My sense has been that their customers are predominately those bound by things like HIPPA or PCI, who want to use cloud services, but can't do it with a straight face unless they can say they're "encrypting" their data.
What their customers want isn't security; it's the minimum required that will allow them to use salesforce.com. Incriminating details on StackExchange aren't a problem because their customers don't already know CipherCloud is insecure, they're a problem because it would make it harder for customers to say they're in compliance with a straight face.
 - http://lajm.eu/emil/dump/ciphercloud-security.html
 - http://securitybookreviews.eu/ciphercloud/
Certainly snake-oil is a problem, but I think this particular area is one where buyers are most concerned about being able to effectively claim that they made what seemed like reasonable efforts.
With no penalty for false DMCA claims, it's a "stop us if you can" mentality.
The real reason may have been the conclusion that "Ciphercloud is NOT doing homomorphic encryption" ?
(but google cache still works)
That eliminates the "knowingly" part. A lot of DMCA claims, including the one in the OP, are being filed by lawyers or companies who will have a much harder time showing they have a good faith but unreasonable belief. They are basically going to have to argue they are idiots.
The second you can show bad faith, i have trouble believing (and I don't know of any cases where ..) a court would not impute knowledge.
Basically, you want them to have to consider your affirmative defenses (which is what fair use is). While i don't necessarily disagree, to be fair, this would be wholly inconsistent with almost every other area of law.
For example, if i file a negligence claim against you, you bear the burden of proving any affirmative defense to my claim, such as assumption of risk. I don't have to consider it at all when I file my claim, and if you don't prove your defense, i win. This is true no matter how valid your defense may be.
Look, as much as I don't like it, this is a tradeoff.
On one side, you have the fact that websites like this would normally be liable for everything they publish.
DMCA says "we'll fix that for you", the cost being "if you want safe harbor, and someone with a good faith belief sends a takedown notice, you honor it".
If StackExchange really believed the material was non-infringing, they could always ignore the DMCA takedown, and force CipherCloud to sue them.
They didn't choose to take that risk.
Newspapers have the same issue, FWIW: They get threatened all the time by bad actors (and not just for defamation of public figures, which the are mostly protected from). They just often choose to take the risk and force bad actors to sue them.
It's not at all clear what you think the solution is. If you institute harsh penalties for filing "bad" DMCA requests, all that would happen would be large numbers of lawsuits over DMCA requests, bad or good, because it would likely be profitable. You really think torrentfreak/isohunt/et al wouldn't just start filing suits over every single DMCA request they receive? What do they have to lose? They wouldn't have to win many suits to make money off it.
If you have a good solution, i'd love to hear it :)
I realize how odd this sounds, and i really do hate the way content companies/et al abuse the DMCA process, but one doesn't need to look very hard at history to see what lawyers in general will do if you make it profitable (see the history of rule 11 sanctions, particularly, the period from 1983 to 1993, or you know, recent prop 65 litigation, resulting in everything in the world having "the state of California believes this may cause cancer" labels on it ).
Money? Time? It wouldn't make any sense for them to litigate the cases they would obviously lose when they could choose the subset of cases where the take down issuer clearly has no copyright in the material in question -- which is the whole idea.
You're also giving the money to the wrong party. It doesn't make any sense to give YouTube or Tumblr the right to sue for bad take downs, if they thought they were bad they could just not execute them. The right for redress should be for the user who posted the material, not the intermediary. Which solves your problem with torrent sites filing frivolous claims. Do you honestly think release groups are going to get into the business of filing frivolous lawsuits against content owners? As soon as they identified themselves and consented to jurisdiction they would be counter-sued for infringement or arrested.
>But they'd be sitting on top of a mountain of potential claims, which would prove lucrative if even a tiny percentage resulted in damages.
Setting aside that Isohunt is the wrong party, yes, there are a mountain of take downs from which some small percentage should result in damages. But you can identify those cases ahead of time -- you know perfectly well you aren't going to win a case where you posted Fast & Furious 6 to Isohunt and Universal Studios issued a take down for it, there is no point in even trying. And if you do try then you're effectively admitting your own liability for copyright infringement when you have to assert you posted that material in order to get standing to sue.
The cases lawyers will want to take are the ones they think they can win -- and as long as they're right, that's what they're supposed to do. That's the whole idea.
