GitHub Promises To Alert Users To DMCA Notices Before Taking Content Down

from the interesting... dept

For many, many years, we've noted the serious problems of the DMCA's "notice and takedown" provisions -- which, arguably, violate the First Amendment. A potential alternative regimen, which would be much more reasonable, and avoid many of the censorship problems of the DMCA, would be to do a notice and notice setup, in which service providers would pass along notices to the user, with an established time period for that user to respond, either by fixing the issue or issuing a counternotice. Then the service provider could decide how to respond, in either taking down the content or leaving it up. Unfortunately, that's not how the current DMCA safe harbors work. The notice-and-takedown provision does not require immediate takedown, but heavily incentivizes it by granting the service provider immunity from liability if they take the content down. This doesn't mean that the service provider is automatically liable if they choose not to take the content down (courts have found service providers to still be protected otherwise), but they can't use the simple and quick process of the safe harbor to get any lawsuits dismissed. Rather they might have to go through the full process of the lawsuit. Thus, some companies immediately take down all requested content in response to a DMCA request, just to give themselves protections under the safe harbor. Many, more reasonable, companies at least do a first-pass review over how legitimate the DMCA notice is, rejecting obviously frivolous ones, but still quickly taking down plenty of content (often mistakenly).

Github, the super popular site for storing software repositories has been hit with more than a few DMCA notices in its time -- in fact, it has a repository publicly listing them all. Just recently, we had noted some controversial ones, including Qualcomm shutting down its own repository and the MPAA taking down Popcorn Time repositories, despite them containing no MPAA copyright covered material.

Github has now made a very interesting move in changing its DMCA process to one that is basically a notice-and-notice policy, and one which also does not create collateral damage for non-infringing forks of projects.
  • First, whenever possible, users will have a chance to fix problems before we take content down.
  • Second, we will not automatically disable forks in a network based on the takedown of a parent repository unless the takedown notice explicitly includes them.
  • Last but not least, we've published a completely revamped DMCA policy as well as a pair of how-to guides for takedown and counter notices to make our process more transparent and easier to understand.
It's that first one that is most interesting to me for a variety of reasons. The company admits that it sort of did this informally in the past, but now it's official policy:
The first change is that from now on we will give you an opportunity, whenever possible, to modify your code before we take it down. Previously, when we blocked access to a Git repository, we had to disable the entire repository. This doesn't make sense when the complaint is only directed at one file (or a few lines of code) in the repository, and the repository owner is perfectly happy to fix the problem.

In practice, our support team would often shuttle messages between the parties to work out a way for them to fix it. That usually worked out well and everyone ended up happier at the end of the day. So we are making it a formal part of our policy, and we are going to do it before we disable the rest of the repository.
It's absolutely true that this seems like a much better overall policy for everyone -- but it's still surprising (if unfortunate that it's surprising) that any company would be willing to take such a step, since, technically it's opening the company up to some amount of greater liability -- and lawyers tend to be averse to any move that may increase a company's legal liability. So, kudos to Github and its lawyers for recognizing that sometimes you have to let in a little legal risk for the good of the overall community.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: copyright, dmca, liability, notice and notice, notice and takedown
Companies: github


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Mason Wheeler (profile), 17 Oct 2014 @ 11:37am

    You keep using that word. I do not think it means what you think it means

    If you agree that the DMCA Takedown system is problematic and probably violates people's rights, why do you keep calling it a "safe harbor" when it clearly isn't one?

    CDA 230 is a safe harbor. The DMCA Takedown system is not. The difference? There are two, both very significant. First, CDA 230 doesn't come with strings attached that turn it into a tool of extortion by giving the bad guys leverage. And second, there's a long history of people successfully using CDA 230 to have bad lawsuits thrown out. But name even one case in which the DMCA Takedown system's alleged "safe harbors" have protected a company that the bad guys wanted gone.

    Go on, I'm still waiting...

