Wikileaks and Payments - Who's in the right?

There's been a lot of upset in recent weeks over the decision of numerous payment processors to withdraw their services from Wikileaks. In this post, I'll be taking a look at whether or not Paypal, Mastercard, Visa and others are actually able to withdraw their services in this manner. We'll not be debating the rights and wrongs of Wikileaks and Mr Assange as they are both separate issues.


The Law

As I'm in the UK, and only trained in UK Law I'll be examining the situation from a UK perspective. Obviously, much of the focus is actually on US Law, but as services have been withdrawn on a worldwide basis I believe it's fair to examine the legal landscape in other Jurisdictions.


Those Involved

At time of writing, a number of companies have withdrawn their services from Wikileaks;

  • PayPal
  • Mastercard
  • Visa
  • The Bank of America
  • Amazon (Withdrew Hosting Services)
  • EasyDNS (Withdrew their DNS services)

Although some would argue that Wikileaks cannot legally justify their actions, we'll assume that they can. We'll also assume that the US Government have exerted no pressure on any of the above. So, everyone's squeaky clean in our scenario (wouldn't it be nice if it were true!)


Obliged to Provide Services?

Contrary to popular opinion, no person or organisation is obliged to provide services to anyone (leaving aside discrimination laws). When you enter a shop, the salesperson is not obliged to sell you item A at the price shown on the shelf. The law views the displaying of a price as an invitation for you to begin negotiations, so the price displayed does not form part of the contract you form when you purchase the item.

Similarly, just because Paypal offer a service, they are not obliged to provide this service to anyone.


Had a Contract Been Formed?

Although relevant, the above would only truly apply if Wikileaks had attempted to set up an account and been immediately refused. Because they were able to procure services from the providers listed above, they had already entered legal relations with those entities. So, the issue then centres on the terms of the contract formed. Inevitably, the contract will have incorporated an arbitrary set of 'Terms and Conditions' chosen by the service provider.

Although they cannot override your statutory rights, these Terms and Conditions can have a dramatic impact on your rights under any contract. Because these terms are seldom negotiated between the two parties, they consistently favour the service provider over the customer. To complicate matters further, many providers now incorporate multiple documents into the agreement - PayPal has 4 relating to ordinary users alone - which only makes it easier for them to include terms benefiting the service provider over the user.

Because Wikileaks had already procured services from the entities named above, they were subject to the terms laid down by those providers as part of the service agreement.


Broad Terms

Using Paypal's Fair Use Policy as an example, and remembering our assumption that Wikileaks have not broken the law, there seems to be very little to support the withdrawal of Wikileaks service. However, because the terms are all written quite broadly, it should be possible to claim that Wikileaks broke the terms of use;


  • items that encourage, promote, facilitate or instruct others to engage in illegal activity

We could claim that because Wikileaks solicit donations using PayPal, those donations support their core business. Wikileaks wouldn't exist if others were not providing sensitive data to be published. Ergo, donations to Wikileaks encourage others to illegally leak classified documents.

Tenuous, yes, but such simple logic could be sufficient to justify withdrawing services from someone. Especially when we want to ensure that we aren't upsetting the US Government by providing services.


  • violate any law, statute, ordinance or regulation

This is an absolutely fantastically broad term. At no point does the agreement state which jurisdiction the terms relate to, so this term could potentially incorporate any legislation or regulations from anywhere in the world. It's reasonable to assume that if an action is illegal where the user is, then they should not be using PayPal. But what if it's legal in the UK, but not in the US? What happens then?

This term could be used to remove services from anyone for any reason. In Thailand, it is a crime to disrespect the monarchy. So, although PayPal is based in the US, there's no apparent reason why they couldn't withdraw services from a site they didn't like (assuming they could find some disrespect on the site) regardless of where in the world that site is based.

The other providers all have similar terms within the documentation which forms part of the contract, and so all feel justified in withdrawing their services.


Side Note

An interesting point relates to accusations of the US Government getting involved with PayPal et al. The second term listed above relates to the legality of the activity, but what position is held if the Government contact the provider and say that it might be illegal. Or even, for that matter, that it is illegal. Does the provider terminate the contract? They should refuse to do so unless ordered to by a court, but who's going to argue with the Government?

If the contract was terminated as a result of the Government claiming that Wikileaks had (or might have) broken the law, this is a fantastic abuse of power. Whilst Government may create our laws, the principles of due process must still apply. Of course, the Government would justify it as 'interrupting' an on-going crime.

This is a side note because it's an argument that will never be won!



Although many clearly disagree with the decision, the service providers listed above were completely entitled to withdraw their services. This is only the case, however, because of the astounding broadness of some of the terms in their agreements. This is a secondary issue that really needs to be resolved, especially as law makers are beginning to follow suit by trying to make 'catch-all' laws which later get abused (think RIPA and councils checking school catchment areas).

The legal rights and wrongs of WikiLeaks are yet to be proven, yet numerous service providers are already punishing the site for their alleged 'crimes'. Their service agreements allow them to take this position, and no amount of pounding with the Low Orbit Ion Cannon is going to change their stance. The only way to prevent a repeat performance in future is to ensure that less broad terms are used in contracts.

Although PayPal etc. may be in the clear legally, the debate over the morality of their choice is something that is likely to continue for quite some time.