The DMCA (Digital Millennium Copyright Act) was signed into law nearly 20 years ago….yet here we are today, same old tired law but with an online ecosystem vastly different from what existed 2 decades ago. Despite this, no one in Congress seems in any great hurry to update law and as they drag their feet, creative artists continue to pay the price.
For creators trying to safeguard their work from online theft this leaves them with only one option, the DMCA takedown notice. This antiquated process works ok in very limited instances, but for most filmmakers (and musicians) dealing with a large volume of infringements, it’s like using an umbrella to stay dry beneath Niagara Falls. Not only is it inadequate, but the truth is– it’s a joke. Why? Because the DMCA’s safe harbor provision provides loopholes allowing many of tech’s piracy enablers–U.S. based companies play a significant role in allowing pirates entrepreneurs to pimp their stolen content across the globe–to sidestep any legal liability and happily accept the tainted profits filling their cash drawers.
It’s not news that pirate websites are hosted offshore, hidden behind multiple layers of purposeful obfuscation. Most don’t offer a way to remove content via the DMCA and offer this disclaimer: “This site does not store any files on its server. All contents are provided by non-affiliated third parties.” Of course these sites make it nearly impossible to uncover the actual identity of these “third parties” while offering up streams (and earning ad revenue) off hundreds of pirated movies.
In fact, to find out the exact domain or IP where pirate servers are located requires some detective work, parsing through source code using something like Firebug or developer tools on Chrome. Even if one figures out the source, removing the pirated content is quite another matter since these shadowy sites also ignore the DMCA. Located offshore, behind privacy curtains, they stay outside the reach of U.S. law.
They may be outside the reach of U.S. law, but they seem to have no problem depending on U.S. companies for parts of their infrastructure. Peel back more layers of the onion and you’ll find that in fact, there are U.S. based companies that provide a crucial services to efficiently deliver the pirated movies to viewers around the world. One of the major players in this ecosystem is Cloudflare, a CDN (content delivery network) that currently handles about 10% of internet requests.
ILLEGAL PIRACY SITES DO THEIR BEST TO HIDE WHILE CLOUDFLARE HELPS KEEP THEM IN BUSINESS
What does Cloudflare do exactly? According to its website: “Here at Cloudflare, we make the Internet work the way it should.” Well, maybe….but just as it assists legit sites (like voxindie.org) in operating smoothly, it also aids and abets (and profits) from criminal sites that market in stolen goods, like pirated films.
Just in the last couple weeks, I’ve run across many pirate sites and streaming servers that depend on Cloudflare to deliver their pirated movies to visitors. For the purposes of this piece, I’ll focus on a couple examples…but it’s basically the same scenario with site after site I researched.
Let’s take a pirate site called Go Movies (I’ll refrain from providing the exact domain for obvious reasons). It features hundreds of pirated movies and TV shows including titles still in theaters like Blade Runner
and Mother. Though the site has a DMCA button that links to verbiage, it’s a sham. Nowhere does it actually give you a way to contact them to send a takedown notice. A WHOIS search reveals the domain owners hide behind privacy protection service based in Moscow. It also lists Cloudflare as providing its name servers.
The scenario is the same when it comes to the actual source of the streaming file. Using web developer tools, I determined the pirated movie I was investigating was hosted on lemonstream.me. Lemonstream.me doesn’t really have a website. If you try to go to there you’ll just get a 403 Forbidden error message, but that’s where the files originated. There’s a myriad of encrypted code sent from the pirate website (Go Movies) to call up the specific file (in pieces), but a WHOIS search for the domain, it reveals site owners hiding behind another Moscow-based privacy service. What do these sites have in common? The fact that U.S. based Cloudflare provides its name servers for both.
Cloudfare profits off piracy websites
Since these offshore pirate websites ignore the DMCA, will sending a DMCA notice to Cloudflare get you anywhere in a quest to remove the pirated movies? Well you can try, but in reality it’s an utter waste of time.
In a case involving another pirate site, vidzi.tv I tried getting 40 links removed. Vidzi.tv repeatedly ignored my DMCA email requests so I tried sending one to Cloudflare (its namerserver provider). When nothing came of the email, I tried using Cloudflare’s clunky web form (that limits you to 10 URLs at a time). I only received an acknowledgement that my request was received. It’s a worthless pursuit. Nothing changes. The pirated movie remains online…all 40 links, and Cloudshare still profits from the business of thieves.
