Cloudflare’s CEO has threatened to pull the company out of Italy, and to withdraw free services it intends to provide to the Winter Olympic games, after the nation’s communications regulator slugged it with a fine equal to one percent of its annual revenue for violating anti-piracy regulations.
The core of this matter is Italy’s “Piracy Shield,” a law administered by Italy’s telecoms regulator, the Autorità per le Garanzie nelle Comunicazioni (AGCOM). Copyright holders can file a blocking request to AGCOM. If the regulator approves the requests, it uses an automated system to inform ISPs and other players that they must block access to certain IP addresses and not provide DNS services to domains suspected of facilitating piracy.
Piracy Shield’s most vocal supporters are Italy’s Serie A and Serie B football leagues, who want to stop pirate streams of matches they stage to preserve revenue. Other copyright holders also support the regulation.
On January 8, AGCOM announced it had asked Cloudflare to block some sites and that the company didn’t comply with its orders. The regulator therefore decided to fine Cloudflare one percent of its annual revenue, a little more than €14 million, which is more than double the company’s revenue derived from Italy.
Cloudflare CEO Matthew Prince isn’t happy.
In a strongly worded Friday Xeet, Prince labelled AGCOM “a quasi-judicial body” that administers a “scheme to censor the Internet” on behalf of “a shadowy cabal of European media elites.”
“No judicial oversight. No due process. No appeal. No transparency,” Prince wrote. “It required us to not just remove customers, but also censor our 1.1.1.1 DNS resolver meaning it risked blacking out any site on the Internet. And it required us not just to censor the content in Italy but globally. In other words, Italy insists a shadowy, European media cabal should be able to dictate what is and is not allowed online. “
Prince’s words aren’t entirely self-serving, because many have pointed out that shared infrastructure means bad actors and law-abiding operators can share the same IP address and DNS. Widespread use of network address translation, for example, means hundreds of users can share a single public-facing IP address. An IP address could also map to multiple fully qualified domain names (FQDNs), meaning the address piratefootball.bigcompany.com could have the same address as employeeportal.bigcompany.com. Blocking a single IP address or FQDN can therefore mean many others effectively disappear from the internet.
Cloudflare itself has pointed out that IP blocks can impact individual, and entirely innocent, netizens. Lest you think Cloudflare has acted in its own interests, know that independent researchers have reached similar conclusions, pointed out that it’s possible to evade Piracy Shield with a VPN or private DNS resolver, and criticized the system’s asymmetry on grounds that it requires ISPs to block resources within 30 minutes but operates an opaque and far slower appeal and removal process.
In his Xeet, Prince also labelled Piracy Shield “wrong for democratic values” and vowed to appeal the fine.
He then said Cloudflare might respond to the fine as follows:
The Winter Olympics start on February 6th, so if Cloudflare does pull the pin it will be mightily inconvenient for the event's tech team - and Prince said as much in his Xeet, which states he will inform the International Olympic Committee of "the risk to the Olympic Games."
The CEO also said he will bring the incident to the attention of the Trump administration.
“While there are things I would handle differently than the current U.S. administration, I appreciate @JDVance [vice-president JD Vance] taking a leadership role in recognizing this type of regulation is a fundamental unfair trade issue that also threatens democratic values. And in this case @ElonMusk is right: #FreeSpeech is critical and under attack from an out-of-touch cabal of very disturbed European policy makers.”
The CEO wound up his post by saying he agrees that Italy has the right to regulate within its own borders but must do so with due process and with requirements that don’t mean Cloudflare and others must block content for netizens beyond the nation’s borders.
“THIS IS AN IMPORTANT FIGHT AND WE WILL WIN!!!” he ALLCAPS-shouted to end his Xeet.
One response to Prince’s post came from Italian senator Claudio Borghi who pointed out that AGCOM is an independent regulator, the fine is therefore not a matter of policy, but said his party “will do our best to check if there has been any misunderstanding regarding the role of Cloudflare.”
“I can assure you that this case will be thoroughly reviewed in absolute fairness,” the senator wrote.
Prince responded that Cloudflare is “happy to engage in a dialogue to resolve these issues.”
“We don’t want piracy on our platform: it clogs our pipes and costs us money,” the CEO added. “We work with rights holders worldwide in cooperation to address it. Unfortunately, Italian authorities have been unwilling to engage. It would be unfortunate if the actions of a non-governmental body force us to pull the free cybersecurity services we offer out of the market, but we can’t stay somewhere unjust fines are more than 2x our annual revenue. Email me and we will be happy to engage. May cooler heads prevail.” ®
Source: The register