It's interesting to note that one of the two notices in this repository is from Sony, and appears to be demanding the removal of PS3 jailbreaking tools.
The DMCA's prohibition on DRM circumvention is in a different section (17 USC 1201) from the section on copyright infringement (17 USC 512), in which the safe harbor/takedown notice stuff is defined. It's not clear to me that DRM circumvention thus qualifies as copyright infringement, or that any of the safe harbor stuff would apply to hosts of circumvention tools.
Certainly, Sony's notice doesn't identify any of their works that are being infringed, so the notice seems to be invalid according to the usual rules, specifically 17 USC 512(c)(3)(A)(ii).
Can anybody more familiar with the law explain what's going on with this? Why is the procedure from 17 USC 512 being applied to a (alleged) violation of 17 USC 1201? Or is this just another flaw in Sony's handling of this mess?
I would guess that github doesn't consider themselves legal experts and does not want to get involved... if they comply with the takedown they get immunity from liability here. The DMCA allows the allegedly infringing party to file counter-notice if they feel they are not infringing and the takedown notice was in error, I would bet github is leaving it to those users to defend themselves.
I am not a lawyer, but I would encourage the people targeted by these notices to find a lawyer and fight back.
Hell, that might just be what github is trying to encourage by open sourcing these notices, to get the community involved and defending against baseless DMCA takedowns.
The thing is, it's not at all clear that GitHub is protected by the DMCA safe harbor provisions here. This isn't a case of an infringing work - it's a DRM circumvention tool, and Sony hasn't asserted any copyright that has been infringed.
Procedurally, it looks like a standard infringement takedown case, but as far as I can tell, it isn't covered by that law. Sony's notice probably has no more legal force than any ordinary C&D letter, and GitHub's cooperation probably doesn't get them any guarantee of immunity. Sony's C&D is simply formatted to look like a real DMCA takedown, probably to scare GitHub in to automatically complying without even asking their lawyers.
For all we know, by complying GitHub may have reduced their ability to defend themselves on the basis of the reverse-engineering exception to the circumvention prevention, without gaining any significant legal security.
What I love about this strategy is that is introduces a PR cost to the sender for sending DMCA notices.
It also increases the likelihood that the DMCA is legitimate, at least from the senders perspective because they'd rather not be seen lying in public.
Making this republishing policy standard among online companies with a standard URI like /dmca-notices/ would allow aggregation and probably reduce DMCA total cost to publishers.
My first thought was "A Git repository instead of a blog? That seems like an odd choice."
However, upon a moment's reflection: this is awesome. What if someone issued a take down notice on the takedown repository or something like that? People can fork it locally and be confident that they have the right data thanks to Git's natural hashing behavior!
Totally agree on the redirect. As far as our response, there would essentially be nothing to publish. We inform the repo owner and the rest is up to them.
I kind of agree, but this reminds me of "if you give a mouse a cookie…" Who else does this? I'd like everyone to, but it's great that GitHub does. They do great work.
That's a good question, but yes, having the names and contact publicly available increases transparency. The DCMA notices are requesting the removal of something available to the public, so the public should know who, specifically, is making the request.
The short answer is, if one does not want to be known for sending DMCA take down notices, then the only option is to not send them. If one is intentionally or unintentionally depriving the public of access to a legitimate work, then the public should know.
Providing the names and contact details does open the door for possible abuse, but this is highly unlikely. On the other hand, providing names and contact details also enables the public to potentially help the copyright holders by reporting related abuses, but again, this is also highly unlikely.
In other words, it doesn't hurt and it does help. Transparency is a good thing.
Do we get the names and addresses of the people who did not contest they were copyright infringers? Fair is fair.
An increase in transparency would allow members of the public, such as employers, to make better decisions on whom to trust with their intellectual property. Enterprising hackers could facilitate this exchange of valuable information by doing a mashup between this data source and LinkedIn.
First off, that is not what I would deem fair, so bias out of the way if a copyright infringer is legitimately ignorant then they deserve a second chance without repurcussions. Not so with false DMCA claims. It was never fun.
Patrick, I'm sure we'll agree that copyright infringement is a very
wide-spread problem resulting in people not getting paid for their work.
For notes, I strongly support the idea of people getting paid for their
work but I also strongly resist abuses of the legal system.
The only recourse for fighting copyright infringement is essentially
playing whack-a-mole. In desperation, both lawyers and normal
individuals typically resort to sending out DMCA take down notices in
bulk, and all too often, mistakes are made.
