Cloudflare has urged the European Commission to keep the company off its upcoming Piracy Watch List, in response to calls from several rightsholders who want to see the internet infrastructure provider included. While Cloudflare acknowledges the issue of online piracy, it maintains that it cannot compromise user privacy and security to appease piracy enforcement requests. The company argues that the EU’s Piracy Watch List should focus solely on pirate sites and not become a tool for pushing broader policy changes that could affect the privacy of internet users.
Cloudflare’s Services and Role
As a global provider of content delivery networks (CDNs), DDoS protection, and cybersecurity services, Cloudflare supports millions of customers, including Fortune 500 companies, government agencies, and smaller businesses. While most of these clients appreciate Cloudflare’s services, the company has faced criticism from copyright holders. These rights holders accuse Cloudflare of facilitating piracy by providing protection and performance-enhancing services to pirate websites, enabling them to operate more efficiently and evade attacks.
Rightsholder Criticism
In advance of the EU’s Counterfeit and Piracy Watch List, several rights organizations, including the IFPI and Video Games Europe, flagged Cloudflare for allegedly enabling piracy. These groups argue that Cloudflare helps pirate sites operate by shielding their identities and not sharing customer details unless required by law through a subpoena or court order.
For example, IFPI criticized Cloudflare for not disclosing the identities of pirate site operators in response to complaints. Similarly, Video Games Europe noted that while Cloudflare provides the IP addresses and host ISP details of infringing sites, it does not offer further information, such as the names or contact details of the individuals behind these sites.
Cloudflare’s Response to the EU
Cloudflare is aware of the criticism but firmly believes it should not be the one to decide whether piracy complaints are valid. The company maintains that it has a responsibility to protect user privacy, which includes not disclosing customer information unless required by law. Cloudflare emphasizes that it is not an anti-piracy authority and should not be expected to play that role.
Cloudflare further argues that the EU’s Piracy Watch List should remain focused on pirate sites and services themselves, and not be used as a means to advocate for changes in policy or law. The company warns against turning the list into a tool for lobbying or pressuring intermediaries like Cloudflare to take actions that might conflict with privacy laws and principles.
Privacy vs. Piracy
At the heart of Cloudflare’s response is the concern about balancing the fight against piracy with protecting user privacy. The company points out that privacy-enhancing technologies, such as Encrypted Client Hello (ECH), have made it more difficult to block pirated content but also provide important security benefits for users. Cloudflare argues that restricting the development of such technologies in the name of piracy enforcement would be a mistake.
By prioritizing anti-piracy measures over user privacy, Cloudflare warns the EU against making short-sighted decisions that could harm Europe’s long-term economic interests. The company believes that fostering privacy and security online is vital for the health of the digital economy, and limiting these advancements in favour of older anti-piracy tactics would set a damaging precedent.
Collaborating with Rightsholders
Despite the concerns, Cloudflare emphasizes that it is not opposed to cooperation with rights holders and law enforcement. The company runs a trusted reporter program, which allows recognized organizations to report piracy and copyright violations. When such reports are made, Cloudflare provides additional information, such as the origin IP address of the pirate site.
However, Cloudflare contends that simply disconnecting pirate sites from its services is not a solution. Pirate sites can easily find alternative hosting providers, meaning that cutting off access to Cloudflare’s services does not guarantee a reduction in piracy. Instead, Cloudflare shares hosting provider information in compliance with the law, which it believes is sufficient for rightsholders to pursue legal action against pirate sites.
Shifting the Focus of the Watch List
Cloudflare urges rightsholders to stop using the Piracy Watch List as a forum for policy advocacy. The company argues that the list should focus solely on identifying pirate sites and illegal services, rather than being used to influence policy changes regarding intermediary responsibilities. Cloudflare believes that rightsholders should focus on targeting pirate websites directly rather than lobbying for broad regulatory changes that could infringe on online privacy.
Conclusion
Cloudflare’s message to the European Commission is clear: while the company recognizes the challenges posed by piracy, it maintains that protecting user privacy and security must remain a priority. The Piracy Watch List should be used to identify pirate sites, not to push for new policies that could undermine the privacy of all internet users. In the end, Cloudflare believes that the fight against piracy should not come at the expense of protecting fundamental rights to privacy and security online.
