Some people think RIAA’s DMCA notice is not legally valid, arguing RIAA is not the copyright holder and there is no infringing material. DMCA takedowns are for taking down works you own the copyright to; not for enforcing any arbitrary aspect of legislation.
It’s my understanding that service providers do not need to comply with illegal requests.
For example, if I DMCA’d <an oil producer>’s repository on accused violations of environmental protection acts, I don’t think it would be taken down, would it?
If GitHub was an independent company advocating for open source; would it have acted any different?
Note: Microsoft is a member of the RIAA.
Apple made waves and built lots of favour for resisting the FBI and challenging quasi-legal processes. They took risks and demonstrated their principles (Suing the FBI over a terrorist’s iPhone is unlikely to be the first recommendation from their legal counsel).
This smells like a qausi-legal process, and it would look great for GitHub/Microsoft if you do.
Almost all of the lawyers at HN, and the lawyers at the EFF, and the guy at Popehat, are all generally in agreement that there was nothing wrong with what the RIAA or what GitHub did. It should tell you something when the people most in a position to evaluate the situation don't see anything amiss.
What the EFF actually said: https://twitter.com/EFF/status/1319787243184123904
https://www.eff.org/deeplinks/2020/11/github-youtube-dl-take...
https://www.eff.org/deeplinks/2020/11/github-youtube-dl-take...
What we call DMCA takedowns, coloquially, with the whole counter notification process etc, are notices submitted under Title II. That title deals with copyright infringement, not anti-circumvention.
That means treating such notices as a typical DMCA notice, as GitHub has done, is incorrect. GitHub may well choose to follow the takedown if it considers it valid and the repo infringing, but what they've done is treat it as a copyright takedown. And that is clearly, unambiguously wrong, as it goes against their own DMCA policy, linked from the youtube-dl repo's disabled notice, which says:
> The DMCA notice and takedown process should be used only for complaints about copyright infringement. Notices sent through our DMCA process must identify copyrighted work or works that are allegedly being infringed.
So yes, GitHub messed up here. That doesn't mean they shouldn't have taken down youtube-dl, but they way they went about doing it is wrong.
You'll notice that the EFF, in that article, never goes into the details of the takedown process that happened. They never said what GitHub did was proper. They are just talking about the anti-circumvention law in general.
ETA: And yes, if you submitted a DMCA takedown which has any reasonable chance (from the recipient/provider's perspective) of being valid, it would get taken down. Otherwise, the provider takes on their customer's liability. Very few (and zero free) providers are willing to do so.
> DMCA takedowns do not need to be from the copyright holder themselves. They can be from ANY authorized agent of the copyright holder
I think it's clear that "RIAA is not the copyright holder" is shorthand for "no member of the RIAA is the copyright holder". Even if you don't accept that, you can easily deduce that no member of the RIAA is the copyright holder by looking at the immediately following claim, "there is no infringing material".
Given that there is no infringing material, it can't really matter whose agent the RIAA purports to be.
It's really, really, really stupid, because it presumes guilt before innocence, standing in opposition to most general legal principles.
If anything, Microsoft via Github would do well to assert itself by not conforming, forcing the court to examine the DMCA's legality and process.
That doesn't make the notice facially invalid, if they have made the required representations (which they have, as they have alleged specific infringement of their works on a contributory infringement theory as well as alleging that the works in question violated DMCA anticircumvention provisions, and particularly alleging that the combination of the anticircumvention violation plus the specific identification of works of RIAA-represented owners as targets was the basis for the contributory infringement claim.)
Unless Github wants to expose itself to both upfront costs and potential liability by judging the details of the legal theories and fact claims in facially-valid DMCA takedown notices, it makes sense for them to react to facially-valid notices and wait for a facially-valid counter-notice before restoring user content.
Therefore there is only risk and no benefit for a service provider not to comply with any notices they might receive.
tl;dr there probably isn't anything inherently wrong with the RIAA's claim, and there's definitely nothing wrong with github's response.
As for DMCAing an oil producer's repository for something unrelated to DMCA, github would still take it down, but it's quite likely that you'd end up with a lawsuit from the oil company for damages. As long as GitHub is run by a US company, it doesn't matter how advocating they are of open source, nothing would change...they'd still take down the repository after receiving a DMCA takedown request.
And the last point, my understanding is apple wasn't actually required to assist the FBI, but american companies are required to follow DMCA.
