
Qualcomm issues DMCA takedowns for 116 GitHub repositories, including their own - kristofferR
http://ausdroid.net/2014/07/03/qualcomm-takedown-githubs/
======
nilved
Can people realize by now how ludicrous it is that a bot or idiot is able to
take down 116 repositories without any oversight or validation, and your only
recourse is to (a) deal with it (b) take time from your day to jump through
flaming hoops for bureaucrats? GitHub's brand of DMCA compliance is much like
YouTube's: lazy to the point of unequivocally benefiting copyright owners, not
content producers. Hosting your code on GitHub is senseless because anybody
can take your code down at a moment's notice.

~~~
jrochkind1
> GitHub's brand of DMCA compliance is much like YouTube's: lazy to the point
> of unequivocally benefiting copyright owners, not content producers.

I believe the text of the DMCA is written to cause this. If you are an ISP,
and you don't want to be liable for infringments, you have to take things down
after receiving a DMCA takedown notice. The end.

You can put it back up after the user has followed the right procedure to
challenge and assume liability themselves. I admit I'm not sure exactly what
procedure the DMCA outlines for this.

I think what ISP's _could_ do is facilitate user's filing challenges more
easily. But they've got to take it down after receiving a takedown request,
that's pretty much what the law says (or else the ISP can be sued for the
copyright infringement too).

Theoretically you can sue someone for issuing a takedown request in bad faith.
Perhaps ISP's could help their users do this too, but it could get sticky for
them.

~~~
mrgriscom
And now we live in this wonderful world where companies don't actually file
DMCA takedowns at all, but rather have gentleman's agreements to take down
content in a manner indistinguishable from the DMCA except the part that
actually gives the uploader any legal recourse to challenge it. :-/

~~~
deciplex
The hope is that this sort of shit hastens the hardening of the Internet to
the point where anyone can host whatever the hell they want, anonymously, with
no possible recourse for any old asshole to do anything about it, DMCA and
laws be damned, and supported by default by all major browsers and operating
systems.

------
dchest
From one of the repos:

    
    
      /*
       * This file was originally distributed by Qualcomm Atheros, Inc.
       * under proprietary terms before Copyright ownership was assigned
       * to the Linux Foundation.
       */
    

[http://webcache.googleusercontent.com/search?q=cache%3Ahttps...](http://webcache.googleusercontent.com/search?q=cache%3Ahttps%3A%2F%2Fgithub.com%2Fsonyxperiadev%2Fprima%2Fblob%2Fmaster%2FCORE%2FWDI%2FCP%2Fsrc%2Fwlan_qct_wdi_sta.c&oq=cache%3Ahttps%3A%2F%2Fgithub.com%2Fsonyxperiadev%2Fprima%2Fblob%2Fmaster%2FCORE%2FWDI%2FCP%2Fsrc%2Fwlan_qct_wdi_sta.c&aqs=chrome..69i57j69i58.884j0j4&sourceid=chrome&es_sm=93&ie=UTF-8)

Most of other repos seem to use some sample code from SDKs.

~~~
lucaspiller
To be fair, most of the files do have a proper Qualcomm copyright line in
them. It looks like they've just searched for "copyright qualcomm"

[http://webcache.googleusercontent.com/search?q=cache:https:/...](http://webcache.googleusercontent.com/search?q=cache:https://github.com/AdvInteractions/Sol_3D/blob/master/Assets/Editor/QCAR/Scripts/WebCamEditor.cs)

------
brokentone
I still don't understand how a bot can sign a takedown request that is
executed under the penalty of perjury and why no one has gone after misfilings
legally.

~~~
swasheck
whom, or what, will be summoned if it's a bot?

~~~
Natsu
Proper DMCA notices are supposed to have a signature. Under "Elements of
Notification" you can find 17 U.S.C. § 512(c)(3)(A)(i) -

"A physical or electronic signature of a person authorized to act on behalf of
the owner of an exclusive right that is allegedly infringed."

