

A Better DMCA Process - geetarista
https://github.com/blog/1908-a-better-dmca-process

======
whafro
This is interesting because the DMCA process is, as I understood it (as a
paralegal working on DMCA issues in a past life), a fairly rigid prescription
that provides a safe harbor for providers like GitHub, ISPs, YouTube, etc.

The simplified version of the process:

1\. The party claiming to own the rights to copied content submits a well-
formed DMCA takedown notice to the listed DMCA agent contact information of
the provider.

2\. The provider blocks access to the content as soon as possible, and informs
their customer/user about the takedown notice.

3\. The user may then submit a counter-notice to the provider claiming that
they do indeed have the rights.

4\. The provider then re-enables access to the content and notifies the
claiming party of the counter-notice.

5\. If the claiming party disagrees, they file suit in court, notify the
provider, and the provider generally again disables access.

As long as the provider takes these steps without delay, it is safe from any
claims that it is itself in violation of the DMCA.

So here, GitHub is actually stating that they're delaying proceeding from step
1 to step 2. It's certainly customer-friendly, but I wonder if it causes any
issues with the safe harbor.

~~~
dangrossman
Here's the actual relevant text from the bill [1]:

> upon notification of claimed infringement as described in subsection (c)(3),
> responds expeditiously to remove, or disable access to, the material that is
> claimed to be infringing or to be the subject of infringing activity

Immediately contacting the repository owner, and asking them to remove the
content themselves within a short window of time, sounds like an expeditious
response to my non-lawyer ears.

One nitpick as well:

> it is safe from any claims that it is itself in violation of the DMCA

§ 512 of the DMCA provides for immunity from liability for breaking another
law, the copyright act. It's not "violating the DMCA", and service providers
do not have to take advantage of § 512 safe harbor provisions if they don't
want the benefits of doing so. Without this safe harbor, the service provider
could be guilty of infringing the copyright of whomevers' property they're
distributing copies of on behalf of their user. If they _voluntarily_ opt to
meet the § 512 requirements by expeditiously taking down content, then they
can't be held liable for that illegal act, even though it did happen.

1:
[http://www.law.cornell.edu/uscode/text/17/512](http://www.law.cornell.edu/uscode/text/17/512)

~~~
DannyBee
"Immediately contacting the repository owner, and asking them to remove the
content themselves within a short window of time, sounds like an expeditious
response to my non-lawyer ears.

Except, uh, you cut out the object of this sentence, which is the service
provider, not the user.

That is, github, not the user, is supposed to be the person responding
expeditiously _to remove_. Contacting someone is neither "removing" nor
"disabling access".

The law is simply not ambiguous here, and github trying to play this game is
not likely to go well in an actual court, as much as i'd like it to be the
case (i know other companies have been threatened on _exactly_ this point
before).

~~~
dangrossman
If the user doesn't do it themselves within that short window, then GitHub has
to. Every web hosting company I've worked with in the last 10 years has
forwarded DMCA notices on to customers. They only disable a server if you
don't handle the removal yourself. I don't think GitHub is trying anything new
here.

~~~
DannyBee
"If the user doesn't do it themselves within that short window, then GitHub
has to."

It sounded like you were claiming otherwise, saying that asking the user is
acting expeditiously "enough", and that they can then "not remove" or slow
down removal.

If you aren't claiming that, then we have no argument :)

------
kodablah
"Accordingly, from now on we will require copyright owners to investigate and
report each fork explicitly in a DMCA takedown notice."

I don't see how there are no legal fears or at least administrative ones here.
If one submits a legitimate DMCA takedown and your site allows copies, it
might be unreasonable (to a judge) that they must name all copies considering
forks can happen between when the DMCA was submitted and the takedown occurs.
Of course I don't know of a better way without GitHub annoying forked
repository owners and favoring DMCA submitters.

~~~
dangrossman
Thanks to 17 USC § 512 (c), service providers are not liable for hosting
copies of copyright infringing material so long as they don't have _actual
knowledge_ of that infringement. Since a fork can differ from its parent,
notice that the parent may be infringing is not actual knowledge that the
forks are as well. That means Github has, in theory, no legal liability for
those copies. It can just point to federal law.

[http://www.law.cornell.edu/uscode/text/17/512](http://www.law.cornell.edu/uscode/text/17/512)

~~~
DannyBee
"is not actual knowledge that the forks are as well"

You assert this as if this is how a judge would see it (or as if it is well
tested). That seems highly unlikely to me.

