Suing Infrastructure Companies for Copyright Violations

It’s a matter of going after those with deep pockets. From Wired:

Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didn’t terminate services for websites that infringed on the dressmakers’ copyrighted designs….

[Judge] Chhabria noted that the dressmakers have been harmed “by the proliferation of counterfeit retailers that sell knock-off dresses using the plaintiffs’ copyrighted images” and that they have “gone after the infringers in a range of actions, but to no avail—every time a website is successfully shut down, a new one takes its place.” Chhabria continued, “In an effort to more effectively stamp out infringement, the plaintiffs now go after a service common to many of the infringers: Cloudflare. The plaintiffs claim that Cloudflare contributes to the underlying copyright infringement by providing infringers with caching, content delivery, and security services. Because a reasonable jury could not—at least on this record—conclude that Cloudflare materially contributes to the underlying copyright infringement, the plaintiffs’ motion for summary judgment is denied and Cloudflare’s motion for summary judgment is granted.”

I was an expert witness for Cloudflare in this case, basically explaining to the court how the service works.

Posted on October 13, 2021 at 9:47 AM16 Comments


MICHAEL CARBOY October 13, 2021 11:52 AM

Mr. Wilholt raises an excellent question. Certainly seems an abuse of the legal system by the designers. Very glad Cloudflare succeeded in having their meritless suit tossed out.

Clive Robinson October 13, 2021 12:13 PM

@ Bruce,

It’s a matter of going after those with deep pockets.

Well not necessarily in your quote, the judge notes that they had gone after the actual sites before.

So they ended up in a game of whack-o-mole that was obviously not working.

So having found a common service provider that was profiting at their loss they went after them.

Were they right to do so? Probably.

Were Cloudflare dodging their moral and ethical responsabilities? Yes.

But if the case had been successful would that have stopped the “knock offs”? Well I know Cloudflare appears ubiquitous, but they are not, so the “knock offs” would have found a way around any direct action Cloudflare could have taken.

The question should be “Who’s job is it to stop “knock off” sites and what are they actually doing?

Followed by I suspect “Is there anytging they can do?”

Also we have to ask the “flip-side questions”… Every time legislation, regulation or other control system is brought in you will have,

1, Winners
2, Loosers
3, Significant costs occuring
4, A new abusing process.

Whilst 1&2 are to a certain extent expected, the loosers will be more significant than winners, and it will not be just those supposadly targeted by the new rules.

It will without doubt force up the general cost of “Doing business” on the Internet for all in many ways.

But as with any new rules with civil penalties attached there will be “chancers” trying to make a buck, we’ve seen this with patent trolls. But also others will weaponise such a process and go after their competitors or just anyone they think they can attack. We’ve seen this with ridiculous IP infringment claims in the past.

So we as a society have to ask the question do we want to bring in new rules knowing that in all probability they will do more harm than good?

TimH October 13, 2021 12:19 PM

Now hold on Clive: “Were Cloudflare dodging their moral and ethical responsabilities? Yes.”

No. Cloudfare are NOT the police.

Clive Robinson October 13, 2021 12:53 PM

@ TimH,

No. Cloudfare are NOT the police.

No they are not, nor do they have common carrier status.

But have a think about what was going on.

Cloudfare were storing pictures, that were being pushed out by crooks for illegal activities, that they had been repeatedly notified about.

Now ask yorself a question does Cloudfare take active measures against other illegal activity pictures such as Child Exploitation?

And if they were storing Child Exploitarion pictures in their cache, what would you be saying about them being involved with the distribution of Child Exploitation pictures?

JonKnowsNothing October 13, 2021 1:49 PM

@Clive, TimH, All

re: … the judge notes that they had gone after the actual sites before.

So they ended up in a game of whack-o-mole that was obviously not working.

Very similar situations occur with many products and especially faux or counterfeit products.

This case it was a dress design but in the early years of Harry Potter/JKRowling had an ongoing team of TakeDown folks filing notices in places like eBay for such items. At the time eBay’s views were

  “we will take it down IF we are notified but not until then, even if the same post has been up and down multiple times.”