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Oct 2014 @ 11:47am

      Re: You keep using that word. I do not think it means what you think it means

      Youtube

      link to this | view in chronology ]

      • icon
        Ninja (profile), 17 Oct 2014 @ 11:49am

        Re: Re: You keep using that word. I do not think it means what you think it means

        Yep, backed by gargantuan pocketed Google. Smaller ones are all dead.

        link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 17 Oct 2014 @ 11:55am

        Re: Re: You keep using that word. I do not think it means what you think it means

        YouTube is one of the prime examples of the DMCA not being a safe harbor. They did everything the law required of them and still got hauled into court anyway, and if they hadn't been acquired by a company with the as deep of pockets as Google had, that would have been the end of Google, as it was for similar sites that didn't end up getting acquired by Google.

        So my challenge stands: name even one site that the DMCA's alleged "safe harbors" have ever managed to actually keep safe.

        link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 17 Oct 2014 @ 12:02pm

          Re: Re: Re: You keep using that word. I do not think it means what you think it means

          So my challenge stands: name even one site that the DMCA's alleged "safe harbors" have ever managed to actually keep safe.

          Lots and lots and lots of companies NEVER GET SUED thanks to the safe harbors.

          Flickr, Imgur, Wordpress, Tumblr, Soundcloud, Vimeo, Reddit, Pinterest, Facebook, Twitter -- all regularly rely on the DMCA safe harbors to prevent lawsuits from ever starting.

          To claim the safe harbors are useless is to profess pure unadulterated ignorance of reality.

          link to this | view in chronology ]

          • icon
            Mason Wheeler (profile), 17 Oct 2014 @ 12:14pm

            Re: Re: Re: Re: You keep using that word. I do not think it means what you think it means

            That's not what I'm asking. Yes, if someone extorts you, and you do what they want, of course they're not going to cause more trouble for you; you belong to them now; you're an asset, and they know you'll be available for further shakedowns in the future.

            But there have been many cases when what the copyright interests wanted wasn't to extort a site, but to destroy it. Just look at MegaUpload, YouTube, Aereo, and any number of similar cases. In every case, it's come out that they bent over backwards to comply with the law and even go above and beyond its formal requirements, but that didn't help. Has there ever been even a single case when these so-called "safe harbors" kept a site safe when the bad guys wanted it gone?

            link to this | view in chronology ]

    • icon
      Ninja (profile), 17 Oct 2014 @ 11:48am

      Re: You keep using that word. I do not think it means what you think it means

      Safe harbors to the channel, not to the users generating the content. I think that's the main issue here. To retain said safe harbors the services must abide by the takedown process.

      It should be interesting to see how this will play out. I'm willing to bet the MAFIAA will try to sue Github to try and extract some secondary/tertiary/etc liability ruling from it, green light to send thousands of automated, unrevised takedown notices and free money. Github must be expecting any time now. I say it will happen in the next month (or week after their lawyers recover from all the cocaine and hookers bought with the money that should actually be going to the artists).

      link to this | view in chronology ]

      • identicon
        jackn, 17 Oct 2014 @ 11:49am

        Re: Re: You keep using that word. I do not think it means what you think it means

        You mean this arrogant troll doesn't know what he's talking about? I guess thats what makes 'em arrogant.

        link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 17 Oct 2014 @ 11:53am

        Re: Re: You keep using that word. I do not think it means what you think it means

        Yes, that's exactly my point. If it has strings attached, that's not a safe harbor. When the MAFIAA can come up to you and say "this is a nice site you got here; it would be a shame if something were to happen to it" and you have to acquiesce to their demands in order to protect your site, it is not a safe harbor, it is a tool of extortion.

        link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 17 Oct 2014 @ 11:59am

      Re: You keep using that word. I do not think it means what you think it means

      If you agree that the DMCA Takedown system is problematic and probably violates people's rights, why do you keep calling it a "safe harbor" when it clearly isn't one?

