Member Spotlight: Cloudflare

Alissa Starzak & Caroline Greer Talk Global Internet Public Policy

Cloudflare speeds up and protects millions of websites, APIs, SaaS services, and many other things connected to the Internet. Its CDN, DDoS mitigation, DNS services and enterprise-class web application firewall are powered by a globally distributed network delivered through 175 data centers worldwide.

From a technological perspective, delivering cybersecurity and web acceleration services to 16 million Internet properties and protecting them against online threats is beyond impressive, but there are also significant policy challenges given Cloudflare’s truly global span.

In its commitment to the global Internet, Cloudflare has become one of the i2Coalition’s latest members, enhancing its impact on Internet policy by joining other top companies in the Internet infrastructure space.

i2Coaltion Communications Manager David Hamilton had a chance to talk with Cloudflare US Public Policy Head Alissa Starzak and European Public Policy Head Caroline Greer about the challenge of drafting effective policies for speedy technological innovation, the current fragmentation of Internet policy across borders, why it’s important for the Internet infrastructure community to team up on Internet policy issues, and more.

David Hamilton (i2C): We’ve got Cloudflare’s two policy heads from both sides of the Atlantic. Could you provide a short introduction?

Alissa Starzak: We have a relatively small public policy team so we work on a lot of issues all together. We cover the US and Europe and we’re also an international company with infrastructure presence in 75 countries and 11 different offices. So, we have a very large presence from a policy standpoint that we have to cover.

Caroline Greer: Also, given the breadth of our services, that means we are covering a lot of topics. I’m heading up European policy in Brussels and Brussels is very active in the regulation space. We cover everything from content moderation—to the extent that that touches a very small part of our services—to files on privacy, cyber security, the whole gambit really. We are quite active overall in monitoring legislation, trying to shape it when we can and looking for allies in doing that. I think we are fairly unique as a company so it has been difficult to find an association family that fits well with us. That is what appealed to us with the i2C – it felt like a good fit.

DH: Could you describe the push and pull relationship between technological innovation and public policy? How do lawmakers deal with quickly changing technology?

AS: I actually think regulation and technology are both constantly evolving. As Caroline said, Europe is very active in the regulatory space—but the regulation that they are proposing doesn’t always match new technology. So, figuring out how the legal structures, which themselves are evolving, apply to new technology is a constant challenge for us.

CG: In Brussels there is a constant struggle to, on the one hand, have technology-neutral language which can mean that legislation can extend into the future and does not need to be reviewed regularly, vs. a desire on the other hand to have more precision in the language to carve out certain players or services within the Internet eco-system. For example, we see legislation that may be more applicable to services at the application layer of the Internet stack. So, there is a constant tension between having something neutral and future-proof, and something that is more detailed.

DH: Does the complicated nature of Cloudflare’s products and services make it difficult to find grounding in more universally understandable principles?

CG: Trust, security, and privacy are fundamental to Cloudflare. They are our core values and they direct us in everything we do—all our product offerings and our service offerings. A good example of that is our DNS resolver 1.1.1.1 which was one of our first consumer-facing products: it has received really great pickup and we just launched a mobile version as well.

I think what we see with everything, and it’s not unique to Cloudflare, is a tension between privacy and security and some of those trade-offs. That is something that confronts the entire industry.

AS: From a policy perspective, we often have to explain what the technology is, what our products do, and what those tradeoffs look like. If people don’t understand what our products do, they won’t understand why we believe privacy and security are core to our business model, and why we think they’re important. It’s often a process of explanation to get to the next step, which is talking about the underlying policy issues.

DH: In general, what do you hope to gain from being part of the i2Coalition?

CG: It’s just great to sync up with other companies who are operating in the infrastructure layer. The education piece is a big, big part of what we do at Cloudflare and that has to be a coordinated effort throughout the Internet ecosystem. We’re all doing slightly different things but collectively we need to be educating policy makers so they understand the technology and the Internet before they even start to think about any policy or legislative initiatives. That is what excites us most I think – being able to coordinate on that because we can’t move the needle entirely ourselves.

AS: It’s really important for us to talk to other people in the Internet infrastructure space. And I do think it’s been a challenge to find entities with similar issues and a similar perspective. One of the interesting things about i2C is that the other members, who are all entities in the infrastructure space, have voices that are parallel to ours.

DH: It seems that there’s a recent trend towards Internet fragmentation as countries and regions pass regulations that make the Internet very different for people around the world and make things different for companies operating across these different jurisdictions. How should we approach this very significant policy challenge?

CG: Splintering and fragmentation has been challenging for some time. The Internet is still global but it’s being challenged now more than ever. The splintering effect is probably at its highest level currently.

AS: Splintering at the infrastructure level raises different concerns than splintering on content. We’re seeing regulation being pushed further down the stack and talking about the potential effect of that type of regulation is a worthwhile conversation.

CG: One concept we talk a lot about at Cloudflare is protecting the public core of the Internet. And that public core is made up of many of the members and services you have at i2C: infrastructure/DNS-type services. It is so important to allow the Internet to continue to function the way it does. That is being challenged in many different areas and so that is a principle that we really hold dear: the need to protect the public core of the Internet.