The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

Volokh Conspiracy

Forged Purported N.J. Attorney General Takedown Demand, in 3-D Printed Gun Case


Mike Masnick (Techdirt) reports:

[A] week or so ago … various 2nd Amendment groups, including the somewhat infamous Defense Distributed (makers of 3D printer files for firearm components) filed a lawsuit, seeking an injunction against New Jersey's Attorney General, Gurbir Grewal, arguing that he had sent an unconstitutional takedown letter to Cloudflare, which was the CDN service that Defense Distributed was using for its website

In theory, this was setting up an important potential 1st Amendment case. But, on Tuesday, something unexpected happened. The State of New Jersey showed up in court to say no one there actually sent the takedown—and that they believed it was forged, and sent via a proxy service in the Slovak Republic. Really.

Here's an excerpt from the letter:

The Attorney General's Division of Criminal Justice (DCJ) has concluded that a key document supporting Plaintiff's TRO application—a "takedown notice" purportedly sent by DCJ to CloudFlare, Inc., which hosts one of the plaintiff's websites,—was not in fact issued by DCJ, and appears to have been issued by some entity impersonating the Attorney General's Office. We are including a certification that details our office's investigation so far. In addition, we have referred the matter to the U.S. Attorney's Office for the District of New Jersey….

In an effort to determine who, in fact, issued the notice, DCJ assigned two investigators to review the matter, who obtained the IP address of the device used to submit the notice to Cloudflare, and learned that the IP address is associated with a server located in the Slovak Republic. This IP address is not connected to DCJ, nor would DCJ use this type of proxy server for routine communications with third parties….

Mike Masnick adds, more generally:

There are, of course, some larger issues here. As we've noted for years and years and years—mainly with regard to the DMCA notice-and-takedown process—when you have a process that allows for notice and takedown it will get abused. Widely and continuously. Expanding notice and takedown to other arenas only means it will get abused more and more, and the abuse will become increasingly sophisticated.

We should be especially concerned about things like the EU's Terrorist Content Regulation, which will not only deputize random law enforcement officials to send such takedowns to various platforms, but also mandate that platforms takedown any such content within one hour of the notice being sent. If you don't believe that process won't be abused in a similar manner to what we see above, you have not been paying attention. Giving people tools for censorship will lead to censorship, and often it will be done in very surreptitious ways.

We should be extra careful about enabling more such activity under the false belief that only the "good guys" will use such powers, and that they will only use them for good.

Cloudflare has more.