Internet services company Cloudflare has urged the European Commission to ensure that the Piracy Watch List it is currently compiling focuses on “truly bad actors” and doesn’t also list law abiding businesses based on the griping of copyright owners who want those businesses to go beyond their legal obligations in policing online piracy. Law abiding businesses like, say, Cloudflare. 

“We want to reiterate our concern that many stakeholders have again approached the Watch List as an opportunity to advocate for policy changes”, Cloudflare says in a submission to the Commission. 

Which is to say, rather than just listing piracy sites, copyright owners – including the music industry – are using the Watch List consultation process to complain about companies like Cloudflare which, they believe, should be obliged to go further in combating piracy.

The Watch List, Cloudflare adds, should be seen as “a means to identify entities that are truly bad actors”. If the Watch List report also sets out the grievances of copyright owners regarding companies like Cloudflare, that “has the potential to inappropriately suggest that the Commission endorses” those opinions, “a view that could influence ongoing legal discussions and policy debates”. 

Cloudflare is right that the primary aim of the Watch List is to identify websites that exist primarily to facilitate piracy, to encourage national governments to take action against those sites, and to ensure other companies don’t do business with them. 

However, copyright owners have always sought to pressure legitimate companies that provide products and services to the pirates to do more to restrict piracy – from the makers of video and tape recorders back in the days of tape-to-tape piracy, through to ISPs, cloud storage platforms and domain name registrars in the battle against file-sharing, to companies like Cloudflare today. 

The EU needs to decide whether that side of anti-piracy work should be reflected in its Piracy Watch List report. 

The list is basically the European Union’s version of the Notorious Markets report that is published by the US government, which sets out the websites of most concern to the copyright industries. 

The reports are based on submissions made by organisations representing different strands of the media and entertainment sectors. The Commission opened up a consultation to inform its latest Watch List back in June. 

Torrentfreak has compiled some of the complaints made about Cloudflare by the copyright industries in their submissions to the consultation. 

They are all complaints that have been made many times before, mainly that where piracy websites are using Cloudflare’s services, the internet company should do more to help copyright owners identify who is operating those piracy sites. And maybe even go further than that and just stop providing services to those websites. 

Global record industry trade group IFPI says that, when it needs to identify who is behind a piracy site that is using Cloudflare’s services, “Cloudflare will only disclose these details following a subpoena or court order – ie these disclosures are mandated by law and are not an example of the service’s goodwill or a policy or measures intended to assist IP rightsholders”.

Speaking for the gaming industry, Video Games Europe writes, “Cloudflare does provide injured parties/trusted partners with the IP-address and name of the host ISP of an infringing website, but does not provide the contact details of the website operators nor cease to render services to these customers”. 

In its submission, Cloudflare says that regulators and lawmakers need to balance the need to fight piracy with the need to protect privacy. “To encourage digital transformation and innovation in Europe”, it writes, “technology needs to evolve incorporating encryption, privacy and security tools”.

Restricting the “progress and adoption” of technologies that “protect the privacy and security of citizens operating online” in order to enable the continued use of “outdated means to combat piracy” is – it insists – “short-sighted and bad for Europe’s long term economic development”. 

It also discusses the systems it has put in place to assist copyright owners that are seeking to get infringing content removed or to otherwise take action against piracy sites. Noting that in most cases Cloudflare doesn’t actually host its clients’ content, it says its primary role is to pass the copyright complaints it receives onto its customers, and it has built systems to help with that process. 

It also has systems via which copyright owners can get information about the operators of specific sites, although – it stresses – it needs to be careful about if and how it provides that information, because it could be used – and, indeed, has been used – by “malicious actors to circumvent Cloudflare’s security services and attack the underlying websites”. 

Nevertheless, it has also built a Trusted Reporter Program via which, it says, it will provide additional information about clients accused of copyright infringement “to large rightsholder organisations and law enforcement”. It adds that more than 200 organisations are now part of the programme, including some of the organisations that have made submissions to the Watch List consultation.