How The DMCA's Digital Locks Provision Allowed A Company To Delete A URL From Adblock Lists
from the end-1201 dept
Starting late last week, there's been a bit of a fuss in various circles about a DMCA notice being used to remove a domain from one of the most prominent adblocking server lists, known as Easylist. AdGuard had a big blog post about it, as did TorrentFreak and Gizmodo. But, the whole situation is somewhat confusing, and requires understanding a variety of different things, from how adblocking works, to how certain paywalls work and, most importantly, how two separate parts of the DMCA -- the notice and takedown portions of DMCA 512 intersect with the anti-circumvention/"digital locks" provisions of DMCA 1201.
So, let's dig in. The easiest bit is how adblocking works. You probably already know the basics, but it relies on listing out designated servers, and then blocking resources from those servers from loading. Pretty straightforward. Now, there's a whole industry that has grown up around being anti-adblocking (we get pitches from these people all the time, and tell them to go away, because we actually let you turn off ads directly if you want). Most of the anti-adblock solutions are annoying in one way or another, of course. One popular solution that many popular sites have started using is that they try to detect if you are using an adblocker -- and if they think you are, you're blocked from reading the content unless you disable the adblocker. We've pointed out why we think this is a dumb strategy for a variety of reasons, not the least of which being that after Forbes made people turn off its adblockers, it served up malware via its ads. Oops.
Anyway, one of the companies that offers the technology for this kind of "turn off your adblocker to access this content" setup is a company called Admiral. One of the domains that Admiral apparently uses for its technology is called "functionalclam.com." You can go to the site where you'll see the following nonsense text that almost sorta kinda makes sense, but really doesn't:
This domain is used by digital publishers to control access to copyrighted content in accordance with the Digital Millennium Copyright Act and understand how visitors are accessing their copyrighted content.
Right? It almost makes sense, but then you're left wondering -- wait, how does a domain "control access to copyrighted content"? And, why would a domain have anything to do with the DMCA? Hang tight, we'll get there.
Let's go back to Easylist, which is housed, like so many things, on Github. Last week, Easylist's Github page showed a comment saying that "functionalclaim.com" had been removed "due to DMCA takedown request." This immediately got a lot of people upset -- perhaps reasonably so -- but the whole thing is a bit more complicated. When we talk about the DMCA there are two main parts that we often talk about -- and in nearly every case, the two separate parts of the DMCA we talk about them entirely separately, because they cover different things, and it's rare that they ever intersect.
We most commonly talk about DMCA 512, which is the notice-and-takedown part of the DMCA, laying out the rules for a copyright holder to send a DMCA takedown notice to a platform, as well as the rules for how a platform needs to respond. The other part of the DMCA, which we also still talk about pretty frequently is DMCA 1201, sometimes called the "anti-circumvention" section or the "digital locks" section. This is the (highly problematic!) part of the DMCA that says that circumventing "technological measures" that are designed to "control access" to a work protected by copyright. 1201 is dangerously broad in that it makes it a violation of the law to "manufacture, import, offer to the public, provide or otherwise traffic in any technology, product, service, device, component, or part thereof" if the purpose of that technology is to circumvent. In practice, this means that using or making a tool for perfectly legal circumvention -- such as for fair use or accessing public domain material -- can still be said to be in violation of this law.
So, here's where this particular DMCA notice gets tricky. When people talk about DMCA notices, they almost always mean a 512 notice. After all, that's the part about "notice and takedown." But this is not a 512 notice. They're actually sending a 1201 notice, which is relatively rare (I can't recall any others, though it's entirely possible they've been sent). Here, unlike with 512 notices, there isn't necessarily a strict procedure that needs to be followed under the law, but for fairly unsurprising reasons, Github more or less treats it as a 512 notice and acts according (as we'll explain later).
The full DMCA notice from Admiral is actually fairly interesting. To its credit, rather than the sort of smash-and-destroy-everything style of DMCA notices we often see, this one actually goes into detail and stresses, repeatedly, that it's not asking Github to remove all of Easylist at all. It's just asking for the removal of that one domain, and it believes that it should be removed because it violates 1201. The notice repeated references 1201, not 512. Now, I have some serious questions about how this can actually be a 1201 violation, but first let's finish what happened before we question things.
