What’s Behind The Unusual DMCA Notices From “Crowdstrike”?
[updated as of August 19, 2024]As systems began to reboot in the week following the — which brought down airplanes, emergency hotlines, and millions of computers around the globe — three strange copyright takedown notices quietly landed in Lumen’s database. Each alleged copyright infringement against a different cybersecurity firm, each attempted to get that firm’s site removed from Google’s search results, and all purportedly came from the same source: CrowdStrike.These notices raise potentially troubling questions: Why would CrowdStrike take the time to send a few copyright complaints — generic, sloppy ones at that — in the immediate aftermath of a global cyber-catastrophe? And if CrowdStrike wasn’t responsible, who sent the notices, and why?Besides their purported origin, something else that makes these notices odd is that they include no description of what was copied. Section 512(c)3 — the piece of US law defining the copyright takedown notice process — requires “identification of the copyrighted work claimed to have been infringed.” This makes sense: if Stephen King complained that someone’s website copied part of his novel, you’d need to know which novel before you could fix the issue or respond appropriately.The notices in question each allege copyright infringement at a URL belonging to a different cybersecurity company: one URL from Equate Group, one from Trend Micro, and one from Huntress. Only the Trend Micro page has anything to do with CrowdStrike, but it is simply comparing the services of the two companies, with no obvious copyright infringement. And since the notices don’t specify what was copied, it’s unclear what, if anything, these sites allegedly copied from CrowdStrike. Other reporting suggests that CrowdStrike may have been erroneously using DMCA takedowns to handle trademark violations — a different process entirely. Last week, that a company acting on behalf of CrowdStrike had attempted to get Cloudflare to stop hosting a parody site called “ClownStrike,” presumably because of the parody’s use of the CrowdStrike logo (a trademarked work). In a statement to Ars Technica, CrowdStrike acknowledged they had issued over 500 takedown notices after the outage, though they claimed parody sites were “not the target.” According to them, the notices aimed to “protect customers and the industry from phishing sites and malicious activity.” So perhaps the Huntress, Trend Micro, and Equate Group sites were using CrowdStrike’s logo and have since removed it. But those legitimate competitors — Huntress was recently valued at over $1.5 billion — hardly qualify as phishing sites, making the decision to send copyright takedown notices to deindex their URLs all the more perplexing, especially since these were DMCA notices, which cannot be used to bring trademark claims.Google does not seem to have de-indexed the sites as of this writing based on conducting test searches, but it is difficult to know for sure. (Google's covers only "requests to delist content from Search results that
may infringe on copyright.")
Or perhaps it was someone trying to make CrowdStrike look bad, or someone trying to get those URLs de-indexed and masquerading as CrowdStrike because of its recent fiasco. With the minimal detail in these notices, there’s really no way to know. Either way, the DMCA takedown process, in large part because of the scale and ease with which it is possible to send a notice, continues to have ample potential for errors and abuse.
[EDIT: This piece was updated on August 19, 2024 to include the detail that Google's Transparency Report covers notices sent regarding content in Google Search, but not for DMCA notices sent with respect to other Google products, such as Google Ads.]