Writing about online piracy and Google is a bit like living in the movie Groundhog Day. Day after day reality repeats itself. However, unlike Groundhog Day, there are no minor changes in the timeline that lead to a different outcome. When it comes to Google Drive and piracy, the story remains the same, day after day, year after year.
I’ve written about Google Drive several times over recent years, highlighting its ongoing role in giving online pirates convenient (and free) storage to make it easy for them to “share” pirated movies. Aside from providing a safe haven for pirated content, Google also blatantly defies the “safe harbor” a DMCA requirement that infringing material be “expeditiously” removed…..In reality, it can take weeks for reported links to be removed from Google Drive.
(1) In general.—A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider— (A) (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing; (ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or (iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;
(i) Conditions for Eligibility.— (1) Accommodation of technology.—The limitations on liability established by this section shall apply to a service provider only if the service provider— (A) has adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers; …
Here are some images from very the same Google Drive account reported multiple times in October of 2017 for several dozen infringing titles, and again in 2018 and 2019. Despite being reported for dozens of pirated movies (many of the same titles) over several years, the account remained online.
Graphic from 2017Graphic from 2019
Despite dozens of DMCA notices over years the account remains untouched
Now, in 2020, the same Google Drive account (folder beginning with OB4Q) remains active and has re-uploaded infringing links (this time as torrent downloads) to the very same films previously removed.
Not to beat a dead horse, but why is Google allowed to sidestep the DMCA safe harbor requirements? Like other big tech companies, Google seems to routinely operate above the law. I guess having a well-paid gang of lobbyists in Washington has its benefits eh?
For easy reference, here are some of my past posts about this notorious Google Drive account from 2017 through 2019:
Of course, Google Drive piracy doesn’t damage only indie filmmakers like me. Even the big guys seem ripe for the picking. Unlike Google’s YouTube, Google Drive doesn’t provide any Content ID technology that would allow content creators (some) means to protect their work from this rampant theft. Here’s a Google Drive account I came across recently featuring dozens of Disney films. So much for needing to pay to subscribe to Disney+ eh?
UPDATE: It seems that Lumen database has finally acknowledged that there is an issue and seen the light. Its operators have announced an important change, limiting access to actual infringing links. Per Torrent Freak:
In a nutshell, takedown notices presented in Lumen’s database will no longer list the precise URLs targeted by copyright holders. Instead, as the image below illustrates, the notices only list how many URLs were targeted at specific domains.
I’ve written about the Lumen, formerly “chilling effects” DMCA database in the past and how it “makes a mockery of the DMCA.” I’ve also pointed out that the site provides a repository for links to to pirated downloads and streams even after they’ve been reported for copyright infringement. Now, with the release of a new browser extension for Chrome and Opera, the database’s questionable practices are in the spotlight once more. The extension, aptly anointed “Google Unlocked,” makes it easy for users to once to bypass takedowns and once again use the search engine to find pirated links to their favorite movies. Its developers claim:
The extension scans hidden links that were censored on Google search results due to complaints. The tool scans those complaints and extracts the links from them, puts the links back into Google results, all in a matter of seconds.
Why are removed links still available online?
When Google removes a link reported for infringement from in its search results it conveniently (for would-be pirates) replaces the removed material with a disclaimer that, in turn, features a link to the original DMCA notice (on Lumendatabase.org) which includes infringing URLs.
Below is an example found today when searching for Captain Marvel downloads on Google.
Notice the Lumen link . Clicking that leads to the original DMCA notice and the list of reported infringing links which, when I chose one randomly, led me to an actual pirated download of the film. Piracy lives!
However, using this extension makes even such rudimentary mouse clicks moot. Basically it seems to, for all intents and purposes, undo Google’s tepid effort to comply with the DMCA. Since operators of Lumen Database refuse to redact any portion of the infringing URLs found in the DMCA notices in its database, this new extension easily restores the pirate links. According to Torrent Freak:
Since by its very nature the tool searches for allegedly infringing links, we aren’t going to demonstrate those here. Safe to say, however, the tool does scan LumenDatabase as advertised and all the removed links do get embedded in the search result page itself, very large numbers of links in some instances.
Lumen provides pirate links with eternal life online
Several years ago I actually tried to bring further attention to this problem by sending Lumen (then Chilling Effects) Database a DMCA notice for my own film. We went through the usual song and dance. I sent the notice, they sent a counter-notice, and when I couldn’t go to court to enforce the takedown, the DMCA notice containing the pirate links went be online. As a creator with no bevy of lawyers at my disposal, I had no alternative and I knew it. I did it to raise awareness.