As far as I know, no one has been convicted for violating the perjury
clause of the DMCA for wrongfully sending take down notices. If someone
has access to a good legal research database, they might be able to
prove me wrong (and yes, I'd really like to know). This means there is
no real 'disincentive' for getting it wrong, and hence, it's what I
would personally consider a flaw in how the law is written.
The other thing is absolutely anyone can send a real, or intentionally
fake, DMCA take down notice and there is no way to either authenticate
the sender or contact the relevant court since sending the notice does
not require court notification (filing) or approval. Since there is no
required registration of copyrights, there is no way to ascertain the
legal owner of any work.
Take a close look at one of the two DMCA notices at github:
Q: Can you prove Bluehole Studio owns the copyright for tera?
A: nope.
Q: Can you prove this was sent by Bluehole Studio?
A: nope.
Q: Can you prove this was even sent?
A: nope.
The first thing to notice is the use of the title phrase "legal manager"
which intentionally obfuscates whether or not you're dealing with a
real lawyer (i.e. a real lawyer is an "officer of the court" and has
obligations to the court). Had the name been given, one could find out
whether or not this was sent by a lawyer.
The next thing to notice is:
"The aforementioned website is providing a private, illegal server, not authorized by Bluehole Studio Inc."
I obviously do not need the consent of Bluehole Studio Inc to run my
home mail server, so what the heck are they talking about? --They are
either intentionally being vague or they are totally incompetent,
potentially both for the ease of sending bulk DMCA notices.
Are they accusing github of running a "game server" on their machines?
Are they accusing github of hosting source code that allows others to
run their own game servers?
For the sake of argument, let's assume it is the latter; they want the
removal of source code that allows people to run their own game servers.
Sadly, if the source code was developed from scratch, there is no
copyright infringement, and it does not matter if the open source server
allows client programs copyrighted by Bluehole to connect and play. If
open source server is NOT a derivative work, then it is perfectly
legal to distribute, and even if it is competition to a pay-to-play
online gaming service.
If I created my own open source "Buzzword Bingo Card Creator" program
from scratch, and I got a DMCA take down notice from you or your lawyer,
I would be livid. I would fight you. I would win. And I would make you
pay for your mistake dearly. Unfortunately, I'm probably the exception
and it's mostly due to having a ton of lawyers in my family. It would
cost me nothing to make your life legally miserable, and since you
decided to throw the first legal punch at someone innocent, I'd
undoubtedly make you regret it. Unlike me, many open source developers
would just walk away due to not having the money, location and resources
to mount a legal defense, particularly if it was for a fun project they
did in their free time.
Black-listing open source developers for not having and spending the
money to defend their names when wrongfully accused of infringement
would be unfair. In other words, refusing to contest an all too easily
sent (or faked) DMCA take down notice is not the point when an accused
infringer should be named. The accusation is unproven. If the copyright
holder presses a civil suit against the accused infringer, then at that
point, the accused will be named in the court records. In essence, what
you want "named infringers" is already happening, and they are even
named when only accused rather than when the case is resolved.
The system of protecting the efforts of people making creative works is
broken and the world is imperfect. This is not news to anyone. The thing
is, the abuse of infringement does not justify the abuse of the legal
system.
BTW: If you created an online "Buzzword Bingo Card" game based on HN
articles actually read by HN users, that would be a whole lot of fun and
definitely worth buying a subscription. Since there's no way to prove an
article was read (other than just loading it), I'm not sure it's a
workable idea. None the less, its a fun thought.
The only redacted part is the name/email/phone number of the lawyer sending the notice, which is totally reasonable given penchant for on-line lynching.
There is enough there to satisfy your transparency requirement i.e. the name of company owning the copyright in question, the name of the law firm representing them and enough details for you to contact them if you so desire.
If we look at the bnetd case as precedent, it probably is illegal under the DMCA. The justification is that it's a tool for circumventing copy protection.
At first I thought they were doing this for humor (like the piratebay's publishing of "cease and desist" letters), but when I clicked the links to the repos and realized they did get removed, I kinda felt sad.
However, neither of the notices in the repo at the moment seem to be valid. Both are takedowns of circumvention tools which, as wtallis points out above, are covered in a different section of the DMCA to copyright takedowns.
With regards the contact details being redacted ...
In an ideal world this wouldn't be necessary. The dispute would be settled by rational discussion and agreement reached amicably. But the world isn't like that.
Rightly or wrongly someone will take exception and possibly pursue what they see as "justice". Publishing the contacts details might prove just a little too tempting for some.
