Read 38 remaining paragraphs | Comments

Read 15 remaining paragraphs | Comments

Since its invasion of Ukraine in February, Russian Members of Parliament and lawmakers have taken turns to see who can come up with the most aggressive anti-Western legislative proposals.

Suitably dressed-up in anti-American, anti-European rhetoric, plans to let everyone in Russia pirate Western content came early . While obvious to everyone else right from the beginning, the proposals were fundamentally flawed.

If Russians were allowed to gorge on free, high-quality foreign content, incentives to pay for Russian content would find themselves all but eliminated. Not only do local creators rely on that revenue for food and clothing, it also helps to prevent the collapse of Russia’s own entertainment sector.

Other plans, involving everything from state licensing of pirate platforms to the unblocking of previously blocked pirate sites, would’ve been comical had it not been for the death and destruction wreaked in Ukraine. And then there were those crazy stories about Russia’s ‘Sovereign RuNet’ initiative, which would see Russia’s corner of the internet placed behind a giant firewall, where it would thrive within the confines of a utopian closed ecosystem completely isolated from the rest of the world.

Draconian Plans Aren’t Speculative – They’re Becoming Law

While Russia hasn’t been able to cut itself off from civilization just yet, it can make people, companies, and investors leave of their own free will. By rendering its corner of the internet a hostile environment where free speech is a thing of the past, it raises the prospect of internet entrepreneurs walking in lockstep with the government, choosing another line of business, or leaving Russia altogether.

Citizens, meanwhile, will need identification to enjoy whatever remains.

Dated July 31, 2023, and approved by President Putin himself, Federal Law No. 406-FZ (On Amendments to the Federal Law ‘On Information, Information Technologies and Information Protection’ and the Federal Law “On Communications”) reads like a dystopian nightmare laying the foundations for worse to come.

Registering on Russian internet platforms using foreign email systems such as Gmail or Apple will soon be prohibited. That’s just a prelude to further restrictions coming into force in the weeks before Christmas 2023.

No Anonymity, No Privacy

Starting December, Russian online platforms will be required by law to verify the identities of new users before providing access to services. That won’t be a simple case of sending a confirmation link to a Russian-operated email account either.

Platforms will only be authorized to provide services to users who are able to prove exactly who they are through the use of government-approved verification mechanisms.

For instance, users who already have a mobile phone subscriber number, obtained through another official process established by the government, will be able to enter into an identification agreement with the operator of an online service/website. Once cleared, the user will be able to use the service, safe in the knowledge that whatever they say on the platform is traceable to their home address.

Another option for site owners is to verify users through a federal platform known as the Unified System of Identification and Authentication. A law passed in December 2022 relates to the use of the Unified System and the identification and authentication of citizens’ identities using biometric data.

The final option is to use an authorization system operated by a third-party platform already in compliance with government rules and regulations. Those rules go beyond the technical capabilities of the service; the platform must be owned by a Russian citizen who does not have citizenship of any other country, and is not controlled by anyone who fails to meet the same standards.

VPNs Still Not Outlawed But Talk of Circumvention is a Crime

Despite the draconian nature of the above, Russia still isn’t imposing an outright ban on VPN providers and similar services, but does appear to be using familiar tactics.

After imposing obligations most mainstream providers found intolerable, including registration with the state, only compliant VPN companies remain in Russia today. No evidence has been produced to show they have been compromised but at this point, believing otherwise could amount to playing Russian Roulette with the authorities.

Instead, posting information online that amounts to advice on how to use VPNs, Tor, and similar tools, for circumvention purposes, will be considered a crime. On top, regular hosting providers will be subjected to state registration and new obligations along similar lines to those imposed on VPN providers.

Hosting Companies Must Obtain State Approval

The new legal amendments effectively regulate the business of “providing computing power” for the purposes of the “placement of information” on a system “permanently connected to the internet.”

The obligations placed upon operating companies by the state are numerous and the new amendments make no attempt to hide that compliance with the state on security matters is mandatory. Authorized ‘state bodies’ carrying out investigative activities or those related to the security of Russia may require use of “computing power” and hosting companies will be expected to prevent any disclosure of those activities.

