GitHub Promises To Alert Users To DMCA Notices Before Taking Content Down
from the interesting... dept
For many, many years, we’ve noted the serious problems of the DMCA’s “notice and takedown” provisions — which, arguably, violate the First Amendment. A potential alternative regimen, which would be much more reasonable, and avoid many of the censorship problems of the DMCA, would be to do a notice and notice setup, in which service providers would pass along notices to the user, with an established time period for that user to respond, either by fixing the issue or issuing a counternotice. Then the service provider could decide how to respond, in either taking down the content or leaving it up. Unfortunately, that’s not how the current DMCA safe harbors work. The notice-and-takedown provision does not require immediate takedown, but heavily incentivizes it by granting the service provider immunity from liability if they take the content down. This doesn’t mean that the service provider is automatically liable if they choose not to take the content down (courts have found service providers to still be protected otherwise), but they can’t use the simple and quick process of the safe harbor to get any lawsuits dismissed. Rather they might have to go through the full process of the lawsuit. Thus, some companies immediately take down all requested content in response to a DMCA request, just to give themselves protections under the safe harbor. Many, more reasonable, companies at least do a first-pass review over how legitimate the DMCA notice is, rejecting obviously frivolous ones, but still quickly taking down plenty of content (often mistakenly).
Github, the super popular site for storing software repositories has been hit with more than a few DMCA notices in its time — in fact, it has a repository publicly listing them all. Just recently, we had noted some controversial ones, including Qualcomm shutting down its own repository and the MPAA taking down Popcorn Time repositories, despite them containing no MPAA copyright covered material.
Github has now made a very interesting move in changing its DMCA process to one that is basically a notice-and-notice policy, and one which also does not create collateral damage for non-infringing forks of projects.
- First, whenever possible, users will have a chance to fix problems before we take content down.
- Second, we will not automatically disable forks in a network based on the takedown of a parent repository unless the takedown notice explicitly includes them.
- Last but not least, we’ve published a completely revamped DMCA policy as well as a pair of how-to guides for takedown and counter notices to make our process more transparent and easier to understand.
It’s that first one that is most interesting to me for a variety of reasons. The company admits that it sort of did this informally in the past, but now it’s official policy:
The first change is that from now on we will give you an opportunity, whenever possible, to modify your code before we take it down. Previously, when we blocked access to a Git repository, we had to disable the entire repository. This doesn’t make sense when the complaint is only directed at one file (or a few lines of code) in the repository, and the repository owner is perfectly happy to fix the problem.
In practice, our support team would often shuttle messages between the parties to work out a way for them to fix it. That usually worked out well and everyone ended up happier at the end of the day. So we are making it a formal part of our policy, and we are going to do it before we disable the rest of the repository.
It’s absolutely true that this seems like a much better overall policy for everyone — but it’s still surprising (if unfortunate that it’s surprising) that any company would be willing to take such a step, since, technically it’s opening the company up to some amount of greater liability — and lawyers tend to be averse to any move that may increase a company’s legal liability. So, kudos to Github and its lawyers for recognizing that sometimes you have to let in a little legal risk for the good of the overall community.
Filed Under: copyright, dmca, liability, notice and notice, notice and takedown
Companies: github
Comments on “GitHub Promises To Alert Users To DMCA Notices Before Taking Content Down”
You keep using that word. I do not think it means what you think it means
If you agree that the DMCA Takedown system is problematic and probably violates people’s rights, why do you keep calling it a “safe harbor” when it clearly isn’t one?
CDA 230 is a safe harbor. The DMCA Takedown system is not. The difference? There are two, both very significant. First, CDA 230 doesn’t come with strings attached that turn it into a tool of extortion by giving the bad guys leverage. And second, there’s a long history of people successfully using CDA 230 to have bad lawsuits thrown out. But name even one case in which the DMCA Takedown system’s alleged “safe harbors” have protected a company that the bad guys wanted gone.
Go on, I’m still waiting…
Re: You keep using that word. I do not think it means what you think it means
Youtube
Re: Re: You keep using that word. I do not think it means what you think it means
Yep, backed by gargantuan pocketed Google. Smaller ones are all dead.
