How a broken copyright law became the internet’s most effective tool for anonymous competitive sabotage — and nine ways Congress could fix it (if they wanted to).
Imagine you wake up one morning to find that your website, your YouTube channel, or your OnlyFans page have been gutted. Content you created with blood, sweat, and tears, content that you own, content that pays your mortgage, is just *poof*. Gone.
Not because you did anything wrong. Simply because a stranger (or someone you know!) filled out a form, clicked submit, and the platform holding your work decided that was enough to remove your content.
No verification. No burden of proof. Not even a phone call to give you a heads up. And you’re not even allowed to know who did it.
Welcome to the creator economy in 2026 where this is happening to people on a regular basis, all thanks to the Digital Millennium Copyright Act (DMCA).
The DMCA was signed into law in 1998, the same year Google was founded, eleven years before OnlyFans as a concept even existed. The law’s famous “safe harbor” provision was designed to protect platforms from liability for user-uploaded content, as long as they responded to takedown notices. It was a reasonable framework for its era. That era is over.
Now, the law is so structurally broken that it has quietly become one of the most effective tools for anti-competitive sabotage on the internet. And the people abusing it aren’t even trying to hide it anymore.
This is the DMCA’s least-discussed design flaw: not that takedowns happen, but that they happen anonymously, instantly, at scale, with no verification required and no meaningful consequences for abuse. For independent digital creators, many of whom depend entirely on search visibility to reach paying subscribers, this isn’t a theoretical policy problem. It is an existential one.
Pull up the Lumen Database, the public repository where Google logs DMCA takedown notices. The goal of Lumen is to collect and study online content removal requests.
Though their goal is allegedly to promote transparency on these notices, they aren’t really able to because Google usually only shares notice details — not the requestor’s name or contact information. So even if Lumen wanted to share that information, they don’t have.
For What do they have? Pull up the Lumen database and search for a notice like #78071520. What you’ll find is someone listed as “DMCA Manager.” No company name. No individual. No verifiable identity whatsoever. All other identifying information is either redacted or was never required in the first place. The only concrete data point is a country of origin, which can be spoofed to any location on earth using a VPN.
That’s it. That’s the paper trail.
What makes this more than just an anonymity problem is what that single form submission can accomplish. A fraudster using a generic identity like “DMCA Manager” can file thousands of takedown notices in a single session. Because Google’s response to any DMCA notice is immediate deindexing, every one of those notices removes a competitor’s page from search results within hours. Everyone is treated as guilty until proven innocent, and their content is vanished from the internet for a minimum of 14 days.
And because Google holds a court-confirmed monopoly on search, being removed from Google search results is, for most practical purposes, being removed from the internet entirely.
The asymmetry here is breathtaking. A bad actor willing to commit fraud can delete thousands of a competitor’s pages from Google search results with nothing more than anonymous form submissions. An honest publisher who refuses to commit fraud has no equivalent weapon and no immediate recourse. By the time a victim successfully contests even one fraudulent takedown (a process that takes at least 14 business days), the fraudster has had two uninterrupted weeks to file thousands more. There is no ceiling on how many notices a single anonymous filer can submit.
The fraud is further camouflaged by design. When a fraudster buries their filings under a generic name shared by thousands of other notices, any pattern of abuse disappears into the noise. There is no mechanism by which a victim, a platform, or a regulator can look at the data and say: this entity has filed ten thousand notices and lost nine thousand counter-notices. The anonymity doesn’t just protect the fraudster. It actively prevents the pattern from being visible.
Creators who have professional representation are catching this problem. Many are not.
“My agent brought these fake reports to my attention — I didn’t even know this could happen,” says Kayla, a top 1% OnlyFans creator. “I was shocked. It’s almost as bad as finding out you’ve been leaked. Other creators who don’t have agency representation lose traffic to their pages and have no idea why it’s happening or what to do.”
