Slashdot Mirror
Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice
An anonymous reader writes Qualcomm has forced GitHub to remove over 100 repositories due to "unauthorized publication, disclosure, and copying of highly sensitive, confidential, trade secret, and copyright-protected documents." Among the repositories taken down were for CyanogenMod and Sony Xperia. The issue though is that these "highly sensitive" and "confidential" files are Linux kernel code and reference/sample code files that can be easily found elsewhere, including the Android kernel, but GitHub has complied with Qualcomm's DMCA request.
Freedom, in the land of the just.
that's what i heard on hacker news where you steal half your stories a day late.
slashdot = stagnated
Hopefully they will quickly submit a counter-notice.
- David A. Wheeler (see my Secure Programming HOWTO)
It's too bad that there's not a higher bar for "good faith." It'd be nice if it could be more readily disproven, in some cases.
"I did a Google search for [term] and have a good faith belief that there's no possible way any of the results could be non-infringing. Because I can't believe that any of the results could possibly be non-infringing, I'm not going to examine any of the results more closely. I require you to remove all these results I came up with or be subject to liability under ridiculous laws if it turns out my head isn't *completely* up my ass. In addition, unless you can *prove* that I'm not acting in good faith, through a time-consuming and expensive process, there's absolutely nothing you can do about it! Have a nice day! ---Jackass-in-a-suit"
Any vendor can issue DCMA on any file online as "violating" whatever IP / Copyright / Patent that it holds, and normally the ISP (or gate keeper) complies and remove those files
In light of this, anything can be accused of "violating" something - and that makes everything online liable to be taken down, if DCMA is not reigned in
Kind of ironic one of those repositories is owned by Qualcomm Atheros. Guess they are copyright infringing themselves?
Oh the world we live in.
And stay there.
Adding Quackcomm to the "Patent Troll" list of products I will never purchase.
You got some 'splainin' to do. rickyricardo.jpg
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Freedom, in the land of the just
It looks more and more like the land of the retard, home of the eunuch
There needs to be a cost for issuing overbroad DMCA takedown notices.
If a court finds out later that a company had no standing or no good reason to make a DMCA claim that resulted in a takedown, there should be statutory damages. Let's start at $10000 per infraction.
There is little in the way of validation for these requests. Anyone can simply announce ownership of a part of the code and claim it is stolen property. "Hey, I used a for loop once and that looks a lot like mine."
Github FAILS the requirement for reliability due to being subject to DMCA horseshit. Will somebody please start the next github in a jurisdiction untouchable by DMCA and other thuggish regulations.
It doesn't look like GitHub is the best place to park a project.
The important part, if one receives such a notice is to make certain that everything appears on other sites such that take down notices have no power at all. Matter of fact we could teach people that the fastest way to expose information is an order to take down the information.
but GitHub has complied with Qualcomm's DMCA request.
Comply first. Litigate later. This is the smart thing to do most of the time. For GitHub, it is not like they are being forced to give the keys to the kingdom or to hand over sensitive data customers entrusted to it. No no data is lost or compromised. It is simply inaccessible while GitHub tries to litigate hopefully with sponsorship by those GitHub users that are being affected.
FUCK YOU Qualcomm's piece of shit lawyers.
I used to handle DMCA requests. We got thousands per day. You get them via email and there's no way to verify that the sender is who they say they are, the sender is actually the owner of the content, that the content can even BE owned, or that the contents of what's being complained about has anything to do with the complaint. DMCA requests are a logistical nightmare. You have a user thats hosting a file... Music.mp3 and you get an email from joesmith@lawfirm.com or whatever... How do you know they represent the content owner? Or are even really lawyers? Or that the claimed content owner owns the song in question? How do you know it's not just a recording of the guys kid singing the song in the bath? Maybe the person sending the complaint is just his ex-wife. There's very little you can do about any of it, so you have to make a wild ass guess. You're almost always wrong, but the one thing you can be sure of is that if someone like Qualcomm sends you a complaint, they can certainly follow through with a lawsuit, where-as the an open source project likely cannot. So which side would you err on?
This is a problem with the law, not with Github or even Qualcomm. Fix the damned law.
It isn't Qualcomm directly that issued the DMCA notices, but rather, an IP protection agency that operates on behalf of Qualcomm. In my work, I've often had to respond to these DMCA notifications, and these IP protection agencies are often pretty bush league. They'll see something that possibly infringes on an IP, and then they'll jump on it, thinking it'll make them look good to their client, who hired them. Honestly, I doubt this company will be doing much more work for Qualcomm once they discover what has happened.