Re: Re: You keep using that word. I do not think it means what you think it means
YouTube is one of the prime examples of the DMCA not being a safe harbor. They did everything the law required of them and still got hauled into court anyway, and if they hadn’t been acquired by a company with the as deep of pockets as Google had, that would have been the end of Google, as it was for similar sites that didn’t end up getting acquired by Google.
So my challenge stands: name even one site that the DMCA’s alleged “safe harbors” have ever managed to actually keep safe.
Re: Re: Re: You keep using that word. I do not think it means what you think it means
So my challenge stands: name even one site that the DMCA’s alleged “safe harbors” have ever managed to actually keep safe.
Lots and lots and lots of companies NEVER GET SUED thanks to the safe harbors.
Flickr, Imgur, WordPress, Tumblr, Soundcloud, Vimeo, Reddit, Pinterest, Facebook, Twitter — all regularly rely on the DMCA safe harbors to prevent lawsuits from ever starting.
To claim the safe harbors are useless is to profess pure unadulterated ignorance of reality.
Re: Re: Re:2 You keep using that word. I do not think it means what you think it means
That’s not what I’m asking. Yes, if someone extorts you, and you do what they want, of course they’re not going to cause more trouble for you; you belong to them now; you’re an asset, and they know you’ll be available for further shakedowns in the future.
But there have been many cases when what the copyright interests wanted wasn’t to extort a site, but to destroy it. Just look at MegaUpload, YouTube, Aereo, and any number of similar cases. In every case, it’s come out that they bent over backwards to comply with the law and even go above and beyond its formal requirements, but that didn’t help. Has there ever been even a single case when these so-called “safe harbors” kept a site safe when the bad guys wanted it gone?
Re: You keep using that word. I do not think it means what you think it means
Safe harbors to the channel, not to the users generating the content. I think that’s the main issue here. To retain said safe harbors the services must abide by the takedown process.
It should be interesting to see how this will play out. I’m willing to bet the MAFIAA will try to sue Github to try and extract some secondary/tertiary/etc liability ruling from it, green light to send thousands of automated, unrevised takedown notices and free money. Github must be expecting any time now. I say it will happen in the next month (or week after their lawyers recover from all the cocaine and hookers bought with the money that should actually be going to the artists).
Re: Re: You keep using that word. I do not think it means what you think it means
You mean this arrogant troll doesn’t know what he’s talking about? I guess thats what makes ’em arrogant.
Re: Re: You keep using that word. I do not think it means what you think it means
Yes, that’s exactly my point. If it has strings attached, that’s not a safe harbor. When the MAFIAA can come up to you and say “this is a nice site you got here; it would be a shame if something were to happen to it” and you have to acquiesce to their demands in order to protect your site, it is not a safe harbor, it is a tool of extortion.
Re: You keep using that word. I do not think it means what you think it means
If you agree that the DMCA Takedown system is problematic and probably violates people’s rights, why do you keep calling it a “safe harbor” when it clearly isn’t one?
You keep bringing this up and you’re wrong every time.
It is a safe harbor. It says “if you meet these conditions, you’re safe.” That’s what a safe harbor is.
I agree that it’s not a great safe harbor for users and that CDA 230 is a GREATLY preferable safe harbor, but it is still absolutely a safe harbor.
But name even one case in which the DMCA Takedown system’s alleged “safe harbors” have protected a company that the bad guys wanted gone.
YouTube.
Re: Re: You keep using that word. I do not think it means what you think it means
Not when the conditions turn it into a tool of extortion. Then it’s a tool of extortion.
No. Not only is it horrible for users, as I’ve been pointing out all along it’s horrible for sites as well. It takes extortion and gives it legal protection, and if what the bad guys want is to be rid of you and your meddling innovative business model, if they actually see you as a threat, it does nothing to protect the sites and you know that just as well as I do!
YouTube? Seriously?