Whack a Mole indeed.

dunno if anything changed since except these folks tried to go 1 step farther up the line to get the TakeDown done.

The case of counterfeit goods has criminal charges that can be applied and there is often that photo-op of a big raid haul of high fashion faux goods collected in heaps and set on fire. Clothes, handbags, perfumes, shoes etc.

Counterfeit in the dress design would be claiming it was made by the designers instead of “based on the designs of…”. One physical goods; the other intellectual goods.

If I hold a cache of bad sourced goods in my garage for someone else’s use that’s still criminally liable. If it wasn’t, all the USA DEA Asset Forfeiture cases would collapse.

Perhaps electronic bits are not considered physical bits?

This may have some implications for big source code companies. Like those that just lost their entire company source code. Build a network of identical lookalike sites and use the Cloudflare Ruling to justify that any complaints must hit each and every end provider every time a new site spawns. Then put the thing on auto-spawn every n-minutes.

hmmmm… that concept may already be in use ……

Rob October 13, 2021 3:01 PM

It seems that copyrighting clothing designs is a difficult area to start with. But this also mentions counterfeit clothing. I’ll have to go read the Wired article to get more background.

lurker October 13, 2021 5:56 PM

@TimH, Clive
The police take care of legal problems. Cloudflare is expected like any citizen to have some moral and ethical responsibilities, but a Court of Law should not judge its failure to uphold them.

Clive Robinson October 14, 2021 1:58 AM

@ lurker,

The police take care of legal problems.

Actually no they do not, that is not their job, it’s the job of the judiciary.

Which brings us onto,

… a Court of Law should not judge [CloudFlare’s] failure to uphold them.

That is exactly what a court is for, be it a breach of a private or public duty.

There is a very good reason why there exists the very special status of “common carrier” that was held by both the postal and telephone and telegraphy carriers in the past. Something that the more recent CDA §230 does not cover[1].

And Cloudflare as far as I am aware does not have “common carrier” status.

Cloudflare was informed that the pictures they were holding in their cache were covered by copyright by the holder of the copyright. Further that the pictures were being used to breach not just the copyright, but to “pass off” and trade in contravention of Federal law.

No matter how you argue it, Cloudflare were informed that they were breaching a private duty in a public way and did not do what the law required of them which was to cease and desist.

Cloudflare’s attitude was to ignore their flagrant breach of duties both private and public. Which are down entirely to their ethics and morals as they do not have a defence of “ignorance” as they had been repeatedly informed. Nor do they have the protection of “common carrier” status.

Cloudfare has a history of very questionable ethics and morals, and this just adds to the list.

[1] See section “(e)” and in this case subsections 1 and 2,

Oh and also remember the definitions of “obscene” and “harassing” are not defined thus fall under the axiom of “you know it when you see it” which in turn falls under a “Point of View” argument. I suspect that someone who considers their property being repeatedly stolen would claim it was harassing behaviour, further that anyone who willfully aided or abeted such behaviour despite being repeatedly told was also exhibiting willfully harassing behaviour.

Bufford October 14, 2021 8:10 AM

These kinds of actions against 3rd party businesses based on the actions of others’ misuse of their services can’t be unexpected after “the left” fought so hard to open up frivolous suits against gun makers for the criminal actions of the owners.

The camel is in well past his nose now.

Walter October 14, 2021 10:16 AM


However legally convenient…the infringing web sites could infringe 99% as well without Cloudflare. (Maybe needing $5/month hosting instead of $2.50/month hosting?) I doubt that many folks here want a web where your domain name registrar, hosting provider, e-mail provider, CDN, etc. all have to know your business, verify that you’re legit, and maintain ongoing awareness of your activities (so you can’t start legit, then pivot to evil).

Meanwhile, the banks & other payment providers already have (or are supposed to have) “know your customer” requirements & the means to meet those requirements. If a lawyer was thinking to follow the money…why aren’t those guys in front of a judge / bank regulator / whatever?

jbmartin6 October 14, 2021 10:39 AM


Determining child exploitation material is a far simpler decision than determining who is correct in which jurisdiction for copyright or many other kinds of disputes.

