GitHub Promises To Alert Users To DMCA Notices Before Taking Content Down

from the interesting... dept

For many, many years, we’ve noted the serious problems of the DMCA’s “notice and takedown” provisions — which, arguably, violate the First Amendment. A potential alternative regimen, which would be much more reasonable, and avoid many of the censorship problems of the DMCA, would be to do a notice and notice setup, in which service providers would pass along notices to the user, with an established time period for that user to respond, either by fixing the issue or issuing a counternotice. Then the service provider could decide how to respond, in either taking down the content or leaving it up. Unfortunately, that’s not how the current DMCA safe harbors work. The notice-and-takedown provision does not require immediate takedown, but heavily incentivizes it by granting the service provider immunity from liability if they take the content down. This doesn’t mean that the service provider is automatically liable if they choose not to take the content down (courts have found service providers to still be protected otherwise), but they can’t use the simple and quick process of the safe harbor to get any lawsuits dismissed. Rather they might have to go through the full process of the lawsuit. Thus, some companies immediately take down all requested content in response to a DMCA request, just to give themselves protections under the safe harbor. Many, more reasonable, companies at least do a first-pass review over how legitimate the DMCA notice is, rejecting obviously frivolous ones, but still quickly taking down plenty of content (often mistakenly).

Github, the super popular site for storing software repositories has been hit with more than a few DMCA notices in its time — in fact, it has a repository publicly listing them all. Just recently, we had noted some controversial ones, including Qualcomm shutting down its own repository and the MPAA taking down Popcorn Time repositories, despite them containing no MPAA copyright covered material.

Github has now made a very interesting move in changing its DMCA process to one that is basically a notice-and-notice policy, and one which also does not create collateral damage for non-infringing forks of projects.

  • First, whenever possible, users will have a chance to fix problems before we take content down.
  • Second, we will not automatically disable forks in a network based on the takedown of a parent repository unless the takedown notice explicitly includes them.
  • Last but not least, we’ve published a completely revamped DMCA policy as well as a pair of how-to guides for takedown and counter notices to make our process more transparent and easier to understand.

It’s that first one that is most interesting to me for a variety of reasons. The company admits that it sort of did this informally in the past, but now it’s official policy:

The first change is that from now on we will give you an opportunity, whenever possible, to modify your code before we take it down. Previously, when we blocked access to a Git repository, we had to disable the entire repository. This doesn’t make sense when the complaint is only directed at one file (or a few lines of code) in the repository, and the repository owner is perfectly happy to fix the problem.

In practice, our support team would often shuttle messages between the parties to work out a way for them to fix it. That usually worked out well and everyone ended up happier at the end of the day. So we are making it a formal part of our policy, and we are going to do it before we disable the rest of the repository.

It’s absolutely true that this seems like a much better overall policy for everyone — but it’s still surprising (if unfortunate that it’s surprising) that any company would be willing to take such a step, since, technically it’s opening the company up to some amount of greater liability — and lawyers tend to be averse to any move that may increase a company’s legal liability. So, kudos to Github and its lawyers for recognizing that sometimes you have to let in a little legal risk for the good of the overall community.

Filed Under: , , , ,
Companies: github

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “GitHub Promises To Alert Users To DMCA Notices Before Taking Content Down”

Subscribe: RSS Leave a comment
35 Comments
Mason Wheeler (profile) says:

You keep using that word. I do not think it means what you think it means

If you agree that the DMCA Takedown system is problematic and probably violates people’s rights, why do you keep calling it a “safe harbor” when it clearly isn’t one?

CDA 230 is a safe harbor. The DMCA Takedown system is not. The difference? There are two, both very significant. First, CDA 230 doesn’t come with strings attached that turn it into a tool of extortion by giving the bad guys leverage. And second, there’s a long history of people successfully using CDA 230 to have bad lawsuits thrown out. But name even one case in which the DMCA Takedown system’s alleged “safe harbors” have protected a company that the bad guys wanted gone.

Go on, I’m still waiting…

Mason Wheeler (profile) says:

Re: Re: You keep using that word. I do not think it means what you think it means

YouTube is one of the prime examples of the DMCA not being a safe harbor. They did everything the law required of them and still got hauled into court anyway, and if they hadn’t been acquired by a company with the as deep of pockets as Google had, that would have been the end of Google, as it was for similar sites that didn’t end up getting acquired by Google.

So my challenge stands: name even one site that the DMCA’s alleged “safe harbors” have ever managed to actually keep safe.

Ninja (profile) says:

Re: You keep using that word. I do not think it means what you think it means

Safe harbors to the channel, not to the users generating the content. I think that’s the main issue here. To retain said safe harbors the services must abide by the takedown process.