OK, you’re gonna have to walk me through the chain of reasoning there because everything I’ve seen on the case (including your own coverage) says the exact opposite: in spite of the DMCA that theoretically should have protected it, they came within a hair’s breadth of being sued out of existence, and would have if they hadn’t been acquired by Google. It’s why I’ve been using YouTube as one of the prime examples of why the DMCA Takedown system does not keep people safe.
Re: Re: Re: You keep using that word. I do not think it means what you think it means
Ask yourself this, ‘Does youtube exist?’
Re: Re: Re:2 You keep using that word. I do not think it means what you think it means
In return, ask yourself this: ‘Would youtube still exist if it hadn’t been bought up by a company with extremely deep pockets, who was willing to spend a lot defending their new purchase?’
For the life of me I can’t seem to recall the name, but there was another company in the same video hosting service, and despite winning every single case against it, it was still driven into bankruptcy and killed off, giving a good example of YT’s likely fate had they not been bought up.
Re: Re: Re:3 You keep using that word. I do not think it means what you think it means
I guess what you saying is that ‘safe harbor’ for ISPs is about as effective as claiming its perjury to knowingly file a false DMCA.
Re: Re: Re:4 You keep using that word. I do not think it means what you think it means
takedown
Re: Re: Re:4 You keep using that word. I do not think it means what you think it means
I suppose that’s one way to put it. The perjury ‘penalty’ is meant to keep people from making claims on things they don’t own, and fails spectacularly.
Safe harbor is meant to protect companies from the actions of their users, but doesn’t seem to do much good if the other party wants to kill them off. At the same time though, I’d say that’s not entirely the fault of the Safe Harbors, but has a lot to do with the extremely screwed up, ‘The one with the most money wins’ legal system the US has.
Re: Re: Re:5 You keep using that word. I do not think it means what you think it means
That’s because that passage has been interpreted to mean something else. See Warner v. Hotfile and an article about it right here on TD: https://www.techdirt.com/articles/20131118/02152325272/warner-bros-admits-to-issuing-bogus-takedowns-gloats-to-court-how-theres-nothing-anyone-can-do-about-that.shtml
Of course, interpreting the penalty of perjury clause in this way effectively renders it meaningless. For someone to be liable under this interpretation, they’d have to be some kind of copyright vigilante, issuing DMCA takedown notices for rightsholders without their consent. And as we all know, that’s such a HUGE problem, isn’t it?
Re: Re: Re:5 You keep using that word. I do not think it means what you think it means
I’d say that’s not entirely the fault of the Safe Harbors, but has a lot to do with the extremely screwed up, ‘The one with the most money wins’ legal system the US has.
That’s what Mason Wheeler is talking about. Had Kim Dotcom had deeper pockets and more political clout, he might not be in the situation he’s in.
Re: You keep using that word. I do not think it means what you think it means
“CDA 230 is a safe harbor. The DMCA Takedown system is not.”
Actually, that is incorrect. Both are legal terms of art, so your arguments do not matter.
CDA 230 is an immunity. A service provider is immune from liability for statements of its users (non IP).
DMCA is a safe harbor (for copyright infringement). You have to go through steps (e.g. register an agent with the Copyright office, respond to notices timely, etc.) and if you follow the steps, you are granted safe harbor from liability you are not otherwise immune from.
I work in the legal department at a medium-large hosting provider. Our policy for the past 4 years (the entire time I’ve been there) has been to notify customers of a DMCA notice by email and give them 48 hours to remove the content. If they do so, no action is taken against the customer’s account (They can counter-claim if they wish, but they still have to take down the material). We only immediately suspend an account in the case of particularly egregious violations, such as someone copying an entire website and passing it off as their own. Sometimes they don’t even bother changing the name of the source company in the HTML.
We do not remove material from customer accounts ourselves, because there is always the chance that our messing around in their site can do unintended harm, so if the customer does not remove the material, their account is suspended. This also has the effect of getting a site owner’s attention if they chose to ignore our notification email.
We also respond to all DMCA claimants and advise them that we have provided this 48 hour window, including organizations such as the MPAA, RIAA, IFPI, Microsoft, Blizzard, various individual US and international movie studios and record labels, and so on. They all seem perfectly fine with it.
