CrowdStrike DMCA’d A Parody Site In Wake Of Update Outage
from the great-plan-people dept
As you will no doubt be aware, on July 19th cybersecurity company CrowdStrike did an oopsie in an update it pushed to its Falcon Sensor software that took down millions of computers around the world. The result was chaos, with everything from hospitals to airlines to banks impacted by computers and servers that went into bootloops. A rollback was performed, which fixed some of the problem, but there were still millions of machines in the public that suddenly became BSOD paperweights until a slightly more complicated fix was implemented by end users themselves. Financial damage as a result has been estimated at roughly $10 billion, while CrowdStrike’s stock fell by double digits. I heard one analyst on CNBC remark that the company’s lawyers wouldn’t be making it to the beach this summer, and maybe next summer either, so inundated with lawsuits would the company be.
The point is that CrowdStrike had a very, very bad time. And when a company is having a very bad time like this, they tend to go immediately into damage control. The most important part of that damage control, as anyone in crises PR will tell you, is to be open and honest about the mistake, help to correct the mistake, and generally try to be as forthcoming and understanding of the outrage the mistake produced as possible.
Or, if you’re CrowdStrike, you sic a third party on a parody website making fun of your mistake, issuing a DMCA over a trademark claim. That’s exactly what the company did to clownstrike.lol, an obvious parody site that made use of CrowdStrike’s logo, altered to include a clownish getup. David Senk created the site partly as a laugh, but also as someone who is critical of over-centralization within the technology industry.
Setting up the parody site at clownstrike.lol on July 24, Senk’s site design is simple. It shows the CrowdStrike logo fading into a cartoon clown, with circus music blasting throughout the transition. For the first 48 hours of its existence, the site used an unaltered version of CrowdStrike’s Falcon logo, which is used for its cybersecurity platform, but Senk later added a rainbow propeller hat to the falcon’s head.
“I put the site up initially just to be silly,” Senk told Ars, noting that he’s a bit “old-school” and has “always loved parody sites” (like this one).
It was all fun and games, but on July 31, Senk received a DMCA notice from Cloudflare’s trust and safety team, which was then hosting the parody site. The notice informed Senk that CSC Digital Brand Services’ global anti-fraud team, on behalf of CrowdStrike, was requesting the immediate removal of the CrowdStrike logo from the parody site, or else Senk risked Cloudflare taking down the whole site.
Okay, there’s a lot to unpack here, because there’s a ton that went wrong here. CrowdStrike has made some mention that there were several nefarious actors on the internet that were setting up websites making use of its logo in an attempt to take advantage of the outage. It was to combat that, according to the company, that led it to contract with CSC to issue these takedowns.
“As part of our proactive fraud management activities, CrowdStrike’s anti-fraud partners have issued more than 500 takedown notices in the last two weeks to help prevent bad actors from exploiting current events,” CrowdStrike’s statement said. “These actions are taken to help protect customers and the industry from phishing sites and malicious activity. While parody sites are not the intended target of these efforts, it’s possible for such sites to be inadvertently impacted. We will review the process and, where appropriate, evolve ongoing anti-fraud activities.”
But that is an excuse, not a valid justification. CSC is CrowdStrike’s contractor that issued a faulty DMCA notice on a parody site. It’s actions are essentially CrowdStrike’s actions and the company ought to remain far more focused on not fucking up a sizable percentage of the world rather than this sort of thing.
Also, a DMCA takedown notice for… trademark infringement? That isn’t the proper mechanism for trademark violations at all. DMCA notices are for copyright.
Corynne McSherry, a copyright expert and legal director of the digital rights group the Electronic Frontier Foundation, told Ars that even using an unaltered logo can fall under fair use.
“There’s plenty of ways in which you could use a logo, and it would still be clear parody and perfectly lawful,” McSherry said, while noting that “courts have confirmed that” CrowdStrike was obligated to consider that claiming the use is illegal, “because fair uses are, by definition, legal.”
Perhaps the biggest issue with CrowdStrike “inadvertently” targeting parody sites with DMCA takedown notices, McSherry said, is that the DMCA should not be used for trademark infringement disputes.
