Slashdot Mirror
Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice
An anonymous reader writes Qualcomm has forced GitHub to remove over 100 repositories due to "unauthorized publication, disclosure, and copying of highly sensitive, confidential, trade secret, and copyright-protected documents." Among the repositories taken down were for CyanogenMod and Sony Xperia. The issue though is that these "highly sensitive" and "confidential" files are Linux kernel code and reference/sample code files that can be easily found elsewhere, including the Android kernel, but GitHub has complied with Qualcomm's DMCA request.
Freedom, in the land of the just.
It's too bad that there's not a higher bar for "good faith." It'd be nice if it could be more readily disproven, in some cases.
"I did a Google search for [term] and have a good faith belief that there's no possible way any of the results could be non-infringing. Because I can't believe that any of the results could possibly be non-infringing, I'm not going to examine any of the results more closely. I require you to remove all these results I came up with or be subject to liability under ridiculous laws if it turns out my head isn't *completely* up my ass. In addition, unless you can *prove* that I'm not acting in good faith, through a time-consuming and expensive process, there's absolutely nothing you can do about it! Have a nice day! ---Jackass-in-a-suit"
Kind of ironic one of those repositories is owned by Qualcomm Atheros. Guess they are copyright infringing themselves?
Oh the world we live in.
There needs to be a cost for issuing overbroad DMCA takedown notices.
If a court finds out later that a company had no standing or no good reason to make a DMCA claim that resulted in a takedown, there should be statutory damages. Let's start at $10000 per infraction.
Github FAILS the requirement for reliability due to being subject to DMCA horseshit. Will somebody please start the next github in a jurisdiction untouchable by DMCA and other thuggish regulations.
A lot of the reference repositories include a Qualcomm proprietary license header. Many are from the Vuforia SDK which has a clear license agreement that prevents such redistribution.
but GitHub has complied with Qualcomm's DMCA request.
Comply first. Litigate later. This is the smart thing to do most of the time. For GitHub, it is not like they are being forced to give the keys to the kingdom or to hand over sensitive data customers entrusted to it. No no data is lost or compromised. It is simply inaccessible while GitHub tries to litigate hopefully with sponsorship by those GitHub users that are being affected.
I used to handle DMCA requests. We got thousands per day. You get them via email and there's no way to verify that the sender is who they say they are, the sender is actually the owner of the content, that the content can even BE owned, or that the contents of what's being complained about has anything to do with the complaint. DMCA requests are a logistical nightmare. You have a user thats hosting a file... Music.mp3 and you get an email from joesmith@lawfirm.com or whatever... How do you know they represent the content owner? Or are even really lawyers? Or that the claimed content owner owns the song in question? How do you know it's not just a recording of the guys kid singing the song in the bath? Maybe the person sending the complaint is just his ex-wife. There's very little you can do about any of it, so you have to make a wild ass guess. You're almost always wrong, but the one thing you can be sure of is that if someone like Qualcomm sends you a complaint, they can certainly follow through with a lawsuit, where-as the an open source project likely cannot. So which side would you err on?
This is a problem with the law, not with Github or even Qualcomm. Fix the damned law.
It isn't Qualcomm directly that issued the DMCA notices, but rather, an IP protection agency that operates on behalf of Qualcomm. In my work, I've often had to respond to these DMCA notifications, and these IP protection agencies are often pretty bush league. They'll see something that possibly infringes on an IP, and then they'll jump on it, thinking it'll make them look good to their client, who hired them. Honestly, I doubt this company will be doing much more work for Qualcomm once they discover what has happened.
That C file is part of the Android MSM kernel source tree and does contain a "Qualcomm Confidential and Proprietary" line while noting it's now under a Linux Foundation copyright.
