iWeb Communities: Blog

Last week, a report by a Canadian media organization suggested that two Web sites linked to presumed terrorist groups were hosted by iWeb. Because such a simplified version of things does not explain the technical complexity of the situation, it is very important for us to clarify any confusion that may have resulted.

Specifically, two websites that promote the activities of suspected terrorist organizations had indeed found their way onto iWeb?s infrastructure; however these sites were shut down as soon as this was confirmed.

In fact, the sites in question were located on the dedicated server of a client. Most iWeb customers are themselves Web hosting companies that sell, provide and support their own Web hosting services to their specific markets, with their own business model. This is possible because iWeb provides Web hosting infrastructure (electricity, network, dedicated servers). However, iWeb is not involved in the actual management of these servers and exerts no control over their contents. This is similar to an Internet Access Provider who provides ACCESS to the Internet, not the Internet itself. The supplier does not control what’s on the Internet, or how it is used.

During the account activation process, all our customers agree to abide by our terms and conditions, as well as Canadian laws. Unfortunately, it happens that this agreement is not respected, or is interpreted differently by end users who often are not direct iWeb customers (they are in fact the customers of our client). As soon as iWeb has confirmation of abusive or illegal use of it?s infrastructure, it is immediately brought to our client?s attention. The client is then requested to take immediate action to resolve the issue. If appropriate measures are not taken within the given delay, iWeb takes preventative measures which, in extreme cases, may include the immediate suspension of all electronic services.

iWeb strives to react quickly and to promptly address all abuse-related reports and complaints. iWeb reminds everyone that it is virtually impossible to control the flow of content that may find its way onto our clients? servers, in addition to any content from our clients? customers.

iWeb encourages every person who notices or suspects any illegal or abusive use of our network to report it as soon as possible by sending a detailed e-mail to the following address: abuse@iweb.com. Thank you in advance for your vigilance.

For a more detailed explanation, please continue reading.

To recap how all this started; we were contacted last February by Jonathan Halevi of “Orient Research Group Ltd.” to notify us of the presence of such a site on our network. At this point, we screened the English version of the site (which was also written in Arabic) and concluded that the English version did not seem to have any content which could violate our policies or laws. Last week, we were informed by a journalist from CBC that a server rented to a client hosted a site whose content could violate Canada?s anti-terrorism act (see the article by CBC). Based on the information provided to us, this time we had the Arabic version of the site verified to realize that indeed, certain part of the forum of the site clearly violated our usage policies and Canadian law. We took immediate action to shut down the sites, and then responded to the journalist?s questions.

For the journalist and for most people who viewed the interview, the first thing that comes to mind is:

Why iWeb was not aware that it hosted this site?

Though the answer may seem obvious to any one in the web hosting industry, few people are familiar with the technical side of web hosting services, so we thought it was a good idea to explain the main points of the answer to this question, in the simplest possible way.

1 – Because the service offered is only the medium, and not the message …
To truly understand what we mean, you must understand the different service offerings in Web hosting. At iWeb, we offer 3 main types of service; shared hosting, dedicated hosting and co-location. In shared hosting, several customers are sharing the same server?s architecture to install and publish their web sites. iWeb is then responsible for ensuring the proper functioning of the physical aspects of the site?s hosting (making sure that the physical aspects of the servers are functional, maintained and updated ? including RAM and Hard disks, etc), the software aspects of the web site hosting (ensuring that the installed software versions are up to date, secure and enable the smooth functioning of the customer?s site), the network aspects (fast and reliable Internet connectivity) and maintaining the server?s physical environment (air conditioning, electricity, etc. …). In dedicated hosting, iWeb rents a physical server to a client who is responsible for the entire server, including managing the software. iWeb?s role is then to provide and maintain the hardware, network and the physical environment of the server. The server is essentially an empty shell until the client fills it with content. In co-location, iWeb does not provide the server. The customer brings its own server and iWeb is then responsible of the network and the physical environment of the customer’s hardware.

In this particular case, the client was using our dedicated hosting service, which means that iWeb leases a physical server for which the client is the only person/entity managing the server?s applications and software. In many cases, we do not even have the password to access the server. (From this point on, the explanations will refer exclusively to the dedicated server services ? we specify this because of the differences that may exist between the different type of hosting services.)

That being said, to answer the initial question, iWeb is not aware of what happens on a dedicated server because the service provided by iWeb is not a “content management” service but rather “service/infrastructure management.”

2 – To respect the privacy policy and confidentiality …

When a company uses our services, it installs data on the server which is often confidential. For example, lists of contact information for their customers, strategic price lists for the company, list of employees including salaries, internal confidential documents. As stated in our terms of services, we are committed to respecting this confidentiality, with the exception of exceptional circumstances, such as a situation where we need to cooperate with the authorities. This means that we can not access the client’s server unless they ask us to do so, or if a situation arises that will oblige us to do it. We therefore have no knowledge of exactly what is on the 7 000 servers that we host.

This is the same principle as a landlord who rents an apartment to a tenant. He has no idea what’s happening in the apartment, even if he is the owner. To respect privacy, he will not enter the apartment and he will not install a camera to monitor what is happening there. The owner does not know what is happening in the apartments … The same way your telephone service provider will not be listening to your telephone conversations even though you may be planning a crime. The company in question does not know what’s happening on its telephone network.