That C file is part of the Android MSM kernel source tree and does contain a "Qualcomm Confidential and Proprietary" line while noting it's now under a Linux Foundation copyright.
Well, that could be just a tiny little problem for Qualcomm then. In a DMCA takedown notice, there are mistakes that you are allowed to make and mistakes that are criminal. A DMCA takedown notice against material that is not the one you own, or that has a license which you didn't notice, that's harmless. But you state under penalty of perjury that you are the copyright holder or represent the copyright holder of the item that you believe to be infringed. So if the Linux Foundation is indeed the copyright holder, that should be fatal.
It's too bad that there's not a higher bar for "good faith." It'd be nice if it could be more readily disproven, in some cases.
"I did a Google search for [term] and have a good faith belief that there's no possible way any of the results could be non-infringing. Because I can't believe that any of the results could possibly be non-infringing, I'm not going to examine any of the results more closely. I require you to remove all these results I came up with or be subject to liability under ridiculous laws if it turns out my head isn't *completely* up my ass. In addition, unless you can *prove* that I'm not acting in good faith, through a time-consuming and expensive process, there's absolutely nothing you can do about it! Have a nice day! ---Jackass-in-a-suit"
Screw good faith. Places need to start charging to process DMCA notices, and then when they get fake or bad, or just plain wrong notices like this, you then charge them 1000x the price. They don't pay? Then you don't process any more DMCA notices from them.
I thought we were about capitalism, this is capitalism at it's finest. Money is the only thing these people/corporations understand, so speak their language. They want to not be responsible about DMCA notices, then make it cost them.
Fine with me, I'll start a site that is full of data that needs to be removed due to DMCA. Automate the processing of the notices and collect payment. Wash, rinse, repeat.
Oh that DMCA was issued by Cyveillance - the incompetent company Hollywood and music labels hired for policing P&P by string matching filenames and then carpet bombing service providers with DMCA requests, even though the content was not infringing at all. I bet they simply crawled Github for Qualcomm copyright notices, something that is often left in source code, even though it was relicensed long time ago already. Unfortunately, their bot is not that smart.
Some references:
https://www.techdirt.com/artic...
http://arstechnica.com/tech-po...
etc.
These bozos are known and someone at Qualcomm should get fired for hiring them. This is going to backfire at Qualcomm in a spectacular way, IMO.
The current state of law in the USA is putting them back in the stone age. DMCA takedowns, almost no rights for citizens, even less when they are living within quite a long distance from a border of the country and non citizens visiting or working in the country even less. Half of Africa has a lower debt per capita than the USA has and the USA is making owning and running a manufacturing or inventing company in the country extremely hard. It's not just GitHub, it's almost everything these days....
I don't know enough to comment on the validity of the claimed copyrights in general. But I do know one thing: The fact that material appears elsewhere online is not evidence that it is not copyrighted.
The important question is not whether the stuff appears elsewhere. The important question is only whether Oracle's claimed copyright is real/valid.
Will somebody please start the next github in a jurisdiction untouchable by DMCA and other thuggish regulations.
The geek is forever looking for some safe haven.
I don't know where you will find one when the stakes are high enough.
I do know I'm not going to be looking eight to twelve thousand miles from home for a KIm Dotcom to protect my interests.
Is github just the canary for another SCO repeat? Will Qualcomm be demanding protection money from everyone who uses Linux?
People should be more patient before blasting a company that has made many technological advances for our betterment. Qualcomm may (or may not) have very good reason to make this initial request, but I think they need to narrow their request to specific code that infringes on their IP... Not entire code bases. Let's see how this pans out... Before rushing to judgment.
I wonder if the DMCA sharks would have a more difficult time issuing this if github were not hosted within the United States. Anyone know more about this?
I can understand why github would comply first, debate later -- they have many employees who could be at risk. I agree with a previous poster, in that there should be a "cost" for filing DMCA complaints, especially if they prove to be baseless. This process seems to be always associated with bullying or some form of abuse, rather than genuinely protecting copyrighted content -- doing more harm than good.
So you make up a completely fictitious name and address. Perjury problem solved! As long as the content gets pulled down, who cares?