Well, that could be just a tiny little problem for Qualcomm then. In a DMCA takedown notice, there are mistakes that you are allowed to make and mistakes that are criminal. A DMCA takedown notice against material that is not the one you own, or that has a license which you didn't notice, that's harmless. But you state under penalty of perjury that you are the copyright holder or represent the copyright holder of the item that you believe to be infringed. So if the Linux Foundation is indeed the copyright holder, that should be fatal.
Oh that DMCA was issued by Cyveillance - the incompetent company Hollywood and music labels hired for policing P&P by string matching filenames and then carpet bombing service providers with DMCA requests, even though the content was not infringing at all. I bet they simply crawled Github for Qualcomm copyright notices, something that is often left in source code, even though it was relicensed long time ago already. Unfortunately, their bot is not that smart.
Some references:
https://www.techdirt.com/artic...
http://arstechnica.com/tech-po...
etc.
These bozos are known and someone at Qualcomm should get fired for hiring them. This is going to backfire at Qualcomm in a spectacular way, IMO.
So you make up a completely fictitious name and address. Perjury problem solved! As long as the content gets pulled down, who cares?
Sadly, I expect this incident to be forgotten over the weekend and cause no harm to GitHub's reputation.
The dumbest thing about this is that we're talking about it instead of doing something effective about it.
Is it still not legal to shoot copyright trolls on sight?
And if not, WHY THE HELL NOT?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I am. I'm just fine-tuning it at the moment.
(github.com/qca/qca_open_hal_public)
*sigh* and I wanted to enjoy my weekend..
-a
A third:
- Join them. Since you need no legal standing to actually FILE a takedown notice on a site, start a distributed clearinghouse to file takedown notices on website holdings of all companies who are seen to file such notices. Basically, if they're identifying similar content but it is obvious that they don't own the copyright, then that indicates that THEY are likely in violation of copyright, so THEIR pages should be taken down.
I think if someone set up a forum with automated takedown system using the original takedown notice against them (also filing the standard challenge response regarding the original notice), this kind of thing would stop pretty quickly. If every major corporation ran the risk of having its assets removed from the internet every time it issued a takedown notice, that SHOULD give them pause.
Does Cyanogenmod need even more encouragement to dump Qualcomm processors? Odd that the Nook Color is still supported, when many faster Qualcomm chips have been shown the door.
I already have to run an unofficial release of Cyanogenmod on my vivow. Now what is the likelyhood that I'm going to get a Towelroot patch when you are nuking the source repositories?
I still won't buy Motorola products because of their past behavior. Am I about to add Qualcomm to that list?
Github isn't going to drive out to the address you wrote in there to verify that you are who you say you are. They're going to hit "reply" in the email. To date I know of no entity that has been punished for fradulant DMCA takedowns more than a written admonishment. The law is utterly one sided because it was written by people who were intending to use it to send millions of takedown requests. They didn't want any possibily of suffering legal liability if they could get away with it, so the sender only has to hurdle the lowest legal hurdle (good faith) to completely indemnify themselves against counter claims. The law was written to be abused, and shock, people are abusing it.
I read the internet for the articles.
While anybody can issue a DMCA take-down request, you can also fire a counter-protest to any such action as a content holder. All it takes is to send a formal letter to the ISP and demand that the content is restored. The ISP is then found blameless and if the person who issued the take-down notice wants to go further they need to take the whole issue to a judge and resolve it through a normal legal process rather than getting the ISP caught in the cross-hairs.
If you do file a counter-protest though, make damn sure you really do have copyright licensing on everything you are asserting is legal, or that you are on the very sunny side of fair-use (such as a legitimate parody or even a review/commentary.... as appropriate) for whatever content you try to issue the counter-protest.
You don't need to roll over and play dead claiming you are helpless with the onslaught of stupid DMCA requests.
While not about GitHub, this article about the DMCA and its application of take-down notices done on YouTube (which is notorious about such things) and what you can do in a similar situation is very informative:
http://gamasutra.com/blogs/StephenMcArthur/20140624/219589/
You really don't need to roll over, especially for something really stupid like a take-down request applied on Linux Kernel code.