
EU wants to require platforms to filter uploaded content, including code - calcifer
https://blog.github.com/2018-03-14-eu-proposal-upload-filters-code/
======
lowry
Automated filters on content sharing platforms kill creativity. Entire sports
disappear from Youtube because they are traditionally accompanied by music.

Think of ice skating. It's been years since I stopped uploading videos of ice
skaters to Youtube, because they are automatically deleted based on music
matching their filtering database. Others in my ice skating circle share
videos on Amazon Prime Photos or similar platforms, never on Youtube.

~~~
nradov
I don't see the problem. I occasionally upload dance performance videos with
copyrighted music on Youtube. Then Youtube sends me a copyright notice and
gives part of their ad revenue to the music owner. That seems fair.

~~~
tcd
It's not part. It's all. It's well known people can claim a video then get ALL
the revenue, or disable it altogether. Also, don't get 3 strikes or you're
fucked.

~~~
lossolo
Then use free music on your video if you want to make money?

If I want to use someones music in my ad or product showcase or movie or
anything that will make money I need to pay those artists for using their
work. You should also IF you want to make money from it.

~~~
emilfihlman
If I can hear or view it I should be able to share it.

~~~
nradov
Why?

------
wukerplank
People need to understand the different parts that make the EU administration.
The EU commission is not "the EU". It's the parliament that decides if
proposals of the commission become law. The parliament has a history of
rejecting stupid proposals (e.g. software patents).

But the Github folks are right! Please, tell your MEPs that/why this is a
stupid idea - it's important!

(I sometimes wonder why the commission proposes stupid things. Uninformed?
Corruption, uhm I mean lobbying?)

~~~
rwmj
The Commission is made up of member states and they often push through
unpopular proposals that they'd never get through their home legislatures, a
process known as "policy laundering". When an unpopular measure comes from the
EU they can say "oh look, bad Brussels / bad EU made us do it", even when it
was their own suggestion in the first place. The UK government has a
particular history here, which is why it's ironic that we're attempting to
leave the EU.

~~~
aembleton
Not really ironic. It is exactly one of the reasons that I want to leave. It's
very easy for our government to subvert democracy by having the EU make
unpopular legislation.

If our government brings in legislation then I want them to be accountable to
that, and not have the ability to pass the buck.

~~~
rwmj
Yes and no. We're still going to have to manufacture everything according to
EU and global standards if we want to sell stuff outside our own borders. It's
just now we're about to lose any influence and votes over how those standards
are made.

You may (and quite rightly) say that EU elections are not decided on these
issues and particular EU Parliament representatives have been useless and
actively undermining the EU, but that's not really the EU's fault.

~~~
hathathat
Why do you lose a say over global standards? Surely you now represent
yourselves directly on global standards bodies, instead of indirectly via the
EU's common position?

~~~
pjc50
But there's no representation on the EU standards bodies at all, and
realistically there are two kinds of standard manufacturers tend to care
about: US (mostly UL) and CE.

~~~
hathathat
The EU's standards often just transcribe the standards agreed at a global
level, though [1]

[1]
[https://ec.europa.eu/growth/sectors/automotive/legislation/u...](https://ec.europa.eu/growth/sectors/automotive/legislation/unece_en)

~~~
untog
Often != Always, though.

Losing the ability to affect these European standards is a price to pay,
Brexit being one big trade-off after all. But I'm still unclear on what the
advantages are that make it worth it.

------
jcadam
Hearing about stuff like this, it's easy to imagine a future in which the
'bootstrapped' internet startup is simply no longer possible due to the costs
of complying with various governments' regulations.

~~~
falcolas
If I'm being blunt, its our own fault.

We encourage people to upload and share content they don't own under the guise
of "information wants to be free".

We encourage the transformation of employees into contractors and operate in
locations where the business is explicitly against the law, because "disrupt
all the things".

We work behind the scenes with our competitors to suppress worker wages, fix
prices, and avoid taxes, because profit is more important than anything else.

We do ICOs with imaginary money or IPOs with only private shares to get around
the SEC and little nuisances like public disclosure.

WTF did we expect to have happen? The government is a slow elephant to SV's
sleek mouse, but when we don't run fast enough we're going to be completely
flattened. This isn't new behavior on the part of the government - it's not
like we can claim ignorance.