      You keep bringing this up and you're wrong every time.

      It is a safe harbor. It says "if you meet these conditions, you're safe." That's what a safe harbor is.

      I agree that it's not a great safe harbor *for users* and that CDA 230 is a GREATLY preferable safe harbor, but it is still absolutely a safe harbor.

      But name even one case in which the DMCA Takedown system's alleged "safe harbors" have protected a company that the bad guys wanted gone.

      YouTube.

      link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 17 Oct 2014 @ 12:20pm

        Re: Re: You keep using that word. I do not think it means what you think it means

        It is a safe harbor. It says "if you meet these conditions, you're safe." That's what a safe harbor is.

        Not when the conditions turn it into a tool of extortion. Then it's a tool of extortion.

        I agree that it's not a great safe harbor *for users* and that CDA 230 is a GREATLY preferable safe harbor, but it is still absolutely a safe harbor.


        No. Not only is it horrible for users, as I've been pointing out all along it's horrible for sites as well. It takes extortion and gives it legal protection, and if what the bad guys want is to be rid of you and your meddling innovative business model, if they actually see you as a threat, it does nothing to protect the sites and you know that just as well as I do!

        YouTube.


        YouTube? Seriously?

        OK, you're gonna have to walk me through the chain of reasoning there because everything I've seen on the case (including your own coverage) says the exact opposite: in spite of the DMCA that theoretically should have protected it, they came within a hair's breadth of being sued out of existence, and would have if they hadn't been acquired by Google. It's why I've been using YouTube as one of the prime examples of why the DMCA Takedown system does not keep people safe.

        link to this | view in chronology ]

        • identicon
          jackn, 17 Oct 2014 @ 1:15pm

          Re: Re: Re: You keep using that word. I do not think it means what you think it means

          Ask yourself this, 'Does youtube exist?'

          link to this | view in chronology ]

          • icon
            That One Guy (profile), 17 Oct 2014 @ 1:21pm

            Re: Re: Re: Re: You keep using that word. I do not think it means what you think it means

            In return, ask yourself this: 'Would youtube still exist if it hadn't been bought up by a company with extremely deep pockets, who was willing to spend a lot defending their new purchase?'

            For the life of me I can't seem to recall the name, but there was another company in the same video hosting service, and despite winning every single case against it, it was still driven into bankruptcy and killed off, giving a good example of YT's likely fate had they not been bought up.

            link to this | view in chronology ]

            • identicon
              jackn, 17 Oct 2014 @ 1:25pm

              Re: Re: Re: Re: Re: You keep using that word. I do not think it means what you think it means

              I guess what you saying is that 'safe harbor' for ISPs is about as effective as claiming its perjury to knowingly file a false DMCA.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 17 Oct 2014 @ 1:26pm

                Re: Re: Re: Re: Re: Re: You keep using that word. I do not think it means what you think it means

                takedown

                link to this | view in chronology ]

              • icon
                That One Guy (profile), 17 Oct 2014 @ 2:56pm

                Re: Re: Re: Re: Re: Re: You keep using that word. I do not think it means what you think it means

                I suppose that's one way to put it. The perjury 'penalty' is meant to keep people from making claims on things they don't own, and fails spectacularly.

                Safe harbor is meant to protect companies from the actions of their users, but doesn't seem to do much good if the other party wants to kill them off. At the same time though, I'd say that's not entirely the fault of the Safe Harbors, but has a lot to do with the extremely screwed up, 'The one with the most money wins' legal system the US has.

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 17 Oct 2014 @ 4:31pm

                  Re: Re: Re: Re: Re: Re: Re: You keep using that word. I do not think it means what you think it means

                  The perjury 'penalty' is meant to keep people from making claims on things they don't own, and fails spectacularly.