That last sentence deserves to sit for a moment. Creators without representation, which is the majority of content creators, are watching their traffic collapse and have no framework for understanding why. The mechanism of attack is invisible to them. They see the symptom. They never see the cause.
For those who do figure it out, the road to remediation is its own punishment. Matt M., a top creator agency owner, describes the operational reality: “We lose time and money fighting these bogus claims. In the end, it’s the creator who suffers. Some of them have been manipulated into paying for takedowns to protect their brand. What really happens is they lose access to the promotion they’re paying for from ad networks, so they’re effectively paying twice and losing traffic. I don’t blame the creators for this — these scammers make it sound like they’re some kind of intellectual property lawyer protecting the creator against theft.”
The scam within the scam: fraudulent filers aren’t just hurting creators through false takedowns. They’re also creating a secondary market for “protection” that extracts money from the very people being victimized. It is, in structure, indistinguishable from a protection racket.
None of this is accidental. The DMCA’s notice-and-takedown system was designed to make it easy to remove infringing content. It succeeded, but at the cost of building a nearly frictionless system for abuse. The law’s Section 512(f) technically allows victims of bad-faith takedowns to sue for damages, but courts have interpreted it so narrowly, as seen in decisions like Rossi v. MPAA and Lenz v. Universal, that it is functionally useless. The standard requires proving that a filer knowingly misrepresented their claim; subjective good faith is enough to escape liability even when a claim is objectively absurd.
In practice, filing a fraudulent DMCA notice carries no criminal risk, no civil risk worth calculating, and costs nothing. The incentive structure is perfectly engineered for abuse.
The fixes are not complicated. They have been discussed in policy circles for years and consistently blocked by the entertainment industry lobbying. Here is what reform actually looks like:
1. Make fraudulent filings genuinely costly. This is the biggest one. As mentioned above, Section 512(f) technically allows targets of bad-faith takedowns to sue for damages but this section is virtually useless thanks to the standard set by the Ninth Circuit in Rossi v. MPAA and reinforced in Lenz v. Universal. Those decisions basically say that a filer only violates 512(f) if they knowingly misrepresent their claim, and “subjective good faith” is enough to avoid liability even if the claim is objectively ridiculous. Congress could flip this by making the standard objective rather than subjective. If a reasonable person would have known the claim was bogus, you’re liable. They could also add statutory damages for fraudulent filings (similar to how copyright infringement itself carries statutory damages), so victims don’t have to prove exact financial harm to recover. Right now the cost-benefit calculation for abusers is completely lopsided: filing a fraudulent takedown costs nothing and has no consequences, while fighting one costs time, money, and lost revenue.
2. Require verification of copyright ownership before processing. The law currently says the notice must include a statement under penalty of perjury that the filer is authorized to act on behalf of the copyright holder, but critically, the perjury statement only applies to the authorization claim, not to the infringement claim itself. That’s an absurd loophole. Congress could simply extend the perjury standard to cover the entire notice, including the assertion that infringement is actually occurring. That single change would make fraudulent filers criminally liable rather than just civilly liable.
3. Create a “notice and review” option alongside “notice and takedown.” Right now, the process is brutally binary: content disappears first and questions get asked never, with platforms defaulting to immediate removal because the safe harbor incentive structure rewards speed over accuracy. A middle path, where certain categories of content are held pending brief review rather than auto-removed, without the platform losing safe harbor protection, would fundamentally rebalance that calculus. This reform is especially overdue for search engine deindexing, where the so-called “infringing content” isn’t even hosted on Google’s servers. It is a link. Removing it instantly, before any verification of the underlying claim, treats a URL like a live grenade when it is, at most, a question mark.
In a sense, Congress could make room for a verified publisher whitelist: trusted publishers with a documented compliance track record receive “notice and review” treatment because they’ve earned the presumption of legitimacy. Known piracy operations and anonymous filers get “notice and takedown,” because they haven’t. The whitelist transforms what is currently a blunt, one-size-fits-all instrument into something that actually reflects the difference between a publisher and a pirate — a distinction the current law, remarkably, doesn’t bother to make.
