Cloudflare is urging the European Commission to avoid placing the company on its upcoming Piracy Watch List, following requests from multiple rightsholder groups seeking its inclusion. While Cloudflare recognizes the importance of addressing piracy, it insists that any anti-piracy measures should not come at the cost of user privacy or security. The company stresses that the EU’s Piracy Watch List should focus exclusively on pirate sites and their operators, rather than being used as a platform for pushing broader policy agendas that could compromise privacy protections.
Cloudflare’s Role in the Digital Ecosystem
Cloudflare provides essential services like content delivery networks (CDNs), DDoS mitigation, and cybersecurity to millions of organizations worldwide, including many Fortune 500 companies and government agencies. While most customers benefit from Cloudflare’s services, the company has faced ongoing criticism from copyright holders, who claim that Cloudflare is enabling piracy. Pirate sites often use Cloudflare to shield themselves from attacks and maintain efficient operations, making it harder for copyright holders to enforce their rights.
Rightsholder Concerns
In recent consultations regarding its biannual Counterfeit and Piracy Watch List, several rightsholders, including the IFPI (International Federation of the Phonographic Industry) and Video Games Europe, named Cloudflare as a major concern. They argue that the company indirectly supports piracy by providing services to pirate sites and not sharing the identities of these sites’ operators without a court order or subpoena. For example, IFPI has criticized Cloudflare for not voluntarily disclosing contact details of pirate site operators in response to abuse reports, while Video Games Europe pointed out that Cloudflare continues to serve pirated content without revealing the identity of the site’s administrators.
Cloudflare’s Response
In response to these concerns, Cloudflare has made it clear that it does not believe it should act as an anti-piracy enforcer. The company asserts that it is not in a position to judge the validity of piracy claims and should not be tasked with policing content. Instead, Cloudflare emphasizes its commitment to upholding user privacy and protecting individuals’ rights online. It argues that its role is to provide security and performance services without compromising the privacy of its users.
Cloudflare also expressed concern that the EU’s Piracy Watch List could be misused as a tool for pushing policy changes that would go beyond addressing piracy, particularly in ways that could harm online privacy. The company cautions against using the Watch List to pressure intermediaries like itself into taking actions that may not align with legal standards or privacy rights.
Privacy Concerns and Technology Innovation
Cloudflare argues that focusing only on piracy enforcement without considering the wider implications for privacy and security could undermine the broader benefits of internet technologies. The company highlights the case of Encrypted Client Hello (ECH), a privacy feature that some groups in the video game industry have criticized for making it harder to block pirate sites. While this technology makes piracy enforcement more challenging, it also plays a crucial role in enhancing user privacy by encrypting communication between users and servers.
Cloudflare warns that restricting the adoption of privacy-enhancing technologies in the name of combating piracy would be short-sighted and ultimately detrimental to Europe’s long-term economic health. The company urges policymakers to recognize that innovation and security tools that protect citizens’ privacy should not be sacrificed for outdated piracy enforcement methods.
Collaboration with Rightsholders
Despite these concerns, Cloudflare has expressed a willingness to collaborate with rightsholders and law enforcement in the fight against piracy. The company operates a trusted reporter program, through which recognized organizations can report piracy and receive additional information about infringing sites, such as IP addresses and the identity of hosting providers.
However, Cloudflare argues that disabling its services for customers who receive multiple complaints about piracy does not effectively solve the problem. Pirate sites can simply switch to other hosting providers. Instead, Cloudflare believes it is more effective to share the hosting provider details with rightsholders, allowing them to pursue legal action against the sites directly.
Rethinking the Watch List’s Purpose
Cloudflare urges the European Commission to ensure that the Piracy Watch List remains focused on identifying pirate sites and illegal services, rather than being used as a venue for lobbying to change intermediary responsibilities. The company believes that rightsholders should direct their efforts toward targeting specific pirate sites rather than using the Watch List as a forum for advocating policy changes.
Conclusion
Ultimately, Cloudflare is calling on the European Commission to balance its anti-piracy objectives with the fundamental need to protect user privacy and security. While the company supports efforts to combat piracy, it believes that online privacy should not be compromised in the process. By ensuring that the Piracy Watch List stays focused on illegal actors rather than pressuring intermediaries for policy changes, Cloudflare hopes the EU can make progress in addressing piracy without undermining the principles of privacy and security that are vital to the internet’s future.