~~~
kodablah
You shouldn't blame deluge of new laws on the users. It's kinda like victim
blaming as though they made the laws themselves. Instead of asking "what
caused governments to make new regulations" instead ask "what caused
governments to use regulations instead of alternatives (including doing
nothing)". You point out problems, but that's not fair to say that they caused
the specific solutions more than the solution presenters themselves.

~~~
falcolas
I'm not blaming the users, I'm blaming the entrepreneurs. Sorry if that wasn't
clear.

> what caused governments to use regulations instead of alternatives
> (including doing nothing)

It's the same as it always has been - why are any rules made up? Because
someone cheats. Why do rulebooks get bigger and bigger and not smaller and
smaller? Because someone sees the rule "do not steal", and threatens the
victim into "giving" him the stuff, cause "it's not stealing if he gives it to
me, right?" Now you need rules about coercion.

More directly, people flouting the spirit of the law is the cause of this
legislation. People ignoring the verbal and written warnings put out there by
governments to play nice.

Ultimately, the government has two forces of authority. The law (regulation)
and force (police, army, etc). The first is empowered by the second. If the
warning signs leading up to regulation are ignored, what else can we expect
the government to do?

~~~
kodablah
On the internet, I consider entrepreneurs users as well. Just because the
rulebooks do grow doesn't mean they should. That the law is ignored should be
a reason for enforcement, not law creation. As law counts grow and percentage
of enforcement seemingly declines you should expect users to ignore them. I
expect governments to give warnings about enforcement, not just creating laws
as though all other solutions have been tried. It should be the absolute last
resort, but so many of these are perceived problems not really harming anyone.

------
quickben
The other issue not discussed here is that Google and the rest will be
required to remove offending content within an hour.

Notwithstanding the rest of the discussions, this will only create more jobs.
I realize Google may not like the hit to the profit line, bit it's a bit
disingenuous to ask only the developers to sharpen the axes and fight the
Google's war while not informing them of the rest of the legislation: "Illegal
content means any information which is not in compliance with Union law or the
law of a Member State, such as content inciting people to terrorism, racist or
xenophobic, illegal hate speech, child sexual exploitation, illegal commercial
practices, breaches of intellectual property rights and product safety. What
is illegal offline is also illegal online."

I guess I object the delivery. Tell us everything, and then ask us for
support. This way they are just spinning it to fit their agenda in a way that
keeps us _less_ informed: "they are after your GitHub". Classical FUD

Edit: Here is a much better overview
[http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=50096](http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=50096)

~~~
wyager
> this will only create more jobs.

[https://en.m.wikipedia.org/wiki/Parable_of_the_broken_window](https://en.m.wikipedia.org/wiki/Parable_of_the_broken_window)

~~~
lumberjack
too bad Google quickly offshores all profits and pays zero taxes

~~~
adventured
Google commonly pays around 15% to 17% for its overall corporate income tax
rate.

By comparison, the _statutory_ rate for Norway is 23%, Sweden is 22%, Denmark
is 22%, Portugal is 21%, Slovakia is 21%, Finland is 20%, Estonia is 20%,
Iceland is 20%, Russia is 20%, Czech is 19%, the UK is 19%, Poland is 19%,
Switzerland is 18%, Ukraine is 18%, Romania is 16%, Serbia is 15%, Lithuania
is 15%, Ireland is 12.5%, Moldova is 12%, Macedonia is 10%, Hungary is 9%.

I'll emphasize again, those are just the statutory rates.

Google is obviously aggressive in their tax avoidance, however they're not in
fact paying low rates compared to what can be managed in more than a dozen
European nations.

~~~
cyphar
But who do they pay those taxes _to_? From the perspective of an Australian
(for instance), Google pays 0% Australian tax (even though they profit from my
country) because they have sufficiently clever accountants. It is less
important to me that they pay 15% globally (though that is still a
ridiculously small number -- most people have to pay at least 30% tax in
Australia) than it is that they pay 0% tax to many countries they do business
in. I still have to pay GST when I pay for Google's services -- why do I have
to pay my Australian taxes when I transact with them but they don't have to
pay their Australian taxes for that transaction?

> however they're not in fact paying low rates compared to what can be managed
> in more than a dozen European nations.

But they run businesses in significantly more countries outside of the ones
you've listed. The fact that you could only find a handful of countries
(several of which have very questionable governments) where 15% tax for a
multi-billion dollar company sounds normal is pretty telling.

~~~
wyager
> Google pays 0% Australian tax (even though they profit from my country)

They don’t “profit from your country” - they have users who live in your
country. Maybe it makes sense for those users to pay up to the government, but
it’s crazy to say that you should have to pay taxes to a foreign government
just because someone under that government uses your website.

In the long run, if this rhetoric you’re advocating is successful (that if you
touch anything somehow related to a government over the internet then you owe
them a cut and have to follow their local rules), you can say goodbye to the
open, global internet. Companies will IP-restrict (or if that doesn’t convince
the lawyers, government ID restrict) every single website.