Someone needs to get together a wall of shame website for companies like Qualcomm. Call out and shame these bastards constantly. Boycott whoever you can on that list. Never forgive; never forget.
Is it still not legal to shoot copyright trolls on sight?
And if not, WHY THE HELL NOT?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Okay, I'm just imaging this. I do not recommend it, or want it to really happen. I also predict that some day it may really happen, just because there are enough vandals out there. With a concentrated attack, some group could send out a gazillion DMCA notices that in, say, a week, something 10, 20% of the websites on the internet have pending requests.
As it currently exists, is a trickly steady level of requests?
On the other hand, Big Content Owners and Big Companies would be happy if the internet is morphed back to something like AOL, where 99% of smucks are content consumers, and only entities on a white list get to have a website. Gotta be careful; maybe my prior thoughts will backfire.
If you issue a DMCA takedown notice against a product licensed under GPL, you no longer may use any products under the GPL. You have shown that you value milking software for money over its free distribution, and hence you obviously have no need for software that can be distributed openly.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I still use subversion, why would you host everything on one server?
The example files linked to in the article that were taken down via the DMCA all had their original Qualcomm copyright notices (all rights reserved). The question in my mind is why someone else added their own copyright? You can't just overwrite the original copyright because you want to open source something. Given the examples that were posted, Qualcomm seemed within their rights to request the files be removed. Just because a company makes code publicly available doesn't mean they give up their rights to it.
I'm a huge supporter of open source and have put a great deal of effort into my own LGPL library. How can I expect anyone to respect my copyright if I don't respect others. There is often a holier-than-thou attitude in open source where people believe they can take other people's work and open source it since they are, in their minds, doing the greater good. I see the same thing with Wikipedia where entire paragraphs are lifted right out of textbooks. The authors apparently view it as their right, vs. actually taking the time to comprehend the material and explain it in their own words (that would actually require understanding the subject matter vs. regurgitating it like so many of these morons do).
DMCA requires that the service provider wait no fewer than ten and no more than fourteen days after forwarding the counter-notification and then put it back up if the service provider has not received notice of suit in that period.
... no, it means you just committed perjury, and in order for your request to be taken seriously by anyone of any importance (like github) they're going to communicate with you first, so they'll know who you actually are.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Does Cyanogenmod need even more encouragement to dump Qualcomm processors? Odd that the Nook Color is still supported, when many faster Qualcomm chips have been shown the door.
I already have to run an unofficial release of Cyanogenmod on my vivow. Now what is the likelyhood that I'm going to get a Towelroot patch when you are nuking the source repositories?
I still won't buy Motorola products because of their past behavior. Am I about to add Qualcomm to that list?
There is a git repository on I2P.
git.repo.i2p
I assume that git over darknet is less censorable than git over clearnet, but never forget that this is always a possibility.
Github isn't going to drive out to the address you wrote in there to verify that you are who you say you are. They're going to hit "reply" in the email. To date I know of no entity that has been punished for fradulant DMCA takedowns more than a written admonishment. The law is utterly one sided because it was written by people who were intending to use it to send millions of takedown requests. They didn't want any possibily of suffering legal liability if they could get away with it, so the sender only has to hurdle the lowest legal hurdle (good faith) to completely indemnify themselves against counter claims. The law was written to be abused, and shock, people are abusing it.
I read the internet for the articles.
I expect that DMCA subservience will come sooner rather than later for Bitbucket, alas, given their location in SF, USA. They will HAVE to comply with the most outrageous takedowns, or suffer the wrath of their local establishment. Also, like a lot of US service providers, Bitbucket are in IPv6 denial so they're not exactly the leading edge of network application providers.
Gitorious seems like a much better bet since they're outside of USA. And, no surprise at all, they're on IPv6, because the rest of the world understands the meaning of exponential growth.
File Name: https://github.com/justicezyx/...
They claimed copyright on a file called README of 1 byte in size. This is ridiculous.
As Luke on phoronix points out, "Webhosts should block Cyveillance, PicScout, etc. None of those automated copythug bots respect robots.txt and all of them can be construed as violating the TOS or any website that posts a demand that they stay away. One website (https://dcdirectactionnews.wordpress.com) has posted a legal notice that every access by Picscout could cost them $10,000 in liquidated damages, essentially a reverse "Getty Letter" against them. I suspect Cyveillance is about to get added to that notice, along with all their clients,.