I do think that actions such as DMCA take-down notices should be a matter of public record, and should be available in a standard place. I would even like to see a "central" repository for easy reference.
That's how the DMCA process works. The last thing we want our users to think is we're deleting repos for no reason, that's why we're publishing the takedowns from here on out.
We receive the notice, lock the repo, and inform its owner why it's been locked. At that point, they can either remove the infringing code or make a counter claim and we'll unlock it provided the original party doesn't file a court order.
Isn't there an allowable delay in DMCA Takedowns? Some reasonable amount of time for the target to file a counterclaim before the content is locked? The way you've described it here sounds like you lock the content before notifying the user (or simultaneously).
The user can file a counterclaim immediately and indemnify github.
After that it would take a court order to get it taken down again, but that would mean the repository owner will be liable for the damages, not github.
This is the one part of the DMCA that actually seems to work reasonably well. If you're confident that your stuff does not infringe then it's back up within a very short time and you know you're on the hook for any further fall out.
48 hours is the time require for action I believe, however the claimee can respond in however long they like, but the content must be unavailable until they file a counter claim.
72 hours to take down the infringing content upon receiving a valid DMCA notice. The content owner gets notified and they can then file a valid counter-notice. Then the counter-notice gets filed with the copyright claimer and a 10-day waiting period starts. If the claimer does not file a counter-counter-notice within the 10-day waiting period the content gets reposted. If they do file a counter-counter-notice, the ball gets passed back to the content owner to file a counter-counter-counter-notice and the 10-day period and claim process starts over.
As someone who runs a site that hosts content, this is great for us. We aren't allowed any sort of leeway in interpreting the claims and in return we are exposed to no liability. We are simply the middle man and have to do what's asked of us.
So the hoster doesn't actually need to take the content down right away, but within 72 hours? That is, if the customer files the DMCA challenge within 72h, then the content will have always remained up? My questions here are with regard to continuity of availability.
It seems to me more about letting people know why they have taken down the content rather than challenging the law like the take down lists on things like the pirate bay.
What if the infringing content was committed after the fork was created? It'd be pretty bad locking repos that did not merge in the offending line(s) of code.
That's a sensible implementation if you want to be sure you're covered (or aren't ballsy enough, I'd probably take out the forks), but I wonder how long they could go by not taking action on the forks unless the specific forks are identified.
Just consider Youtube a moment. Couldn't they minimally run a hash on any uploaded/embedded sound and see if it matches the hash of some taken-down material before? It'd probably catch at least a significant number of users even if it's trivial to bypass and susceptible to compression losses and quiet-extensions and so forth. (An AI could always "listen" to it though and probably perform pretty well.) Anyway, Youtube doesn't make an automated effort to take down infringing material (that I know of) so I don't see why Github has to.
Assuming a modicum of technical sophistication on behalf of the legal people (which may be an invalid assumption), I think the fact that git/github is centered on the forking/sharing of code with an explicit graph to walk would just incur too much liability for them because it is obvious (in a technical sense) where the code has gone.
You don't have to do any forensics in the sense of your youtube example, you just have to follow the graph.
Whether that it is a legally compelling point, I have no idea.
While Google publishes the DMCA takedown requests in relation to their search engine results, it does not publish the requests for removal of content contained within their own infrastructure.
Perhaps Github should do a little further research before feeling "inspired".
what do you mean by "content contained within their own infrastructure"? I thought they forwarded the notices they get to chilling effects (and youtube ones are just posted in place of the video itself).
edit: this page http://www.google.com/dmca.html has about a 50/50 split across products between "may" and "will" be forwarded to Chilling Effects.
A quick search of term "xenu dmca" should show you come of the shit that google has to deal with in respect to the DMCA.
Any complaints about content on blogger, youtube or the adsense/adwords network get taken seriously and aren't forwarded on for the worlds entertainment.
The DMCA's prohibition on DRM circumvention is in a different section (17 USC 1201) from the section on copyright infringement (17 USC 512), in which the safe harbor/takedown notice stuff is defined. It's not clear to me that DRM circumvention thus qualifies as copyright infringement, or that any of the safe harbor stuff would apply to hosts of circumvention tools.
Certainly, Sony's notice doesn't identify any of their works that are being infringed, so the notice seems to be invalid according to the usual rules, specifically 17 USC 512(c)(3)(A)(ii).
Can anybody more familiar with the law explain what's going on with this? Why is the procedure from 17 USC 512 being applied to a (alleged) violation of 17 USC 1201? Or is this just another flaw in Sony's handling of this mess?