~~~
cyphar
> They don’t “profit from your country” - they have users who live in your
> country.

 _Which they make money from_ \-- in fact quite a few companies make more
money from a given Australian than other markets[1] meaning that they are
profiting _more_ off Australians (even for online services -- like Adobe that
charged AU$1400 more for their software in Australia).

If a company wishes to sell books in Australia, they have to pay Australian
taxes. But if you sell online services, all of a sudden everyone starts
talking about the destruction of a free and open internet. If a company
selling a service is willing and has the ability to "destroy the free and open
internet" through IP blocks if they are asked to pay taxes for the money they
make off foreign markets, then ask yourself -- how free is the internet in the
first place if that is all it takes to destroy it?

You don't pay taxes if you don't make money. I don't understand what you're
trying to argue against here.

> but it’s crazy to say that you should have to pay taxes to a foreign
> government just because someone under that government uses your website.

It's not about usage, it's about profit. If you're making a profit by
providing services to people in a foreign market, you have now made money in a
way where society requires that you pay taxes on your profit. Most countries
have bilateral tax agreements to avoid double taxation, so if a company pays
tax in $countryA they only have to pay the excess in $countryB. Those
agreements exist _explicitly_ to facilitate the ability to do business
overseas.

Not to mention that many of these companies are _incorporated_ in foreign
countries as well, which means that they aren't even foreign entities at that
point. They're just ordinary Australian companies that don't pay tax.

> In the long run, if this rhetoric you’re advocating is successful (that if
> you touch anything somehow related to a government over the internet then
> you owe them a cut and have to follow their local rules), you can say
> goodbye to the open, global internet.

I hate to break it to you, but you already have to follow the law of countries
that you do business with. If you host certain kinds of hate speech, you are
not permitted to provide access to said hate speech in Germany (even if legal
in your country). If you host certain kinds of pornography, you are not
permitted to provide access to said pornography in other countries (even if
legal in your country). And so on. Will you be extradited for breaking those
laws? Maybe not, but that doesn't make it any less illegal.

I understand the whole "anti-regulation" view that some US folks have (and I
agree that many laws regarding the internet are very troubling), but
pretending as though companies should be allowed to make money in a foreign
market without paying tax just because their company happens to involve the
internet is pretty odd to me.

[1]:
[https://en.wikipedia.org/wiki/Australia_Tax](https://en.wikipedia.org/wiki/Australia_Tax)

------
IAmEveryone
If you are in the EU, do follow the advise and contact your MEP. The EU
parliament is surprisingly accessible and open to criticism, especially if it
is respectful and well-argued.

(It’s probably a result of constantly having their legitimacy questioned and
and vile insults having hurled at them)

~~~
peoplewindow
And they will do what, exactly?

The EU Parliament has no real power. It can only say yes to things or delay
them. As a consequence the only people who run for seats in it are either
fanatically pro-EU or anti-EU, but none of them are going to have any real
interest in copyright. They can say no and send it back and the Commission -
if it wants this - will just send it back for re-approval again, or bypass
them entirely.

~~~
IAmEveryone
The EU Parliament gets to edit all legislation. There are often thousands of
amendments offered, debated, voted on, and approved or rejected.

Here is an example with 500 proposed amendments to draft legislation on
cybersecurity:
[http://www.europarl.europa.eu/committees/en/amendments.html?...](http://www.europarl.europa.eu/committees/en/amendments.html?ufolderComCode=IMCO&ufolderLegId=8&ufolderId=11043&linkedDocument=true&urefProcYear=&urefProcNum=&urefProcCode=#documents)

Click on the pdf icons to read the actual texts.

Please don’t spread falsehoods.

~~~
calpaterson
I think your post is also misleading. Under co-decision, the EP only gets to
/propose/ amendments, not to approve them. The council are able to reject
parliament amendments and get the law passed anyway. And of course, there are
other procedures than co-decision for creating primary legislation which give
the EP even less power.

While the grandparent wasn't 100% technically correct I think the broad view
(that "The EU Parliament has no real power") is effectively correct. The
lion's share of the power of the EU still rests in the Commission and the
Council. By all means, write to your MEPs, but don't get too hopeful

~~~
antientropic
> The council are able to reject parliament amendments and get the law passed
> anyway.

This is false. In most policy areas, if the council disagrees with the
parliament's amendments, the proposal goes through a conciliation process. If
the council and parliament don't reach agreement there, then the proposal is
rejected. Thus, parliament has the power to reject almost all legislation. I
wouldn't call that powerless.