Are you arguing that the situations where the take down is in a grey area (e.g. fair use) will create too much litigation? I don't really see that happening. On the one hand, the existence of penalties would create a disincentive for copyright holders to wantonly issue take downs in questionable cases, and if there was no take down then there is nothing to litigate. Then, in the consequently much reduced number of edge cases, in order to claim a take down was fraudulent a plaintiff would have to admit in court to posting the material and thus to liability for copyright infringement if the take down was legitimate.
Are there lawyers who will take on cases for consignment only?
It's a calculation that little people will not be able to take on the big people.
This is why corporations have zero fear of incorrectly killing individual content on youtube, little chance of penalty and they can smother any attempt to fight them.
Nope, all you are supposed to have to do to get the content restored is submit a counter-notice. And it should be back in two weeks, not years.
But you can be sued by the rightsholder for posting infringing material.
The DMCA is really about protecting the ISP/host. The ISP can't be sued for hosting your infringing material -- so long as they take it down when receiving a takedown notice; and even when they put it back up after receiving the counter-notice from the original poster.
But YOU (the poster) can still be sued.
I am not sure how often ISPs/hosts have clearly identified counter-notice procedures, but that's the way the law is written.
See for some further explanation: http://www.dmlp.org/legal-guide/responding-dmca-takedown-not...
YouTube is not responding to DMCA notices, it's given media companies direct access to take down content through their own system, and it can do this because it has no obligation to host your material for free in the first place, infringing or not.
Anything else is impossible to prove
There doesn't seem to be anything in there that looks like an infringement of anyone's copyright.
Here's the actual recourse created by the bill:
> (f) MISREPRESENTATIONS- Any person who knowingly materially misrepresents under this section-- (1) that material or activity is infringing, or (2) that material or activity was removed or disabled by mistake or misidentification, shall be liable for any damages, including costs and attorneys' fees, incurred by the alleged infringer, by any copyright owner or copyright owner's authorized licensee, or by a service provider, who is injured by such misrepresentation, as the result of the service provider relying upon such misrepresentation in removing or disabling access to the material or activity claimed to be infringing, or in replacing the removed material or ceasing to disable access to it.
If a crypto company abuses DMCA to fight this, then they deserve the Streisand effect. You should send the materials to someone in a free country where DMCA doesn't apply and speech is still free, and they can host the documents and discussion.
Someone should issue a counter notice. And get them put back up.
What's interesting to me is what happens if StackExchange put these back up, and then the cryptocompany sends a DMCA to SE's hosts.
Of course, that doesn't stop all of Stack Exchage from being down for "10 business days" in the meantime. Should be interesting to see the public response to that if it actually happens.
(I made a snapshot of the page from Google's cache only to discover that at least two others used the very same service within the last hour to do exactly the same...and there are a few services to snapshot web pages.)
The question is: do you want the script publicly available, or in the hands of your adversaries without anyone knowing? There's a third alternative: fix the problem.
One would think that if something is insecure anyway they could at least make it efficient.
This DMCA takedown is unfortunately just another of their "just try and stop us" tactics.
I would SE as an organization cannot, as they are the safe harbor in this case, but it sounds like the takedown notice wasn't specific enough for the relevant users to know what they can leave up. Does each user involved need to counter-claim so that SE can put the question and answers back up? Can one user claim that nothing on the site was infringing and have that be enough to protect SE?
DMCA as a law isn't even that ridiculous or reprehensible; it mostly offers protection for websites that have user-submitted content. And yet here we are.
The damages clause needs to be strengthened if we wish to continue having free speech on the internet.
CipherCloud claim copyright infringement on the three images used to evidence the posts.
They also claim that certain statements in the posts are false, misleading defaming. While some statements look indeed wrong, others (in particular the determinism claim) are clearly evidenced in screenshots. They hint that their actual product might use different encryption from the demo video.
Encryption and security does usually not get any better by pretending its secure and not letting anyone dig around the solution.
Indeed. Schneier has some excellent discussion on this topic, singling out closed source encryption as always eventually being cracked, and the security world's consideration of open source as a pre-requisite for security:
I've never understood how anyone with at least an ounce of intelligence can claim that something is more secure just because it's closed source.
I expanded my analysis, but you'll need to check the original material for evidence since the embedded images were subject to the notice.
At the very least, there should be more stringent requirements for legitimate takedown claims and stricter penalties for abusing the process.
Also, throwing "clustering" at every problem is misguided. Not all problems are easily parallelized:
Has a version from Apr 12, 2013 15:33:47 GMT.
Or Microsoft's permission to use the MS Office 365 logo?
Never ever, use your own algorithm for encryption. Always use tried, tested and known algos. And don't even change it one bit (literally!).
Only the key remains secret.