I even raised this issue in front of various industry stakeholders (including Google) at a 2016 U.S. Copyright Section 512 roundtable discussion in San Francisco. Here’s part of what I said at the the time:
Google removes the link from the search results, yet provides a link to the document that actually has the same link in it. So it may be following the letter of the law. But I don’t think it follows the spirit of the law. And I’m not suggesting that the Lumen Database shouldn’t exist. I think it’s important and I know Berkeley Law used that extensively in their most recent study. But what I would suggest is maybe using technology to redact a little bit of the URL. And researchers who really want to go and look at the information could go to Lumen and actually get the DMCA notice. But it doesn’t need to be so convenient that a user looking for pirated content can find it so easily.
Per usual, my remarks were ignored and the LumenDatabase.org continued its dubious practice of listing all the infringing links in full. Perhaps this new extension, Google Unlocked, will cause some to rethink this approach and pay close attention to Google’s sleight of hand when it comes to compliance with the DMCA. Hey, how about revisiting the DMCA entirely while we’re at it? A girl can dream…..
The DMCA (Digital Millennium Copyright Act) was signed into law nearly 20 years ago….yet here we are today, same old tired law but with an online ecosystem vastly different from what existed 2 decades ago. Despite this, no one in Congress seems in any great hurry to update law and as they drag their feet, creative artists continue to pay the price.
For creators trying to safeguard their work from online theft this leaves them with only one option, the DMCA takedown notice. This antiquated process works ok in very limited instances, but for most filmmakers (and musicians) dealing with a large volume of infringements, it’s like using an umbrella to stay dry beneath Niagara Falls. Not only is it inadequate, but the truth is– it’s a joke. Why? Because the DMCA’s safe harbor provision provides loopholes allowing many of tech’s piracy enablers–U.S. based companies play a significant role in allowing pirates entrepreneurs to pimp their stolen content across the globe–to sidestep any legal liability and happily accept the tainted profits filling their cash drawers.
It’s not news that pirate websites are hosted offshore, hidden behind multiple layers of purposeful obfuscation. Most don’t offer a way to remove content via the DMCA and offer this disclaimer: “This site does not store any files on its server. All contents are provided by non-affiliated third parties.” Of course these sites make it nearly impossible to uncover the actual identity of these “third parties” while offering up streams (and earning ad revenue) off hundreds of pirated movies.
In fact, to find out the exact domain or IP where pirate servers are located requires some detective work, parsing through source code using something like Firebug or developer tools on Chrome. Even if one figures out the source, removing the pirated content is quite another matter since these shadowy sites also ignore the DMCA. Located offshore, behind privacy curtains, they stay outside the reach of U.S. law.
They may be outside the reach of U.S. law, but they seem to have no problem depending on U.S. companies for parts of their infrastructure. Peel back more layers of the onion and you’ll find that in fact, there are U.S. based companies that provide a crucial services to efficiently deliver the pirated movies to viewers around the world. One of the major players in this ecosystem is Cloudflare, a CDN (content delivery network) that currently handles about 10% of internet requests.
ILLEGAL PIRACY SITES DO THEIR BEST TO HIDE WHILE CLOUDFLARE HELPS KEEP THEM IN BUSINESS
What does Cloudflare do exactly? According to its website: “Here at Cloudflare, we make the Internet work the way it should.” Well, maybe….but just as it assists legit sites (like voxindie.org) in operating smoothly, it also aids and abets (and profits) from criminal sites that market in stolen goods, like pirated films.
Just in the last couple weeks, I’ve run across many pirate sites and streaming servers that depend on Cloudflare to deliver their pirated movies to visitors. For the purposes of this piece, I’ll focus on a couple examples…but it’s basically the same scenario with site after site I researched.
Let’s take a pirate site called Go Movies (I’ll refrain from providing the exact domain for obvious reasons). It features hundreds of pirated movies and TV shows including titles still in theaters like Blade Runner
and Mother. Though the site has a DMCA button that links to verbiage, it’s a sham. Nowhere does it actually give you a way to contact them to send a takedown notice. A WHOIS search reveals the domain owners hide behind privacy protection service based in Moscow. It also lists Cloudflare as providing its name servers.
The scenario is the same when it comes to the actual source of the streaming file. Using web developer tools, I determined the pirated movie I was investigating was hosted on lemonstream.me. Lemonstream.me doesn’t really have a website. If you try to go to there you’ll just get a 403 Forbidden error message, but that’s where the files originated. There’s a myriad of encrypted code sent from the pirate website (Go Movies) to call up the specific file (in pieces), but a WHOIS search for the domain, it reveals site owners hiding behind another Moscow-based privacy service. What do these sites have in common? The fact that U.S. based Cloudflare provides its name servers for both.
Cloudfare profits off piracy websites
Since these offshore pirate websites ignore the DMCA, will sending a DMCA notice to Cloudflare get you anywhere in a quest to remove the pirated movies? Well you can try, but in reality it’s an utter waste of time.