Ref:
[http://www.copyright.gov/title17/92chap5.html](http://www.copyright.gov/title17/92chap5.html)

------
mjg59
It's legally unclear whether automated takedown notices (especially when they
end up taking down legitimate material) are legitimate or not. The only case I
know of was a countersuit in the Warner Brothers/Hotfile case, but
unfortunately Hotfile lost the original suit (WB had sued them for copyright
infringement), closed and settled both cases.

The EFF filed an amicus brief
([https://www.eff.org/files/filenode/Hotfile.EFF_.Amicus.Brief...](https://www.eff.org/files/filenode/Hotfile.EFF_.Amicus.Brief_.pdf)
) arguing that this kind of takedown was illegal. Warner Brothers,
unsurprisingly, disagreed
([http://www.scribd.com/doc/184407656/warnperj542724ff-69be-42...](http://www.scribd.com/doc/184407656/warnperj542724ff-69be-4202-a6f7-de772fa4e074)
), with the primary argument being that the perjury language only refers to
the claim that the agent is authorised on behalf of the copyright holder to
act on their behalf, and not on the claim that copyright is being infringed.

------
jameskilton
This hit some big ones too. Like Sony's Xperia dev kit:

[https://github.com/sonyxperiadev/prima](https://github.com/sonyxperiadev/prima)

Lets hope this pisses off enough people to actually go after Qualcomm for such
an egregious mis-use of the DMCA.

------
kristofferR
Here's the DMCA takedown notice:

[https://github.com/github/dmca/blob/master/2014-07-02-Qualco...](https://github.com/github/dmca/blob/master/2014-07-02-Qualcomm.md)

As you can see there's a lot of stuff that is unlikely to be copyrighted by
Qualcomm in there, like .conf config files.

------
joshuak
People seem to be misunderstanding the point, and requirements of the DMCA
Safe Harbor provisions. The take down procedure is to allow companies such as
Github to avoid being involved in a dispute in _any_ way. Meaning if a lawsuit
should occur they don't win because they complied with DMCA they get to avoid
the suit altogether.

Given one lawsuit can cost hundreds of thousands of dollars in litigation even
for the winning side, it would be impossible for any ISP to operate in a
climate where they could be dragged into every argument over content rights.
Github is not the authority. They don't know if the code is inferring or not,
so the DMCA says they can defer the authority (and liability) to those who
should know, the ones who put the code up in the first place.

It is unreasonable to expect Github to vet every open source project, and it
is also unreasonable for Github to bare any legal responsibility just because
one of their users, or a litigious copyright holder did something wrong. The
DMCA Safe Harder is designed specifically to account for this.

Although technically possible it is not legally possible to issue a DMCA take
down by bot, since a bot can not provide: a statement by the copyright owner,
a statement of the accuracy of the notice, or a statement under penalty of
perjury that the complaining party is authorized to act on behalf of the
owner.

[My opinion is, if a real person uses a bot and then makes these statements
under penalty of perjury, then every time that bot makes a mistake we (the
tech community) should be filing Amicus curiae[1] with the court that they
have perjured themselves. If you are a technically competent person you cannot
honestly make a statement that your bot has not made any mistakes without
human review.]

The weakness of the DMCA Safe Harbor arises not in the above issues but rather
in the fact that the DMCA requires that materials be taken down immediately
before response by the allegedly infringing party[2]. To balance that (to some
degree) if the allegedly infringing party follows the procedure to have the
materials restored, then the ISP must restore the materials in 14 days unless
the complaining party has shown evidence they have filed a case.

In other words if a complaining party fails to immediately follow with a
lawsuit the materials _MUST_ be restored.