As mentioned earlier, before hosting companies are permitted to provide services to users, they will be required to positively identify potential customers using government-approved mechanisms. However, that can only take place when hosting companies themselves receive government permission to conduct business. That appears to involve the shouldering of considerable liability for whatever appears on their platforms.

Registration and Compliance

It’s envisioned that the government will appoint an entity to form and maintain a register of hosting companies. Once on the register and with permission to operate (deadline February 1, 2024), hosting companies and online services will be provided with a list of activities, content types, and certain behaviors prohibited by the state.

Platform operators will be required to implement measures to “eliminate the identified violations” and then report the outcome to the authorities. Failure to do so will mean exclusion from the register and with that, the ability to conduct business in Russia.

To even qualify for potential placement on the register, hosting companies must be Russian legal entities, under the control of a Russian citizen who doesn’t have citizenship in another country. By September 2024, state entities may only use “computing power” available from companies with a listing on the register while the use of “information systems” and software owned by foreign legal entities or citizens, will be prohibited.

Similar Russian ownership rules will also apply to news aggregator platforms, which will operate under the ultimate control of the Russian government, with known implications for the freedom of the press.

Federal Law No. 406-FZ is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

Competition is almost inevitable in business and as a key driver of innovation, that’s mostly a good thing. Unfair competition, on the other hand, is rarely considered a plus.

In a complaint filed in a California court this week, adult entertainment company TIR Consulting LLC says that it faces unfair and illegal competition from pirate sites. It’s a familiar story for rightsholders everywhere but this lawsuit is far from ordinary.

TIR’s Enforcement Efforts Fail

Since 2015, TIR has made its specialist content available via the website mistressharley.com (NSFW) and through authorized third parties under licensing agreements.

In parallel, websites that sell pirated copies of TIR’s copyrighted videos compete in the same market by targeting TIR’s customers. Some use confusingly similar domains that are designed to mislead potential customers, TIR says.

The complaint notes that at least two of these pirate sites use privacy services provided by the named defendants – Cloudflare and domain company NameSilo.

TIR claims that enforcing its rights is all but impossible due to these privacy services. As a result, Cloudflare and NameSilo must be held liable for the infringements of their customers, along with Does 1-100 who are also liable in some way or another.

65 Videos in Total

The complaint lists 65 URLs (“infringing links”) on the alleged pirate site mistress-harley.com. These same 65 URLs are said to “backlink” to manyvips.com but specific URLs are not listed in the complaint. The listed URLs appear to reference video content, but TIR uses trademark terminology instead.

“Each of the 65 Infringing Links reflects the registered family of trademarks for
‘Mistress Harley’ all of which are owned exclusively by TIR,” the complaint reads.

TIR further blends copyright and trademark law by claiming that Cloudflare “admitted that the accepted 65 URL(s) for the DMCA report on mistress-harley.com” includes the 65 “infringing links” referenced earlier under trademark law.

The adult company later states that while its complaint covers 65 videos “made, paid for, produced and owned by TIR,” just four have been registered with the US Copyright Office.

“No Interference with Anonymity”

TIR says that pirate sites pay Cloudflare for “housing services” and a “guarantee that CloudFlare will do nothing to interfere with their anonymity and their cyber-theft.”

According to the complaint, Cloudflare provides services to mistress-harley.com.

TIR says that pirates are able to sell copies of its videos on “domain sites” hosted by companies that sell and host domains, while “guaranteeing the anonymity of domain owners.” In this case, NameSilo is called out for offering a “free WHOIS privacy” service, which is used by mistress-harley.com and a second unlicensed platform, manyvips.com.

“There is no question that this is not just an attractive service, but a necessary
service for a pirate that wants to set up a site with illegal downloads,” the complaint notes.

“Cloudflare – A Favored Tool For Infringers”

After a rundown of services provided by Cloudflare, the complaint highlights the company’s privacy pledge: “[A]ny personal information you provide to us is just that: personal and private.”

