Project Galileo Offers DDoS Protection for Free Expression Online
CloudFlare's Project Galileo aims to help protect freedom of expression on the Web by defending certain sites against DDoS attacks. The trick is to determine which groups actually serve the public interest as opposed to advancing other agendas. To help sort that out, CloudFlare is relying on organizations like the CDT, ACLU and EFF to identify politically or artistically important websites.
Jun 13, 2014 10:27 AM PT
CloudFlare on Thursday announced the launch of Project Galileo, a service designed to provide enterprise-grade protection against distributed denial of service attacks free of charge to certain sites, with the goal of protecting freedom of expression on the Internet.
Such sites must be engaged in news gathering, civil society, or political or artistic speech; be subject to online attacks related to these functions; be not-for-profit organizations or SMBs; and must act in the broadly defined public interest.
CloudFlare is working with a number of partners -- including the Center for Democracy and Technology, the American Civil Liberties Union and the Electronic Frontier Foundation -- to identify at-risk sites that qualify.
"We're very good at technology, but deciding what content is politically or artistically important is above our pay grade," said CloudFlare cofounder and CEO Matthew Prince.
Partners are "essentially trusted referrers for the program where, when we see a public interest or arts organization getting hammered by DDoS, we can alert CloudFlare," Joseph Lorenzo Hall, chief technologist at the CDT, told TechNewsWorld.
More on Project Galileo
CloudFlare's mission is to build a better Internet, and "ensuring that bullies cannot use attacks to censor content simply because they disagree with it" is fundamental to that, Prince said.
Partners in the Galileo project are given access to a hotline so they can alert CloudFlare about a current customer that qualifies for protection under Project Galileo or a qualified site that is under attack.
"Once a partnering nongovernmental organization alerts us that a politically or artistically important website is under attack, CloudFlare will provide the organization with our most advanced DDoS protection," company Prince told TechNewsWorld.
Do-Gooding or Good Advertising?
Because Project Galileo is strikingly similar to Google's Project Shield, which is aimed at SMBs, it raises the question of whether CloudFlare perhaps is actually engaging in a low-key campaign to get its name in front of potential clients and win free publicity.
However, CloudFlare has emphasized its commitment to free speech over the years.
In 2013, for instance, Prince defended CloudFlare's protection in response to questions from UK-based tech blog The Kernel.
"We have been consistent, and Project Galileo is an example of just that," Prince said.
The Galileo Project has fewer than 100 users, but "now that it is public, we are adding more every day," Prince noted.
They include sites ranging from LGBT rights proponents in the Middle East to political corruption trackers in Sri Lanka, to deforestation monitors in Malaysia and sites exposing bribery across Africa.
Some DDoS Stats
In the first quarter of this year, DDoS attacks consumed about 40 percent more average bandwidth than before, according to Prolexic, now part of Akamai.
Further, 54 percent of those attacks targeted the media and entertainment industries.
The New York Times and CNN were among the more prominent victims of the Syrian Electronic Army earlier this year.
"We suspect that attacks on media sites are often driven by social or political agendas," Stuart Scholly, a senior vice president at Akamai, told TechNewsWorld.
What's the Public Interest?
Project Galileo partners will identify whether possible candidates act in the broadly defined public interest, and that raises the question of how the public interest is defined.
Is it communications surveillance for national security purposes? No one wants another 9/11 or Boston Marathon bombing, after all. Is the public interest the same as the national interest? What if they diverge because the former serves the public and the latter, being shaped by political leaders, may not?
"They are not the same," the CDT's Hall said. For example, the United States National Security Agency "engages in many activities that they argue are in the U.S. national interest that we've argued ... are not in the public interest."
The public interest is what offers "the most good for the most people," Hall said.
Keeping public interest sites up and running is critical, CloudFlare's Prince said, because it preserves freedom of expression online.