Cloudflare is urging the European Commission to exclude it from the upcoming Piracy Watch List, despite requests from several rightsholder groups for its inclusion. The company emphasizes that while it acknowledges concerns about piracy, it is committed to safeguarding user privacy and security. Instead, Cloudflare suggests that the EU’s Piracy Watch List should focus on pirate sites themselves, rather than being used as a platform for policy change or pressure on internet service providers.
Cloudflare’s Role and Services
As a major internet infrastructure provider, Cloudflare offers services that include content delivery networks (CDNs), DDoS protection, and internet security. It works with millions of clients, including Fortune 500 companies, government agencies, and smaller enterprises. However, the company has been criticized by copyright holders, who accuse Cloudflare of indirectly supporting piracy by offering its services to pirate sites. These sites use Cloudflare’s protection and content distribution services to shield themselves from attacks and manage their bandwidth, making piracy enforcement more challenging for rights holders.
Concerns from Rightsholders
In preparation for the EU’s biannual ‘Counterfeit and Piracy Watch List’, various rightsholders, including IFPI (International Federation of the Phonographic Industry) and Video Games Europe, have raised concerns about Cloudflare. They argue that the company enables piracy by providing services to sites that infringe copyright, but doesn’t disclose the identity of these sites’ operators without a court order or subpoena. Rightsholders argue that Cloudflare should cooperate more proactively by sharing contact information of the operators and ceasing its services to pirate sites.
IFPI claims that Cloudflare only provides hosting location information in response to abuse reports and does not voluntarily provide details of the pirate site operators. Similarly, Video Games Europe highlighted Cloudflare’s role in facilitating pirated content delivery without sharing operator contact details or halting services to infringing sites.
Cloudflare’s Response
Cloudflare acknowledges the concerns raised by rights holders but argues that it should not be tasked with determining whether piracy complaints are valid. The company contends that doing so would compromise user privacy rights and security. It stresses that it is not in the position to act as an anti-piracy enforcer, pointing out that it provides infrastructure services that protect the privacy of all users online.
Cloudflare suggests that the EU’s Piracy Watch List should remain focused on pirate sites and services, rather than using the list as a mechanism for pressuring companies to adopt specific anti-piracy policies. Cloudflare’s stance is that the list should be based on verified allegations of illegal activity, rather than requests for broader policy changes that could undermine privacy rights.
Piracy vs. Privacy
A key issue raised by Cloudflare is the trade-off between piracy enforcement and user privacy. Rightsholders have complained about technologies like Encrypted Client Hello (ECH), which helps to prevent the monitoring of online traffic by third parties. While ECH can make it more difficult to block pirate sites, Cloudflare argues that such privacy protections should not be sacrificed in the name of anti-piracy efforts. The company asserts that embracing new technologies that safeguard online privacy and security is vital for the long-term economic development of Europe, even if they complicate piracy enforcement.
Cloudflare warns that focusing solely on combating piracy by limiting technological advancements could have harmful long-term consequences for privacy and security online. It cautions the EU against broad-brush policy proposals that restrict the tools and technologies that can enhance user protection on the internet.
Collaboration with Rightsholders and Law Enforcement
Despite these concerns, Cloudflare is open to working with rightsholders and law enforcement. The company has implemented a trusted reporter program, where recognized organizations can report copyright infringements. When an infringement is flagged, Cloudflare shares additional details such as the origin IP addresses of pirate sites. However, the company stresses that it is not legally obligated to terminate customer accounts for receiving repeated complaints.
Cloudflare believes that its role in disclosing hosting provider details is sufficient. It points out that even without Cloudflare’s services, pirate sites are typically hosted by third-party providers, and removing Cloudflare’s protection would not necessarily stop piracy. Essentially, pirate sites can still operate with different infrastructures, making Cloudflare’s involvement in piracy enforcement a secondary factor at best.
Shifting the Focus
Cloudflare argues that rightsholders should move away from using policy advocacy as a tool for addressing piracy. Instead, they should focus on identifying and targeting pirate sites directly in the marketplace. The company urges the EU to avoid using the Piracy Watch List as a platform to advocate for new policies that could undermine user privacy and security.
In conclusion, while Cloudflare acknowledges the concerns about piracy, it asserts that protecting privacy and security should not be compromised in the process. The company encourages a more focused approach that targets pirate websites and illegal services, rather than turning intermediaries like Cloudflare into the primary target of policy discussions.