This is how things work; it may not be how you'd like things to work, but I doubt you've ever been involved in any part of a DMCA takedown request (as the sender, receiver, or the person that had their stuff taken down).
That's how section 512 works. The RIAA letter referenced section 1201, not 512. There is no copyright infringing material to identify. The letter relates to distribution of copyright protection circumvention technology.
Maybe Github needs a new page explaining section 1201 takedowns.
https://cdn.loc.gov/copyright/1201/1201_background_slides.pd...
Does the DMCA actually define these, or is the entire concept of a "section 1201 takedown" a courtesy GitHub is extending to rightsholders, but not legally required to provide? I am only familiar with the DMCA outlining a takedown process for copyrighted content.
An MP3 patent, such as 6,009,399, covers methods and apparatuses for encoding a digitised audio signal. Writing source code that uses a claimed method is arguably not infringment but as soon as anyone besides the patent owner or her licensees compiles the source code and tests the binary, then there is a much stronger argument that infringment has occurred.
Let's pretend for the moment that the original youtube-dl DMCA had been valid, or that you removed youtube-dl due to an innocuous mistake. If I post youtube-dl to MY account, you have NO reason to take it down until you receive another takedown request from the RIAA for my repo. You certainly have no reason to ban users. There is nothing in your ToS which this violates.
I work on education projects which use youtube-dl in legal, non-infringing ways. I don't think the RIAA has a legal leg to stand on for reasons I'm not going to get to in this post.
Until github starts following DMCA processes properly, I CANNOT respond to the existing takedown request, since I have no standing. It's not my repo.
The right course of action for me would be to:
(1) Consult my lawyer and figure out if this is a fight I want to pick. I'm pretty sure I'd win in court if this went all the way, but I might go bankrupt first.
(2) Post youtube-dl to my repo.
(3) Wait for a DMCA takedown notice.
(4) Respond to it with a counternotice, and litigate with the RIAA.
Because github has decided to act as an arbiter on behalf of the RIAA, rather than a neutral third party, I cannot follow this process. github short-circuits this process at #2 by threatening to remove the repo and ban my account.
I'm sorry that you've chosen to side with the RIAA against the Internet. I'm gradually moving my business to gitlab. This is approximately what people thought would happen as a result of the Microsoft purchase.
You need to re-read the Github TOS, because this is absolutely covered by it already (see Section F of their TOS).
You potentially also lose your safe harbor restrictions in the process.
That is false. They could lose their safe harbor if they did not respond to a presumptively valid DMCA notice.
Until github starts following DMCA processes properly, I CANNOT respond to the existing takedown request, since I have no standing. It's not my repo.
Pretty sure that the Legal Dept at Github knows more about the DMCA process than a random non-lawyer on HN. It's something they deal with on a regular basis.
Because github has decided to act as an arbiter on behalf of the RIAA, rather than a neutral third party, I cannot follow this process. github short-circuits this process at #2 by threatening to remove the repo and ban my account.
This is false.
Because github has decided to act as an arbiter on behalf of the RIAA, rather than a neutral third party, I cannot follow this process. github short-circuits this process at #2 by threatening to remove the repo and ban my account.
That is probably for the best. Customers with unrealistic expectations are not worth the effort to keep.
Section F says they can take down RIAA's account, not mine. Here is the section in full: "If you believe that content on our website violates your copyright, please contact us in accordance with our Digital Millennium Copyright Act Policy. If you are a copyright owner and you believe that content on GitHub violates your rights, please contact us via our convenient DMCA form or by emailing copyright@github.com. There may be legal consequences for sending a false or frivolous takedown notice. Before sending a takedown request, you must consider legal uses such as fair use and licensed uses. We will terminate the Accounts of repeat infringers of this policy."
The relevant policy is here: https://docs.github.com/en/free-pro-team@latest/github/site-...
> That is false. They could lose their safe harbor if they did not respond to a presumptively valid DMCA notice.
Had it been a valid DMCA notice, the required response under the DMCA is taking down the youtube-dl repo.
Their thermonuclear bomb was to take down other people's repos, ban accounts, and make random threats.
> Pretty sure that the Legal Dept at Github knows more about the DMCA process than a random non-lawyer on HN. It's something they deal with on a regular basis.
I'm pretty sure they do too, which is why their aggressive and technological legal response, combined with their CEO making public statements of sympathy for their victims, is so cynical, dirty, and dishonest.