It seems to be very easy to make the legal argument that because github knows
which forks are copies and which aren't, they have actual knowledge of the
ones that are still copies.

~~~
wtallis
In order for GitHub to be presumed to know that the forks are also infringing,
the takedown notice would have to specify what in the repo is infringing so
that GitHub could compare the contents of the forks against the instance that
the takedown notice is filed against. If the notice doesn't specify any
particular files in the repo, then GitHub can't be expected to remove any fork
that has any deletions in its history since the branch. The ease with which
the accuser can check the forks for infringement also shifts the burden away
from GitHub.

------
zackmorris
I can't help but think of the Snapchat breach. Surely the world understands
that once something is on the internet, it's there forever, right? Complying
with the DMCA is security theater at best, and at worst, stifling to
innovation.

I mean, we have many laws centered around the difference between intentionally
and unintentionally inflicting harm on others. So for example if you break
someone’s rib performing CPR, you’re protected as a good samaritan. Or if you
veer off the road and run someone over because you were texting, you can still
be tried for manslaughter because you shouldn’t have been typing on your cell
phone in the first place. I think we can all agree that it’s good we have
these types of laws and don’t just focus on premeditated crime.

But the DMCA tries to be a moral compass when it’s not mathematically possible
to do so. It’s a bit like setting up a booth on the Grand Canyon that charges
money to take pictures. Sure, they can bust bootleggers that set up black
market booths without a license. They can even bust scalpers selling photos.
But in the end, the Grand Canyon is still there.

Whether someone gets irate about piracy/copying trade secrets or not, in the
end, perhaps as a society we should ask if it makes any sense to spend tax
dollars trying to stop something that can’t be stopped once the cat’s out of
the bag.

Actually, I think GitHub is in a unique position to not comply with the DMCA.
It has nothing to do with the size of GitHub, because no matter how large a
private entity is, it is always subject to the laws of its government. It has
more to do with the fact that every developer in the world has either heard of
GitHub or uses it every day.

In other words, we are the people that form what can be thought of as the
technology arm of society, so by extension the technology arm of government.
That gives us a seat at the table in matters of technology, the same way that
teachers unions are able to influence education or the American Medical
Association can influence public health. If we decide that the DMCA is not a
good use of taxpayer money and should no longer be enforced (in fact can’t be
enforced), then it’s not up to a court to decide that, since they will side
with the law every time (as they should). The law itself is what must be
adjusted or repealed, by the people who have the means to do so by virtue of
the role they play in society. We have the leverage to repeal it because
without our support, there is no expertise to enforce it in the first place.

If GitHub complies with the DMCA and we use GitHub, then we are quietly
endorsing the DMCA.

~~~
dangrossman
> If GitHub complies with the DMCA and we use GitHub, then we are quietly
> endorsing the DMCA.

I happily endorse § 512 of the DMCA. Not only is the safe harbor provision a
well-balanced law for all parties involved, but it's the only thing that makes
startups that host UCG legally viable. Without the DMCA, Github could not
exist. They'd be personally liable for every copy of every file they
distribute without a copyright holder's permission.

This particular piece of the DMCA doesn't have to eliminate all piracy online
to be effective. Take the case of a feature film release -- a $XXXMM
investment by the copyright holders into their product -- that could be
seriously harmed to the tune of tens of millions of dollars by someone leaking
a copy online a few days before ticket sales begin. The DMCA notices can
disable the most visible (and most damaging) copies, expeditiously enough to
save the film's box office sales. Mitigating much of the harm is better than
nothing.

> perhaps as a society we should ask if it makes any sense to spend tax
> dollars

This part I don't get. The alternative to the above is an emergency court
hearing for every instance of infringement, hoping to attain an emergency
injunction, then get it to an ISP before too much damage is done. The safe
harbor provision doesn't (directly) cost tax payers anything. It saves us
billions. Every day, hundreds or thousands of instances of copyright
infringement are handled by an e-mail instead of a taxpayer-funded court
hearing.