In a case involving another pirate site, vidzi.tv I tried getting 40 links removed. Vidzi.tv repeatedly ignored my DMCA email requests so I tried sending one to Cloudflare (its namerserver provider). When nothing came of the email, I tried using Cloudflare’s clunky web form (that limits you to 10 URLs at a time). I only received an acknowledgement that my request was received. It’s a worthless pursuit. Nothing changes. The pirated movie remains online…all 40 links, and Cloudshare still profits from the business of thieves.
CLOUDFLARE MADE HEADLINES BY TERMINATING NAZI WEBSITE’S SERVICES
Cloudflare recently made headlines after the company reluctantly terminated the account for the neo-Nazi website The Daily Stormer. The company explained their decision this way:
Earlier today, Cloudflare terminated the account of the Daily Stormer. We’ve stopped proxying their traffic and stopped answering DNS requests for their sites. We’ve taken measures to ensure that they cannot sign up for Cloudflare’s services ever again.
Our terms of service reserve the right for us to terminate users of our network at our sole discretion. The tipping point for us making this decision was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology.
Of course for Cloudflare, customers that offer up infringing content illegally are not subject to the same scrutiny. Included in its statement as to why it removed The Daily Stormer account was this nugget absolving the company of responsibility when its customers break laws:
…we’ve always said that our policy is to follow the guidance of the law in the jurisdictions in which we operate. Law enforcement, legislators, and courts have the political legitimacy and predictability to make decisions on what content should be restricted. Companies should not.
As tech comes under overdue scrutiny, perhaps its time to again ask the question as to why it’s OK for companies like Cloudflare to openly do business with sites engaging in illegal activity. I’m not the first one to raise this issue. The company was on the losing end of a recent court decision when a district court ruled that the companymust honor a permanent injunction awarded the RIAA against notorious pirate site MP3Skull and its CEO will also be deposed in another piracy related case so there’s hope that the company may be more responsive to DMCA requests.
REVISE THE DMCA TO CLARIFY THE ROLE AND LIABILITY OF INTERMEDIARIES THAT DO BUSINESS WITH PIRACY SITES THAT WON’T COMPLY WITH THE DMCA
Going forward, why leave it up to interpretation? Why not clarify the responsibility of intermediary companies in the DMCA notice and takedown process.
Why not update the DMCA to require that companies like Cloudflare that provide intermediary services be required to either comply with takedown notices (by cutting off services) or only do business with websites that do? After all, Cloudflare is a U.S. based business. Why shouldn’t companies that use its internet services be required to comply with the DMCA? Here are some Cloudflare’s customers, pirate sites that don’t comply with DMCA requests.
While predictable piracy apologists spout tired talking points about slippery slopes, the truth is that this isn’t about censorship or abuse…it’s about creators trying to use the DMCA to legally remove pirated copies of their work from pirate sites. Why should U.S. companies do business with piracy websites that flout U.S. law? The only folks being abused here are the creators whose work ripped off so that others can profit.
When people talk about effective ways to mitigate the impact of online piracy, YouTube’s Content ID is often used as an example of what works. Unfortunately, despite its role as poster boy for anti-piracy tech, in reality it falls flat as a gatekeeper against online piracy.
Aside from a labyrinth-like user interface that seems likely to have been designed–not to help– but to discourage rights holders from using Content ID, the actual fingerprinting technology behind it can be easily fooled.
YouTube introduced the Content ID system in 2007. At the time, the company was facing pressure from a Viacom lawsuit, among others. According to YouTube, it’s pretty straightforward:
Videos uploaded to YouTube are scanned against a database of files that have been submitted to us by content owners. Copyright owners get to decide what happens when content in a video on YouTube matches a work they own. When this happens, the video gets a Content ID claim.
Looking to make money off work they don’t own, clever YouTube users have discovered ways to fool the technology so their illegal uploads of copyrighted movies and music don’t get flagged, blocked or removed.
I began noticing this phenomenon more lately as I’ve begun to find full, infringing copies of films uploaded that matched content owned by a film distributor I work for. This seems to be happening more often and I was curious as to how these pirated copies had avoided detected by Content ID. When I looked closely I saw that subtle manipulations in brightness had taken place along with slight adjustments to frame size and sometimes the crop of the frame.
When I started poking around YouTube to find other examples of these uploads they were easy to find. It only took me a few minutes to find dozens of copies of a variety of full copyrighted movies, old and new. One title I came across was the movie, Everest. Below are screen captures from two different full uploads of the movie I found streaming on YouTube.
Two full copies of the movie Everest uploaded to YouTube.
In this case the uploader had used several techniques to avoid detection including reversing the frame (note the backwards title), darkening the lower part of the frame and cropping it. Of course, having recently viewed the film on HBO, watching a lousy copy like this on YouTube wouldn’t be my choice, but apparently others didn’t mind. Uploaded only a month ago, the movie had already racked up more than 16,000 views.