[1]
[http://en.wikipedia.org/wiki/Amicus_curiae](http://en.wikipedia.org/wiki/Amicus_curiae)

[2]
[http://www.chillingeffects.org/dmca512/](http://www.chillingeffects.org/dmca512/)

~~~
dragonwriter
> To balance that (to some degree) if the allegedly infringing party follows
> the procedure to have the materials restored, then the ISP must restore the
> materials in 14 days unless the complaining party has shown evidence they
> have filed a case.

This is not, in fact, true. The provider is not required to restore the
materials. The provider is, however, no longer protected from any liability to
the user whose material was taken down that would have existed without the
DMCA if they don't restore the material in response to a proper counternotice,
but most proviers have already structured their contractual relationships with
users so that they _have no liability for that in the first place_ , so they
don't _need_ the safe harbor from the user, only the one from the copyright
owner.

Which is the real source of asymmetry -- the safe harbor is superficially
symmetrical, but one side is protecting from liability that doesn't exist in
the first place, so there is no incentive for compliance.

~~~
joshuak
DMCA 512(g)(2)(C)

If the copyright owner does not bring a lawsuit in district court within 14
days, the services provider is then required to restore the materials to it's
location on its network.

Edit: You cannot contractually exempt yourself from portions of the DMCA. It
either applies, and you are protected under the Safe Harbor provisions, or it
doesn't and you are not.

~~~
mjg59
No. The provider is required to restore the materials if they wish to continue
receiving the protections from 512(g)(1). If the user has already agreed that
the provider can remove work at will, there's no reason for the provider to
care about the 512(g)(1) protections.

~~~
joshuak
I understand this argument, but it's a mistake. It's an incredibly dangerous
position for an ISP to take and for what benefit? Why risk stepping outside
the DMCA's protection?

Here's why it's dangerous for the ISP:

If I'm a copyright holder and find infringing materials on your service I will
issue a take down notice.

You take the materials down. All good you think.

Nope. I then sue you (you've got more money then the infringer anyway).

You say "but, but, your honor we complied with the DMCA"

But I say "oh no you didn't you don't allow for your users to file counter-
notices. Time for the court to decide."

And now we're in trial, because you don't have DMCA protection.

Is it an absolute fact this will happen? No, but the problem is it _could_
happen, and that is exactly the liability the ISP is trying to avoid. And why,
just so they can be an asshole to their users? There is absolutely no upside
to exempting yourself from the counter-claim procedure.

~~~
dragonwriter
> I understand this argument, but it's a mistake. It's an incredibly dangerous
> position for and ISP to take and for what benefit?

Its really not.

Unlike with copyright owners, the ISP usually has the advantage in terms of
resources and ability to maintain a legal challenge when compared to users.

Unlike with copyright owners, the ISP usually has a contract with users which
already allows them to take down any material, for any reason, in their sole
discretion, making the DMCA safe harbor superfluous.

Unlike with copyright owners, _even if_ there were liability to users, that
liability would (under well-established contract principles) be almost
certainly limited to no more than the amount the user had paid for the service
for the time in which the material was improperly kept down.

> But I say "oh no you didn't you don't allow for your users to file counter-
> notices. Time for the court to decide."

How does that have any bearing. Each half of the DMCA safe harbor expressly
applies based on whether or not you did the act you are required with regard
to the party with liability in that case. So, the fact that you didn't do
something with regard to some other party on the opposite side of a DMCA
notice/counternotice exchange in a different case is irrelevant.

> Is it an absolute fact this will happen? No, but the problem is it could
> happen

Anyone could theoretically raise any argument no matter how little basis it
has in the law, but that doesn't make it a real substantial risk.

~~~
joshuak
Well you and I disagree on the risks involved. And to what degree any
organization can contractually exempt themselves from law. If they could they
could also simply have a service agreement that says if you use the site you
can't sue for copyright infringement and we wouldn't need the DMCA in the
first place.

My point is that the DMCA can be used as a get out of a lawsuit free card only
if you comply with it. In all other cases you are exposed to a 'question' of
compliance which requires the involvement of a finder of fact. That equals
risk to me, and again to what end?

