Slashdot Mirror
Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice
An anonymous reader writes Qualcomm has forced GitHub to remove over 100 repositories due to "unauthorized publication, disclosure, and copying of highly sensitive, confidential, trade secret, and copyright-protected documents." Among the repositories taken down were for CyanogenMod and Sony Xperia. The issue though is that these "highly sensitive" and "confidential" files are Linux kernel code and reference/sample code files that can be easily found elsewhere, including the Android kernel, but GitHub has complied with Qualcomm's DMCA request.
Freedom, in the land of the just.
Hopefully they will quickly submit a counter-notice.
- David A. Wheeler (see my Secure Programming HOWTO)
It's too bad that there's not a higher bar for "good faith." It'd be nice if it could be more readily disproven, in some cases.
"I did a Google search for [term] and have a good faith belief that there's no possible way any of the results could be non-infringing. Because I can't believe that any of the results could possibly be non-infringing, I'm not going to examine any of the results more closely. I require you to remove all these results I came up with or be subject to liability under ridiculous laws if it turns out my head isn't *completely* up my ass. In addition, unless you can *prove* that I'm not acting in good faith, through a time-consuming and expensive process, there's absolutely nothing you can do about it! Have a nice day! ---Jackass-in-a-suit"
Any vendor can issue DCMA on any file online as "violating" whatever IP / Copyright / Patent that it holds, and normally the ISP (or gate keeper) complies and remove those files
In light of this, anything can be accused of "violating" something - and that makes everything online liable to be taken down, if DCMA is not reigned in
Kind of ironic one of those repositories is owned by Qualcomm Atheros. Guess they are copyright infringing themselves?
Oh the world we live in.
And stay there.
You got some 'splainin' to do. rickyricardo.jpg
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
There needs to be a cost for issuing overbroad DMCA takedown notices.
If a court finds out later that a company had no standing or no good reason to make a DMCA claim that resulted in a takedown, there should be statutory damages. Let's start at $10000 per infraction.
Github FAILS the requirement for reliability due to being subject to DMCA horseshit. Will somebody please start the next github in a jurisdiction untouchable by DMCA and other thuggish regulations.
The important part, if one receives such a notice is to make certain that everything appears on other sites such that take down notices have no power at all. Matter of fact we could teach people that the fastest way to expose information is an order to take down the information.
A lot of the reference repositories include a Qualcomm proprietary license header. Many are from the Vuforia SDK which has a clear license agreement that prevents such redistribution.
but GitHub has complied with Qualcomm's DMCA request.
Comply first. Litigate later. This is the smart thing to do most of the time. For GitHub, it is not like they are being forced to give the keys to the kingdom or to hand over sensitive data customers entrusted to it. No no data is lost or compromised. It is simply inaccessible while GitHub tries to litigate hopefully with sponsorship by those GitHub users that are being affected.
I used to handle DMCA requests. We got thousands per day. You get them via email and there's no way to verify that the sender is who they say they are, the sender is actually the owner of the content, that the content can even BE owned, or that the contents of what's being complained about has anything to do with the complaint. DMCA requests are a logistical nightmare. You have a user thats hosting a file... Music.mp3 and you get an email from joesmith@lawfirm.com or whatever... How do you know they represent the content owner? Or are even really lawyers? Or that the claimed content owner owns the song in question? How do you know it's not just a recording of the guys kid singing the song in the bath? Maybe the person sending the complaint is just his ex-wife. There's very little you can do about any of it, so you have to make a wild ass guess. You're almost always wrong, but the one thing you can be sure of is that if someone like Qualcomm sends you a complaint, they can certainly follow through with a lawsuit, where-as the an open source project likely cannot. So which side would you err on?
This is a problem with the law, not with Github or even Qualcomm. Fix the damned law.
It isn't Qualcomm directly that issued the DMCA notices, but rather, an IP protection agency that operates on behalf of Qualcomm. In my work, I've often had to respond to these DMCA notifications, and these IP protection agencies are often pretty bush league. They'll see something that possibly infringes on an IP, and then they'll jump on it, thinking it'll make them look good to their client, who hired them. Honestly, I doubt this company will be doing much more work for Qualcomm once they discover what has happened.
That C file is part of the Android MSM kernel source tree and does contain a "Qualcomm Confidential and Proprietary" line while noting it's now under a Linux Foundation copyright.
Well, that could be just a tiny little problem for Qualcomm then. In a DMCA takedown notice, there are mistakes that you are allowed to make and mistakes that are criminal. A DMCA takedown notice against material that is not the one you own, or that has a license which you didn't notice, that's harmless. But you state under penalty of perjury that you are the copyright holder or represent the copyright holder of the item that you believe to be infringed. So if the Linux Foundation is indeed the copyright holder, that should be fatal.