GIThub should post similar terms and if they control the server they can also block these bots directly. So should this forum, phoronix itself, and as many websites as possible to shut down these parasites. PicScout in particular uses so much bandwidth that some smaller websites have incurred significant extra data costs until they blocked PicScout."
Taking down a project repository requires taking down
content from many sources with many copyrights.
For Qualcom to take down CyanogenMod and Sony Xperia
tells me that the take down could involve hundreds of OTHER Copyright holders
not Qualcom. I expect to see copyrights from Netscape, Texas Instruments,
Free Software Foundation, University of Illinois, Nokia, Intel, Red Hat, Carnegie Mellon
University, University of California Regents, Imagination Technologies, Samsung,
Apple, Torch Mobile and hundreds of individuals.
It is one thing to specify individual files but to reach out and assert ownership on
the Copyright of hundreds of others is theft on a grand scale. As a minimum it
is denial of service which is covered by modern internet law.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
Your only hope is to put your files on piratebay.
the current Internet is popular with the criminal element but we're not going to stop using it for that reason. Same for cash, guns, and safes.
So's Ketchup...
For the love of God, can we at least do something about ketchup?
Until this year, there was only Sony on my boycott list, for very well known reasons that occurred many years ago.
This year LG got added, and now Qualcomm. I wonder if this trend is accelerating.
Of course the companies concerned don't care about one person boycotts, but there's a multiplier effect by 2 orders of magnitude or more occurring every Xmas --- everyone on my Xmas list is notified that I don't want any products from companies I boycott. This figures in the presents that they buy not only for me, but also for others, because they consider me their tech expert. They may not understand the reasons, but they know that I have technical knowledge and some some strong opinions, and a proportion of them will remember the company names.
And some of those people will in turn propagate this opinion about Sony, LG, and now Qualcomm to others in their circles of friends and acquaintances. I have no idea how far it goes, but one thing's for sure: this is not to the benefit of the companies concerned.
The moral is that there is a cost involved when you let lawyers mangle your public image,
Would it be really so hard to relocate GitHub (servers, company and all) outside the US to avoid those DMCA take downs? Especially considering that it would also make life for the NSA a little harder too (no NSLs could force GitHub to secretly include backdoors here and there, and keep silent about it). Next question: what country would be most friendly to Open Source yet resisting the insatiable hunger of the copyright trolls?
cpghost at Cordula's Web.
...but only almost, just to eventually get the Hollywood/music industry written and purchased DMCA repealed. The scary thing is this could actually happen, but, 2 wrongs still don't make a right, and Mayday is going to be co-opted by the collectivists (as opposed to cooperativists (as represented by FSF, creative commons, etc.)) The same people who screwed up the Occupy movement. And it will be infiltrated by the Man, as well. And then we will see what passes for democratic government of a constutional republic superseded by an unelected steering committee deciding what is allowed political speech and saving the planet for the robots and so forth. R.I.P. USA. But, I digress.
My advice to any co. getting one of these DMCA notices is either to roundfile it or respond with a fuckoff letter. Let 'em sue you, and then THEY pay for the lawyers when you dice them up in court. You can't afford NOT to do this.
What valuable IPR is contained in header files?
So some butthead at Qualcomm decides to pull the DMCA bullshit on the Linux kernel. I'm pissed. I want to sue the mutherfucker for breach and business losses. He's claiming stuff that isn't his. I'm up for suing all involved. Lessig has a superpac for fixing the US government. I'm all for starting a 'frivilous sue-the-bastards-who-pull-this-into-the-ground' warchest. Anyone want to join me?
They're already being pirated, good luck stopping that Qualcomm.
Please get those automated DMCA messages under control and put those lawyers on short leashes. While you might find obfuscating public access modestly financially beneficial for the a short quarter or two, you may notice much longer term adverse reactions to this behavior in the community. Furthermore, this is generally a bad strategy for concealing misconduct by your developers who may have integrated source code from competitors and GPL sources already in the eye of the public domain. Today there is one less layout engineer who will recommend your products. Perhaps some of those fantastic engineers (Atheros team I'm looking at you) will realize what a horrible mistake they've made contributing (or selling) their labors of love to companies that prefer levers of the law over openness and competitive advantage through fantastically designed products that inspire community and progress. Perhaps these engineers will stand up and walk out that door one last time, and build a new company with the expertise that most certainly does not require your lawyers and many layers of middle management to sour the fruits of brilliance.