Re: Re:
(They can counter-claim if they wish, but they still have to take down the material).
That’s messed up. Ill stay away from your medium-large hosting company.
Re: Re: Re:
DMCA safe harbor only applies if the material is removed. See 17 USC 512(g)(2). Counter-claiming allows the customer to repost the material after 10 business days unless the claimant files legal action.
If you think that’s messed up, blame the law, not my company.
Re: Re: Re: Re:
Ill blame both, thankyou
Re: Re: Re:2 Re:
In principle, I believe that the customer shouldn’t have to remove material that may not be infringing (as I suspect you do), but I do understand the potential costs my company is looking at when making these types of decisions. It’s easy to say “side with the customer” when it’s not your business on the line and you have to spend thousands of dollars (at minimum) in legal fees just to get out of a contributory infringement suit even using the safe harbor grounds. We’ll never make that money back from a customer paying a little over a hundred dollars per year for hosting.
What would you have us do? If you’ve got a better solution, I’m all ears.
The only way *anything* should be removed from Github is if its copyrighted source code that was leaked/stolen from some private repository that was never intended to be in the public eye. The MPAA is simply abusing the DMCA if they think they can simply remove P2P client code on their flawed basis of infringing THEIR copyrights.
Removed Repositories
It would be great if GitHub wouldn’t bully users on their own site. There have been a number of politically charged moves by their staff removing perfectly neutral and benign repositories at the request of certain political radicals. It is a little disturbing. I myself have moved all my software off their site and to Gitorious.
I’d advise everyone else to do the same frankly. Political agendas have no place in policing software.
https://gitorious.org/
First, whenever possible, users will have a chance to fix problems before we take content down.
Notice it doesn’t say that users have a chance to dispute the claim. It’s automatically presumed that they’re in the wrong and should have to “fix” their project to satisfy whoever sent the claim.
Besides, since when has the DMCA allowed third parties to make copyright claims on code that they don’t own? GitHub shouldn’t be taking down any of these projects, they should be sending a reply to the organization making the claim, explaining that they do not hold the copyright on the code and that if they object to it, they should take it up with the author.
First, whenever possible, users will have a chance to fix problems before we take content down.
Notice it doesn’t say that users have a chance to dispute the claim. It’s automatically presumed that they’re in the wrong and should have to “fix” their project to satisfy whoever sent the claim.
Yes, this. When being censored or punked by a competitor, there is nothing to fix.
For many, many years, we’ve noted the serious problems of the DMCA’s “notice and takedown” provisions — which, arguably, violate the First Amendment.
How so? There is an opportunity to dispute.
Re: Re:
You can dispute the takedown after the content has been disappeared. How is that not a suppression of free speech, even if you’re lucky enough for it to be temporary?
Re: Re: Re:
The counter-argument is that the damage suffered by the rightsholder due to the “infringement” is so great that getting the material removed quickly trumps the free speech interest. Get the stuff taken down first, then sort out the free speech issues later. (At least, that’s my understanding of the thought process.)
Now, if every DMCA takedown notice was targeting material that was in fact infringing, we might take less of an issue with it. But the reality is different. The DMCA takedown process gets abused quite often. And the reality is that 10 business days on the Internet is an eternity. Having content disabled for that time can dramatically impact a website’s livelihood. In addition, sometimes getting information out is time-critical and having it taken offline for 2 weeks can lead to other problems.
Re: Re:
How so? There is an opportunity to dispute.
Note the link in that sentence? It goes to the explanation.
“The DMCA takedown process gets abused quite often.”
Because it was written by content industry lawyers for that express purpose. To them it’s a feature, not a fault.
For many, many years, we’ve noted the serious problems of the DMCA’s “notice and takedown” provisions — which, arguably, violate the First Amendment.
Do they? Can you actually explain the argument?
Re: Re:
Asked and answered above.
Anonymous Coward, Oct 18th, 2014 @ 2:42pm
Mike Masnick, Oct 19th, 2014 @ 6:26am