Earlier this month several copyright holder groups sent their annual “Notorious Markets” complaints to the U.S. Trade Representative (USTR).
The recommendations are meant to call out well-known piracy sites, apps, and services, but Cloudflare is frequently mentioned as well.
The American CDN provider can’t be officially listed since it’s not a foreign company. However, rightsholders have seizes the opportunity to point out that the CDN service helps pirate sites with their infringing activities.
The MPA and RIAA, for example, wrote that Cloudflare frustrates enforcement efforts by helping pirate sites to “hide” their hosting locations. In addition, the Hollywood-affiliated Digital Citizens Alliance (DCA) pointed out that the company helps pirate sites to deliver malware.
This week Cloudflare responded to these allegations. In a rebuttal, sent to the USTR’s Director for Innovation and Intellectual Property, General Counsel Doug Kramer writes that these reports are not an accurate representation of how the company operates.
“My colleagues and I were frustrated to find continued misrepresentations of our business and efforts to malign our services,” Kramer writes.
“We again feel called on to clarify that Cloudflare does not host the referenced websites, cannot block websites, and is not in the business of hiding companies that host illegal content–all facts well known to the industry groups based on our ongoing work with them.”
Kramer points out that the copyright holder groups “rehash” previous complaints, which Cloudflare previously rebutted. In fact, some parts of the CDN provider’s own reply are rehashed too, but there are several new highlights as well.
For example, the USTR’s latest review specifically focuses on malware issues. According to Cloudflare, its services are specifically aimed at mitigating such threats.
“Our system uses the collective intelligence from all the properties on our network to support and immediately update our web application firewall, which can block malware at the edge and prevent it from reaching a site’s origin server. This protects the many content creators who use our services for their websites as well as the users of their websites, from malware,” Kramer writes.
The DCA’s submission, which included a 2016 report from the group, is out of date and inaccurate, Cloudflare says. Several of the mentioned domains are no longer Cloudflare customers, for example. In addition, the DCA never sent any malware complaints to the CDN service.
Cloudflare did previously reach out to the DCA following its malware report, but this effort proved fruitless, the company writes.
“Despite our repeated attempts to get additional information by either
phone or email, DCA cancelled at least three scheduled calls and declined to provide any specific information that would have allowed us to verify the existence of the malware and protect users from malicious activity online,” Kramer notes.
Malware aside, the allegations that Cloudflare helps pirate sites to ‘hide’ their hosting locations are not entirely true either.
Kramer points out that the company has a “Trusted Reporter” program which complainants, including the RIAA, use frequently. This program helps rightsholders to easily obtain the actual hosting locations of Cloudflare customers that engage in widespread copyright infringement.
Although Cloudflare admits that it can’t stop all bad actors online, it will continue to work with the RIAA, MPA, and others to provide them with all the information they need for their enforcement efforts.
None of this is new though. Year after year the same complaints come in and Cloudflare suggests that copyright holders are actually looking for something else. They would like the company to terminate accounts of suspected pirate sites. However, the CDN provider has no intention to do so.
“Their submissions to the Notorious Markets process seem intended to pressure Cloudflare to take over efforts to identify and close down infringing websites for them, but that is something that we are not obligated to do,” Kramer says.
While it would be technically possible, it would require the company to allocate considerable resources to the task. These resources are currently needed to pursue its primary goal, which is to keep the Internet secure and protect users from malware and other risks.
It’s clear that Cloudflare doesn’t want to take any action against customers without a court order. While it has occasionally deviated from this stance by kicking out Daily Stormer and 8Chan, pirate sites are on a different level.
A copy of the letter Cloudflare’s General Counsel Doug Kramer sent to the USTR’s Director for Innovation and Intellectual Property, Jacob Ewerdt, is available here (pdf).