It should be interesting to see how this will play out. I’m willing to bet the MAFIAA will try to sue Github to try and extract some secondary/tertiary/etc liability ruling from it, green light to send thousands of automated, unrevised takedown notices and free money. Github must be expecting any time now. I say it will happen in the next month (or week after their lawyers recover from all the cocaine and hookers bought with the money that should actually be going to the artists).

Mason Wheeler (profile) says:

Re: Re: You keep using that word. I do not think it means what you think it means

Yes, that’s exactly my point. If it has strings attached, that’s not a safe harbor. When the MAFIAA can come up to you and say “this is a nice site you got here; it would be a shame if something were to happen to it” and you have to acquiesce to their demands in order to protect your site, it is not a safe harbor, it is a tool of extortion.

GMacGuffin (profile) says:

Re: You keep using that word. I do not think it means what you think it means

“CDA 230 is a safe harbor. The DMCA Takedown system is not.”

Actually, that is incorrect. Both are legal terms of art, so your arguments do not matter.

CDA 230 is an immunity. A service provider is immune from liability for statements of its users (non IP).

DMCA is a safe harbor (for copyright infringement). You have to go through steps (e.g. register an agent with the Copyright office, respond to notices timely, etc.) and if you follow the steps, you are granted safe harbor from liability you are not otherwise immune from.

Anonymous Coward says:

I work in the legal department at a medium-large hosting provider. Our policy for the past 4 years (the entire time I’ve been there) has been to notify customers of a DMCA notice by email and give them 48 hours to remove the content. If they do so, no action is taken against the customer’s account (They can counter-claim if they wish, but they still have to take down the material). We only immediately suspend an account in the case of particularly egregious violations, such as someone copying an entire website and passing it off as their own. Sometimes they don’t even bother changing the name of the source company in the HTML.

We do not remove material from customer accounts ourselves, because there is always the chance that our messing around in their site can do unintended harm, so if the customer does not remove the material, their account is suspended. This also has the effect of getting a site owner’s attention if they chose to ignore our notification email.

We also respond to all DMCA claimants and advise them that we have provided this 48 hour window, including organizations such as the MPAA, RIAA, IFPI, Microsoft, Blizzard, various individual US and international movie studios and record labels, and so on. They all seem perfectly fine with it.

Anonymous Coward says:

Re: Re: Re:2 Re:

In principle, I believe that the customer shouldn’t have to remove material that may not be infringing (as I suspect you do), but I do understand the potential costs my company is looking at when making these types of decisions. It’s easy to say “side with the customer” when it’s not your business on the line and you have to spend thousands of dollars (at minimum) in legal fees just to get out of a contributory infringement suit even using the safe harbor grounds. We’ll never make that money back from a customer paying a little over a hundred dollars per year for hosting.

What would you have us do? If you’ve got a better solution, I’m all ears.

Anonymous Coward says:

Removed Repositories

It would be great if GitHub wouldn’t bully users on their own site. There have been a number of politically charged moves by their staff removing perfectly neutral and benign repositories at the request of certain political radicals. It is a little disturbing. I myself have moved all my software off their site and to Gitorious.

I’d advise everyone else to do the same frankly. Political agendas have no place in policing software.

https://gitorious.org/

Rekrul says:

First, whenever possible, users will have a chance to fix problems before we take content down.

Notice it doesn’t say that users have a chance to dispute the claim. It’s automatically presumed that they’re in the wrong and should have to “fix” their project to satisfy whoever sent the claim.

Besides, since when has the DMCA allowed third parties to make copyright claims on code that they don’t own? GitHub shouldn’t be taking down any of these projects, they should be sending a reply to the organization making the claim, explaining that they do not hold the copyright on the code and that if they object to it, they should take it up with the author.

jackn says:

First, whenever possible, users will have a chance to fix problems before we take content down.

Notice it doesn’t say that users have a chance to dispute the claim. It’s automatically presumed that they’re in the wrong and should have to “fix” their project to satisfy whoever sent the claim.

Yes, this. When being censored or punked by a competitor, there is nothing to fix.

Anonymous Coward says:

Re: Re: Re:

The counter-argument is that the damage suffered by the rightsholder due to the “infringement” is so great that getting the material removed quickly trumps the free speech interest. Get the stuff taken down first, then sort out the free speech issues later. (At least, that’s my understanding of the thought process.)

Now, if every DMCA takedown notice was targeting material that was in fact infringing, we might take less of an issue with it. But the reality is different. The DMCA takedown process gets abused quite often. And the reality is that 10 business days on the Internet is an eternity. Having content disabled for that time can dramatically impact a website’s livelihood. In addition, sometimes getting information out is time-critical and having it taken offline for 2 weeks can lead to other problems.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...