                  That's because that passage has been interpreted to mean something else. See Warner v. Hotfile and an article about it right here on TD: https://www.techdirt.com/articles/20131118/02152325272/warner-bros-admits-to-issuing-bogus-takedowns -gloats-to-court-how-theres-nothing-anyone-can-do-about-that.shtml

                  Of course, interpreting the penalty of perjury clause in this way effectively renders it meaningless. For someone to be liable under this interpretation, they'd have to be some kind of copyright vigilante, issuing DMCA takedown notices for rightsholders without their consent. And as we all know, that's such a HUGE problem, isn't it?

                  link to this | view in chronology ]

                • identicon
                  Pragmatic, 22 Oct 2014 @ 3:01am

                  Re: Re: Re: Re: Re: Re: Re: You keep using that word. I do not think it means what you think it means

                  I'd say that's not entirely the fault of the Safe Harbors, but has a lot to do with the extremely screwed up, 'The one with the most money wins' legal system the US has.

                  That's what Mason Wheeler is talking about. Had Kim Dotcom had deeper pockets and more political clout, he might not be in the situation he's in.

                  link to this | view in chronology ]

    • icon
      GMacGuffin (profile), 17 Oct 2014 @ 12:27pm

      Re: You keep using that word. I do not think it means what you think it means

      "CDA 230 is a safe harbor. The DMCA Takedown system is not."

      Actually, that is incorrect. Both are legal terms of art, so your arguments do not matter.

      CDA 230 is an immunity. A service provider is immune from liability for statements of its users (non IP).

      DMCA is a safe harbor (for copyright infringement). You have to go through steps (e.g. register an agent with the Copyright office, respond to notices timely, etc.) and if you follow the steps, you are granted safe harbor from liability you are not otherwise immune from.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Oct 2014 @ 1:00pm

    I work in the legal department at a medium-large hosting provider. Our policy for the past 4 years (the entire time I've been there) has been to notify customers of a DMCA notice by email and give them 48 hours to remove the content. If they do so, no action is taken against the customer's account (They can counter-claim if they wish, but they still have to take down the material). We only immediately suspend an account in the case of particularly egregious violations, such as someone copying an entire website and passing it off as their own. Sometimes they don't even bother changing the name of the source company in the HTML.

    We do not remove material from customer accounts ourselves, because there is always the chance that our messing around in their site can do unintended harm, so if the customer does not remove the material, their account is suspended. This also has the effect of getting a site owner's attention if they chose to ignore our notification email.

    We also respond to all DMCA claimants and advise them that we have provided this 48 hour window, including organizations such as the MPAA, RIAA, IFPI, Microsoft, Blizzard, various individual US and international movie studios and record labels, and so on. They all seem perfectly fine with it.

    link to this | view in chronology ]

    • identicon
      jackn, 17 Oct 2014 @ 1:17pm

      Re:

      (They can counter-claim if they wish, but they still have to take down the material).

      That's messed up. Ill stay away from your medium-large hosting company.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Oct 2014 @ 1:41pm

        Re: Re:

        DMCA safe harbor only applies if the material is removed. See 17 USC 512(g)(2). Counter-claiming allows the customer to repost the material after 10 business days unless the claimant files legal action.

        If you think that's messed up, blame the law, not my company.

        link to this | view in chronology ]

        • identicon
          jackn, 17 Oct 2014 @ 1:48pm

          Re: Re: Re:

          Ill blame both, thankyou

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 17 Oct 2014 @ 2:17pm

            Re: Re: Re: Re:

            In principle, I believe that the customer shouldn't have to remove material that may not be infringing (as I suspect you do), but I do understand the potential costs my company is looking at when making these types of decisions. It's easy to say "side with the customer" when it's not your business on the line and you have to spend thousands of dollars (at minimum) in legal fees just to get out of a contributory infringement suit even using the safe harbor grounds. We'll never make that money back from a customer paying a little over a hundred dollars per year for hosting.

