Cloudflare, the next big cybersecurity IPO company, says it may have violated US law by doing business with terrorists and narcotics traffickers
- Cybersecurity company Cloudflare is about to become public company, possibly as soon as this week, and there are indicators that investors are ready to buy in.
- However, the company also quietly updated its S-1 filing to go public to disclose that it may have broken the law in ways including including selling its services to terrorists, to narcotics traffickers, and to governments being sanctioned by the US.
- It also may have violated laws governing exporting encryption technology, it said in the filing.
- Cloudflare has for years faced scrutiny over its role in protecting some of the darkest corners of the internet.
- Visit Business Insider's Tech homepage for more stories
Cloudflare gave a strong indication that its IPO roadshow is going well, when on Wednesday it increased its pricing range on Wednesday to $12 to $14 per share - up from $10 to $12 per share.
This should value the company at between $3.5 billion and $4.1 billion at the time of its IPO, exceeding its last private valuation of $3.25 billion. The company is expected to go public later this week, possibly as soon as Thursday.
But then the company also raised eyebrows by filing an amended S-1 form, its IPO prospectus, in which it admitted it may have violated US law. It sold its services to entities blacklisted by US government including terrorists, narcotics traffickers and sanctioned governments, it said in the filing.
Specifically, Cloudflare said (emphasis ours):
It also disclosed it may have broken US laws governing exporting encryption hardware.
Cloudflare offers a service that helps website operators keep their sites up and running even if hackers attempt to bring the website down, or if parts of the internet go down. The company says its network spans 194 cities in over 90 countries and connect with major internet providers and big corporate networks alike.
It may have installed encryption hardware in some of these overseas places in violation of the law, it explained:
Cloudflare has faced criticism for years over how it helped protect some of the darkest corners of the internet. Its has also been praised when it has kicked such entities off its network.
For instance, Cloudflare said its platform was used by 8chan, the online forum which "served as an inspiration" for the deadline mass shootings in El Paso, Texas and Christchurch, New Zealand. In April, after the El Paso shooting. The company announced that 8chan was no longer a customer, describing the forum as a "cesspool of hate."
In 2017, it faced a similar publicity storm when it admitted its network had been used by The Daily Stormer, the neo-Nazi white supremacist website, which became infamous for its role in the 2017 protests in Charlottesville, Virginia. Cloudflare later terminated the group's account.
The company says it disclosed the information about the blacklisted entities using its site to the appropriate government agency in May, 2019.
While Cloudflare promises it is doing all it can to prevent its service being used illegally, it says this remains a risk (emphasis ours):
Cloudflare did not immediately respond to a request for comment.