They can be the good guy, and fight the RIAA. They can be a neutral party, and do their duty under DMCA. But fighting the RIAAs battles for then, and then making comments like Nat's? Sketchy and sleazy.
Even eighties/nineties Microsoft didn't do that. They went after people, but they were at least open about what they were doing -- they called Linux a virus and all sorts of other nasty things. They didn't pretend to like Linux while spreading FUD and mounting legal attacks.
On the other hand, I'm pretty sure the other random guy on the internet (you) doesn't know more than the first random guy on the internet (me).
> That is probably for the best. Customers with unrealistic expectations are not worth the effort to keep.
Depends on the cost, the context, and how those expectations manifest. Talk to any luxury good company serving the ultrawealthy for how not catering to customers with unreasonable expectations would serve them. Or any company selling to an athlete to promote a product. Or many small businesses who just won multimillion dollar B2B contracts. Or...
But in either case, I don't think expecting github to act honestly is an unrealistic expectation. Each time I've dealt with a dishonest company, no matter how good the deal looked, I came out behind. I think people were holding their breath to see what happens with github post-acquisition, and we just learned.
In the same way, it seems GitHub is preemptively telling people that if they re-post youtube-dl on GH, they'll be banned, even though GH has no legal responsibility to do so. It's really sad that they're siding with big business in all this, rather than their users, without whom they'd be nothing.
GitHub seems to be acting without a backbone. They’re owned by Microsoft, and can definitely stand up to legal challenges like this. Look at BitTorrent: The protocol and it’s code are legal despite being used for piracy. I don’t see why GitHub caves to every request to take down code that is clearly not violating any copyrighted material.
Also, the code itself does not break any copy protection and even if it did.. the code itself needs a user to execute it. Isn’t this how LAME was able to exist without violating mp3 patent laws?
Just curious, what would the effects be if one were to use multiple accounts to automate the submission of DMCA takedown notifications for all <content> hosted on <content provider>? Does <content provider> honor takedowns only from or in preference to blessed accounts? Could one DoS <content provider> in such a manner? If a human has to review all DMCA complaints, would a flood of false claims DoS the human reviewers?
Asking for a friend.
https://docs.github.com/en/free-pro-team@latest/github/site-...
mentions:
> The DMCA requires that you swear to the facts in your copyright complaint under penalty of perjury. It is a federal crime to intentionally lie in a sworn declaration. (See U.S. Code, Title 18, Section 1621.) Submitting false information could also result in civil liability — that is, you could get sued for money damages. The DMCA itself provides for damages against any person who knowingly materially misrepresents that material or activity is infringing.
That's interesting; is US copyright law enforceable everywhere?
It seems to me that this could be used to cause a lot of damage – target a popular open source project with a totally bogus DMCA notice, even if they instantly file a counternotice they still get made unavailable for 10+ days.
(Also, why 10-14 days? Why not just 10 days or just 14 days?)
The DMCA works in much the way that its authors, the telcos and the MPAA and RIAA intended it to. To indemnify ISP's in return for their becoming enforcers for rights-holders ridiculously over-broad "anti-circumvention" clauses[0] which lead to outrageous abuses of the law (including anti-trust violations, attacks on the rights of consumers, academics, etc).
Now, Microsoft's lobbying machinery must have been in its infancy back then so the blame can't entirely be laid at their feet. But Microsoft don't seem to be doing anything to help either.
Fundamental to the problem is that youtube-dl (and many others) seem to be obvious candidates for exceptions to DMCA 1201. But the process around those exceptions seems not be working at all. Something which Microsoft appears completely tone-deaf and oblivious to[1].
So, with respect, I suggest you... get a grip to how you guys are going to be being perceived in this situation.
[0] Fritz Attaway, policy advisor MPAA. https://www.wired.com/2008/10/ten-years-later/ [1] https://beta.regulations.gov/document/COLC-2015-0012-0054
There is a way forward, Nat. You can reinstate that repo today, and tell the RIAA that they cannot use your online tool. They have to send your legal representation (in Alaska to slow it down) a certified, hand-signed letter through snail mail. Make a big public show of this process, and get public mindshare on your side.
> GitHub Asks User to Make Changes.
I think many would argue that the takedown notice wasn't "sufficiently detailed", especially when you consider the 1201 vs 512 issue.
>With potential damages multiplied across millions of users, cloud-computing and user-generated content sites like YouTube, Facebook, or GitHub probably never would have existed without the DMCA (or at least not without passing some of that cost downstream to their users).
Talk about backwards logic