[https://en.wikipedia.org/wiki/European_Union_legislative_pro...](https://en.wikipedia.org/wiki/European_Union_legislative_procedure#Ordinary_legislative_procedure)

~~~
calpaterson
Yes, there is further process I didn't mention. No, it doesn't fundamentally
change the situation.

------
huffmsa
"Your private repository has been removed because you received 3 take down
notices from copyright holders who own'foo = bar'."

~~~
jdc0589
"Your private repository has been removed because you received 475 take down
notices from copyright holders who own '// fucking timezones, right?"

~~~
falcolas
Your repository has been made public, with code inserted to serve ads to
users. Please note that the revenue for the ads will be sent to the copyright
holders, and your access to the repo has been revoked. Also note that this is
our final communication on this matter.

~~~
sli
Your private repositories have been locked unless you pay money. You cannot
set the private repo to public, you must pay.

Except GitHub actually tried to do that to me for real, and failed. Luckily,
they unlocked the repos while trying to charge me (no billing details on my
account, so... nice try?) and I was able to snag my code back without being
extorted for money. At no time was I given the option to opt-out of private
repos. My only other option had they not screwed up was to pay.

~~~
noname120
Out of curiosity, how did this happen? Were you on a trial / student plan that
expired?

------
titanix2
I would gladly contribute to software which filter laws submitted to the
parliament.

~~~
epicide
If only common sense could be made into a filter.

------
dasmoth
This certainly seems like a legislative overreach and worth watching if it
progresses. But not really clear to me why code should be a specific
exception?

I’m a little disappointed in Github for trying to carve out a specific
exemption just for their area of business rather than fighting the proposal as
a whole.

------
ezoe
There is a simple solution. Just block the access from the EU. Let them suffer
for the consequence of stupid law.

~~~
lerpa
Why would you block access from the EU if your site is hosted elsewhere?

If you think complying with foreign regulations is not worth it, or if you're
not even aware of it, it's not up to you to block anything. Why would it be?
If they care they would make providers block your site.

~~~
kodablah
Because if you break a law that applies there you might not be able to travel
there or you will be jailed when you do. This applies to other
regions/countries too. We can argue practicalities of course, but why risk it
based on subjectivity of enforcement?

Also, blocking sends a message to the users in more ways than one.

------
legostormtroopr
GitHub has had no problems implementing censorship on their platform if it’s
using their own values (see: WebM for Retards), so why should we care if they
are now forced to censor using an external parties values?

I was concerned when GitHub started censoring repositories that didn’t meet
their code of conduct, but was told it was for the greater good. Now the issue
is coming back to bite them it seems.

~~~
ekianjo
Your comment is misguided. When private actors behave badly, you can opt out
and go for competiting services. When the state mandates something your
options run out. It is a pure attack on Freedom.

~~~
guitarbill
> When private actors behave badly, you can opt out and go for competiting
> services.

Except when they're a quasi-monopoly, then people find it more difficult to
opt out. Hence anti-trust laws, and more recently, GDPR.

> It is a pure attack on Freedom.

By definition, all laws are exactly that. The question is never "does this law
restrict my freedom?" but always "on balance, am I happy with the way this law
restricts my/others freedom, and what might be the (un)intended
consequences?".

So while it's a dumb proposal, it's hardly more stifling to creativity than
70+ years of draconian copyright protection.

~~~
lerpa
You're still free to open a competing service, and can leverage the fact that
you are better than the other guys as free advertisement basically.

------
zan
Frankly this title is worthy of the Daily Mail. I expected more of GitHub. It
merely describes one individual proposal currently going through the process
of consultation before being debated in the parliament, nothing else.

~~~
wyager
The EU has passed similar(ly destructive) policies in the past, like the GDPR.
This would be perfectly consistent with their standard behavior.

~~~
dtf
Is the GDPR a bad thing? Previous commentary on HN seemed broadly positive.

~~~
wyager
It’s extraordinarily destructive, but HN has a soft spot for government
privacy directives, no matter how ineffectual or costly.

~~~
GordonS
I initially felt the same way, but after actually reading through the GDPR
materials, and a bit of Q&A on HN, I've come to the conclusion that it's a
good thing.

It doesn't really place any burden on business - it simply means that you must
be transparent with users about how you use their data, allow them to know
what data you hold about them, and allow them to delete it if they wish.

As a consumer, as well as a founder, that seems very reasonable.

