NRA Complaint Takes Down 38,000 Websites
The NRA takes a shot at the Yes Men, hits the entire Surge publishing service.
38,000 websites hosted by the automated publishing service Surge went down today, after the National Rifle Association sent a legal notice over a parody website created by the Yes Men.
A few days ago, the Yes Men released the parody video, "Share the Safety"—announcing a supposed NRA program to deliver firearms into the hands of those too impoverished to afford guns.
The opening frame of the video says "Paid for in part by the National Rifle Association of America with additional support from Smith & Wesson Holding Corporation."
"Systemic poverty and dumb laws keep the urban poor unable to acquire life-saving firearms," says the video, which is available on YouTube. "That's why we at the NRA are teaming up with Smith & Wesson to share the safety." The YouTube description includes a link to the "official" website, ShareTheSafety.org.
ShareTheSafety.org currently looks like this:
Surge is a service that allows for easy web publishing of static web pages—think something along the lines of Wordpress, or github.io. The Yes Men apparently used the service to create their website.
As the late Senator Ted Stevens once said, the internet is a series of tubes. And in 2016, those tubes are mostly owned and controlled by a convoluted network of many different companies. A site might be published via Surge, but Surge itself is hosted via cloud computing provided by Digitalocean, and uses Cloudflare as a content distribution network.
According to a series of tweets from the Surge twitter account, the NRA sent a legal complaint to Cloudflare, which then forwarded it to Digitalocean. Surge responded "within 22 minutes." Digitalocean asked Surge to provide counterclaim documents. Some minutes later, Digitalocean shut down Surge.sh. According to Surge, 38,000 sites became unavailable.
Although Surge referred to "counterclaim documents," which sounds like part of the DMCA notice-and-takedown process, other sources say that the legal complaint sent by the NRA was not a DMCA notice, and was likely based on trademark law.
The Yes Men video does use NRA trademarks. If you are familiar with the Yes Men's work, I don't need to spell out why they would do that, or why it would be for a parodic purpose. (And for what it's worth, parodies are protected under trademark law.)
Novel forms of takedowns sent to upstream infrastructure providers are not exactly new. In 2015, Cloudflare fought off a court order that would have required them to police trademarks for the many, many sites they service.
For those seeking ad hoc censorship of parody and criticism, the advantages of turning to legal avenues outside the DMCA are obvious. The DMCA has its problems, but DMCA notice-and-takedown has one thing going for it: The process is well-established, with known rules and procedures, and dedicated and trained staff at companies adhering to said rules and procedures. As opposed to, like, being some whackadoodle legal theory transmitted via very scary letter.
There's a reason why the Yes Men video is still up on YouTube and why their Digitalocean-hosted, Cloudflare-distributed site is down. After over a decade of sparring with rights holders, YouTube has a robust team of employees whose job it is to deal with legal disputes over content. Maybe sometimes they still make the wrong calls, but the company has manpower and experience.
Services like Digitalocean might have dedicated teams handling DMCA notices, but employees might not be able to handle a more unusual variety of complaint. The NRA got Digitalocean to choke up and hit a panic button, sending 38,000 websites into purgatory.
Most of the Surge websites went back up around 3:30 PM PDT, but the Yes Men website is still unavailable—successfully censored, for now, by the National Rife Association.
Update: Digital Ocean sent a statement.
"We received notice on behalf of a trademark holder that a customer of DigitalOcean was hosting infringing content on our network. DigitalOcean immediately notified our customer of the infringement, and the customer was given a five day period to resolve the issue. The infringing content was not removed within the specified period even though several notifications were issued. Per DigitalOcean's terms of service, a final reminder was issued to our customer and, when no action was taken, access to the content was disabled. The infringing content was subsequently removed by the customer and all services were restored in less than two hours."