“It is not an appropriate use of the DMCA,” McSherry said. Further, CrowdStrike saying “that it’s inadvertent says it was a mistake. But what that also means is: we weren’t being careful before we used this process. That’s another problem.”
And then there’s Cloudflare’s process for all of this. It is notable that Senk very clearly understands more about his rights than the average person. As such, he immediately filed a counternotice… which was ignored. Instead, Cloudflare sent a second warning notice to Senk over the site, which Senk also counterclaimed. But, because he uses his Cloudflare account as part of his larger business, he elected to move the site to an overseas provider so as to not risk his account.
Despite his bad experience, Senk told Ars that because Cloudflare is “too big to ignore,” he plans to continue using the company’s services for his other professional work. One reason why he promptly moved ClownStrike off of Cloudflare was out of fear that the bogus takedown might terminate his account, which he uses to assist many clients who use Cloudflare. Senk suggested that Cloudflare owes its customers more consideration in these cases.
“Corporations, like Cloudflare, are so terrified of being sued, they’d rather forward bogus requests and take down legal content than apply any judgment and common sense to the requests,” Senk told Ars. “This is partly caused by the incredible centralization of these same tech giants; however, it should not excuse the behavior. If anything, they should be held to a higher standard because they are ‘giants.'”
It’s hard to disagree with any of that, honestly. The way the DMCA process is implemented is typically heavily in favor of the complaint as opposed to the content in question. And that’s even when the communication channels for counternotices work, as they clearly did not in this instance. Far too much collateral damage is incurred when companies like CrowdStrike carpet-bomb websites over its logos, incorrectly mind you, without taking into account the potential for fair use rights and the like.
As for CrowdStrike, maybe spend a bit more time shoring up your process for rolling out updates and you won’t have to accidentally take out parody sites making fun of you.
Filed Under: copyright, parody, takedowns, trademark
Companies: cloudflare, crowdstrike, csc
Comments on “CrowdStrike DMCA’d A Parody Site In Wake Of Update Outage”
Cloudflare is chill with Nazi’s, but doesn’t like a parody account.
Re:
Edi: Clownflare.
Re: Re:
Exactly. Some part of the company seems to be going in that direction.
Re:
The “free speech” crowd never can help telling on themselves, can they?
Reminds me if you combine Miku Cameras's bricky update and Warcraft Refunded
That $400 baby monitor that removed features that came out of the box now behind a subscription. Check. Before that, they pushed an update that bricked the system. Wonderful.
It also reminds me of Warcraft Refunded when it was launched in a buggy state, and denied access to the original warcraft 3. What if ActiBliz tries to take down the parody site?
Speaking of trying to use copyright over the use of trademarks, it does reminds me of how Jim Sterling got into when so-called “indie” “developers” who can’t take criticism as an answer and knew that youtube’s copyright system would refuse to take down his video so they went to an alternative route to try to silence him (source 2).
Oh and let’s not forget when Acerthorn try to do the same thing to SidAlpha, but he uses COPYRIGHT, not TRADEMARK, and embarrassingly tried to get it registered, but ultimately failed because it is a friggen blue-colored BEEHIVE pattern (as in, a grid of hexagon) behind a bland-looking font titled “AcerThorn” with italicized and underlined, that I believed you can recreate that in less than 5 minutes.
Obviously these are using trademark takedown on content that have no intention of confusing people thinking these content are by the mark owner. It is the sole purpose of just banning content and/or people for MENTIONING who that company/entity owning that mark to be criticized, or accused of. It is equivalent of beating someone up just because they point fingers at you.
Re:
For the video links, do you have links to textual evidence. I struggle to watch videos n the only environment available to me to do so.
Next stop: Posting a link to a patent at the PTO will get you a DMCA claim notice.
Clownflare versus Clownstrike?
Internet used to be decentralized.
Putting the legal issues in terms Crowdstrike can understand...
A problem has been detected and Windows has been shut down to prevent damage to your computer.
The problem seems to be caused by the following file: DMCA512F.SYS
COPYRIGHT_CLAIM_IN_NONINFRINGING_AREA
If this is the first time you’ve seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any usage of your copyrighted content is not authorized by you, your agent, or the law.
