Our FOIA Lawsuit Gets Results: ICE Admits It Didn't Really Seize A Million 'Copyright Infringing' Domains
from the the-case-is-over dept
Earlier this year, we sued ICE over its failure to provide relevant documents in response to a FOIA request we had made late last year. Late last week that lawsuit came to an end, after we agreed to dismiss it after ICE finally handed over the documents we had requested, which should have supplied last year. What we have now learned is that ICE didn't even bother to look in the proper place for the documents, and (not surprisingly) that once they handed over the documents, they reveal that ICE's legally-confused, bragging press release about all the domains it had seized... was not even remotely accurate. Perhaps that's why ICE didn't want to share the details with us or anyone else.
First, a bit of history. For years we've been calling out ICE for the very questionable practice of seizing websites for large companies in response to claims of possible copyright infringement. Indeed, First Amendment case law makes it pretty clear that law enforcement can't shut down an entire bookstore or an entire publication just because there is some possibly illegal content within that publication or store. Yet, ICE seemed over-eager to seize lots of websites and grandstand about it. In following up on those cases, we've shown that ICE made serious mistakes, often relying on claims from industry partners, such as the RIAA, without any actual evidence. This resulted in things like ICE quietly returning a hip hop blog it had seized and held for over a year (including engaging in secret proceedings before a judge that even the site's lawyer was blocked from learning about), admitting that it had no evidence for the seizure. In another case, it returned another hip hop blog five years after seizing it, without ever presenting any evidence for why it seized the site.
So we were confused and amazed last fall when ICE put out a ridiculous press release again hyping up its efforts to seize websites, claiming that over 1 million domains had been seized. The press release was written in a confusing and legally nonsensical manner, frequently confusing the difference between copyright and trademarks -- which is pretty shocking for a supposed law enforcement agency. For example, it talks about seizing "a copyright-infringing website offering counterfeit integrated sensors." Counterfeiting is a trademark issue, not a copyright one.
Because of this, we filed a FOIA request, seeking the list of the "over a million websites" the press release claimed were seized under Operation In Our Sites, and also requested the communications with the various "high-profile industry representatives" that the press release stated helped ICE with these seizures. ICE responded (late) that it couldn't find any such records, despite multiple requests and an appeal, leading us to sue. As we noted during our appeal, it "strains credulity to believe, and it is impossible to accept, that ICE doesn't have a single record related to the names of domains it had just seized."
After many months, ICE has finally explained why it failed to find any records, and provided what records it does have (with some mostly silly redactions). Let's start with the reason why it couldn't find any records. According the declaration of Toni Fuentes, in the ICE FOIA office, they didn't bother to look in the part of ICE that ran the program and issued the press release. ICE is broken up into various "offices" including "the IPR Center" which focuses on intellectual property issues. However, the ICE FOIA office decided that other parts of ICE were the places to look.
Upon receipt of a proper FOIA request, the ICE FOIA Office will identify which program offices, based on their experience and knowledge of ICE’s program offices, within ICE are reasonably likely to possess records responsive to that request, if any, and initiates searches within those program offices. Once the ICE FOIA Office determines the appropriate program offices for a given request, it provides the POCs within each of those program offices with a copy of the FOIA request and instructs them to conduct a search for responsive records. The POCs then review the FOIA request, along with any case-specific instructions that may have been provided, and based on their experience and knowledge of their program office practices and activities, forward the request and instructions to the individual employee(s) or component office(s) within the program office that they believe are reasonably likely to have responsive records, if any....
[....]
The ICE FOIA Office determined that because of the subject matter of Plaintiffs’ FOIA Request, HSI and OPA were the offices likely to have responsive records. The ICE FOIA Office instructed HSI and OPA to conduct a comprehensive search for records and to provide all records located during that search to the ICE FOIA Office for review and processing.
Notice that the IPR Center is not one of the offices searched, even though it was the office that issued the press release in question and is directly named in the press release. OPA makes at least a bit of sense, because it handles ICE's interactions with the media, so would likely have helped in reviewing the press release -- but would be unlikely to have the records we were requesting. HSI handles "investigations" for the Department of Homeland Security, and was mentioned in the press release as helping to take down a single website. After the FOIA office handed off the task to HSI, apparently a few special agents did somewhat random and haphazard searches of their own emails and turned up nothing.
