Will a Porn Website Sting Cloudflare for Contributory Copyright Infringement?

Cloudflare, the most notorious purveyor of internet peek-a-boo, 1 found itself back in Court again, this time on the receiving end of a lawsuit brought by porn website ALS Scan. 2 The allegations of the complaint are that by providing CDN services to 13 pirate websites, Cloudflare is guilty of contributory infringement of the copyrighted photographs of the Plaintiff.

The Plaintiff’s allegations are summed up by the Court as follows:

“According to Plaintiff, [Cloudflare’s] service allows consumers seeking to access a Cloudflare client’s website to retrieve the website’s content from the closest Cloudflare data center, rather than accessing the content from the primary host.  This purportedly results in a client’s website content loading twice as fast for website users, regardless of where the users are located.

In addition, the [Third Amended Compliant] alleges that Cloudflare’s DNS services “allow pirate sites and their hosts to conceal their identity from copyright owners. The domain registration information for some of the pirate sites . . . indicate that the sites reside on a Cloudflare server in Phoenix, Arizona. When presented with a notice of infringement, however, Cloudflare . . . refuses to disclose the identity of the primary host and site owner. In this fashion Cloudflare acts as a firewall protecting pirate sites and their hosts from legal recourse by copyright owners.” 3

ALS Scan claims it sent “numerous” notices to Cloudflare regarding the infringements being perpetrated by Cloudflare clients, but Cloudflare ignored the notices and continued to provide services to the pirate sites. 4

The Court, in a previous ruling, dismissed most of the case, but let the claim for contributory infringement stand.

“Plaintiff had plausibly pled secondary liability based on a material contribution theory. (Citation omitted) The Court reasoned that the FAC’s allegations that Cloudflare’s CDN services made it faster and easier for users to access infringing images, and that consumers seeking access to infringing images retrieved the images from the closest Cloudflare data center rather than the primary host, were sufficient to state a claim for material contribution under Ninth Circuit precedent.” 5

Cloudflare sought to have the remaining case against them tossed out of court. Cloudflare put forth two grounds:

  • Except for one website, all the pirate websites were locate outside the United States, so U.S. copyright law did not apply.
  • Cloudflare’s activities constituted fair use.

While it is true that U.S. copyright law has no “extra-territorial” force, what is happening here is a bit more complex than what the average ISP does. So, hold on tight, things are going to get mightily technical, both from the legal and computer points of view.

In order to speed up the response times, Cloudflare makes cache copies that are stored on their servers. These servers are scattered all over the globe. The idea is that a request from the computer back to the original website then gets processed through a Cloudflare server closest to the requesting computer. This extra copying is what potentially could send Cloudflare down for the count.

“Here, it is undisputed that cache copies of Cloudflare clients’ files are stored on Cloudflare’s data servers; it is also undisputed that some of those data servers are located in the United States. (citation omitted) It is also undisputed that those cache copies are the product of third parties’ decision to register and pay for Cloudflare’s caching service. Thus, to the extent cache copies of Plaintiff’s images have been stored on Cloudflare’s U.S. servers, the creation of those copies would be an act of direct infringement by a given host website within the United States.” 6

But aren’t cache copies normally exempt? Doesn’t this require extra steps, e.g. what the courts have called “volitional conduct”?

Again, it is the nature of Cloudflare’s services which puts them in a bind. Cloudflare is not just a “passive” host. It is actively engaged in speeding up the delivery time of the web content by caching the images in a server close to the recipient, while hiding the location of the source website. These are services for which Cloudflare charges, and the pirate websites willingly pay up.

“[T]he cases on which Cloudflare relies involve situations where the caching service (such as Cloudflare) itself is sued for direct infringement; they do not address whether the third party responsible for the infringing material can be liable for such copies. (citation omitted) [N]o court has actually held that cache copies that are transmitted and displayed to users are not infringing material; rather, the relevant case law holds that a caching service cannot be directly liable if it takes no volitional act to cause the copies to be made.” 7 (emphasis added)

“In other words, the infringing sites took the volitional step to pay for, and utilize, Cloudflare’s CDN servers. As such, the at-issue websites could be liable under U.S. copyright laws provided cache copies of their images were created and stored on Cloudflare’s domestic CDN servers.” 8

So, remember that Cloudflare is not being sued for direct infringement. It is being sued for contributory infringement. Cloudflare can be held secondarily liable if makes a material contribution to the infringing activity. 9

It was then up to the Plaintiff to bring forth sufficient evidence to defeat the Motion for Summary Judgement, namely that Cloudflare has made copies of the infringing material, and that those copies were made in the United States. This proved to be a troublesome task.