CLOUDFLARE MADE HEADLINES BY TERMINATING NAZI WEBSITE’S SERVICES
Cloudflare recently made headlines after the company reluctantly terminated the account for the neo-Nazi website The Daily Stormer. The company explained their decision this way:
Earlier today, Cloudflare terminated the account of the Daily Stormer. We’ve stopped proxying their traffic and stopped answering DNS requests for their sites. We’ve taken measures to ensure that they cannot sign up for Cloudflare’s services ever again.
Our terms of service reserve the right for us to terminate users of our network at our sole discretion. The tipping point for us making this decision was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology.
Of course for Cloudflare, customers that offer up infringing content illegally are not subject to the same scrutiny. Included in its statement as to why it removed The Daily Stormer account was this nugget absolving the company of responsibility when its customers break laws:
…we’ve always said that our policy is to follow the guidance of the law in the jurisdictions in which we operate. Law enforcement, legislators, and courts have the political legitimacy and predictability to make decisions on what content should be restricted. Companies should not.
As tech comes under overdue scrutiny, perhaps its time to again ask the question as to why it’s OK for companies like Cloudflare to openly do business with sites engaging in illegal activity. I’m not the first one to raise this issue. The company was on the losing end of a recent court decision when a district court ruled that the companymust honor a permanent injunction awarded the RIAA against notorious pirate site MP3Skull and its CEO will also be deposed in another piracy related case so there’s hope that the company may be more responsive to DMCA requests.
REVISE THE DMCA TO CLARIFY THE ROLE AND LIABILITY OF INTERMEDIARIES THAT DO BUSINESS WITH PIRACY SITES THAT WON’T COMPLY WITH THE DMCA
Going forward, why leave it up to interpretation? Why not clarify the responsibility of intermediary companies in the DMCA notice and takedown process.
Why not update the DMCA to require that companies like Cloudflare that provide intermediary services be required to either comply with takedown notices (by cutting off services) or only do business with websites that do? After all, Cloudflare is a U.S. based business. Why shouldn’t companies that use its internet services be required to comply with the DMCA? Here are some Cloudflare’s customers, pirate sites that don’t comply with DMCA requests.
While predictable piracy apologists spout tired talking points about slippery slopes, the truth is that this isn’t about censorship or abuse…it’s about creators trying to use the DMCA to legally remove pirated copies of their work from pirate sites. Why should U.S. companies do business with piracy websites that flout U.S. law? The only folks being abused here are the creators whose work ripped off so that others can profit.
When people talk about effective ways to mitigate the impact of online piracy, YouTube’s Content ID is often used as an example of what works. Unfortunately, despite its role as poster boy for anti-piracy tech, in reality it falls flat as a gatekeeper against online piracy.
Aside from a labyrinth-like user interface that seems likely to have been designed–not to help– but to discourage rights holders from using Content ID, the actual fingerprinting technology behind it can be easily fooled.
YouTube introduced the Content ID system in 2007. At the time, the company was facing pressure from a Viacom lawsuit, among others. According to YouTube, it’s pretty straightforward:
Videos uploaded to YouTube are scanned against a database of files that have been submitted to us by content owners. Copyright owners get to decide what happens when content in a video on YouTube matches a work they own. When this happens, the video gets a Content ID claim.
Looking to make money off work they don’t own, clever YouTube users have discovered ways to fool the technology so their illegal uploads of copyrighted movies and music don’t get flagged, blocked or removed.
I began noticing this phenomenon more lately as I’ve begun to find full, infringing copies of films uploaded that matched content owned by a film distributor I work for. This seems to be happening more often and I was curious as to how these pirated copies had avoided detected by Content ID. When I looked closely I saw that subtle manipulations in brightness had taken place along with slight adjustments to frame size and sometimes the crop of the frame.
When I started poking around YouTube to find other examples of these uploads they were easy to find. It only took me a few minutes to find dozens of copies of a variety of full copyrighted movies, old and new. One title I came across was the movie, Everest. Below are screen captures from two different full uploads of the movie I found streaming on YouTube.
