The simplified version of the process:
1. The party claiming to own the rights to copied content submits a well-formed DMCA takedown notice to the listed DMCA agent contact information of the provider.
2. The provider blocks access to the content as soon as possible, and informs their customer/user about the takedown notice.
3. The user may then submit a counter-notice to the provider claiming that they do indeed have the rights.
4. The provider then re-enables access to the content and notifies the claiming party of the counter-notice.
5. If the claiming party disagrees, they file suit in court, notify the provider, and the provider generally again disables access.
As long as the provider takes these steps without delay, it is safe from any claims that it is itself in violation of the DMCA.
So here, GitHub is actually stating that they're delaying proceeding from step 1 to step 2. It's certainly customer-friendly, but I wonder if it causes any issues with the safe harbor.
> upon notification of claimed infringement as described in subsection (c)(3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity
Immediately contacting the repository owner, and asking them to remove the content themselves within a short window of time, sounds like an expeditious response to my non-lawyer ears.
One nitpick as well:
> it is safe from any claims that it is itself in violation of the DMCA
§ 512 of the DMCA provides for immunity from liability for breaking another law, the copyright act. It's not "violating the DMCA", and service providers do not have to take advantage of § 512 safe harbor provisions if they don't want the benefits of doing so. Without this safe harbor, the service provider could be guilty of infringing the copyright of whomevers' property they're distributing copies of on behalf of their user. If they _voluntarily_ opt to meet the § 512 requirements by expeditiously taking down content, then they can't be held liable for that illegal act, even though it did happen.
Except, uh, you cut out the object of this sentence, which is the service provider, not the user.
That is, github, not the user, is supposed to be the person responding expeditiously to remove. Contacting someone is neither "removing" nor "disabling access".
The law is simply not ambiguous here, and github trying to play this game is not likely to go well in an actual court, as much as i'd like it to be the case (i know other companies have been threatened on exactly this point before).
Thanks for the latter clarification.
Previously they disabled the whole repo, and this blocked everyone, including the alleged offender from accessing it.
Now it sounds like they will restrict access on a file level and give the alleged offender access to attempt to respond/modify the file to comply or appeal.
This effectively removes the offending content from public view, which should be interpreted as blocking access.
I'm not sure if this is exactly what happens but from how the process was described, it seems plausible and avoids some of the worries that Github isn't responding fast enough to claims.
Pick any large company. Surely somewhere among the 7 billion people in this world is someone who (1) hates that company, (2) can put together a well formed DMCA takedown notice, and (3) is willing to give it a shot.
Following that, if your description of the law is correct, the specified content must be taken down, at least temporarily.
So why don't we see major corporate web pages & content disappearing & reappearing on a daily basis?
I don't see how there are no legal fears or at least administrative ones here. If one submits a legitimate DMCA takedown and your site allows copies, it might be unreasonable (to a judge) that they must name all copies considering forks can happen between when the DMCA was submitted and the takedown occurs. Of course I don't know of a better way without GitHub annoying forked repository owners and favoring DMCA submitters.
2. This could be an abuse vector. Fork a popular repository, add some DMCAed content to it, and watch the parent get taken down. Or compromise the parent because it's old/unmaintained/abandoned and watch all the child forks get taken down.
3. Everything on the internet has legal fears. The question is, how much, and are you willing to tolerate that risk?
You assert this as if this is how a judge would see it (or as if it is well tested). That seems highly unlikely to me.
It seems to be very easy to make the legal argument that because github knows which forks are copies and which aren't, they have actual knowledge of the ones that are still copies.
512(c)(1)(a)(ii) has the so called "red flag" requirement. "n the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent"
Essentially, if they know about a fork and a reasonable person would know it is infringing, they lose their safe harbor.
Does GitHub have in house counsel? This policy is risky and doing it response to an outcry about actual pirate programs this will look horrendous if they end up in court.
I'm sure there are _some_ legal fears, which is why they started with the original policy. But they have decided it is likely that the law does not require them to take down copies not specifically identified in the complaint -- just as it does not require other ISP's to identify on their own copies not mentioned in the complaint.
I think the main important point is that a fork isn't _neccesarily_ a copy, it may or may not be, the infringing material may have been added to the 'original' after the fork, or deleted from the copy after the fork.
(PS) I don't think popcorn time should have been taken down as it wasn't stealing some copyrighted code.
I mean, we have many laws centered around the difference between intentionally and unintentionally inflicting harm on others. So for example if you break someone’s rib performing CPR, you’re protected as a good samaritan. Or if you veer off the road and run someone over because you were texting, you can still be tried for manslaughter because you shouldn’t have been typing on your cell phone in the first place. I think we can all agree that it’s good we have these types of laws and don’t just focus on premeditated crime.
But the DMCA tries to be a moral compass when it’s not mathematically possible to do so. It’s a bit like setting up a booth on the Grand Canyon that charges money to take pictures. Sure, they can bust bootleggers that set up black market booths without a license. They can even bust scalpers selling photos. But in the end, the Grand Canyon is still there.
Whether someone gets irate about piracy/copying trade secrets or not, in the end, perhaps as a society we should ask if it makes any sense to spend tax dollars trying to stop something that can’t be stopped once the cat’s out of the bag.
Actually, I think GitHub is in a unique position to not comply with the DMCA. It has nothing to do with the size of GitHub, because no matter how large a private entity is, it is always subject to the laws of its government. It has more to do with the fact that every developer in the world has either heard of GitHub or uses it every day.