Oh that DMCA was issued by Cyveillance - the incompetent company Hollywood and music labels hired for policing P&P by string matching filenames and then carpet bombing service providers with DMCA requests, even though the content was not infringing at all. I bet they simply crawled Github for Qualcomm copyright notices, something that is often left in source code, even though it was relicensed long time ago already. Unfortunately, their bot is not that smart.
Some references:
https://www.techdirt.com/artic...
http://arstechnica.com/tech-po...
etc.
These bozos are known and someone at Qualcomm should get fired for hiring them. This is going to backfire at Qualcomm in a spectacular way, IMO.
The current state of law in the USA is putting them back in the stone age. DMCA takedowns, almost no rights for citizens, even less when they are living within quite a long distance from a border of the country and non citizens visiting or working in the country even less. Half of Africa has a lower debt per capita than the USA has and the USA is making owning and running a manufacturing or inventing company in the country extremely hard. It's not just GitHub, it's almost everything these days....
I don't know enough to comment on the validity of the claimed copyrights in general. But I do know one thing: The fact that material appears elsewhere online is not evidence that it is not copyrighted.
The important question is not whether the stuff appears elsewhere. The important question is only whether Oracle's claimed copyright is real/valid.
Will somebody please start the next github in a jurisdiction untouchable by DMCA and other thuggish regulations.
The geek is forever looking for some safe haven.
I don't know where you will find one when the stakes are high enough.
I do know I'm not going to be looking eight to twelve thousand miles from home for a KIm Dotcom to protect my interests.
Is github just the canary for another SCO repeat? Will Qualcomm be demanding protection money from everyone who uses Linux?
People should be more patient before blasting a company that has made many technological advances for our betterment. Qualcomm may (or may not) have very good reason to make this initial request, but I think they need to narrow their request to specific code that infringes on their IP... Not entire code bases. Let's see how this pans out... Before rushing to judgment.
I wonder if the DMCA sharks would have a more difficult time issuing this if github were not hosted within the United States. Anyone know more about this?
I can understand why github would comply first, debate later -- they have many employees who could be at risk. I agree with a previous poster, in that there should be a "cost" for filing DMCA complaints, especially if they prove to be baseless. This process seems to be always associated with bullying or some form of abuse, rather than genuinely protecting copyrighted content -- doing more harm than good.
So you make up a completely fictitious name and address. Perjury problem solved! As long as the content gets pulled down, who cares?
Anyone can simply announce ownership of a part of the code and claim it is stolen property. "Hey, I used a for loop once and that looks a lot like mine."
No, this is not possible.
Someone needs to get together a wall of shame website for companies like Qualcomm. Call out and shame these bastards constantly. Boycott whoever you can on that list. Never forgive; never forget.
Sadly, I expect this incident to be forgotten over the weekend and cause no harm to GitHub's reputation.
Sure, you got to compensate with something! :)
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Is it still not legal to shoot copyright trolls on sight?
And if not, WHY THE HELL NOT?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Okay, I'm just imaging this. I do not recommend it, or want it to really happen. I also predict that some day it may really happen, just because there are enough vandals out there. With a concentrated attack, some group could send out a gazillion DMCA notices that in, say, a week, something 10, 20% of the websites on the internet have pending requests.
As it currently exists, is a trickly steady level of requests?
On the other hand, Big Content Owners and Big Companies would be happy if the internet is morphed back to something like AOL, where 99% of smucks are content consumers, and only entities on a white list get to have a website. Gotta be careful; maybe my prior thoughts will backfire.
If you issue a DMCA takedown notice against a product licensed under GPL, you no longer may use any products under the GPL. You have shown that you value milking software for money over its free distribution, and hence you obviously have no need for software that can be distributed openly.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You know, seeing how things are going lately, not being able to connect to current cellular networks looks more and more appealing.
DMCA requires that the service provider wait no fewer than ten and no more than fourteen days after forwarding the counter-notification and then put it back up if the service provider has not received notice of suit in that period.
Land of the fee, home of the slave.
... no, it means you just committed perjury, and in order for your request to be taken seriously by anyone of any importance (like github) they're going to communicate with you first, so they'll know who you actually are.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Does Cyanogenmod need even more encouragement to dump Qualcomm processors? Odd that the Nook Color is still supported, when many faster Qualcomm chips have been shown the door.
I already have to run an unofficial release of Cyanogenmod on my vivow. Now what is the likelyhood that I'm going to get a Towelroot patch when you are nuking the source repositories?
I still won't buy Motorola products because of their past behavior. Am I about to add Qualcomm to that list?