A few years back, Github implemented a process (which we approve of!) for dealing with DMCA notices. Rather than taking things down immediately, Github actually alerts the project owner first, and gives them time to review the notice and possibly fix things themselves (or to protest if they believe the notice is in error). And that's what happened here. Github passed along the notice and the Easylist people removed the domain in response, while also noting that if it really is an "Anti-Adblock Circumvention/Warning" service "it should be removed from Easylist without the need for a DMCA request." There's also some confusion over this, but it appears that that anti-adblock company Admiral created a Github user with the confusing name "dmcahelper" who had initially requested the removal in a comment last month. A lot of people thought that this might possibly be from Github, but Github has said it is not, and Admiral has since admitted to posting the request.
Oh, and while everyone was getting upset about this, Admiral put out a weirdish blog post that it titled "DMCA, Easylist, Adblock, Copyright Access Control & Admiral: 10 Things To Know," which explains all of this accurately, but requires an awful lot of background knowledge to actually understand what it's saying (knowledge that most people commenting on this story on various sites do not appear to have given the commentary I've been reading).
So, to summarize: Admiral tries to help publishers deny access to adblock users unless they disable adblocking tools or whitelist those particular publishers. Somehow, one of the long list of nonsensical/wacky domain names that Admiral uses to serve up those "please whitelist us to access" interstitial got included in Easylist. Admiral asked for it to be taken down, but in an awkward manner using a new Github account called "dmcahelper" and the people behind Easylist expressed some confusion. Admiral responded by filing a formal 1201 (not 512) DMCA notice -- that goes to great lengths to explain that it just wants functionalclam removed from the list for anti-circumvention reasons. Github forwards the notice to Easylist, as it would with a 512 notice, and Easylist removed functionalclam, while noting that it shouldn't be on the list anyway, because the domain is just for anti-adblocking tools. Phew.
Or, to make it even shorter: Admiral is arguing that it's "you need to whitelist us on your adblock to access this content" technology is a form of DRM -- and including one of its URLs in adblock itself is "circumventing" its DRM, and therefore in violation of 1201... and thus it sent a takedown notice that is a "DMCA takedown" notice, but not the kind of DMCA takedown notice you would normally see.
When you put all that together, you can see how this could all be pretty confusing -- and could at least lead people to suspect something nefarious in, say, an advertiser trying to get its servers off of an adblock list through a totally fraudulent DMCA notice. This is not quite that.
But is the DMCA notice really legit? That... is not quite as clear. Putting this all back together and zooming in on the specific issue, this would only be a valid DMCA notice if the mere inclusion of the URL counted as a "technology, product, service, device, component, or part thereof" that was "primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner" and "has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner." And, for that I'm left scratching my head a bit. I'm not entirely sure how merely including a domain name would count. But that doesn't mean it wouldn't. Adblock itself isn't a tool designed for circumventing protection (even if some argue that it's circumventing a publication's business model, it's not circumventing copyright protection). But, perhaps there's a reasonable argument that the mere inclusion of a domain used solely to create a blocking on adblock users counts as circumvention in a way that violates 1201. That worries me for a variety of reasons, but it is possible that it's legitimate under the law.
While some are quick to call this a clear abuse of the DMCA or a frivolous takedown, I don't think it's that clear at all. It's not obviously frivolous. There's at least an interesting and possibly credible theory behind it, arguing that the inclusion violates 1201 -- even if I'm not sure it really does. What this really demonstrates to me is -- once again -- the serious problems of DMCA 1201 and how it allows for very dangerous results. The idea that merely including a URL in a list that I use on my own computer to tell my computer not to allow a certain server to send information to my computer... could be seen as violating copyright law is bonkers. This gets right to the heart of what Cory Doctorow frequently discusses concerning problems with 1201 and how it effectively is reaching into people's own computers and telling them what they can't do. And, in this case, what you "can't" do is put a specific URL on a list. That seems bad.
It's fine that Easylist agrees that it doesn't want those kinds of URLs on its list, but there's a larger question here about whether or not others should be able to merely list out the URLs of servers they don't want to send information to their computer. And the idea that merely doing so would be violating copyright law raises a whole bunch of troubling consequences.
Filed Under: adblock, anti-circumvention, circuvmention, copyright, dmca 1201, dmca 512, easylist, takedown, whitelist
Companies: adguard, admiral, github