Cloudflare’s claim that it has never modified the intended destination of DNS responses “at the request of law enforcement or another third party” is also mentioned.

The natural consequence of the above, TIR concludes, is that “CloudFlare is a safe holding space for website owners who are offering illegal content, and both sides know exactly what is being bought and sold.”

TIR, Cloudflare and the ‘Mon Cheri’ Decision

While bold, TIR’s allegations are nothing new. In 2018, Mon Cherie Bridals sued Cloudflare for failing to terminate customers identified as repeat infringers. The case was a pretty big deal and after three years of litigation, Cloudflare took the win and an important ruling on liability.

The Mon Cherie decision is referenced in TIR’s complaint, but not in recognition of Cloudflare’s win. Instead, a statement made by Judge Chhabria in the earlier case (italics, below) is framed as undermining Cloudflare’s position.

If Cloudflare’s provision of these services made it more difficult for a third party to report incidents of infringement to the web host as part of an effort to get the underlying content taken down, perhaps it could be liable for contributory infringement

While TIR notes that the above is “precisely the basis for the claims” in this complaint, in Mon Cherie the Judge said that Cloudflare’s actions did not incur liability.

Cloudflare Disclosure Led Back to NameSilo

Since Cloudflare forwards DMCA notices to site hosts and informs complainants of the identity of the host, Judge Chhabria concluded in Mon Cherie that Cloudflare doesn’t make it harder to go after pirate sites.

Indeed, the TIR complaint acknowledges that Cloudflare identified mistress-harley.com’s hosting provider (SECUNET, BG) and provided an abuse contact email address (abuse@cryptoservers.biz).

When TIR sent a trademark/copyright complaint to the host but received no response, the adult company did a WHOIS lookup for cryptoservers.biz. It revealed NameSilo as the domain registrar and PrivacyGuardian.org protecting the registrant’s details.

In response to a formal complaint, NameSilo’s abuse team reminded TIR that “..we are only the domain name registrar and cannot validate or control the content posted on the site.” PrivacyGuard’s policy advised TIR that in the event of a copyright or trademark dispute, “you should direct your complaint to the respective web site host for the domain.”

‘Pirate’ Mistress-Harley Still Active

With Cloudflare reportedly offering similar advice to target the host itself, TIR appears to have lost patience and filed this complaint.

“As a result of the piracy and infringement, TIR has suffered consistent lost profits and decreased sales, and has calculated this lost amount to be in the tens of thousands of dollars and growing exponentially every day,” the company notes.

“This case raises the problem of service providers who continue to do commerce with pirate sites even after receipt of actual knowledge of repetitive acts of infringement on such sites. These Defendants profit by supporting and providing critical services to pirate sites despite being on notice that these customers are repeat infringers.”

TIR says that Cloudflare and NameSilo “systematically failed to implement or enforce a repeat infringer policy” in the knowledge that many “lawful copyright and trademark holders” can’t afford to fight legal battles.

“This undermines the entire purpose of DMCA,” the company adds.

Causes of Action

Since Cloudflare and NameSilo will undoubtedly respond to these claims in some detail, we’ll cover their responses in due course. In the meantime, the brief list below is included for reference, including links to law exactly as cited in the complaint.

1- Contributory Trademark Infringement – 15 U.S.C. § 1114 Cloudflare/NameSilo
2- Direct Trademark Infringement – (U.S.C. Not listed) Cloudflare, NameSilo, Does 1-100
3- Not listed/absent from the complaint
4- Contributory Copyright Infringement – 15 U.S.C. § 1125(a) Cloudflare/NameSilo
5- Vicarious Copyright Infringement – 15 U.S.C. § 1125(a) Cloudflare/NameSilo
6- Direct Copyright Infringement – 15 U.S.C. § 1125(a) Cloudflare/NameSilo/Does 1-100
7- Unfair Competition – ( link ) Cloudflare/NameSilo

At the time of writing, Cloudflare does not ‘protect’ mistress-harley.com’s server in any way.

TIR’s complaint against Cloudflare, NameSilo & Does 1-100 ( pdf )

From: TF , for the latest news on copyright battles, piracy and more.