Cloudflare piracyThe DMCA (Digital Millennium Copyright Act) was signed into law nearly 20 years ago….yet here we are today, same old tired law but with an online ecosystem vastly different from what existed 2 decades ago.   Despite this, no one in Congress seems in any great hurry to update law and as they drag their feet, creative artists continue to pay the price. 

For creators trying to safeguard their work from online theft this leaves them with only one option, the DMCA takedown notice.   This antiquated process works ok in very limited instances, but for most filmmakers (and musicians) dealing with a large volume of infringements, it’s like using an umbrella to stay dry beneath Niagara Falls.  Not only is it inadequate, but the truth is– it’s a joke.   Why?  Because the DMCA’s safe harbor provision provides loopholes allowing many of tech’s piracy enablers–U.S. based companies play a significant role in allowing pirates entrepreneurs to pimp their stolen content across the globe–to sidestep any legal liability and happily accept the tainted profits filling their Clouflare services piracy websitescash drawers.

It’s not news that pirate websites are hosted offshore, hidden behind multiple layers of purposeful obfuscation.  Most don’t offer a way to remove content via the DMCA and offer this disclaimer: “This site does not store any files on its server. All contents are provided by non-affiliated third parties.”  Of course these sites make it nearly impossible to uncover the actual identity of these “third parties” while offering up streams (and earning ad revenue) off hundreds of pirated movies.

In fact, to find out the exact domain or IP where pirate servers are located requires some detective work, parsing through source code using something like Firebug or developer tools on Chrome.  Even if one figures out the source, removing the pirated content is quite another matter since these shadowy sites also ignore the DMCA.  Located offshore, behind privacy curtains, they stay outside the reach of U.S. law.

They may be outside the reach of U.S. law, but they seem to have no problem depending on U.S. companies for parts of their infrastructure.   Peel back more layers of the onion and you’ll find that in fact, there are U.S. based companies that provide a crucial services to efficiently deliver the pirated movies to viewers around the world.    One of the major players in this ecosystem is Cloudflare, a CDN (content delivery network) that currently handles about 10% of internet requests.

Illegal Piracy Sites do their best to hide while Cloudflare helps keep them in business

What does Cloudflare do exactly?  According to its website: “Here at Cloudflare, we make the Internet work the way it should.”  Well, maybe….but just as it assists legit sites (like voxindie.org) in operating smoothly, it also aids and abets (and profits) from criminal sites that market in stolen goods, like pirated films.

Just in the last couple weeks, I’ve run across many pirate sites and streaming servers that depend on Cloudflare to deliver their pirated movies to visitors.  For the purposes of this piece, I’ll focus on a couple examples…but it’s basically the same scenario with site after site I researched.

Cloudflare enables pirate websitesLet’s take a pirate site called Go Movies (I’ll refrain from providing the exact domain for obvious reasons).  It features hundreds of pirated movies and TV shows including titles still in theaters like Blade RunnerCloudflare pirates and Mother.  Though the site has a DMCA button that links to verbiage,  it’s a sham. Nowhere does it actually give you a way to contact them to send a takedown notice.   A WHOIS search reveals the domain owners hide behind privacy protection service based in Moscow.  It also lists Cloudflare as providing its name servers.

The scenario is the same when it comes to the actual source of the streaming file.  Using web developer tools, I determined the pirated movie I was investigating was hosted on lemonstream.me. Lemonstream.me doesn’t really have a website.  If you try to go to there you’ll just get a 403 Forbidden error message, but that’s where the files originated. There’s a myriad of encrypted code sent from the pirate website (Go Movies) to call up the specific file (in pieces), but a WHOIS search for the domain, it reveals site owners hiding behind another Moscow-based privacy service.  What do these sites have in common?  The fact that U.S. based Cloudflare provides its name servers for both.

Since these offshore pirate websites ignore the DMCA, will sending a DMCA notice to Cloudflare get you anywhere in a quest to remove the pirated movies?  Well you can try, but in reality it’s an utter waste of time.

In a case involving another pirate site, vidzi.tv I tried getting 40 links removed.  Vidzi.tv repeatedly ignored my DMCA email requests so I tried Cloudflare in business with pirate sitesending one to Cloudflare (its namerserver provider).  When nothing came of the email, I tried using Cloudflare’s clunky web form (that limits you to 10 URLs at a time).  I only received an acknowledgement that my request was received.  It’s a worthless pursuit.  Nothing changes.  The pirated movie remains online…all 40 links,  and Cloudshare still profits from the business of thieves.

Cloudflare made headlines by terminating Nazi website’s services

Cloudflare recently made headlines after the company reluctantly terminated the account for the neo-Nazi website The Daily Stormer.  The company explained their decision this way:

Earlier today, Cloudflare terminated the account of the Daily Stormer. We’ve stopped proxying their traffic and stopped answering DNS requests for their sites. We’ve taken measures to ensure that they cannot sign up for Cloudflare’s services ever again.

Our terms of service reserve the right for us to terminate users of our network at our sole discretion. The tipping point for us making this decision was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology.

Of course for Cloudflare, customers that offer up infringing content illegally are not subject to the same scrutiny.  Included in its statement as to why it removed The Daily Stormer account was this nugget absolving the company of responsibility when its customers break laws:

…we’ve always said that our policy is to follow the guidance of the law in the jurisdictions in which we operate. Law enforcement, legislators, and courts have the political legitimacy and predictability to make decisions on what content should be restricted. Companies should not.

As tech comes under overdue scrutiny, perhaps its time to again ask the question as to why it’s OK for companies like Cloudflare to openly do business with sites engaging in illegal activity.  I’m not the first one to raise this issue.  The company was on the losing end of a recent court decision when a district court ruled that the company must honor a permanent injunction awarded the RIAA against notorious pirate site MP3Skull and its CEO will also be deposed in another piracy related case so there’s hope that the company may be more responsive to DMCA requests.

Revise the DMCA to clarify the role and liability of intermediaries that do business with piracy sites that won’t comply with the DMCA

Going forward, why leave it up to interpretation?  Why not clarify the responsibility of intermediary companies in the DMCA notice and takedown process.

Why not update the DMCA to require that companies like Cloudflare that provide intermediary services be required to either comply with takedown notices (by cutting off services) or only do business with websites that do?  After all, Cloudflare is a U.S. based business.  Why shouldn’t companies that use its internet services be required to comply with the DMCA?  Here are some Cloudflare’s customers, pirate sites that don’t comply with DMCA requests.

 

While predictable piracy apologists spout tired talking points about slippery slopes, the truth is that this isn’t about censorship or abuse…it’s about creators trying to use the DMCA to legally remove pirated copies of their work from pirate sites.  Why should U.S. companies do business with piracy websites that flout U.S. law?  The only folks being abused here are the creators whose work ripped off so that  others can profit.