It sounds to me like you're making an argument against copyright, not the
DMCA. DMCA § 512 (the notice/counternotice safe harbor system) is about
mitigating the legal liability created by the copyright act on service
providers. In its entirety, the DMCA was the US's implementation of the WIPO
Copyright and Performances and Phonograms Treaties. It is not what created
copyright protection itself.

~~~
zackmorris
I was surprised to get down voted for my comment, but, that's a perfect
example of the chilling effect that the DMCA has had upon discussing freedom
in the information age.

What the DMCA (and similar IP law) gets wrong is persecuting sharers with
"intent to distribute". Copyright law was originally intended to protect
creators from other people profiting off of their work by copying it. I'm all
for the government cracking down on bootleggers.

But I’m very much against the notion that we should go after people who use or
view content that is already publicly available. To use your example, the MPAA
could and should go after someone who leaks a movie online. But, they should
have to prove that the person profited in some way from his or her actions
(and correspondingly, the penalty for doing so should be somehow proportionate
to that profit). Individual users who share the movie on BitTorrent are not
breaking copyright law, because they are not selling copies. It’s really that
simple. I personally don’t think that it’s the government’s responsibility to
devote resources to tracking down sharers, and certainly not to prosecute
them. If we want to consider laws regarding “stealing” intellectual property,
we can certainly do that as a society, but that has nothing to do with
copyright (trademarks or patents either).

And to be clear, the only thing that new IP laws could address is the
potential lost income of content producers. But, there is no way to prove that
a sharer would have paid to view that work in the first place. I personally
think that this flies in the face of free market economics. The government’s
role is to create and manage a fair playing field for all players. So if it is
going to start prosecuting thought crime, then it needs to remember its duty
and crack down on monopolies and the bribery (ahem, lobbying) that props up
media corporations with lifetime-length copyrights and the loss of the public
domain through the use of paywalls (among other things). So the DMCA put the
cart before the horse by not reinstating the Sherman Antitrust Act, not
setting realistic limits on copyright and other IP laws, etc. The DMCA has
done nothing to increase the income of new artists, and everything to further
enrich established media corporations like Disney (I would argue by design).

We need to also consider that courtrooms and juries are the most important
link in the legal chain. By not hearing every case in a court of law, we are
passing the burden to individuals to prove their innocence against large
institutions (by settling out of court, since they simply can’t afford to
lose). I think this flies in the face of the notion of innocent until proven
guilty. Whenever I see another child or elderly person being prosecuted for
file sharing, it strikes me as being closer to extortion than justice.

So to summarize, I don’t recognize “§ 512 of the DMCA” as necessary or even
valid, because ISPs and hosting providers that don’t sell the copies they
store are not breaking copyright law in the first place. A website that
charges money to view HBO Go’s stream is breaking the law. A website that
provides a storage space for a file is not. So the DMCA was not necessary in
the first place, and we should be enforcing the laws that are already on the
books before creating new ones.

My hope for the future is that we reduce copyright and patent periods to
something reasonable like 5 or 10 years, only cover works by copyright (so
physical records, books, paintings, movie reels, etc, not bits), invalidate
all process patents (so no software, business or medical patents), make it
illegal to create laws regarding DRM schemes (in other words, leave it up to
the private sector to fight the arms race against cracking), and force worries
about whether a work is fair use to be heard in court (judged by people, not
metrics). Then I hope that we bring back the Fairness Doctrine to promote
broadcasts that are in the public good (real news, not infotainment), more
funding for public television and teaching art in school, and bar prosecution
for using works for educational and nonprofit purposes.

I think this is a case of, what you are saying about protections for
businesses (both producers and carriers) has some validity, but for me,
democracy, personal freedom and liberty come first. I don’t want to live in a
country where we can be shaken down by corporations because they are worried
about their bottom lines.

------
brentjanderson
Interesting that this follows on the heels of the Popcorn Time DMCA takedown:
[https://github.com/github/dmca/blob/master/2014-07-11-MPAA.m...](https://github.com/github/dmca/blob/master/2014-07-11-MPAA.md)

EDIT: Also here:
[https://news.ycombinator.com/item?id=8450145](https://news.ycombinator.com/item?id=8450145)

~~~
ad_hominem
If it was actually prompted by something, it would probably be the recent
Inspeqtor[1] takedown[2][3][4] by Monit.

[1]:
[https://github.com/mperham/inspeqtor](https://github.com/mperham/inspeqtor)

[2]:
[https://twitter.com/mperham/status/518796150733033472](https://twitter.com/mperham/status/518796150733033472)

[3]:
[https://twitter.com/mperham/status/519164948887257090](https://twitter.com/mperham/status/519164948887257090)

[4]:
[https://twitter.com/mperham/status/519326759930454016](https://twitter.com/mperham/status/519326759930454016)

