RIAA Obtains Subpoena to Expose ‘Infringing’ Cloudflare Users

[Matrix]

The RIAA has obtained a subpoena from a Columbia federal court ordering Cloudflare to hand over the IP and email addresses and all other identifying information related to several allegedly infringing users. The RIAA notes it will use the information it receives to protect the rights of its member companies.

Despite the increased availability of legal options, millions of people still stream, rip, or download MP3s from unofficial sources.

These sites are a thorn in the side of the RIAA, one of the music industry’s leading anti-piracy outfits. 

The RIAA has a long history of going after, what it sees as, pirate sites. The problem, however, is that many owners of such sites operate anonymously. The group, therefore, often has to turn to third-party intermediaries to find out more. 

While some services may be willing to voluntarily share information with the music industry group, many don’t. Cloudflare falls into the latter category. While the CDN service does voluntarily reveal the true hosting locations of some of its users, it doesn’t share any personal info. At least, not without a subpoena. 

Luckily for rightsholders, getting a subpoena isn’t very hard in the US. Under the DMCA, copyright holders only have to ask a court clerk for a signature to be able to demand the personal information of alleged copyright infringers. That’s exactly what the RIAA did last week. 

In a letter sent by Mark McDevitt, the RIAA’s vice president of online anti-piracy, the music group informs Cloudflare that it requests personal details including names, addresses and payment information relating to the operators of six domains, which are all Cloudflare users. 

The domains/URLs

The domains in question include those connected to the file-hosting site DBREE,  music release site RapGodFathers, file-host AyeFiles, and music download portal Plus Premieres. The sites are accused of sharing copyrighted tracks from artists such as Pink, Drake, and Taylor Swift.

“We have determined that users of your system or network have infringed our member record companies’ copyrighted sound recordings. Enclosed is a subpoena compliant with the Digital Millennium Copyright Act,” the RIAA’s McDevitt writes.

“As is stated in the attached subpoena, you are required to disclose to the RIAA information sufficient to identify the infringers. This would include the individuals’ names, physical addresses, IP addresses, telephone numbers, e-mail addresses, payment information, account updates and account history.”

The RIAA stresses that the mentioned files are offered without permission and it asks Cloudflare to consider the widespread and repeated infringing nature of the sites and whether these warrant a termination under its repeat infringer policy. 

From the letter RIAA sent to Cloudflare

At the time of writing the sites are still using Cloudflare’s services. However, the allegedly infringing files are no longer available. These were presumably removed by the site owners.

There is no obvious connection between all the targeted sites. However, RapGodFathers is a familiar name when it comes to anti-piracy enforcement. Nearly ten years ago, the site was targeted by the U.S. Government, but the name is still around today.  

It is unclear what RIAA plans to do with the requested information. It could form the basis of a legal complaint, but the music group may also use it to contact the site operators more directly. The letter only mentions that the information will be used to protect the rights of RIAA member companies.

“The purpose for which this subpoena is sought is to obtain the identities of the individuals assigned to these websites who have reproduced and have offered for distribution our members’ copyrighted sound recordings without their authorization.

“This information will only be used for the purposes of protecting the rights granted to our members, the sound recording copyright owner, under Title II of the Digital Millennium Copyright Act,” the letter adds.

What this “protection” entails remains a mystery for now. 

While the court clerk signed the DMCA subpoena, Cloudflare still has the option to object, by asking the court to quash it. However, thus far there are no signs that the company plans to do so.

A copy of the letter RIAA sent to Cloudflare, obtained by TorrentFreak, is available here (pdf).

 

 View Original Article.

[TheEmpathicEar]

I commented at TF about this too. I always thought of CloudFlare as a neutral 3rd party. True?

[steven36]

3 hours ago, TheEmpathicEar said:

I commented at TF about this too. I always thought of CloudFlare as a neutral 3rd party. True?

There a USA company  when a Judge orders  they have no choice   its in there privacy policy   they can use the info they collect against you  they won't sell your info or anything like that it all for internal use .