Obviously, we ask our customers to follow certain rules that are part of our terms of service, to which the customer must agree before doing business with us. The same rules apply with a mobile phone contract in whereas you agree to use it in a way that does not contravene with the law, or if you may agree not to have pets when you sign a lease for an apartment. Unfortunately, it is possible that the agreement between the parties may be broken or interpreted in different ways and this is when conflicts begin (more details below).

3 – Because even if we had to filter the content …

Let’s use an example to illustrate what it represents. Imagine a library in which there are several tens or hundreds of thousands of books. The standard operation of a library is to give these books to the subscribers who will return once read, but now imagine that the process of our library allows all the authors to bring the books they have written in the library. Several hundred author each day to include their books in this library. We therefore encounter a problem, how to read all these books, these tens of thousands of pages each day to ensure that the content is legal and legitimate? Imagine now that all these authors could modify the content of their book as they wish, change words, sentences, paragraphs, chapters, or even the whole book. We therefore face a second problem, how to manage all these changes in the content that would happen several thousand times a day to ensure they are done according to the rules? Let go further and imagine that all the readers of all the books can write comments on the content of the book and that the next reader can also make comments as well on the comments that were issued before him. We therefore face a third problem, how to control all these comments and ensure their legality?

In our case, the complexity of opening the site, adding content, changes, comments, etc. … represents millions of interventions every day! The Internet is full of this kind of complexity and that is why, even if we had to filter the content, it would be extremely difficult, even impossible, to control everything.

Once these details have been cleared up, a second question comes to mind for those who learned about this through CBC;

Why doesn?t iWeb intervene quickly to shut down the site once it learned of its presence on the server of a customer?

1 ? So that the intervention can be done in a way that is respectful of our client and their rights?

In a first step, it is very rare that the related site is entirely illegal or fraudulent. Usually, it’s only a section of the site or certain words that seem particularly detrimental to the person making the complaint. We have to be sure to target the problem before acting. This step may seem simple, but it becomes more complex when, as in this case, the site is a forum which includes tons of information, sometimes even dozens of pages of exchanges between users of the forums and in languages that people involved in the case do not handle necessarily perfectly.

In this case, analysis of the site had been done on the English version of the site, a version that did not seem to include material or content that was illegal or in violation of our terms of service (these facts were confirmed by journalists involved in this case). We informed our customer of this complaint and of the conclusions we came to. We also informed the individual who made the complaint, who did not provide any feedback or additional information.

Furthermore, our clients are often resellers or Web hosting companies that rent space to their clients on their server. There may be hundreds or even thousands of sites on a server and to cut access to the server could mean cutting all sites which lies on the server, thus cutting the services entirely that our customer provides its customers. We must therefore ask the cooperation of our client because it is not uncommon that he himself is not aware of the content that could have been put on the server by one of its own customers. We usually give him 24 hours so that he could himself analyse the cases and intervene appropriately and / or provide us with a main password of the server so that we intervene. Making the decision to shut down an entire server can be a service interruption for hundreds of sites that have nothing to do with the related complaint, even the interruption of services of the entire company who could lose its clients.

Finally, if we go back to the example of the landlord providing apartment rental, if a tenant notifies the owner that another tenant might be doing something illegal (such as selling drugs, for example), what can the landlord do to act quickly? He can not go in the apartment of his tenant to establish if these facts are true, he will not take the drug to put it in the garbage or change the locks so that the tenant can no longer access his apartment. Another example, if you receive threatening phone calls, will you call your telephone service provider and ask them to cut the line to the person who just make the threats because it is illegal and does not respect the good telephone usage policy? Or, if you were having a marketing fraud by phone, is that the telephone service provider has direct recourse against these malicious hackers? It is a judge who decides and we can not act as a judge in conflicts or complaints we receive.

This is the same principle for a web hosting company – we intervene within the limits which we believe it is ok for us to intervene directly.

2 – A question of interpretation:

Sometimes it is easy to see that a complaint is substantiated and contravene to our policies or Canadian laws. Therefore, in other cases it is to interpret comments, interpreting a law and determine how to implement it. People?s comments under the article in question are a good example, several believe that the site had to be removed and others believe that this is freedom of expression; who is right? It is very difficult to appropriate the role of the judge and police in a complex social debate.

For our part, we determine that the initial complaint, which did not target a specific part or section of the site was not, at first glance, substantiated and that the version and sections of the site that we analyzed were conformed with Canadian laws and our policies. That being said, we originally specified to the person who made the complaint that if they felt the issue required legal attention, that they should voice their concern to the competent authorities like the RCMP (Royal Canadian Mounted Police) so that they can also analyze the content and that we will collaborate with their verdict. When the complaint reached us for a second time, the new information provided to us made us revise our position. We then agreed that it was not informative speech or opinion or freedom of expression anymore, but a threat to human beings who violates our policies for using this service and why we intervened by shutting down the sites in question. One thing is clear, with regards to the nationality, culture or religious beliefs of our customers, iWeb remains strictly impartial. We understand that these subjects are often very important and sensitive to many people, and clearly, it is often difficult to draw a clear and precise line between what is acceptable and what is not.

We hope this detailed explanation will help you understand better our position and the reasons for our intervention. If this is not entirely clear, we will be happy to answer any related questions.