Github isn't going to drive out to the address you wrote in there to verify that you are who you say you are. They're going to hit "reply" in the email. To date I know of no entity that has been punished for fradulant DMCA takedowns more than a written admonishment. The law is utterly one sided because it was written by people who were intending to use it to send millions of takedown requests. They didn't want any possibily of suffering legal liability if they could get away with it, so the sender only has to hurdle the lowest legal hurdle (good faith) to completely indemnify themselves against counter claims. The law was written to be abused, and shock, people are abusing it.
I read the internet for the articles.
Haven't you heard? All the kiddies love this "cloud" thingy. Me, I've still got an onion tied to my belt.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Sadly, I expect this incident to be forgotten over the weekend and cause no harm to GitHub's reputation.
GitHub has it's hand tied as to what it can do in response to DMCA claims because of the safe harbor provisions. They have to treat each claim as valid and take the supposedly infringing content down. I would rather people remember Qualcomm's heavy handed and ridiculously over-broad copyright claims when it comes to selecting products and business partners. I also hope some of the people who were affected by this stunt file a counter notice and take this to court, hopefully exposing these claims as a sham and willful perjury. But that is unlikely to happen because there repositories are most likely independent developers and small businesses who can hardly afford a protracted legal fight.
Of all tyrannies, a tyranny sincerely exercised for the (supposed) good of its victims may be the most oppressive
I expect that DMCA subservience will come sooner rather than later for Bitbucket, alas, given their location in SF, USA. They will HAVE to comply with the most outrageous takedowns, or suffer the wrath of their local establishment. Also, like a lot of US service providers, Bitbucket are in IPv6 denial so they're not exactly the leading edge of network application providers.
Gitorious seems like a much better bet since they're outside of USA. And, no surprise at all, they're on IPv6, because the rest of the world understands the meaning of exponential growth.
File Name: https://github.com/justicezyx/...
They claimed copyright on a file called README of 1 byte in size. This is ridiculous.
As Luke on phoronix points out, "Webhosts should block Cyveillance, PicScout, etc. None of those automated copythug bots respect robots.txt and all of them can be construed as violating the TOS or any website that posts a demand that they stay away. One website (https://dcdirectactionnews.wordpress.com) has posted a legal notice that every access by Picscout could cost them $10,000 in liquidated damages, essentially a reverse "Getty Letter" against them. I suspect Cyveillance is about to get added to that notice, along with all their clients,.
GIThub should post similar terms and if they control the server they can also block these bots directly. So should this forum, phoronix itself, and as many websites as possible to shut down these parasites. PicScout in particular uses so much bandwidth that some smaller websites have incurred significant extra data costs until they blocked PicScout."
Taking down a project repository requires taking down
content from many sources with many copyrights.
For Qualcom to take down CyanogenMod and Sony Xperia
tells me that the take down could involve hundreds of OTHER Copyright holders
not Qualcom. I expect to see copyrights from Netscape, Texas Instruments,
Free Software Foundation, University of Illinois, Nokia, Intel, Red Hat, Carnegie Mellon
University, University of California Regents, Imagination Technologies, Samsung,
Apple, Torch Mobile and hundreds of individuals.
It is one thing to specify individual files but to reach out and assert ownership on
the Copyright of hundreds of others is theft on a grand scale. As a minimum it
is denial of service which is covered by modern internet law.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
Your only hope is to put your files on piratebay.
the current Internet is popular with the criminal element but we're not going to stop using it for that reason. Same for cash, guns, and safes.
So's Ketchup...
For the love of God, can we at least do something about ketchup?
So you think that unlike most DMCA takedown notices we hear about, many of these have reasonable validity. I suppose that's possible. It's not the way I'd bet.
Even if it's true in this particular case, the entire process is still unfair. I think less highly of any company that uses it unless they can prove that they have tried to resolve the problem privately and not been treated fairly...and this is true even in cases where the complaint was valid. However there appear to be so many invlaid takedown notices that the default belief is that they are invalid, even if they are successfully coercive. ("Successfully coercive" does not equal "just".)
Do note that even were most of the DMCA takedown notices valid, that would not make the process fair. And that's a hypothetical subjunctive for a damned good reason.
I think we've pushed this "anyone can grow up to be president" thing too far.
Would it be really so hard to relocate GitHub (servers, company and all) outside the US to avoid those DMCA take downs? Especially considering that it would also make life for the NSA a little harder too (no NSLs could force GitHub to secretly include backdoors here and there, and keep silent about it). Next question: what country would be most friendly to Open Source yet resisting the insatiable hunger of the copyright trolls?
cpghost at Cordula's Web.
What valuable IPR is contained in header files?
It seems most or all the code actually belongs to QUALCOMM. In the takedown it says that the documents requested for removal all contain the header "Copyright (c) 2012 QUALCOMM Austria Research Center GmbH". You can find the files still using Google Cache. They seem to mostly be QUALCOMM's own code that others are copying without permission, making it a clear copyright violation.