However, if you comply fully with the DMCA you cannot theoretically or
otherwise raise any argument against the ISP under copyright infringement or
unlawful takedowns, period. Move away from complete compliance with the DMCA
and yes you can still 'argue' that you are protected but you must pay to make
that argument in the course of a suit. That to me is a liability, even from a
winning position. Plus you are also exposing yourself to broader actions by
cilvl liberties and other organizations working for the 'users' rights who did
not agree to your questionable contract.

That is a lot of risk to assume, for what purpose exactly? Laziness?

Edit: Personally though I agree the DMCA is a poor tool for the job and needs
to have much stronger teeth in favor of the users (read: citizens).

~~~
dragonwriter
> Well you and I disagree on the risks involved. And to what degree any
> organization can contractually exempt themselves from law.

Its not an issue of "contractually exempting themselves from law". There's no
law providing general liability to a user for an ISP taking down material. The
only liability that would exist for doing so would be for breach of contract.
Which would mean that there would have to be a contractual obligation _not_ to
take down the material for there to be a need for the DMCA safe harbor. Which
ISPs routinely already avoided, before the DMCA even existed, by having
contracts which _expressly_ included provisions indicating that the ISP could
take down material in their sole discretion. As regards to the user facing
side, the DMCA safe harbor is, therefore, usually irrelevant. (There are no
doubt some exceptional cases with atypical contract schemes where the
contractual relationship is different -- but they aren't usual ISP or other
content host to typical public user agreements.)

> My point is that the DMCA can be used as a get out of a lawsuit free card
> only if you comply with it. In all other cases you are exposed to a
> 'question' of compliance which requires the involvement of a finder of fact.

That's almost 100% _backwards_. Asserting an immunity to liability based on
compliance with the DMCA is asserting a defense which requires the involvement
of a finder of fact -- compliance with the DMCA is a question of fact. But
whether question is _relevant_ requires there to a basis for legal basis for a
claim under which you could be held liable _before_ considering the DMCA safe
harbor -- which is often what is missing on the user-facing side.

> However, if you comply fully with the DMCA you cannot theoretically or
> otherwise raise any argument against the ISP under copyright infringement or
> unlawful takedowns, period.

Incorrect. You get to raise the argument _first_. The provider/host can then
use its compliance with the specific DMCA safe harbor provisions relevant to
its liability to you _as a defense_ against that claim, and if it does so, it
is immune from any liability. But they don't have to show that they "comply
fully with the DMCA", they have to show that they complied with the
requirements _related_ ot the claim being advanced. If you are a copyright
owner, they show that they complied timely with the takedown notice to get out
of the copyright claim. If you are a user, they show that they complied with
the counternotice to get out of whatever claim (presumably, contract-based)
that the brought. But you first have to have a claim that doesn't get thrown
out as a matter of law before raising the DMCA safe harbor defense even
matters.

> That is a lot of risk to assume

Really? A _lot_ of risk? Can you name _one case_ where a succesful lawsuit was
brought against any content host, ISP, etc., for failure to restore content
subject to a DMCA counternotice? Or even for policies that involve more
drastic than takedown penalties -- like contract termination -- for suspected
copyright violation without any advance notice or opportunity to respond?

~~~
joshuak
Haha, well damn, isn't this just the problem with law. You try to speak
figuratively to communicate the gist of an idea abstractly (given the forum),
and then someone comes along to explain how your figurative speech isn't
literally correct.

Ah well, like I said we disagree on the risk. In which I mean the cost of
doing business, not the danger of losing a lawsuit. I think you've missed my
point, and are conflating 'legal certainty' and 'winning argument'. Also you
avoided addressed why a service would act against their own users in such a
way, even if the perceived risk is small. (By the way I would argue many if
not most, DMCA related litigation in which ISPs have lost shows that failure
to comply strictly with all aspects of the DMCA was the ISPs downfall, please
forgive me for not including citations ;)

Nevertheless, you have excellent points as to why we need to replace the DMCA,
and why there may be a perception that there is less risk in ignoring a
restoration demand then complying with it.