Info they collect

 

  Customers:

• Customer Account Information. When you register for a Cloudflare account, we collect your email address. We will also ask you to enter your website domain in order to participate in the Services. We refer to this information as “Customer Account Information” for the purposes of this Policy. Customer Account Information is required to identify you as a Customer and permit you to access your account(s). By voluntarily providing us with such Customer Account Information, you represent that you are the owner of such personal data or otherwise have the requisite consent to provide it to us.
• Payment Information. You are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services. When you sign up for one of our paid Services, you must provide billing information. The information you will need to submit depends on which billing method you choose. For example, if you pay with a credit card, we will collect your card information and billing address, although we do not store full credit card numbers or personal account numbers.

Resolver Users:

• We will collect limited DNS query data that is sent to the resolvers. This data does not contain user IP addresses or any other personally identifiable information, and the bulk of the data is only stored for 24 hours. You can learn more about our 1.1.1.1 commitment to privacy here and here.

End Users:

• Cloudflare provides web optimization and security services that our Customers use to improve and protect their websites, including a reverse proxy, pass-through security service, and a content distribution network. Because Cloudflare is a reverse proxy, our IP addresses may appear in WHOIS and DNS records for websites using our Services. We are a conduit for information controlled by others. It is our Customers and their users who are responsible for the content transmitted across our network (e.g., images, written content, graphics, etc.).
• We collect End Users’ information when they use our Customers’ websites, web applications, and APIs. This information may include but is not limited to IP addresses, system configuration information, and other information about traffic to and from Customers’ websites (collectively, “Log Data”). We collect and use Log Data to operate, maintain, and improve our Services in performance of our obligations under our Customer agreements. For example, Log Data can help us to detect new threats, identify malicious third parties, and provide more robust security protection for our Customers.

Legal Basis for Processing (EEA only):

If you are an individual from the European Economic Area (EEA), please note that our legal basis for collecting and using your personal information will depend on the personal information collected and the specific context in which we collect it. We normally will collect personal information from you only where: (a) we have your consent to do so, (b) where we need your personal information to perform a contract with you (e.g. to deliver the Cloudflare Services you have requested), or (c) where the processing is in our legitimate interests. Please note that in most cases, if you do not provide the requested information, Cloudflare will not be able to provide the requested service to you.

 

In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.

Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. Where we rely on our legitimate interests to process your personal data, you have the right to object.

 

If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at [email protected].

 

 Here is the catch 

HOW WE USE INFORMATION WE COLLECT.

Quote

comply with legal obligations as well as to investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;

 

Source

https://www.cloudflare.com/privacypolicy/

 

Them complying with the courts is nothing new  they done it before  for the courts  EG: pirate sites Sci-Hub, Libgen and Bookfi

 

Court Orders Cloudflare to Identify ‘Pirate’ Site Operators

https://torrentfreak.com/court-orders-cloudflare-to-identify-pirate-site-operators-161028/

 

When ever you sign up  for services  in the cloud  in the USA all service that keep logs  have to comply  with the law or they could be shut down or fined  . Only services  don't keep logs and don't have nothing to give them are safe. 

 

See  Cloudflare  got sued  over Sci-Hub, Libgen and Bookfi case  they settle  out of the courts  with ALS Scan so it's not even  a matter of public record  if they are trustworthy  are not but fact is ALS Scan got what they wanted  are they would not settle with them.

 

Cloudflare Settles Dangerous Piracy Liability Lawsuit

https://torrentfreak.com/cloudflare-settles-dangerous-piracy-liability-lawsuit-180621/

 

So ALS Scan won and now every Anti Piracy Agency  is going take them to court now as they seen they will cave in and cut a deal  to keep it out of the  courts to protect there public repetition   they a shady  company  that cut deals with Anti Piracy  before they have to be exposed in court for handing over info  to the public. But when you use  there services you agree that  they can snitch you out.