A previous blog addressed a similar issue, about ISIS, with a very clear policy. It's worth the read.
From Mr. Prince:
"> What safeguards do you have in place to ensure that CloudFlare does not support illegal terrorist activity?
This question assumes the answer. A website is speech. It is not a bomb. There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain." [1]
"Again, CloudFlare is not a hosting provider. If we were to terminate this, or any other customer, the material wouldn't go away, it would just be a bit slower and be more subject to attack. We do not believe that "investigating" the speech that flows through our network is appropriate. In fact, we think doing so would be creepy." [1]
> Your CEO has in the past publicly defended providing services to websites hosting dangerous material. Would his position change if one of his own family was hurt or killed in an incident that could be reliably linked to the [controversial website]?
In a word: no. As a way of proving that point, rather than speculate on a gruesome hypothetical, let's discuss a concrete example. About a year ago, a young hacker broke into my email accounts, rummaged around, and caused a significant amount of damage and embarrassment to me. At the time, the hacker was a CloudFlare user. He even used his CloudFlare-powered site to publish details of the attack. I was furious. It was a direct attack by one of our users specifically targeting me. Despite that, we did not kick him off our network nor should we have.
From Mr. Prince:
"> What safeguards do you have in place to ensure that CloudFlare does not support illegal terrorist activity?
This question assumes the answer. A website is speech. It is not a bomb. There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain." [1]
"Again, CloudFlare is not a hosting provider. If we were to terminate this, or any other customer, the material wouldn't go away, it would just be a bit slower and be more subject to attack. We do not believe that "investigating" the speech that flows through our network is appropriate. In fact, we think doing so would be creepy." [1]
[1] https://blog.cloudflare.com/cloudflare-and-free-speech/