Two full copies of the movie Everest uploaded to YouTube.
In this case the uploader had used several techniques to avoid detection including reversing the frame (note the backwards title), darkening the lower part of the frame and cropping it. Of course, having recently viewed the film on HBO, watching a lousy copy like this on YouTube wouldn’t be my choice, but apparently others didn’t mind. Uploaded only a month ago, the movie had already racked up more than 16,000 views.
Pirate uploads make money for uploader and for YouTube
Why go to all this trouble to manipulate a movie for upload to YouTube? Well, it’s the age-old pirate motivator–money. This uploader, who goes by the name Kenneth Lamb, has claimed ownership of this content and monetized it with ads. He makes money. YouTube makes money. The movie’s actual production companies make nothing.
This YouTube user claims to own rights to Everest movie worldwide and makes money off ads
In an ironic twist, several of the ads that appeared when I was examining (and reloading) this pirated copy of the film were for films including DreamWork’s upcoming movie Trolls and Warner Brother’s Jason Bourne.It’s more than a tad ironic that Hollywood studios are (inadvertently) putting cash in YouTube’s hands via advertising on a pirated copy for one of its own productions.
Ultimate irony that ads for upcoming movie releases are featured on pirated copies of Hollywood films
I don’t deal with music or audio files on YouTube but there are similar manipulations happening there as well where uploaders resample, add noise, etc. to fool the Content ID system into ignoring the file.
What can YouTube do to fix this growing problem? Per usual, the list is long and varied, but begins with asking Google engineers to design better fingerprinting tech. There are other companies that offer digital fingerprinting technology seem to do a better job catching these circumventions. If I can easily uncover an upload is a copy of the movie Everest, why can’t Content ID? You can’t tell me that with all its financial (and technological) resources YouTube doesn’t means to upgrade its system?
Technological solutions exist. It’s just a matter of priorities. Stopping piracy isn’t a priority for YouTube.
Aside from updating its fingerprinting capabilities, YouTube could also improve the Content ID system through providing a better interface, more transparency, better compensation for artists, etc. Of course again that would mean lower profits for Google/YouTube so such straightforward fixes are unlikely. Meanwhile, YouTube makes great hay out of its concerns for poor, maligned users who may have received an erroneous DMCA notice. The company is willing to spend money to defend a few select uploaders but won’t spend resources to fix its broken Content ID system?
Operating only a marginal (not great) Content ID system is in YouTube’s best interests
Of course the powers that be at YouTube probably prefer to keep Content ID just the way it is–creaking along, occupying a neutral zone positioned between accolades and scorn. It’s a safe position, one that gives YouTube officials cover when they use disingenuous excuses about their anti-piracy practices to critics, while avoiding any real (legal or financial) consequences.
Content ID does the job just well enough….but that doesn’t mean it does a good job. It could serve as a true model for technological safeguards against piracy, but as now, it’s merely a slight bump in the road for those determined to steal and monetize the works of others. Meanwhile, YouTube continues to pocket advertising cash, make its stockholders happy while leaving filmmakers and musicians on the outside, looking in.
GOOGLE LOOKS THE OTHER WAY AS PIRACY REPEAT OFFENDERS CONTINUE TO FLOURISH ON GOOGLE DRIVE
I wrote a piece recently about Google’s failure to punish “repeat offenders” on its Google Drive platform so I thought I’d give you another update. Despite having sent DMCA notices for 64 pirated titles (and having them all approved for takedown) the Google Drive account remains active and online, illegally sharing hundreds of pirated films. Note that I sent the DMCA takedown requests over several weeks to repeatedly report the same account holder.
Respect copyright laws. Do not share copyrighted content without authorization or provide links to sites where your readers can obtain unauthorized downloads of copyrighted content. It is our policy to respond to clear notices of alleged copyright infringement. Repeated infringement of intellectual property rights, including copyright, will result in account termination. [emphasis added] If you see a violation of Google’s copyright policies, report copyright infringement.
Yet in reality, the company does nothing. And, to make matters worse, while Google refuses to enforce its own policy, the account holder basically says F-you and replaces 57 of those pirated movies that were removed with new links to download via Google Drive and offline sites (mostly Openload.co).
