HACKER Q&A
📣 throwaway19421

How to handle a DMCA request as small network provider


Hi there,

I run a small business that provides network services for game servers and small websites. We're similar to Ngrok, but much smaller.

I've started receiving informal DMCA take down requests from a large company over email. I've forwarded the request to the user hosting the content but they claim they are not hosing copyrighted content. I only provide networking services and their content is behind a self hosted login. Because of this I have no way to verify if there is actually copyrighted content being infringed.

I'm not sure what to do. My thought is to request the big company make a formal DCMA take down request and I will comply with it. Is that going to cause my a huge headache? Do I need to talk with a lawyer? Should I just bow down to the big company and do what they ask? I don't want our users to host copyrighted content but I also don't want to shutdown small websites because a big company thinks they're doing something wrong. The user is on our free tier if that matters at all.

Thanks for reading, hopefully you have some wisdom to share.

informal: They don't include all the required details listed here: https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act#Notice_from_copyright_owner

  👤 iSloth Accepted Answer ✓
You’ve done the right thing proxying the request back to your client.

As a basic example I’d read how GitHub manage DCMA and follow a similar process - I.e. validate the request has enough detail, pass back to your client for action/response, and act accordingly.

More often than not a lot of DCMA requests are fair too vague and lacking detail you can simply reject them, based on my experience at least.

https://docs.github.com/en/site-policy/content-removal-polic...

👤 manv1
I used to run a VPN service, and at the time the only legal requirement was that you register your DMCA contact and that you make a best-effort attempt to deliver the request.

I forwarded those requests to the user's email address if the user was identifiable, but since I didn't track anything I couldn't really deliver them. That was it.

You might want to check what the law actually says. I don't think there's a lot of case law around DMCA requests yet so the shape of the law probably hasn't changed much, but I don't pay attention to it so I'm probably wrong.

👤 bombcar
The only correct answer is talk to a lawyer about the responses necessary for a correct, formal DMCA request.

Also speak to your providers, they're going to get the same ones shortly.