Welcome to my black book Qualcomm. May you turn expediently back around into the light.
Have they no spine?? C'mon guys, don't you have some ACLU/EFF hook-ups to tell you this is bullshit. Where's the proof?? Where??
Jesus fucking Christ
When my Karma level reaches 0 I feel in piece with the Universe
This is why MAIDSafe was created
IANAL, but I wonder if a case couldn't be made that by limiting the distribution of parts of their Linux kernel source code, they've violated clause 6 of the GPL2 in every product of theirs that uses a Linux kernel with that code, and therefore every other Linux kernel developer is in a position to sue them for copyright violation, or at least file DMCA notices with anybody distributing their stuff. I am assuming they ship products using that kernel code.
Here is my phone. Notice that it has been dumped, it has 768mb of ram, and a 1ghz CPU.
Compare that to the Samsung Fascinate, a very similar phone that is still supported despite having less ram.
What you can see is a developer bias: Qualcomm technology is (already) preferentially terminated.
For myself, I need to start buying Samsung, and I need to make sure that it has as little Qualcomm technology in it as possible.
The DMCA does not allow you to refuse to process notices due to unpaid processing fees.
Does it allow somethig like this?
1) OSP charges the takedown filer a $1,000 (or $10,000, or whatever) fee to process a notice.
2) The fee is waived if the alleged infringer fails to file a counter-notice.
3) If a counter-noitce, is filed, the takedown filer is notified, perhaps with a check-box list of the alleged imfringer's claim(s), but DOES NOT RECIEVE THE CONTACT INFORMATION until the fee is paid (or satisfactory payment arrangements made).
4) The fee (or the bulk of it, or a pro-rata share) is waived if the takedown filer notifies the OSP, in a timely fashion, that it does not wish to pursue the takedown at this time and the OSP may put-back the material immediately, rather than waiting for the statutory time.
Assuming the OSP may legally withhold the counter-filing contact information pending payment without jepoardizing the safe harbor, this could be implemented entirely by an OSP. A troll operation would have to pay up to get the information needed to pursue its extortion. The OSP would not be stiffed for its fees if the trolls want to move on to the next step (and could still pursure collection even if the trolls DON'T pay up after the counter-notice is filed).
It would have the advantage (over "losing filers get a big financial hit" approaches) that it does not create a financial incentive for copyright claimants to pursure an iffy or bogus suit in order to avoid a large fine or damages payment.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Oh that DMCA was issued by Cyveillance ...
According to an Ausdroid "excllusive", a "Qualcomm representative" has already:
- repudiated and retracted the takedown notices,
- promised they will pursure any issues directly with the project maintainers.
- appologized to the project maintainers.
Unfortunately, this was in a communication with Ausdroid and apparently not in a form that would let GitHub over-the-holiday staff put the repositories back up immediately.
That's a pity. Many of the contributors to open source projects are volunterers with day jobs. This makes three-day weekend holidays "prime time" for a hackfest. Taking down the repositories over such a period is a serious hit to productivity. If they'd done it early in the week, rather than just before a three-day holiday, their error could have been corrected in hours rather than (exceptionally important) days.
(Fortunately, since the revision control system is git, where each checkout is a full copy of the repository, the hit is mainly impeeding inter-member cooperation, rather than bringing all work on the projects to a screeching halt.)
I hope both Qualcom and some of the affected projects bring actions against Cyveillance, if only to make them leery of issuing anti-FOSS takedowns at such sensitive times.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
[suggests] relocate[ing] GitHub (servers, company and all) outside the US to avoid those DMCA take downs? ... Next question: what country would be most friendly to Open Source yet resisting the insatiable hunger of the copyright trolls?
How about Antigua?
Antigua recently won a suit against the US over its ban on online gambling (a major source of foreign exchange income for the country). As a penalty, the WTO awarded Antigua the right to freely distribute "American [copyrighted] DVDs, CDs and games and software", up to $21 Million per year.
GitHub doesn't charge for the software it distributes (getting revenue mainly from things lik companies storing their OWN, PRIVATE repositories on their servers). So I'd think a company like GitHub, incorporated, owned, and hosted there, would consume $0 of the $21MM/year allocation, and could freely and legally distribute copyrighted material with US copyright holders - at least until the year after the US congress finally repeals the anti-online-gambing laws.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way