------
publicfig
This is just as much on Github as it is on Qualcomm. There is no reason Github
should grant preliminary takedown on any repository no matter who the client
is, and a quick run-through on some of these requests show that many of these
were made in error. It should be Github's responsibility to make sure that
erroneous claims are not capable of actually removing or blocking content on
their service.

~~~
TD-Linux
They are absolutely required to by law immediately. They must wait 2 weeks
before putting the files up again to give Qualcomm a chance for further
action.

------
kjjw
Ah Cyveillance is part of QinetiQ. I guess when they're not giving or
receiving bribes or orchestrating government sell-offs that result in their
management personally gaining huge pools of wealth they take time off to spam
DMCA take downs. Makes sense.

------
jrochkind1
Do did qualcomm's own repository get taken down, as a result of their
overbroad automatically generated request?

I really hope so. And I really hope they need to file an official challenge,
and then wait two weeks, to get it back again. Like everyone else.

That's the best part of the story, they let a drone takedowner loose and
actually shot themselves with it.

------
sitkack
Here are some of the files referenced in the takedown

[https://code.google.com/p/mobile-research-lab-
nid/source/bro...](https://code.google.com/p/mobile-research-lab-
nid/source/browse/trunk/+mobile-research-lab-
nid/nikhil_agl/src/com/qualcomm/QCARSamples/FrameMarkers/Texture.java?r=7)

[https://android.googlesource.com/kernel/msm/+/android-msm-
ma...](https://android.googlesource.com/kernel/msm/+/android-msm-mako-3.4-jb-
mr1.1/drivers/staging/prima/CORE/VOSS/src/vos_sched.c) It looks like there was
a Qualcomm Augmented Reality SDK that originated these files.

[https://developer.qualcomm.com/mobile-development/add-
advanc...](https://developer.qualcomm.com/mobile-development/add-advanced-
features/augmented-reality-vuforia)

------
u124556
And then people got the point of gitchain?

~~~
sj4nz
What is this gitchain you write of?

~~~
klapinat0r
[https://github.com/gitchain/gitchain](https://github.com/gitchain/gitchain)

~~~
sj4nz
Thank you! This looks like it could be useful for any system that could be
threatened by censorship.

------
raverbashing
Yes, I wonder how much Qualcomm payed for these bozos to run grep looking for
Qualcomm on several files and take down all that match

A lot of them looks like SDKs and stuff

Good to know not to waste one second with their products

------
tigeba
Quite a few of them appear to be part of the Qualcomm Vuforia AR Toolkit. I
happen to have this lying around from a few years back and the license for the
example code seems to be "All rights reserved, Qualcomm Confidential and
Proprietary". I suspect this was an oversight they may have corrected so I
will be interested to see what happens with the DMCA requests.

~~~
rossjudson
Seems like a lot of people have taken the Vuforia kit and just pushed it into
their public source repositories. I don't think there's a problem with _using_
the kit, but Qualcomm apparently doesn't want people incorporating the kit
into their repos.

You wouldn't normally check a JDK into a repo.

------
sobkas
Googling for "QUALCOMM Proprietary and Confidential." resulted in a small
smirk on my side. So confidential.

------
ASneakyFox
I had no idea dmca could be used for source code. I feel like the merits of
the claim could require argument. It's not like media where you're very
clearly using some ones so g or picture.

~~~
ceejayoz
Copyright's pretty crucial for a lot of software. The GPL, in particular,
depends on copyright law to have any useful effect. Why would you think code
isn't a creative work but a photo is?

~~~
ASneakyFox
I'm not saying its not legitimate copyrightable work. I'm saying the claims
are hard to verify. There's no content id for closed source code. There's not
even manual identification or just skimming to see if the claim might even
have merit. All you have is a complaint.

This is different from when its say a song. Its not hard to look at the song
and say "yep thats metallica".