The Plaintiff initially submitted reports showing cache copies being made available by Cloudflare servers. However, none of them showed that the cache copies were made in the U.S. In fact, they showed that all the copies were made in Sydney, Australia. 10 The Plaintiff discovered that the reason for this was that the reporting company who generated the reports had all their media servers located in Hong Kong. Therefore, the closest and fastest delivery would have been from Cloudflare’s servers in Sydney. By switching firms with servers in the U.S., they were able to show 4 websites being cached out of Cloudflare servers in the U.S. This, in the mind of the Court, was a sufficient showing to defeat the summary judgement motion as to those four sites.

Unless of course, they’re fair use.

“[Cloudflare]…argue[s] that the cache copies created on Cloudflare’s CDN, even if they would otherwise be domestic infringement, are not actionable under the fair use defense.” 11

The problem is, this is not a case of direct infringement. This is a case of contributory infringement. So, in order for Cloudflare’s cache copying to be fair use, the websites that made the copies first, before passing them onto Cloudflare, had to be protected by fair use as well.

Needless to say, since these are pirate websites, a finding that these are illegal copies and not fair use is a foregone conclusion.

  • The copies are mirror image copies, not transformative, and were made for a commercial purpose. 12
  • The original works were artistic works created for “aesthetic value” (failing to mention, of course, that the images are porn) 13
  • The third factor does not weigh in favor of either party as “the function to which the images were put required full replication.” 14
  • “To allow the creation of cache copies on domestic servers would undoubtedly harm the market for Plaintiff’s images because it would enhance the infringing sites’ ability to reach users who would otherwise need to purchase access to the images from Plaintiff.” 15

So, with three out of four going against a fair use finding, no fair use for the pirates and no fair use for Cloudflare.

Cloudflare, therefore, goes to trial on the four images found to have been replicated in the U.S., as well as a fifth site which had its servers located inside the U.S.

The Judge has one more wrinkle to throw at Cloudflare, one that invokes one of the least asserted of the exclusive rights under 17 USC 106: the right of display.

The right of display doesn’t get asserted very often, because one who lawfully acquires a copy of the copyrighted work, has the right to display their one copy. Under the “First Sale Doctrine” section 109(c):

“Notwithstanding the provisions of section 106(5), the owner of a particular copy lawfully made under this title, or any person authorized by such owner, is entitled, without the authority of the copyright owner, to display that copy publicly…”

This makes total sense. I mean, if you paid millions of dollars for a Picasso painting, it would certainly defeat the purpose if you couldn’t show it to anybody.

But I digress.

The key to 109(c) is that the copy has to be “lawfully made under this title.” Certainly, the images on the pirate sites were not lawfully made. Cloudflare’s caching or retransmission does not suddenly make the copies “lawfully made.” This means they are infringing if shown on a computer in the U.S. 16

So, in addition to going to trial on the five websites where direct copying in the U.S. has been demonstrated, Cloudflare must now potentially go to trial on 13 websites where it was shown that at least one photograph owned by the Plaintiff was displayed on a computer in the U.S.

All of these theories of liability strike at the very heart of Cloudflare’s business model, namely, optimization of website performance and hiding the identities of the web site owners. And the potential liability could get worse.

If the pirate site in question was streaming, either video or audio, it would seem that this activity is akin to the display right. The performance then would occur at the location of the computer. If that computer was located in the U.S., then the theory of contributory liability would be the same. A few rulings supporting this theory would go a long way towards righting the scales of justice back into a state of equilibrium, and giving creators a chance against those who treat the internet as some golden machine that can do no wrong.


  1. Cloudflare: The “Now You See Me, Now You Don’t” of the Internet
  2. ALS Scan v. Cloudflare, Inc. et al CV 16-5051-GW (AFMx) Central District of CA, 2017 the document can be accessed at: https://torrentfreak.com/images/cloudpartial.pdf
  3. ALS Scan v. Cloudflare, Inc at 2
  4. ALS Scan v. Cloudflare, Inc at 2
  5. Id. at 2-3
  6. Id. at 11
  7. Id. at 13
  8. Id. at 14
  9. Id. at 2-3
  10. Id. at 15
  11. Id. at 19
  12. Id. at 22
  13. Id. at 23
  14. Id. at 24
  15. Id.
  16. Id. at 27

You can get my latest article in your email