If this is something that could be arguably be fair use (such as criticism, educational use, or parody), you must consider if it is before proceeding.
If problems arise because this isn’t really a valid copyright claim, back down or fire any legal counsel who said this takedown request was a good idea. Continuing anyway opens you up to liability under section 512(f) of Title 17, U.S. Code.
If your customers need to use Safe Mode to remove or disable a Windows Signed Driver you assured your investors was 100% safe when it really wasn’t, re-evaluate your priorities and fix your own problems before taking down lawful parodies.
Technical information:
**** STOP: 0x00000451 (0x00001C3, 0x00000001, Ox00002121, 0xFFFFFFFF)
**** DMCA512F. SYS – Address FFFFFE3C base at FFFFDEDE, Datestamp 669a3667
Perfectly balanced
And then there’s Cloudflare’s process for all of this. It is notable that Senk very clearly understands more about his rights than the average person. As such, he immediately filed a counternotice… which was ignored. Instead, Cloudflare sent a second warning notice to Senk over the site, which Senk also counterclaimed.
Ah the perfectly balanced system that is the DMCA…
Ignore a DMCA claim? Congrats, you just opened yourself up to massive potential liability!
Ignore a counter-claim to a DMCA notice? Meh, no biggie, just send another claim.
Cloudflare is essentially a centralized gate keeper to much of the internet who uses disturbed (but still owned by them) resources. They also frequently and randomly DoS their own customers by refusing to allow access (to their customers sites) to agents[0] who do not capitulate to their demands (and they do so in a way that abuses some web standards).
Though in this narrow case their reaction to (bogus, since trademark isn’t a copyright issue) DMCA take downs is more or less in line with the industry (and incentivized by the law), they are one of the few organizations credibly capable of “enshitifying” large parts of the web.
[0] As in a web agent, software accessing a web resource. This may be an automated system, or it may be a human driven one.
To add insult to injury, CrowdStrike used AI in the QA of the patch and have ever since they laid off a few hundred of their QA people. I am certain AI was used in finding something out there to DMCA. Skynet, this AI is not, or is it?
Re:
AIQA: Box full of null looks legit for a kernel driver. Ship it.
Reminder: Crowdstrike’s stock is still up 58% year over year.
Crowdstrike AREN’T clowns. they’re malicious profiteers.
CEO and execs sold shares in the days before the update was pushed out. THEN ordered the update to go out, believing it would dip the share price slightly and they could buy back MORE shares than they started with.
The update was FAR worse than they feared, but they STILL bought the dip and when/if the share price rises they’ll make hundreds of millions.
Needs a full IRS audit of Crowdstrike for insider trading, malicious damage (because of the update they 100% knew would cause issues) etc.
seems to me that clownstrike should trademark the name in the comedy business and then sue crowdstrike for trademark infringement for becoming a joke.
To be fair, they were correct to ignore the 1st Rule of Holes, because the entire planet already knew they had fscked up.
Cloudflare did what wrong, exactly?
I’m not clear what Cloudflare is supposed to have done wrong here. It received a notice from a third party about one of its customers and… forwarded the notice to the customer? I mean, of course it did? Nothing in your story indicates Cloudflare ever took down Senk’s website, or threatened to do so. To the contrary, the fact that Cloudflare “sent” – I assume you mean, “forwarded” – “a second warning notice” implies the website remained up.
As for Senk’s counter-notice, the only purpose of a DMCA counter-notice is to get a service provider to restore content that’s been removed. Assuming Cloudflare hadn’t removed the website, saying it “ignored” Senk’s counter-notice seems inaccurate.
“And then there’s Cloudflare’s process for all of this…” Which was what? Informing Senk about Crowdstrike’s notices, then continuing not to remove his website? Senk’s vague complaint about how companies “like” Cloudflare tend to behave doesn’t, I note, actually say anything about how the company that is Cloudflare did behave.
If Cloudflare actually did take down Senk’s website, I’ll stand corrected. Basic journalistic standards, as I understand them, dictate checking.