CrowdStrike DMCA’d A Parody Site In Wake Of Update Outage
As you will no doubt be aware, on July 19th cybersecurity company CrowdStrike did an oopsie in an update it pushed to its Falcon Sensor software that took down millions of computers around the world. The result was chaos, with everything from hospitals to airlines to banks impacted by computers and servers that went into bootloops. A rollback was performed, which fixed some of the problem, but there were still millions of machines in the public that suddenly became BSOD paperweights until a slightly more complicated fix was implemented by end users themselves. Financial damage as a result has been estimated at roughly $10 billion, while CrowdStrike’s stock fell by double digits. I heard one analyst on CNBC remark that the company’s lawyers wouldn’t be making it to the beach this summer, and maybe next summer either, so inundated with lawsuits would the company be.
The point is that CrowdStrike had a very, very bad time. And when a company is having a very bad time like this, they tend to go immediately into damage control. The most important part of that damage control, as anyone in crises PR will tell you, is to be open and honest about the mistake, help to correct the mistake, and generally try to be as forthcoming and understanding of the outrage the mistake produced as possible.
Or, if you’re CrowdStrike, you sic a third party on a parody website making fun of your mistake, issuing a DMCA over a trademark claim. That’s exactly what the company did to clownstrike.lol, an obvious parody site that made use of CrowdStrike’s logo, altered to include a clownish getup. David Senk created the site partly as a laugh, but also as someone who is critical of over-centralization within the technology industry.
Setting up the parody site at clownstrike.lol on July 24, Senk’s site design is simple. It shows the CrowdStrike logo fading into a cartoon clown, with circus music blasting throughout the transition. For the first 48 hours of its existence, the site used an unaltered version of CrowdStrike’s Falcon logo, which is used for its cybersecurity platform, but Senk later added a rainbow propeller hat to the falcon’s head.
“I put the site up initially just to be silly,” Senk told Ars, noting that he’s a bit “old-school” and has “always loved parody sites” (like this one).
It was all fun and games, but on July 31, Senk received a DMCA notice from Cloudflare’s trust and safety team, which was then hosting the parody site. The notice informed Senk that CSC Digital Brand Services’ global anti-fraud team, on behalf of CrowdStrike, was requesting the immediate removal of the CrowdStrike logo from the parody site, or else Senk risked Cloudflare taking down the whole site.
Okay, there’s a lot to unpack here, because there’s a ton that went wrong here. CrowdStrike has made some mention that there were several nefarious actors on the internet that were setting up websites making use of its logo in an attempt to take advantage of the outage. It was to combat that, according to the company, that led it to contract with CSC to issue these takedowns.
“As part of our proactive fraud management activities, CrowdStrike’s anti-fraud partners have issued more than 500 takedown notices in the last two weeks to help prevent bad actors from exploiting current events,” CrowdStrike’s statement said. “These actions are taken to help protect customers and the industry from phishing sites and malicious activity. While parody sites are not the intended target of these efforts, it’s possible for such sites to be inadvertently impacted. We will review the process and, where appropriate, evolve ongoing anti-fraud activities.”
But that is an excuse, not a valid justification. CSC is CrowdStrike’s contractor that issued a faulty DMCA notice on a parody site. It’s actions are essentially CrowdStrike’s actions and the company ought to remain far more focused on not fucking up a sizable percentage of the world rather than this sort of thing.
Also, a DMCA takedown notice for… trademark infringement? That isn’t the proper mechanism for trademark violations at all. DMCA notices are for copyright.
Corynne McSherry, a copyright expert and legal director of the digital rights group the Electronic Frontier Foundation, told Ars that even using an unaltered logo can fall under fair use.
“There’s plenty of ways in which you could use a logo, and it would still be clear parody and perfectly lawful,” McSherry said, while noting that “courts have confirmed that” CrowdStrike was obligated to consider that claiming the use is illegal, “because fair uses are, by definition, legal.”
Perhaps the biggest issue with CrowdStrike “inadvertently” targeting parody sites with DMCA takedown notices, McSherry said, is that the DMCA should not be used for trademark infringement disputes.
“It is not an appropriate use of the DMCA,” McSherry said. Further, CrowdStrike saying “that it’s inadvertent says it was a mistake. But what that also means is: we weren’t being careful before we used this process. That’s another problem.”
And then there’s Cloudflare’s process for all of this. It is notable that Senk very clearly understands more about his rights than the average person. As such, he immediately filed a counternotice… which was ignored. Instead, Cloudflare sent a second warning notice to Senk over the site, which Senk also counterclaimed. But, because he uses his Cloudflare account as part of his larger business, he elected to move the site to an overseas provider so as to not risk his account.
Despite his bad experience, Senk told Ars that because Cloudflare is “too big to ignore,” he plans to continue using the company’s services for his other professional work. One reason why he promptly moved ClownStrike off of Cloudflare was out of fear that the bogus takedown might terminate his account, which he uses to assist many clients who use Cloudflare. Senk suggested that Cloudflare owes its customers more consideration in these cases.
“Corporations, like Cloudflare, are so terrified of being sued, they’d rather forward bogus requests and take down legal content than apply any judgment and common sense to the requests,” Senk told Ars. “This is partly caused by the incredible centralization of these same tech giants; however, it should not excuse the behavior. If anything, they should be held to a higher standard because they are ‘giants.'”
It’s hard to disagree with any of that, honestly. The way the DMCA process is implemented is typically heavily in favor of the complaint as opposed to the content in question. And that’s even when the communication channels for counternotices work, as they clearly did not in this instance. Far too much collateral damage is incurred when companies like CrowdStrike carpet-bomb websites over its logos, incorrectly mind you, without taking into account the potential for fair use rights and the like.
As for CrowdStrike, maybe spend a bit more time shoring up your process for rolling out updates and you won’t have to accidentally take out parody sites making fun of you.