In other words, we are the people that form what can be thought of as the technology arm of society, so by extension the technology arm of government. That gives us a seat at the table in matters of technology, the same way that teachers unions are able to influence education or the American Medical Association can influence public health. If we decide that the DMCA is not a good use of taxpayer money and should no longer be enforced (in fact can’t be enforced), then it’s not up to a court to decide that, since they will side with the law every time (as they should). The law itself is what must be adjusted or repealed, by the people who have the means to do so by virtue of the role they play in society. We have the leverage to repeal it because without our support, there is no expertise to enforce it in the first place.
If GitHub complies with the DMCA and we use GitHub, then we are quietly endorsing the DMCA.
I happily endorse § 512 of the DMCA. Not only is the safe harbor provision a well-balanced law for all parties involved, but it's the only thing that makes startups that host UCG legally viable. Without the DMCA, Github could not exist. They'd be personally liable for every copy of every file they distribute without a copyright holder's permission.
This particular piece of the DMCA doesn't have to eliminate all piracy online to be effective. Take the case of a feature film release -- a $XXXMM investment by the copyright holders into their product -- that could be seriously harmed to the tune of tens of millions of dollars by someone leaking a copy online a few days before ticket sales begin. The DMCA notices can disable the most visible (and most damaging) copies, expeditiously enough to save the film's box office sales. Mitigating much of the harm is better than nothing.
> perhaps as a society we should ask if it makes any sense to spend tax dollars
This part I don't get. The alternative to the above is an emergency court hearing for every instance of infringement, hoping to attain an emergency injunction, then get it to an ISP before too much damage is done. The safe harbor provision doesn't (directly) cost tax payers anything. It saves us billions. Every day, hundreds or thousands of instances of copyright infringement are handled by an e-mail instead of a taxpayer-funded court hearing.
It sounds to me like you're making an argument against copyright, not the DMCA. DMCA § 512 (the notice/counternotice safe harbor system) is about mitigating the legal liability created by the copyright act on service providers. In its entirety, the DMCA was the US's implementation of the WIPO Copyright and Performances and Phonograms Treaties. It is not what created copyright protection itself.
What the DMCA (and similar IP law) gets wrong is persecuting sharers with "intent to distribute". Copyright law was originally intended to protect creators from other people profiting off of their work by copying it. I'm all for the government cracking down on bootleggers.
But I’m very much against the notion that we should go after people who use or view content that is already publicly available. To use your example, the MPAA could and should go after someone who leaks a movie online. But, they should have to prove that the person profited in some way from his or her actions (and correspondingly, the penalty for doing so should be somehow proportionate to that profit). Individual users who share the movie on BitTorrent are not breaking copyright law, because they are not selling copies. It’s really that simple. I personally don’t think that it’s the government’s responsibility to devote resources to tracking down sharers, and certainly not to prosecute them. If we want to consider laws regarding “stealing” intellectual property, we can certainly do that as a society, but that has nothing to do with copyright (trademarks or patents either).
And to be clear, the only thing that new IP laws could address is the potential lost income of content producers. But, there is no way to prove that a sharer would have paid to view that work in the first place. I personally think that this flies in the face of free market economics. The government’s role is to create and manage a fair playing field for all players. So if it is going to start prosecuting thought crime, then it needs to remember its duty and crack down on monopolies and the bribery (ahem, lobbying) that props up media corporations with lifetime-length copyrights and the loss of the public domain through the use of paywalls (among other things). So the DMCA put the cart before the horse by not reinstating the Sherman Antitrust Act, not setting realistic limits on copyright and other IP laws, etc. The DMCA has done nothing to increase the income of new artists, and everything to further enrich established media corporations like Disney (I would argue by design).
We need to also consider that courtrooms and juries are the most important link in the legal chain. By not hearing every case in a court of law, we are passing the burden to individuals to prove their innocence against large institutions (by settling out of court, since they simply can’t afford to lose). I think this flies in the face of the notion of innocent until proven guilty. Whenever I see another child or elderly person being prosecuted for file sharing, it strikes me as being closer to extortion than justice.
So to summarize, I don’t recognize “§ 512 of the DMCA” as necessary or even valid, because ISPs and hosting providers that don’t sell the copies they store are not breaking copyright law in the first place. A website that charges money to view HBO Go’s stream is breaking the law. A website that provides a storage space for a file is not. So the DMCA was not necessary in the first place, and we should be enforcing the laws that are already on the books before creating new ones.
My hope for the future is that we reduce copyright and patent periods to something reasonable like 5 or 10 years, only cover works by copyright (so physical records, books, paintings, movie reels, etc, not bits), invalidate all process patents (so no software, business or medical patents), make it illegal to create laws regarding DRM schemes (in other words, leave it up to the private sector to fight the arms race against cracking), and force worries about whether a work is fair use to be heard in court (judged by people, not metrics). Then I hope that we bring back the Fairness Doctrine to promote broadcasts that are in the public good (real news, not infotainment), more funding for public television and teaching art in school, and bar prosecution for using works for educational and nonprofit purposes.
I think this is a case of, what you are saying about protections for businesses (both producers and carriers) has some validity, but for me, democracy, personal freedom and liberty come first. I don’t want to live in a country where we can be shaken down by corporations because they are worried about their bottom lines.
EDIT: Also here: https://news.ycombinator.com/item?id=8450145
[1]: https://github.com/mperham/inspeqtor
[2]: https://twitter.com/mperham/status/518796150733033472