~~~
Silhouette
_It doesn 't really place any burden on business_

Sadly, that is not true.

But the biggest real problem is that since the GDPR, read literally, is
borderline draconian and the defence is that the regulators will enforce it
selectively and pragmatically, literally no-one really knows how great that
burden will be... which itself then becomes a significant burden.

~~~
GordonS
I'm afraid I completely disagree, especially with "borderline draconian".

When I first heard about it, I was somewhat fearful of the unknown, imagining
I was going to have to 'waste' time on 'checkbox compliance' \- but after
spending some time reading about it, I believe the intent is _good_ , and also
that the burden _isn 't_ going to be that big.

As a consumer, I absolutely _want_ the GDPR - I believe I do have a right to
know how my information will be used, to know exactly what is held, and to
have it deleted if desired.

As a founder, I want to be _responsible_ with personal data. And because I am,
I'm already compliant with just about everything needed by the GDPR. I hardly
expect a deluge of requests from users, so I don't even need to spend any time
on automation.

~~~
Silhouette
It's not the _intent_ that I have a problem with.

Moreover, as a founder, I couldn't agree more with being responsible about
working with personal data. We have always been careful about the data we
collect and how we store and process it. But from what we have learned
ourselves so far, we seem to have significant additional obligations under the
GDPR (for example, being able to produce substantial amounts of formal
documentation to the ICO on demand) that we would not currently be able to
meet, and we _might_ have other obligations that could be awkward (often
related to the various subject requests now possible) but the implications
aren't fully clear.

We also don't expect a huge deluge of requests from users. In fact, we've
never had any under existing data protection rules. However, given that there
several people have posted to HN recently saying that they'll be happy to send
in large numbers of such requests when the GDPR comes into effect just to make
a point, and unlike the current data protection rules in the UK there appears
to be no provision for a token fee to deter such vexatious requests, we have
to consider the possibility and at least have some intelligent way to respond,
even if that just means knowing what our actual obligations would be if anyone
did make such a request without doing any other work in advance.

------
scandox
Well I'm instinctively against this, but on the other hand wouldn't it
encourage serious adoption of a decentralized system? Which might not be a bad
thing. Or?

~~~
onion2k
As with most things it's not a simple black and white, good versus evil issue.
It could lead to developers actually bothering to put a license on their open
work, stricter enforcement of open source agreements, and, like you suggest,
people looking at alternative ways of hosting code.

On the other hand, it would also mean that we'd be 'randomly' told that we
can't commit something because it looks too similar to some other code someone
wrote. In the case of Google vs Oracle that would be a relatively trivial,
obvious-to-an-experienced-developer 10 line method. That wouldn't be great...

~~~
shapiro92
for me this is very weird. While being employed by a company the code you
write is theirs, so what happens if I move to another company and reuse code
from my brain? Also do they understand how amazingly complex it would be to do
code checks for similarity of code?

~~~
pixl97
>so what happens if I move to another company

Don't worry, at our current rate that won't be allowed. As a programmer you
are now company property. I guess that also means "You're fired" means
"Literally fired in an incinerator"

------
chmod775
As someone who runs a large filesharing platform I don't really care since we
are already more-or-less compliant.

We already check newly uploaded files automatically against known bad content
and stuff copyright holders have reported in the past. It's basically just
file checksums though, nothing fancy.

I don't know what what would be "appropriate and proportionate" according to
the directive though, and having to check code for copyright infringements
sounds absolutely painful and vain.

------
roomey
I've emailed my MEPs. One is sick but it'll be interesting to see what the
others say

~~~
roomey
That was impressive, I have received a response already.

It appears my MEP had a few concerns with some other aspects of it already, so
has had their eye on it for a year. She said she has contacted "the Rapporteur
for the file, Axel Voss MEP to ask for his clarification on the issues you
raised related to code-sharing platforms and why the scope of the proposal
suggests to include them."

I'm kind of surprised at getting such a genuine response so quickly! I will
update once I get more information

------
redleggedfrog
I think this is an excellent proposal. It will help American coders have an
edge over their Europeon counterparts.

------
clishem
I wonder if they read the article. It most certainly won't apply to GitHub,
and it only mentions content filtering as an example. Until proven otherwise
this is simply FUD spreading. Dissapointing.

------
tmdk
If you actually read the EU proposal then it does not require filtering upon
upload, it seems fine to perform filtering upon download. Secondly the
proposal states that the measures should be proportional, which might mean
that code is not affected in any significant way.

~~~
type0
> it seems fine to perform filtering upon download.

What that suppose to mean? My web service should be fine as long as I agree
for the Government to MITM me?

------
AKifer
If the copyrighted code, against which your pushes would be compared, are by
definition closed source, how could these filters work ? Or will software
companies reach an agreement with repo providers like github so the filter
robot can parse their closed source code ? Kind of a politics BS just destined
to keep the discussion boiling for a few months.

