Updated: Feb 3, 2021
EDIT (Jan 15, 2021): Since this post was originally published, it was pointed out that Okta, an identity management platform, also terminated Parler from its services after a Twitter user pointed out it "would be a shame if you continued to service [parler]."
The recent permanent suspension of Donald Trump's @realDonaldTrump Twitter account and the follow-on deplatforming of Parler creates an interesting situation in this era of digital transformation accelerated by the pandemic.
Companies are being sold Cloud, and Cloud service providers such as Microsoft, AWS and Google. More and more, companies and businesses are relying on Software as a Service (SaaS) and Platform as a Service (PaaS) for their business technologies. Beyond the SaaS and PaaS providers, company marketing usually relies heavily on social media platforms like Twitter and Facebook in order to market their brand and reach their customers. The big tech firms have a great deal of power over our online presence, data and infrastructure. Perhaps you never thought of this before, but this "power" creates another risk to consider when moving your business to the Cloud: are you okay with allowing yourself to be beholden to the whims of major tech firms such as Amazon, Google, Twitter, Microsoft, etc.
freedom of expression does not apply to private corporations
As has been succinctly pointed out elsewhere, freedom of expression is protected from intrusion by government, at least in western democracies via, for example, the Constitution in Canada and the United States. However, freedom of expression does not apply to private corporations.
In the United States, section 230(c)(2) of the Communications Decency Act (CDA) provides protection from civil liability for operators of interactive computer services in the removal or moderation of third-party material they deem obscene or offensive, even of constitutionally protected speech, as long as it is done in good faith.
This raises the question of quis custodiet ipsos custodes - “who watches the watchers?”. Since these private corporations are not accountable to the general populace, and decisions are essentially unappealable, our reliance on these entities for online presence, data storage, applications, infrastructure, etc. poses an obvious operational risk in that the business is beholden to the whims of these technology providers.
As a business owner, do you need to worry that you might say the wrong thing and suddenly be at risk of losing all your company data that resides on these Cloud services? Short answer is yes, it is a possibility.
That said, we need to keep things in perspective. In the case of Donald Trump, we have a world leader, arguably the most powerful person on earth whose influence is far reaching. There has also been a pattern of poor behaviour, repeated warnings, and disciplinary actions leading up to the final permanent suspension. For the average business, this should not happen without warning. The risk is that we cannot predict how far the political spectrum is going to slide in either direction. Private tech firms are owned by people whose business decisions may be swayed by their own political ideologies, same as they may be by financial or social pressures. Without any checks and balances in place, such as the Constitution for protection and appeals, we have no way of keeping the powers of the technology companies in check. In the climate of increasingly divisive partisan politics, what is acceptable today may not be acceptable tomorrow.
Where does that leave us?
The benefits of leveraging the Cloud are well established. Should we abandon the Cloud-first digital transformation and retreat back to our on-prem data centers? Not at all. We simply need to consider the risk and develop contingencies to deal with possible events. The reason we have taken backups of our data since the earliest days of IT is that it serves as a contingency against disasters, such as loss of production infrastructure.
In the case of Cloud services it is easy to forget that we are dependent on a third party to provide those services to us. Even though these services often come with high availability Service Level Agreements which guarantee uptime and can mitigate much of the risks associated with the old on-prem solutions, they are not infallible. As we have discussed in this blog, private service providers are not obligated to provide those services to you. If they decide they do not want to provide services to you overnight, you also have no avenue to appeal that decision.
In the unfortunate, and very dystopian, event where you make an enemy of the service providers, even with an on-premise infrastructure, it may not even be possible for you to access the internet if no Internet Service Provider is willing to provide it to you.
This is not meant to instill fear - it's a thought exercise for disaster recovery (DR) and business continuity planning (BCP). What if your service providers become unavailable? What is the plan? Will you migrate elsewhere? How will you do that?
If you need assistance in developing a business continuity plan (BCP) or a DR plan, contact us.