The Google Drive account holder even created a convenient, separate folder (under zipped movies) where visitors can easily download the previously removed pirated films.
If Google had closed this Google Drive account it would have also closed the door on access to hundreds more pirated films. Given that the Google folks clearly have knowledge of this ongoing infringement–after all, its “team” reviewed the files for days before taking them down– why does it continue to get a free pass from liability via “safe harbor?” According to a Fenwick & West publication, “Your Safe Harbor Questions and Answers,” an entity must not only have a policy, but “reasonably implement” it:
What is a “repeat infringer,” and what must I do about repeat infringers? What should my “repeat infringer policy” look like? The DMCA is reasonably clear about the service provider’s obligation concerning users who repeatedly infringe copyrights: to be eligible for the safe harbor, the service provider must “adopt[] and reasonably implement[], and inform[] subscribers and account holders of, … [its] policy that provides for the termination in appropriate circumstances of subscribers and account holders … who are repeat infringers.” (§ 512(i)(1)(A), emphasis added.)
Breaking that down into smaller bites, you must: Adopt a written repeat infringer policy; Notify users of that policy (posting it on your website, as part of your terms of service or “Copyright Policy,” is appropriate); and Reasonably implement the policy. The policy can be complicated, but it can be as simple as this: “It is [OSP’s] policy, in appropriate circumstances, to terminate the accounts of members [or users] who are repeat infringers or are repeatedly charged with infringement.” This is all that is usually required.
Of course I’m not an attorney, but anyone with common sense has to ask how does Google continue to get away with this? The answer appears to be because Google does what Google wants and there’s no entity to stop them. As the current administration has shown, sometimes there seem to be few repercussions in ignoring the law.
WHAT ARE CREATORS SUPPOSED TO DO IN THE FACE OF THIS BAD BEHAVIOR BY GOOGLE?
Lately tech’s shield of omnipotence in the U.S. has (finally) begun to crack, particularly in light of Facebook’s role in last fall’s election sham and the rampant dissemination of fake news across its pages. Meanwhile Google is under fire and financial pressure in Europe over its ongoing unabashed monopolistic practices . However, given the web behemoth is busy spinning its own false narratives and lavishing millions on our representatives in Washington, chances the company will be forced to change its monopolistic behavior in the U.S.–any time soon–remain dim. As Jonathan Taplin noted his recent piece in the The Guardian:
The largest monopoly in America, Google controls five of the top six billion-user, universal web platforms – search, video, mobile, maps and browser – and leads in 13 of the top 14 commercial web functions, according to Scott Cleland at Precursor Consulting.
As the controversial Trump-supporting PayPal billionaire Peter Thiel points out, companies like Google don’t like to advertise this fact. They “lie to protect themselves”, Thiel says. “They know that bragging about their great monopoly invites being audited, scrutinized and attacked. Since they very much want their monopoly profits to continue unmolested, they tend to do whatever they can to conceal their monopoly – usually by exaggerating the power of their (nonexistent) competition.”
All we can do is to continue to shine a light on Google’s bad practices and call out its mendacity at every opportunity….again and again and again.
This is an update to my post from last week. Google has now removed the 31 additional pirate URLs I reported. The total removed (since April) is 170. Some of the titles removed include re-uploaded versions of pirated films reported earlier. Despite all this, the Google Drive account, as of now, remains online. Hundreds of pirated films remain available. What is exactly is Google’s definition of a “repeat infringer?” Again I ask, how much is enough?
As of today, an additional 31 reported piracy URLs have been removed. The Google Drive account remains active.
Here’s my graphic from last week’s post showing a listing of dates and number of URLs reported (and removed as of last week).
Google touts its efforts against piracy on its various platforms, yet, when push comes to shove, the talk is generally more bark than bite. Much has been made about pledges to down rank or flag repeat offender pirate sites via its search engine, but little mention of another Google product where pirates find safe haven, Google Drive.
Per its own abuse FAQ, Google warns that repeat offenders will have their accounts closed:
Respect copyright laws. Do not share copyrighted content without authorization or provide links to sites where your readers can obtain unauthorized downloads of copyrighted content. It is our policy to respond to clear notices of alleged copyright infringement. Repeated infringement of intellectual property rights, including copyright, will result in account termination. If you see a violation of Google’s copyright policies, report copyright infringement.