~~~
akerro
What if copyrighted source code contains a method copy-pasted from
stackoverflow?

~~~
c4h8o3del
It's MIT licensed by default. The StackOverflow code, that is.

~~~
yjftsjthsd-h
Are we taking bets on whether proprietary code includes all the relevant
attribution?

------
thriftwy
I think it's time for distributed git a-la bittorrent.

We should have everything sensitive in encrypted P2P networks and then demand
that snail-mail privacy laws are applied.

I'm not expecting this position to be popular on HN tho, you can't build an
unicorn on freedom.

~~~
antocv
We have gittorrent already.

Much better alternatives than bittorrent, from privacy and censorship-
resistence aspect is, git-ssb which is git on secue scuttlebot aka SSB.

Bittorrent can be censored, the DHT can/is monitored and can be eclipsed to
prevent lookups.

Scuttlebot can work offline, over WiFi or sneakernet. Transport layer is
encrypted, unlike bittorrent.

Another alternative is Dat Project, which is similar to SSB, but focuses on
larger data files.

------
amarant
man..I thought brexit was bad, but maybe they're on to something? this isn't
the first time EU cracks down on new tech, hindering progress in the process.
(this is however the worst such case yet, if it goes through)

~~~
BuildTheRobots
Brexit is giving the UK politicians the chance to enact some pretty draconian
laws _without_ the European courts being able to stop them because it's
illegal or goes against human rights.

The fact that the EU is _following_ us into some of this madness is not a good
thing and certainly doesn't imply that the UK is onto something good.

~~~
gadders
Which laws are those?

~~~
John_KZ
Even though at the time they only ban neo-nazis, the UK can now criminally
charge you for having opinions they dislike. That's not a step forward. Also
surveilance and anti-privacy laws in the UK are horrible.

------
emh68
This will be an interesting experiment. The EU keeps coming up with ways to
essentially destroy the internet as we know it. But I theorize that the
internet is the only reason the economy continued to grow after the 90s. I
think they may rewind themselves back to insignificance. Even China, with it’s
draconian Great Firewall, wouldn’t be where it is today if academics and
businesspeople weren’t regularly VPNing out to access the collected knowledge
of the world.

------
snovv_crash
So has someone solved the halting problem then? How can you filter code
without knowing what it does?

------
Dude2023
_> automated filtering of code would make software less reliable and more
expensive_

I can see how it's bad for business, but as a developer wouldn't it mean more
jobs and more of custom libraries to make?

~~~
mikerg87
Things like this or the GPDR favor the rich and the bigger companies who can,
while not convenient, devote resources to compliance. It’s not just GitHub
that would have to comply. I suspect that the code snippet sharing in Slack
would have to monitor code snippets pasted in various programming chat areas
to be in compliance.

------
jakeogh
I don't think freedom speech and general purpose computing are separable
issues. Code is speech; arguably the most important form as we merge with our
creations.

------
Rotareti
How do they want to accomplish this? Checking every user upload against a
database that stores every copyrighted piece of data under the sun seems kinda
heavy?

------
naiveai
[https://www.eff.org/cyberspace-independence](https://www.eff.org/cyberspace-
independence)

------
stuaxo
It sounds like such a shitty law it must have originated from the UK ?

------
rednerrus
We should turn the internet off to the EU for a while and let them simmer.
They're completely out of line and misaligned with technological
understanding.

------
anonbig5
Yes at-least Big Platforms needs to be made responsible for content they host
(a law that is better than DMCA).

Here is a Proof of how platforms are hurting everyone (i.e Everyone who lives
by law):

[https://imgur.com/a/qYWGj](https://imgur.com/a/qYWGj)

Notice 4 of top 6 Entertainment apps (In US) launched in last 30 days on
Google Play are pirating Movies? This not only hurts Movie Studio, it hurts
every developer on the platform because they are taking those downloads away
from Developers who abide by rules.

~~~
r3bl
Two of them (maybe, I haven't tried them).

One of those you're referring to is just a blatant case of false advertising
(Netsub IT Services one), because it's just showing the trailers and info
about the movies, and the Scooby Doo one is just playing sounds from Scooby
Doo, not letting you watch Scooby Doo.

