Copyright holders have made serious work of website blocking in recent years, expanding the practice to over forty countries worldwide.
In Germany, for example, the largest Internet providers agreed to voluntarily block pirate sites as part of a deal they struck with rightsholders.
These blockades, which are put in place following a thorough vetting process, are generally implemented at DNS level. This is a relatively easy option, as all ISPs have their own DNS resolvers.
The downside of this simple measure is that it’s easy to bypass. Instead of using the ISPs’ DNS resolvers, subscribers can switch to public alternatives offered by Cloudflare, Google, OpenDNS, or Quad9. This relatively simple change usually renders blocking efforts useless.
Pirate Site DNS Blocking
Copyright holders are aware of this weakness. In an attempt to broaden the impact of their anti-piracy efforts, they sued Quad9, which was required to implement a global pirate site blockade. Meanwhile, Cloudflare also found itself in the crosshairs.
The German branch of Universal Music previously sued Cloudflare for offering its services to pirate site DDL-Music. The Internet infrastructure company lost this legal battle in the first instance, before the case moved to the Higher Regional Court of Cologne.
The appeal wasn’t just about Cloudflare terminating services to DDL-Music as a customer but also the implementation of an expanded DNS blockade. Universal demanded that Cloudflare should block the pirate site for all users of its publicly available 126.96.36.199 DNS resolver.
Last month, the Higher Court concluded that Cloudflare doesn’t have to take any measures on its public DNS resolver in response to copyright complaints, as the service operates in a purely passive, automatic, and neutral manner. As a pass-through service, it is not liable for third-party actions under German and EU law.
In a blog post, Cloudflare’s Senior Associate General Counsel, Patrick Nemeroff, applauds the verdict. The American company has always argued that public DNS resolvers are neutral services.
Nemeroff notes that DNS servers are not a good place to try to moderate content on the Internet. This isn’t just disproportionate but also ineffective.
“That’s a position we’ve long advocated, because blocking through public resolvers is ineffective and disproportionate, and it does not allow for much-needed transparency as to what is blocked and why,” he writes.
Cloudflare equates its DNS resolver to a phone book that people historically used to look up someone’s number. In a similar vein, DNS servers link a domain name to an IP-address, allowing people to access a website without having to memorize a string of numbers.
Blocking a domain by tampering with a DNS resolver doesn’t take down the website. People can still use alternative DNS providers, build their own DNS solution, or simply enter the site’s IP-address manually.
“[I]t’s not even effective. Traditionally, website operators or hosting providers are ordered to remove infringing or illegal content, which is an effective way to make sure that information is no longer available.
“A DNS block works only as long as the individual continues to use the resolver, and the content remains available and will become accessible again as soon as they switch to another resolver, or build their own,” Nemeroff adds.
Copyright holders are aware of this, of course, and would counter that doing something is better than nothing at all. At the moment, many ISPs also rely on DNS blockades and that tends to stop at least part of the traffic to pirate sites.
Cloudflare stresses that public DNS resolvers shouldn’t be compared to ISPs’ DNS servers. The main difference lies in the audience, which is global in Cloudflare’s case. This means that basic DNS blockades would apply globally too.
“[P]ublic DNS resolvers aren’t the same as DNS resolvers operated by a local ISP. Public DNS resolvers typically operate the same way around the globe. That means that if a public resolver applied the block the way an ISP does, it would apply everywhere.”
There are technical solutions to apply blockades more locally over DNS, but that would require more data gathering, which limits the privacy of the public at large.
“Blocking orders directed at public resolvers would require the collection of information about where the requests are coming from in order to limit these negative impacts while demonstrating compliance. That would be bad for personal privacy and bad for the Internet.”
The Fight Continues
The verdict of the Higher Regional Court is not entirely positive for Cloudflare, as it further clarified that the company can be held liable for pirate sites that use its CDN services. The case at hand revolves around DDL-Music, which is already defunct, but in future could expand to other Cloudflare customers such as The Pirate Bay.
In addition, the DNS battle isn’t over either. There are similar legal battles ongoing against other providers such as Quad9 while Cloudflare itself has been targeted in Italy as well.
“While the Higher Regional Court’s decision represents important progress on the DNS issue, the fight over how best to address online infringement continues,” Cloudflare notes.
Cloudflare says that it will continue to protest such orders going forward and hopes that the Higher Regional Court’s reasoning on the DNS issue, which is partly grounded in EU law, will help to that end.
“This decision marks further progress in Cloudflare’s fight to ensure that efforts to address online infringement are compatible with the technical nature of various Internet services, and with important legal and human rights principles around due process, transparency, and proportionality.”
“We will continue that battle both through public advocacy and, as necessary, through litigation, as one more part of helping build a better Internet,” Nemeroff concludes.