Within C3, one Special Agent conducted a search of his computer and Outlook using the term “IPR” and “ICE IPR Center” based upon the press release provided by the Plaintiffs and his subject matter expertise. No records responsive to the request were located. One Special Agent conducted a search of his computer and Outlook using the terms “seized” and “website” based upon the press release provided by the Plaintiffs and his subject matter expertise. No records responsive to the request were located. One Special Agent conducted a search of Outlook using “Operation In Our Sites” based upon the press release provided by the Plaintiffs and his subject matter expertise. No records responsive to the request were located.
And here's the key part. That last agent suggested that maybe ICE should be asking the IPR Center to respond... but no one did anything about it:
However, this Special Agent did note on the returned search form that he believed the IPR Center may have responsive records. However, the IPR Center was not tasked to conduct a search at this administrative level and on February 19, 2019, the ICE FOIA Office notified the Plaintiffs that no responsive records were located.
Eventually, much, much later, someone finally gave the FOIA request to the "program manager" for Operation In Our Sites within the IPR Center, and that person found 75 pages, which were only given to us months after we sued (amusingly, the Fuentes declaration has some fun with the timelines, in suggesting that the IPR Center was told to do this search long before we sued, and then stops providing dates, such as the fact that they didn't give us these documents until months after we sued. The 75 pages, combined with the Fuentes declaration above, reveal that the ICE press release was a total joke and a complete exaggeration. First off, most of what happened had nothing at all to do with ICE. At best it was taking credit for seizures done by Europol, Interpol and various police agencies, as well as common every day takedown notice sent by various companies, which it appears ICE included in its numbers.
ICE further provided that of the websites that were criminally seized, the majority of them were seized by Europol, Interpol and police agencies from 26 different countries and that these partners did not share the domain names of those websites with ICE. Further, in regard to the remaining domain names, other industry partners were involved in the seizure of those websites and did not provide the domain names of those websites to the IPR Center. Lastly, ICE was not involved with and does not have any records relating to, any court filings relating to the seizure, civilly or criminally, of domain names.
Indeed, despite the press release clearly indicating that ICE was the one filing court cases -- including criminal cases -- to seize these domains, ICE admitted directly to us "ICE wasn't involved in the filing of any court documents."
So, what was included in those 75 pages? What appears to be nothing more than a PR campaign to allow ICE to puff up fake seizures of websites in advance of the press release it wanted to put out in association with Cyber Monday last year. The Program Manager of Operation In Our Sites apparently just emailed a bunch of big name retailers asking for stats:
Good afternoon,
I am sending this email as a reminder that Operation Cyber Monday 2018 will be concluding in a little over a month. I am hoping you can send me your statistic on the number of infringing websites and E-Commerce links that your company has civilly seized/taken down by COB November 16, 2018.
Lumping together "civilly seized/taken down" does a lot of heavy lifting in making this effort seem like a much bigger deal than it is. As the details we'll show below make pretty clear, by asking for "civilly seized" and "taken down" as a single number, ICE gets to pretend that sites were seized using civil seizure procedures (for which there would be legal paperwork), when they're mostly just taken down thanks to standard everyday takedown notices.
The various companies then responded, giving a wide range of results -- most of which appear to just be them getting various e-commerce sites (it appears to mainly be eBay/Alibabba/Amazon and some other market sites) and social media sites to remove links to what they claim are counterfeit products. Amusingly, in some of the emails, "Operation Cyber Monday" is redacted. In others, where it's the exact same email, it is not. Just last week, after we raised questions about a bunch of the redactions, ICE gave us a "supplemental" response, in which it changed some of the reasons for some of the redactions and removed all of the redactions on the phrase "Operation Cyber Monday 2018" which never should have been redacted in the first place.
What remains redacted is mainly who the companies are and which people at the companies are engaged in this effort to shut down websites and e-commerce links. Most rely on either (b)(6) or (b)(7)(c) redactions, both of which are for "unwarranted invasion of the personal privacy" while a few (b)(7)(d) redactions remain. Those are especially odd as that's for disclosing "the identify of a confidential source." It is difficult to see how these individuals should be considered confidential sources.