And just because such apps exist, doesn't mean that every developer needs to
validate every input to make sure that it doesn't infringe on someone's
copyright. It just means that Google needs to do a better job at detecting
such apps.

------
crispyporkbites
Could we build in client side encryption of source code inside git, pre-push,
and then provide decryption keys to CI services and other software that needs
to review code (e.g. in browser decryption)?

We could use pre-shared keys for OSS software available from a separate
registry, with a legal disclaimer on there that code hosts cannot use the keys
to decrypt the code.

That way github could not physically access your code to run these checks.

~~~
45h34jh53k4j
Check out [https://keybase.io/blog/encrypted-git-for-
everyone](https://keybase.io/blog/encrypted-git-for-everyone)

------
AJRF
That response at the top of the article was a really good way of hitting the
point home quickly

------
xstartup
I think EU on its way to make the world more equal. Some folks owning platform
have literally amassed mega fortunes of money in absence of costs (regulation
etc...) without creating many jobs which people in other jobs can't even dream
of acquiring.

~~~
tudorconstantin
Is there something bad that folks that build platforms are able to amass mega
fortunes?

Why should I care that Zuckerberg is a zillionaire as long as he didn't took
his money from me forcefully? I dislike him profoundly, but his money are his
money.

I don't resent him because of his mega fortune and I don't expect an authority
to take that mega fortune from him and distribute it to ones like me.

As long as we're focused on how to convince others to rob the rich and
distribute their wealth to us instead of focusing on how to create nice things
that people want, we'll keep being a break to the mankind.

~~~
r00nb00m
That's not the issue, the issue is huge disproportion of influence that these
platforms create for their owners. You are practically saying that monopolies
are fine as long as you're not getting robbed. The fact is, you probably are
getting robbed, by paying too much money for the dominant service.

~~~
tudorconstantin
OP seems to be resentful especially toward the mega fortunes amassed by some
folks.

Regarding digital monopolies like facebook and google, those markets didn't
even existed 20 years ago. It's them who created them, almost from zero. They
created the need in the market. I still can't see any reason why a third party
(aka government, in the name of the people) would use force to break them
apart. Mostly because they're not monopolies for services related to basic
human needs.

~~~
xstartup
The economy is about the distribution of resources. If one group of people
amass huge fortunes, there is definitely something wrong.

That said, I own companies and I am on the makers' side of things. So, I am
not resentful of myself.

------
hartator
I am glad the U.S. doesn’t push for this kind of regulation.

------
staticelf
Suggestions like this makes me feel very comfortable in voting on a EU-
negative political party. In am in general EU-positive, but they have too much
say in random things like this.

The EU should not be able to dictate things like this.

~~~
coffeeaddicted
What about the EU preventing countries from doing such things? There's a lot
of countries with governments which really like filters. I'm against _any_
government or organization which proposes such filters, but I do not have much
hope killing the EU would help to stop such proposals. I rather hope the EU
parliament will help to prevent such filters like they did with software
patents.

And per-country rules don't really make much sense anyway for the internet.
Global rules would make it easier for developers - unless they are completely
stupid like this proposal obviously.

~~~
staticelf
It's easier to avoid one country or move either yourself or your business from
a country (or even threaten to move) than from a large union.

For example, let's say the EU would vote to make the internet illegal inside
EU. I could move to Norway but otherwise my nearest alternative would be
either the US or Russia. Neither of which is an easy move or even thinkable.

I agree that it would be awesome if they only passed sensible legislation, but
unfortunately the risk of them passing stuff like this is too great for them
to have this power to begin with.

The EU have done so much good stuff, but also so much stupid stuff and if this
gets passed I'm probably going to vote against staying in the EU if given the
choice.

The scariest part about EU is how no one understand how the process of
creating legislation is. It is very hard to keep track on stuff as a normal
citizen and you are completely reliant on information from third parties like
in this case Github. Also when stuff like this happens, I have no idea who to
write to unless someone tells me who to write to and I don't have a directly
huge belief that they would care about what I have to write about it anyway.
The power to make grass root changes within the EU is super small compared to
making it within your own country.

If Github wouldn't have posted this I would never have known and that scares
me a lot.

~~~
coffeeaddicted
I won't deny that if this one really passes (not yet believing it), then it
will be a pretty hard blow to my somewhat pro-EU stance. And yeah, I guess
law-makers in the EU are even further disconnected from most people than
national politicians. Thought the web makes that gap smaller again.

------
nkkollaw
There's a huge difference between a proposal and a law.

However, the EU succeeded in passing the idiotic requirement for cookie
notices, so I guess it's not a bad idea to watch out for more.