Clive Robinson October 14, 2021 3:05 PM

@ Bufford,

misuse of their services can’t be unexpected after “the left” fought so hard to open up frivolous suits against gun makers

Dear “Deity of choice”, talk about “Revisionist History”.

The “If there is blaim there is a claim” tactics started so long ago in the US that it is probably lost in some dust archive.

The fast food industry got hit with it so often legislatiob was brought in.

Likewise the auto accident “whiplash claims”.

The reason is the basic way the US legal system operates and it has been that way for so long and so badly that rather than fix the problem, legislators do what they do best bring in nulification legislation that geberally is way to broad in scope.

Clive Robinson October 15, 2021 1:34 AM

@ SpaceLifeForm,

Section 230 is not broken

Actually it is, but for other reasons than the political nonsense going on currently.

The real problem is “humans” and worse the “assumptions” made about them, which gives rise to such legislation that is “gamable” by people seen as undesirable for reasons that are not algorithmically definable or measurable, and never will be because they are matters of opinion from a point of view, wgich is individual.

For instance I have certain dislikes for colour combinations such as particular shades of pink next to certain shades of iridescent green. Other people find it an attractive combination even exciting.

Now if I was alowed to sue over my personal dislike/iritation by calling it a “harm” then others could do similar. And it would not be long before we were back to “black and white” era or worse.

But unlike the DoJ with it’s case against Apple[1], I would not go after the “big guns” who have large “war chests” and “troops of lawyers” to fight off such actions. No I’d go after those that were not to small but not to big. That is big enough to attract attention but small enough that they can not easily defend themselves.

It’s time politicians grew up and realised that whilst technology can give pretty toys, it can not solve social issues.

Likewise legislation is a tool, and it has limitations, and there are things it can not fix. But worse it can turn social issues into games which in effect create a “faux market” which will make lawyers rich and inhibit inovation.

But it also works in the opposite way.

In the UK we have a public broadcaster the BBC that had –note past tense– a solid reputation for impartiality and fair reporting, that certain politicians did not like. So as the politicians could change the rules under which the BBC worked they did. The trick they pulled on the face of it sounds laudable in that it required balance in reporting… Thus the effect was to give equal air time to very very minority opinions and extreamist political views.

The US legal system fundamentally sufferes from the same problem hence the ages old cultures of “ambulance chasing” and “where there is a blaim there is a claim” legal cases. Basically the system gets gamed by a minority and causes way greater harms to society.

The solution is not to bring out further open scope legislation because that just perpetuates the problem by opening up a different set of games. The solution is to in part fine tune the existing system but in the main just let society solve the problem by “moving on”.

But the Internet is without a doubt a problem as it removes the limitations of “locality” which is something mankind has not realy got to grips with.

As I’ve noted before in the tangible physical world “distance costs” and this is a very effective equaliser economically as it alows competition. The fundemental reason we have these big Silicon Valley Corps that are causing so many issues is that without a distance limiting cost there can be no equitable market.

Worse it has similar effects on society because it alows “reputation” to be removed from social interactions. Reputation mainly acts as a break or inhibitor on extream views and opinions and they tend to get “starved out”. However there are always a certain small percentage of people with extream opinions where ever you go. The removal of “distance costs” alows them to not just group together but actually become more extream as they struggle to be the dominant voice, hence the “echo chambers”.

Fixing the distance cost issue whilst limiting the harms of extreamism also inflicts a far greater “opportunity cost” on society so is not the fix.

Similarly with technological “reputation systems”.

Just about any “measure” I can think of almost always has a greater cost to society than benifit. So what the actual solution is I don’t know, nor do I think anyone else does. But the one thing I do know is “quick fixes” for political reasons by the use of technology or legislation WILL without doubt cause considerably more harm.

If you like call it “The curse of ‘unintended consequences'”. Or a variation on an old saying “The road to hell is paved with political fixes”.

[1] I won’t say that the FBI/DoJ were stupid to go after Apple in the way they did, because I think they were completely and uterly reckless, and had no contingency planning about what to do if Apple did not “roll over”. Like a bunch of criminal psychopaths they had no concept of their plans going wrong.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.