Yet, in reality, this pledge rings hollow. In the past couple months I’ve sent Google numerous DMCA notices requesting the removal of infringing content from a particular Google Drive account. After reviewing the DMCA notice, Google eventually removed the pirated films reported, but the Drive account itself remains active. As of today, May 12th, 2017, the account continues to host and share dozens and dozens of other pirated films. How much is enough Google?
On YouTube account holders get three strikes before their account is closed. Meanwhile, on Google Drive, it appears that one can pile up strikes with no penalty. Why does Google drag its feet? Perhaps it’s because Google Drive accounts are not front and center. One has to know where to look. Fact is that many pirate sites have taken to using Google Drive as a favored repository for stolen content. Upload to drive and share the links and face no penalty.
On YouTube, account holders are allowed three strikes before their account is closed. Meanwhile, on Google Drive, despite warnings to the contrary, it appears that users can pile up strikes with no penalty. Why does Google drag its feet? Perhaps it’s because, unlike YouTube or search, Google Drive accounts operate behind the scenes. One has to know where to look. Fact is, this is one reason many pirate sites have taken to using Google Drive as a favored repository for stolen content. Google has made it (free) and easy to upload stolen content to Drive and share the links with no consequence.
Time for Google to expand Content ID matching to Google Drive so that the hidden pirates can be ferreted out and Google be held accountable
GOOGLE AND BING REACH AGREEMENT IN UK TO DEMOTE PIRATE WEBSITES IN SEARCH RESULTS
Leave it to our friends across the ocean to make some (apparent) progress in the ongoing war against online piracy. According to The Guardian Google and Microsoft have agreed to make changes as to where links to pirated content appear in search results on Google and Bing.
Search engine companies Google and Bing have signed up to a voluntary code of practice aimed at preventing users from visiting disreputable content providers. The code, the first of its kind in the UK, will accelerate the demotion of illegal sites following notices from rights holders. It means those who search for content such as music videos, digital books and football coverage will more likely to be taken to bona fide providers rather than pirate sites, where a user’s security may be at risk.
Reportedly, the changes are supposed to be in place by this summer but put me into the category of “I’ll believe it when i see it.” There’s no mention of how extensive this new approach to results will be. Will it extend beyond the borders of the UK and cover the EU and/or the entire world? There’s also no information as to how exactly the “deprecation” will be triggered? Will it be based on total DMCA takedown requests or other legal efforts like court action? I look forward to seeing what comes of this effort and hope it extends beyond the borders of the UK.
I’ve written in the past about ways in which Google search could cut the number of takedown notices it receives (and the number of pirate links that populate its results) in a piece “How Google could reduce its massive DMCA takedown numbers.” Here’s an excerpt from that post:
WHY NOT TEMPORARILY BLOCK TOP OFFENDERS? PIRATE SITES COULD RISK LOSING TRAFFIC FOR FAILURE TO DEAL WITH TAKEDOWN REQUESTS
What type of pressure am I talking about? I’m suggesting Google create a team to focus on the domains at the top of the complaint list. Google purports to down-rank these domains already, but those claims don’t match up with reality. The company should go further to investigate, and temporarily block, the top offenders from Google’s search results.
If Google blocked the top domains reported for piracy for 30 days, site operators might be induced to better respond to copyright complaints, or risk losing crucial Google search traffic. In essence, it could be a self-regulating, temporary punishment leading ultimately to a correction…
Domain blocked
Domain cleans up its act
Complaints to Google decrease
Domain drops out of top offender list
Domain’s links restored to Google search
If a site operator continued to ignore takedown requests and the domain remains atop of the complaint list, the block could be extended to 90 days, then 180, etc. The initial blockade could be reviewed by a human team, but once added a site is in the queue, Google’s much vaunted algorithms could likely handle such a process.
It seems as though this latest “agreement” may end up serving the same end. At this point it’s too early to tell, but any progress on this front is still progress. As they say in cliche-world, only time will tell.
As an indie film and broadcast journalism veteran, I'll share my perspectives on issues of interest to the creative community and beyond--Ellen Seidler