Have they no spine?? C'mon guys, don't you have some ACLU/EFF hook-ups to tell you this is bullshit. Where's the proof?? Where??
Jesus fucking Christ
When my Karma level reaches 0 I feel in piece with the Universe
It is now clear that github is unreliable in their core mission - to allow robust hosting and sharing of useful technology. Unfortunately for them they are in a legal jurisdiction which is no longer suitable for their core activity.
Korma: Good
Rest assured there're plans for that problem as well.
IANAL, but I wonder if a case couldn't be made that by limiting the distribution of parts of their Linux kernel source code, they've violated clause 6 of the GPL2 in every product of theirs that uses a Linux kernel with that code, and therefore every other Linux kernel developer is in a position to sue them for copyright violation, or at least file DMCA notices with anybody distributing their stuff. I am assuming they ship products using that kernel code.
Here is my phone. Notice that it has been dumped, it has 768mb of ram, and a 1ghz CPU.
Compare that to the Samsung Fascinate, a very similar phone that is still supported despite having less ram.
What you can see is a developer bias: Qualcomm technology is (already) preferentially terminated.
For myself, I need to start buying Samsung, and I need to make sure that it has as little Qualcomm technology in it as possible.
Other reports also say, however, that Qualcomm had released that code under the GPL.
It's going to need more than a post on Slashdot to convince me that they were acting legally, much less honorably. (Given other reports, I think it's probably impossible to plausibly argue that they were acting honorably.)
I think we've pushed this "anyone can grow up to be president" thing too far.
The DMCA does not allow you to refuse to process notices due to unpaid processing fees.
Does it allow somethig like this?
1) OSP charges the takedown filer a $1,000 (or $10,000, or whatever) fee to process a notice.
2) The fee is waived if the alleged infringer fails to file a counter-notice.
3) If a counter-noitce, is filed, the takedown filer is notified, perhaps with a check-box list of the alleged imfringer's claim(s), but DOES NOT RECIEVE THE CONTACT INFORMATION until the fee is paid (or satisfactory payment arrangements made).
4) The fee (or the bulk of it, or a pro-rata share) is waived if the takedown filer notifies the OSP, in a timely fashion, that it does not wish to pursue the takedown at this time and the OSP may put-back the material immediately, rather than waiting for the statutory time.
Assuming the OSP may legally withhold the counter-filing contact information pending payment without jepoardizing the safe harbor, this could be implemented entirely by an OSP. A troll operation would have to pay up to get the information needed to pursue its extortion. The OSP would not be stiffed for its fees if the trolls want to move on to the next step (and could still pursure collection even if the trolls DON'T pay up after the counter-notice is filed).
It would have the advantage (over "losing filers get a big financial hit" approaches) that it does not create a financial incentive for copyright claimants to pursure an iffy or bogus suit in order to avoid a large fine or damages payment.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Oh that DMCA was issued by Cyveillance ...
According to an Ausdroid "excllusive", a "Qualcomm representative" has already:
- repudiated and retracted the takedown notices,
- promised they will pursure any issues directly with the project maintainers.
- appologized to the project maintainers.
Unfortunately, this was in a communication with Ausdroid and apparently not in a form that would let GitHub over-the-holiday staff put the repositories back up immediately.
That's a pity. Many of the contributors to open source projects are volunterers with day jobs. This makes three-day weekend holidays "prime time" for a hackfest. Taking down the repositories over such a period is a serious hit to productivity. If they'd done it early in the week, rather than just before a three-day holiday, their error could have been corrected in hours rather than (exceptionally important) days.
(Fortunately, since the revision control system is git, where each checkout is a full copy of the repository, the hit is mainly impeeding inter-member cooperation, rather than bringing all work on the projects to a screeching halt.)
I hope both Qualcom and some of the affected projects bring actions against Cyveillance, if only to make them leery of issuing anti-FOSS takedowns at such sensitive times.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
[suggests] relocate[ing] GitHub (servers, company and all) outside the US to avoid those DMCA take downs? ... Next question: what country would be most friendly to Open Source yet resisting the insatiable hunger of the copyright trolls?
How about Antigua?
Antigua recently won a suit against the US over its ban on online gambling (a major source of foreign exchange income for the country). As a penalty, the WTO awarded Antigua the right to freely distribute "American [copyrighted] DVDs, CDs and games and software", up to $21 Million per year.
GitHub doesn't charge for the software it distributes (getting revenue mainly from things lik companies storing their OWN, PRIVATE repositories on their servers). So I'd think a company like GitHub, incorporated, owned, and hosted there, would consume $0 of the $21MM/year allocation, and could freely and legally distribute copyrighted material with US copyright holders - at least until the year after the US congress finally repeals the anti-online-gambing laws.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way