            What would you have us do? If you've got a better solution, I'm all ears.

            link to this | view in chronology ]

  • icon
    Spike (profile), 17 Oct 2014 @ 1:17pm

    The only way *anything* should be removed from Github is if its copyrighted source code that was leaked/stolen from some private repository that was never intended to be in the public eye. The MPAA is simply abusing the DMCA if they think they can simply remove P2P client code on their flawed basis of infringing THEIR copyrights.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Oct 2014 @ 1:42pm

    Removed Repositories

    It would be great if GitHub wouldn't bully users on their own site. There have been a number of politically charged moves by their staff removing perfectly neutral and benign repositories at the request of certain political radicals. It is a little disturbing. I myself have moved all my software off their site and to Gitorious.

    I'd advise everyone else to do the same frankly. Political agendas have no place in policing software.

    https://gitorious.org/

    link to this | view in chronology ]

  • identicon
    Rekrul, 17 Oct 2014 @ 1:43pm

    First, whenever possible, users will have a chance to fix problems before we take content down.

    Notice it doesn't say that users have a chance to dispute the claim. It's automatically presumed that they're in the wrong and should have to "fix" their project to satisfy whoever sent the claim.

    Besides, since when has the DMCA allowed third parties to make copyright claims on code that they don't own? GitHub shouldn't be taking down any of these projects, they should be sending a reply to the organization making the claim, explaining that they do not hold the copyright on the code and that if they object to it, they should take it up with the author.

    link to this | view in chronology ]

  • identicon
    jackn, 17 Oct 2014 @ 2:10pm

    First, whenever possible, users will have a chance to fix problems before we take content down.

    Notice it doesn't say that users have a chance to dispute the claim. It's automatically presumed that they're in the wrong and should have to "fix" their project to satisfy whoever sent the claim.

    Yes, this. When being censored or punked by a competitor, there is nothing to fix.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2014 @ 2:42pm

    For many, many years, we've noted the serious problems of the DMCA's "notice and takedown" provisions -- which, arguably, violate the First Amendment.

    How so? There is an opportunity to dispute.

    link to this | view in chronology ]

    • icon
      JMT (profile), 18 Oct 2014 @ 4:05pm

      Re:

      You can dispute the takedown after the content has been disappeared. How is that not a suppression of free speech, even if you're lucky enough for it to be temporary?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Oct 2014 @ 7:56pm

        Re: Re:

        The counter-argument is that the damage suffered by the rightsholder due to the "infringement" is so great that getting the material removed quickly trumps the free speech interest. Get the stuff taken down first, then sort out the free speech issues later. (At least, that's my understanding of the thought process.)

        Now, if every DMCA takedown notice was targeting material that was in fact infringing, we might take less of an issue with it. But the reality is different. The DMCA takedown process gets abused quite often. And the reality is that 10 business days on the Internet is an eternity. Having content disabled for that time can dramatically impact a website's livelihood. In addition, sometimes getting information out is time-critical and having it taken offline for 2 weeks can lead to other problems.

        link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 19 Oct 2014 @ 6:26am

      Re:

      How so? There is an opportunity to dispute.


      Note the link in that sentence? It goes to the explanation.

      link to this | view in chronology ]

  • icon
    JMT (profile), 18 Oct 2014 @ 8:31pm

    "The DMCA takedown process gets abused quite often."

    Because it was written by content industry lawyers for that express purpose. To them it's a feature, not a fault.

    link to this | view in chronology ]

  • icon
    antidirt (profile), 20 Oct 2014 @ 12:59pm

    For many, many years, we've noted the serious problems of the DMCA's "notice and takedown" provisions -- which, arguably, violate the First Amendment.

    Do they? Can you actually explain the argument?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Oct 2014 @ 7:57pm

      Re:

      Asked and answered above.

      Anonymous Coward, Oct 18th, 2014 @ 2:42pm
      Mike Masnick, Oct 19th, 2014 @ 6:26am

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.