4. Shorten the counter-notice restoration timeline. The current 10-14 business day waiting period is arbitrary and punitive. A 3-5 business day timeline is more appropriate, with immediate restoration upon counter-notice unless the complainant obtains a temporary restraining order. If a copyright holder can’t get a TRO within a few days, their claim probably doesn’t justify keeping the content down.
5. Establish a small claims or administrative review process. Right now, the only recourse for a fraudulently targeted party is federal court, which is expensive and slow. Congress could create a streamlined administrative process, something like the Copyright Claims Board established under the CASE Act in 2020, specifically for DMCA disputes. A low-cost, fast-track tribunal where targets of abuse can challenge takedowns and seek damages without hiring expensive litigation counsel would dramatically change the incentive structure.
6. Require platforms to track and act on abuse metrics. Congress could mandate that platforms track takedown accuracy rates by filer and implement escalating consequences, such as slower processing, required human review, and suspension of filing privileges for filers whose notices are frequently challenged or found to be inaccurate.
7. Add asymmetric bonding or fee-shifting for high-volume filers. If you’re filing thousands of takedown notices a month, Congress could require you to post a bond or escrow that gets forfeited if your notices are found to be fraudulent above a certain threshold. This wouldn’t affect legitimate copyright holders like movie studios or record labels whose claims are overwhelmingly valid, but it would make the economics of mass fraudulent filing untenable. Alternatively, mandatory fee-shifting in 512(f) cases where the losing party pays the winner’s legal costs would accomplish something similar.
8. Protect counter-notice filers’ personal information. The current law requires counter-notice filers to provide their name, address, and contact information, which then gets forwarded to the original complainant. For individuals and small businesses being targeted by bad actors, this is a serious problem. You’re essentially required to hand your personal information to the person who’s already attacking you. Congress could allow counter-notices to be filed through a registered agent or under seal, with personal details only disclosed if actual litigation is initiated.
9. Require verified identity for takedowns. Require notice filers to have verified identity with the platform (so Google knows exactly who you are and can hold you accountable), while allowing that identity to remain confidential from the target unless a counter-notice is filed. At that point, both parties should have to identify themselves to each other, because you’re now in a quasi-legal dispute that may be headed to court. And critically, the same standard should apply in both directions. If the counter-notice filer has to reveal their name and address, so does the original complainant.
On its face, the DMCA was IP law written in 1998 by Howard Coble, a Republican legislator who was nobly trying to protect American creativity. In reality, the law was written by a congressman backed by entertainment industry interests. It was developed to protect big businesses that already have behemoth legal teams to defend their own IP.
Today, there is bipartisan support for DMCA reform, but not all of it is positive for creators. Senator Thom Tillis (R-NC) has championed a Notice and Staydown approach that critics warn would lead to more over-removal of legitimate content. Senator Ted Cruz (R-TX) and Senator Amy Klobuchar (D-MN) co-authored the TAKE IT DOWN Act, signed into law by President Trump in May 2025, which uses a similar notice-and-removal mechanism to compel platforms to remove deepfakes and non-consensual intimate imagery within 48 hours. Representative Sam Liccardo (D-CA), whose district includes Google’s headquarters, has championed AI transparency standards — an approach that could have implications for DMCA abuse as AI enables bad actors to scale fraudulent filings. Finally, Senator Marsha Blackburn (R-TN) has been one of the most active voices on creator-side copyright reform, but even her efforts stop short of addressing the core problem: Google can ignore infringement, and its negligent DMCA process hands a loaded weapon to fraudsters intent on destroying small creators.
Almost 30 years later, a law that removes the burden of proof from the accuser, imposes no cost on bad actors, and processes accusations faster than any human can respond isn’t a copyright protection system.
Even though Congress has the tools to fix it, they lack the incentive. So the law stays frozen in its 1998 form while the scale of abuse has grown exponentially with the internet. And creators are the ones paying for it. Literally.