------
megaman22
The EU wants a lot of things... At some point, they are going to make the cost
of doing business there too high for it to be worthwhile.

------
Lunatic666
Why would GitHub as an American company follow EU law? Or are they just really
trying to prevent bad laws?

~~~
dtech
Because they have users and business in EU. If you want to sell stuff in EU,
that product must comply with EU law.

~~~
Lunatic666
Yes I understand that they want to offer their services in Europe, but the
servers are in the US and billing is also not handled by a European branch
company afaik. I’m really just wanted to know if and how the EU could force
GitHub to comply with this law. Ban their service?

Or could it have to do with the successor agreement of safe harbor?

~~~
nl
The EU can impose penalties. For example the new EU data protection laws have
this as the maximum penalty: _a fine up to €20 million or up to 4% of the
annual worldwide turnover of the preceding financial year in case of an
enterprise, whichever is greater_

I guess Github could decline to pay. But then they could do no business in the
EU, and then there is the likely impact on Github employees - similar to how
BetonSports' CEO was arrested when he changed planes in the US:
[http://www.independent.co.uk/news/business/analysis-and-
feat...](http://www.independent.co.uk/news/business/analysis-and-
features/arrests-in-us-put-world-of-online-betting-on-red-alert-5544310.html)

------
conradk
Frexit seems to be coming ever closer. Le Pen got 35% in 2017, pro-frexit
parties are flourishing in France. EU has got to be careful. It's doing good
things (free roaming, which as citizen who has family in both France and
Germany, I highly appreciate) and the GDPR, which seems to force companies to
think more about privacy.

But if Github's phrasing accurately represents what EU wants to do with online
sharing, then I feel like this change is a step in the wrong direction,
restricting privacy to make big-corps even richer than they already are.

~~~
IAmEveryone
It must be increasingly frustrating for anyone in Brussels if every opponent
of any legislation always starts with threatening the whole idea of European
cooperation. “Do anything I disagree with and I’ll vote for the fascists in
the next election” really isn’t constructive. The accusation of being on the
side of big business is also insincere, as exemplified by your two examples of
recent legislation that quite clearly side with consumers over large
businesses.

Even this legislation, while misguided, is actually aimed at large businesses
(mostly YouTube) while the beneficiaries (publishers and artists) are rather
small, comparatively.

~~~
vim_wannabe
Putting the "fascist!" comment aside, what alternatives are there than the
threat of breaking from the EU if every legislation seems to* head toward a US
style federation?

Think of it like the SOPA/PIPA/whatever fight: You manage to barely resist
some bill from being enacted into law but then just a few months/years later
another version of the same law is proposed.

*: from the perspective of someone

~~~
John_KZ
There are a few political parties that call for a reform of the EU without
breaking up. I'll try to vote for one of them.

It's clear that the EU needs serious fixing, and German politicians/Brussels
technocrats aren't up to the task because they don't care.

Unfortunately, at the time being, these reform parties (mostly social
democrats, but not exclusively, and not of the "old kind" of social democrats)
aren't big, because the emotional way to deal with the crisis is _" To hell
with them, let's roll-back to nation-states so we can take over control"_.
Unfortunately, we'll bitterly find out that breaking up won't solve the
problem. We'll lose all the benefits of being able to lobby together for a
better solutions, and still suffer from all the problems of the EU, even
without being in it, because the big institutions won't be stopped by border
checks..

------
friedButter
They should consider partitioning the internet into 2 parts:

1) Public access internet, where everything is regulated by the hosting
company

2) Restricted access internet where everything uploaded in linked to a real
life ID and the uploader has liability for whatever is uploaded. Access would
be granted after a basic licensing test, but hosting companies would not be
required to police the content

This way, media companies can easily regulate the mass market internet to keep
pirated content off of it, and the restricted access network would have a link
to the uploader with personal liability, so people are not likely to upload
pirated stuff anyways. In exchange, they arent harassed in the name of anti
piracy

~~~
John_KZ
> Restricted access internet

This is already done in closed-doors forums and whatnot. If you mean the ID
should be government-issued, you have Facebook where fake accounts area nearly
impossible at this point and it's pretty close to a "Governet". In the
Governet you'd still be censored because their goal isn't to sue everyone
(that's expensive and doesn't always work), it's just to control them.

~~~
lambda_lover
The several fake Facebook accounts I use for testing purposes would like to
have a word with you. In my experience Facebook doesn't try to filter out fake
accounts very heavily unless you use them to create spam. And I prefer to keep
Facebook as far as possible away from "real" IDs like my passport, driver's
license, etc.