Pirate uploads make money for uploader and for YouTube
Why go to all this trouble to manipulate a movie for upload to YouTube? Well, it’s the age-old pirate motivator–money. This uploader, who goes by the name Kenneth Lamb, has claimed ownership of this content and monetized it with ads. He makes money. YouTube makes money. The movie’s actual production companies make nothing.
This YouTube user claims to own rights to Everest movie worldwide and makes money off ads
In an ironic twist, several of the ads that appeared when I was examining (and reloading) this pirated copy of the film were for films including DreamWork’s upcoming movie Trolls and Warner Brother’s Jason Bourne.It’s more than a tad ironic that Hollywood studios are (inadvertently) putting cash in YouTube’s hands via advertising on a pirated copy for one of its own productions.
Ultimate irony that ads for upcoming movie releases are featured on pirated copies of Hollywood films
I don’t deal with music or audio files on YouTube but there are similar manipulations happening there as well where uploaders resample, add noise, etc. to fool the Content ID system into ignoring the file.
What can YouTube do to fix this growing problem? Per usual, the list is long and varied, but begins with asking Google engineers to design better fingerprinting tech. There are other companies that offer digital fingerprinting technology seem to do a better job catching these circumventions. If I can easily uncover an upload is a copy of the movie Everest, why can’t Content ID? You can’t tell me that with all its financial (and technological) resources YouTube doesn’t means to upgrade its system?
Technological solutions exist. It’s just a matter of priorities. Stopping piracy isn’t a priority for YouTube.
Aside from updating its fingerprinting capabilities, YouTube could also improve the Content ID system through providing a better interface, more transparency, better compensation for artists, etc. Of course again that would mean lower profits for Google/YouTube so such straightforward fixes are unlikely. Meanwhile, YouTube makes great hay out of its concerns for poor, maligned users who may have received an erroneous DMCA notice. The company is willing to spend money to defend a few select uploaders but won’t spend resources to fix its broken Content ID system?
Operating only a marginal (not great) Content ID system is in YouTube’s best interests
Of course the powers that be at YouTube probably prefer to keep Content ID just the way it is–creaking along, occupying a neutral zone positioned between accolades and scorn. It’s a safe position, one that gives YouTube officials cover when they use disingenuous excuses about their anti-piracy practices to critics, while avoiding any real (legal or financial) consequences.
Content ID does the job just well enough….but that doesn’t mean it does a good job. It could serve as a true model for technological safeguards against piracy, but as now, it’s merely a slight bump in the road for those determined to steal and monetize the works of others. Meanwhile, YouTube continues to pocket advertising cash, make its stockholders happy while leaving filmmakers and musicians on the outside, looking in.
Google touts its efforts against piracy on its various platforms, yet, when push comes to shove, the talk is generally more bark than bite. Much has been made about pledges to down rank or flag repeat offender pirate sites via its search engine, but little mention of another Google product where pirates find safe haven, Google Drive.
Per its own abuse FAQ, Google warns that repeat offenders will have their accounts closed:
Respect copyright laws. Do not share copyrighted content without authorization or provide links to sites where your readers can obtain unauthorized downloads of copyrighted content. It is our policy to respond to clear notices of alleged copyright infringement. Repeated infringement of intellectual property rights, including copyright, will result in account termination. If you see a violation of Google’s copyright policies, report copyright infringement.
Yet, in reality, this pledge rings hollow. In the past couple months I’ve sent Google numerous DMCA notices requesting the removal of infringing content from a particular Google Drive account. After reviewing the DMCA notice, Google eventually removed the pirated films reported, but the Drive account itself remains active. As of today, May 12th, 2017, the account continues to host and share dozens and dozens of other pirated films. How much is enough Google?
On YouTube account holders get three strikes before their account is closed. Meanwhile, on Google Drive, it appears that one can pile up strikes with no penalty. Why does Google drag its feet? Perhaps it’s because Google Drive accounts are not front and center. One has to know where to look. Fact is that many pirate sites have taken to using Google Drive as a favored repository for stolen content. Upload to drive and share the links and face no penalty.
On YouTube, account holders are allowed three strikes before their account is closed. Meanwhile, on Google Drive, despite warnings to the contrary, it appears that users can pile up strikes with no penalty. Why does Google drag its feet? Perhaps it’s because, unlike YouTube or search, Google Drive accounts operate behind the scenes. One has to know where to look. Fact is, this is one reason many pirate sites have taken to using Google Drive as a favored repository for stolen content. Google has made it (free) and easy to upload stolen content to Drive and share the links with no consequence.
Time for Google to expand Content ID matching to Google Drive so that the hidden pirates can be ferreted out and Google be held accountable
As an indie film and broadcast journalism veteran, I'll share my perspectives on issues of interest to the creative community and beyond--Ellen Seidler
