Networks and the DMCA process

A Huffington Post story details the effects of DMCA notice served on Hurricane Electric by the US Chamber of Commerce to take down a spoof site by the Yes-men – the site suggests that the Chamber has done a u-turn on its controversial position vis-vis climate change. What is notable is that, rather than being the actual host ( May 1/People Link), Hurricane Electric is the upstream provider. In acceding to the request it disconnected every single site on the host. The situation was soon resolved – and the site moved to a mirror – but the incident has given rise to some discussion, not just over the legitimacy of the DMCA claim, but of the responsibilities of network operators in such circumstances. On the latter find below some excerpts from a related NANOG thread.


What’s going on? Since when are we required to take down an entire
customer’s net for one of their subscriber’s so-called infringement?

Heck, it takes years to agree around here to take down a peering to an
obviously criminal enterprise network….

My first inclination would be to return the request (rejected), saying
it was sent to the wrong provider.


Not sure how much I believe of the article and its lack of detail and chopped quotes…but did HE really disconnect an entire downstream network over a DMCA notice, or did they null route a /32 that was used by a customer to host hundreds of virtual web sites?


The DMCA defines a process by which copyright violations can be handled.
One of the options in that process is to send a counter-notice to the
takedown notice.

To quote:

> In order to ensure that copyright owners do not wrongly insist on the
> removal of materials that actually do not infringe their copyrights,
> the safe harbor provisions require service providers to notify the
> subscribers if their materials have been removed and to provide them
> with an opportunity to send a written notice to the service provider
> stating that the material has been wrongly removed. [512(g)] If a
> subscriber provides a proper “counter-notice” claiming that the
> material does not infringe copyrights, the service provider must then
> promptly notify the claiming party of the individual’s objection.
> [512(g)(2)] If the copyright owner does not bring a lawsuit in
> district court within 14 days, the service provider is then required
> to restore the material to its location on its network. [512(g)(2)(C)]

This seems like a very obvious case of parody/fair use, so the proper
response would be for the victim to send a counter-notice and then wait
for the complainer to settle the issue in court. No doubt the lawsuit
would never come, because they don’t stand a chance in hell of actually
winning, but sending letters is cheap and surprisingly effective against
the uninformed.

The reason you don’t typically see these kinds of issues with providers
blocking large amounts of content by taking out whole IPs of their
downstreams is that it is cheap and easy to become your own service
provider for the purposes of DMCA. If you are hosting any content
yourself, you should really go to and
file for a designated agent.


Note that the 512(a) safe harbor of the DMCA does not include a
requirement of removing material when notified; only the 512(c)
safe harbor includes that requirement,
and it’s for providers that actually store the material.

US Title 17, Chapter 5, Sec 512, (c)
” (c) Information Residing on Systems or Networks at Direction of Users.”
“(a) Transitory Digital Network Communications. … A service provider
shall not be liable for monetary relief, or, except as provided in
subsection (j), for injunctive or other equitable relief, for
infringement of copyright by reason of the provider’s transmitting,
routing, or providing connections for, ….”

It’s a bit hard (impossible) to “expeditiously remove” material
that your equipment isn’t storing, but that a downstream network
is storing.

The DMCA doesn’t say anything about severing connectivity to
computers on a network. That’s just what the wronged party wants,
the collateral damage doesn’t effect them.


But you should understand the law.

The DMCA does NOT require that any provider, anywhere, ever, take down
material because they were notified that the material is infringing on
a copyright holder’s rights.

What the DMCA does say is that if a provider receives such a
notification, and promptly takes down the material, then the ISP is
immune from being held liable for the infringement. Many providers
routinely take down material when they receive a DMCA take-down notice.
But if they do so out of the belief that they are required to do so,
they are confused. They are not required to do so. They can choose to
take it down in exchange for getting the benefit of immunity from being
sued (many, probably most, providers make this choice). Or they can
choose to leave it up, which leaves them vulnerable to a lawsuit by the
copyright holder. (In such a lawsuit, they copyright holder would have
to prove that infringement occurred and that the provider is liable for

(I’m not commenting on the merits of HE’s actions here. Just on that
the DMCA actually says. It’s certainly a good practice for providers
that don’t want to spend time evaluating copyright claims and defending
copyright infringement suits (which, I think, is most providers) to
take advantage of the DMCAs safe-harbor provisions. I’m not disputing


There are plenty of examples of DMCA notices having been sent for the
sole purpose of getting something someone doesn’t like shut down, even
where the party issuing the notice obviously does not own the copyright
in question. There are a variety of techniques to deal with this…

> > This seems like a very obvious case of parody/fair use,
> Possibly, but I do not blame a provider to not being willing to make
> that distinction.

Yes, but it’s troubling that a nontrivial provider of transit would make
such a mistake. This is like Cogent, who, at one point, received a DMCA
(or possibly just abuse complaint) about content being posted through a
server of a client’s, and who proceeded to try to null-route that Usenet
news server’s address.

Of course, they picked a hostname out of the headers of the message in
question, and null-routed that. To no effect, since the users accessed
servers through SLB. Duh.

And since Usenet is a flood fill system, blocking the injecting host
isn’t sufficient anyways, since the article is instantly available at
every other Usenet site, including the other local servers. Double duh.

And since the subscriber’s account had already been closed and cancels
had been issued earlier in the day, the content wasn’t even on the
server anymore. Three duhs and Cogent’s out…

The annoying part was that Cogent decided at 2 *AM* in the morning
that this was a problem, and insisted on an answer within an hour.
I allocated a whole lot more time than that for reading several tiers
of management and sales the riot act. Not that it had any operational
impact whatsoever, but when a service provider starts implementing
arbitrary kneejerk “fixes” upon receipt of a complaint, that’s a bad
thing, and that seems like what may have happened here, too.

To be clear: I agree that a provider might not want to make a
distinction between a legitimate DMCA takedown and something that’s
not, but it is reasonable to limit oneself to the things required by
the DMCA. Null-routing a virtual web server’s IP and interfering
with the operation of other services is probably overreaching, at
least as a first step.


About joly

isoc member since 1995

Leave a Reply