hate on the list above, it’s little wonder that a recent article in WIRED magazine accused Cloudflare of “acting like the muscle guarding the podium at a Nazi rally”.

Background

For decades, European extremist organisations have circumvented domestic legislation relating to online hate speech and Holocaust denial. How? Simply by storing their site ‘offshore’ – such as in the US – where free speech provisions prevent law enforcement from clamping down on their hateful content.

Cloudflare has been challenged on this issue in the past, responding by saying that “inherently, there will be things on our network that make us uncomfortable. We will continue to abide by the law, serve all customers, and hold consistently to a belief that our proper role is not that of Internet censor.”

However, Cloudflare’s use of edge servers that cache clients’ content inside Europe raises the prospect that it is in fact breaking laws by hosting content that breaches domestic legislation.

Protecting Terrorists

In December 2016, National Action, the most notorious neo-Nazi group operating in the UK at the time, was banned as a terrorist organisation by the UK Government. More recently, after information originating from HOPE not hate that the group was still operating, six alleged members of National Action were arrested and charged with the intended murder of Labour Member of Parliament Rosie Cooper.

As of September 2017, the banning order was widened to include two aliases used by the group, one being ‘NS131’. The group is known for its fetishisation of violence, admiration of Hitler and extreme antisemitism.

Despite this, NS131’s website remains online and protected from attack by Cloudflare. Given the way in which Cloudflare’s network operates, we are able to determine that this extreme, hate-filled, illegal content is being accessed from servers right here on British soil in London and Manchester.

Under EU law – specifically, Article 14 of the Electronic Commerce Directive – online hosts are not liable for the illegal activity, or information placed on its systems by a user, so long as the online host does not have “actual knowledge” of the activity or information. Upon obtaining such knowledge, the online host must act expeditiously to remove or to disable access to the information.

Now that HOPE not hate has raised this issue, we urge Cloudflare to stop protecting the content of this banned terrorist organisation and by extension to remove cached hate content from its UK servers.

NS131 is not the only terrorist linked website to use Cloudflare, with one of the world’s largest neo-Nazi and white supremacist websites, Stormfront, also among its customers, using the service to protect against DDoS attacks.

Stormfront has more than 330,000 registered users drawn from across the extreme right-wing, including neo-Nazis, white supremacists and KKK members.

A 2014 report by the SPLC into the forum found almost 100 hate-crime murders were linked to this single site, with former users including mass murderer Anders Behring Brevik, who killed 77 people in Norway in 2011.

In 2017, as shown in a recent Anti-Defamation League (ADL) report, the number of white supremacist murders in the United States more than doubled, begging the question why Cloudflare allows its services to be used by a website with such a connection to racist murders.

Holocaust Denial

As well as possibly breaking UK laws related to the banned group NS131, it is also extremely likely that Cloudflare is physically storing cached Holocaust denial content inside countries where laws prohibit its dissemination.

An SPLC investigation found “eight countries (13 additional Cloudflare data centers) that may contain and serve cached holocaust denial or revisionist materials despite laws prohibiting such content”. These include France, Germany, Belgium, Romania, the Czech Republic, Austria, Greece and Poland.

Among the Holocaust denial websites using Cloudflare is the notorious Committee for Open Debate on the Holocaust (CODOH) and its integrated publishing arm, Castle Hill Publishing, established by the leading denier Germar Rudolf. This website alone has reams of content that contravene laws against Holocaust denial in numerous European countries.

The Cloudflare-protected CODOH website explains that they “no longer believe the German State pursued a plan to kill all Jews or used homicidal “gassing chambers” for mass murder during the years of World War II”, while the book shop includes articles by key Nazi ideologue and race theorist Alfred Rosenberg.

They even brag that they “specialize in particular on the publication and dissemination of mainly scholarly-historical books and documentaries which can no longer be published or distributed in Germany or other European countries […].”

A Matter of Democracy

Tech companies such as Facebook, Twitter, and Google are at the centre of an ongoing debate on facilitating online hate. However, though the roles of free speech and censorship have significance in this conversation, there must also be adherence to the law.

While the UK Government is said to be taking strong measures to crack down on online hate content and the German government has long-standing legislation to silence Holocaust denial, web companies continue to use loopholes and moral grey areas that in practice not only protect hate speech, but may also help far-right activists to break existing domestic laws.

We are calling on the Home Office to launch a full-scale investigation into the practices of Cloudflare’s website protection services and to immediately shut down websites that are in breach of the law, such as NS131.