Also, for what it's worth, while the names of the companies that participated in this charade are technically redacted, with a little sleuthing, it is not that difficult to figure out who most of them are. In digging into the details, we've identified a variety of clothing/footwear/accessory companies, including Chanel, Abercrombie & Fitch, Victoria's Secret, Burberry, Under Armour, and Nike. It is unclear why ICE sought to keep those names secret, except that in the Fuentes declaration, it is admitted that these companies only agreed to participate in this propaganda campaign in exchange for anonymity and that they not be named as partners:
Each of the companies whose name and/or address has been withheld under Exemption 7(D) provided information to ICE to assist in a federal criminal law enforcement investigation under an expressed promise that ICE would not reveal to the public that they participated in this Operation. If released, foreseeable harm would result to both the companies that provided the information under the promise of confidentiality and to ICE, who relies upon the information these companies provide during the course of their law enforcement operations.
This seems highly questionable. We wouldn't go about releasing names of sources that would result in real harm, but it's difficult to see how revealing that Nike or Victoria's Secret have worked with ICE to take down Chinese links selling counterfeit merchandise does any harm to the continued efforts to find and take down counterfeit offerings. It seems the only "harm" would be some level of embarrassment to the companies for teaming up with ICE at a time when many consider ICE to be kind of toxic. But embarrassment to a brand over its associations is not a legitimate reason to withhold their names.
Even more to the point, from everything given to us, the claim that this somehow harms ICE's "law enforcement operations" is equally ridiculous, since ICE admitted that it didn't do any law enforcement operations here. It just asked everyone to tell them what they had gotten taken down so it could hype its own "participation."
As for the claim that over a million sites were seized -- that number seems to come almost entirely from one participant (the one company whose identity we couldn't backtrack, unfortunately), which claimed that it, alone, had been able to get 1,168,543 "unique host site URLs" offline. This company seemed particularly active in taking down sites, but no further details are given:
Indeed, this number is so out of sync with all of the other numbers, that it makes you wonder if the 1 million number is actually unique URLs or if they actually mean something else, like social media links or something. None of the others come anywhere near this number, and many are are just a few hundred or a few thousand links. Without this one unnamed company, there is no "1 million sites" that ICE can claim for itself (despite not doing anything). Also, it is clear that those sites were "taken down" and not "seized."
Nearly all of the other ones show very few websites taken offline, with most of the focus being on e-commerce sites listing counterfeits or social media posts showing the same. So, for example, this appears to be Chanel's list, which had the second most sites taken down at 13,657, though many more market and social media listings:
And here's Abercrombie & Fitch who "submitted" 726 websites.
What appears to be Victoria's Secret reported just 8 websites that it got "removed."
What appears to be Burberry took down just under 600 "infringing websites."
What we believe is Under Armour provided the most detail in their response in taking down 211 websites, though it sounds as though it was mostly just talking to Shopify, which helped them takedown websites offering counterfeit goods, rather than "seizing" the sites as the whole operation press release suggested:
And, finally, what is likely Nike took down just under 2,000 websites and a small number of Facebook and Instagram links but helpfully highlighted how many estimated "followers" it removed. But also the person from Nike "look[s] forward to continuing to work with you and figuring out ways to expand on our current partnership."
All in all, it seems like this is mostly these companies finding counterfeit sellers and getting those links taken down, mostly by going to intermediaries and asking for them to be shut down. That seems mostly reasonable, though there is always the risk of false accusations and legitimate sites and sellers being shut down. However, the key here is that ICE's boastful press release, in which it couldn't tell the difference between copyright and trademark, appeared to a bunch of nonsense, taking credit for the work that these companies had done in asking for various links to be removed -- and hyping it up as if these had been "seized" by the government.
All in all we're glad that ICE finally provided this information, though it shouldn't have required a lawsuit to make it happen. It does seem to show, as we expected, that ICE was exaggerating what was happening, and certainly exaggerating and playing up its own role in these "seizures" (most of which appeared to be takedown requests that ICE had nothing to do with). Special thanks to the team at Cause of Action, a non-profit focused on transparency and accountability in government, for representing us in this litigation.
In the meantime, since we're just weeks away from Cyber Monday 2019, we're curious to see if ICE makes another one of these announcements. At the very least, we hope this year they figure out the difference between copyright and trademark. Even better would be to just come out and admit that what they're exaggerating as some sort of legal/judicial process is really just a bunch of companies sending takedown notices that have nothing to do with ICE. Or, best case, maybe ICE gives it a rest this year. Somehow I doubt it will.
Filed Under: copyright, counterfeits, dhs, domain seizures, foia, ice, ipr center, trademark
Companies: abercrombie & fitch, burberry, chanel, nike, under armour, victoria's secret