Slashdot Mirror

← Back to Stories (view on slashdot.org)

Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice

Posted by Soulskill on from the we-invented-the-for-loop dept.

An anonymous reader writes Qualcomm has forced GitHub to remove over 100 repositories due to "unauthorized publication, disclosure, and copying of highly sensitive, confidential, trade secret, and copyright-protected documents." Among the repositories taken down were for CyanogenMod and Sony Xperia. The issue though is that these "highly sensitive" and "confidential" files are Linux kernel code and reference/sample code files that can be easily found elsewhere, including the Android kernel, but GitHub has complied with Qualcomm's DMCA request.

26 of 349 comments (clear)

  1. On this 4th of July... by Anonymous Coward · · Score: 5, Insightful

    Freedom, in the land of the just.

    1. Re:On this 4th of July... by Jane+Q.+Public · · Score: 5, Insightful

      Freedom, in the land of the just.

      And you can blame every bit of it on the DMCA.

      This is a great example of how the takedown process established by DMCA is inherently abusive. Lots of perfectly legitimate information is taken down with no proof of anything, just because some copyright troll wants to say so.

      That ain't America.

    2. Re:On this 4th of July... by jbolden · · Score: 5, Insightful

      This is America. This is how the legal system has always worked.

      A does action X.
      B objects and threatens to sue A if the doesn't stop X.
      A agrees.

      GitHub is a distributor. To distribute they need to be properly licensed. They are now asking for assurance of licensing given that Qualcomm is contending they are the copyright holder. That's all that is happening. Qualcomm is factually wrong and under the law they can be sued for being wrong by the licensees (the people about whom they made false complaints).

      That is in no way different than what would have happened 100 years ago if someone was distributing a book and someone else complained that the distributor didn't have license to the material.

    3. Re:On this 4th of July... by EasyTarget · · Score: 4, Insightful

      Qualcomm is factually wrong and under the law they can be sued for being wrong by the licensees

      Yeah good luck with that.

      --
      "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
    4. Re:On this 4th of July... by profplump · · Score: 4, Insightful

      No. It's not sufficient to be "factually wrong" -- the claims must be "knowingly false". You can issue all the "accidental" takedown notices you want without any fear of being sued over it. Which is nothing like 100 year ago.

    5. Re:On this 4th of July... by Teancum · · Score: 4, Informative

      An accidental take-down notice is fine. File the counter-notice to have the content restored, at which time if they persist and file a lawsuit in court it no longer is considered accidental and the standard is moved much more into your favor if they are simply trying to file thousands of these kind of lawsuits. Judges don't like class-action lawsuits where the defendant is a class of people of mostly "John Does".

    6. Re:On this 4th of July... by Teancum · · Score: 5, Interesting

      You really have a warped sense of the law here. Note, you aren't filing a countersuit here, you are filing a counter-notice and expecting them to file a formal lawsuit against you if they want to continue. They, the guys who filed the original DMCA notice, need to spend their money filing the lawsuit and going before a federal judge to explain why they want to see you in court.

      Where do you get this notion that the law doesn't apply to you, me, or anybody else other than some special elite? Are you really serious about this belief that laws don't matter and don't actually protect anybody but somebody with seven+ figures in their bank account?

  2. "Good faith" by jargonburn · · Score: 4, Insightful

    It's too bad that there's not a higher bar for "good faith." It'd be nice if it could be more readily disproven, in some cases.

    "I did a Google search for [term] and have a good faith belief that there's no possible way any of the results could be non-infringing. Because I can't believe that any of the results could possibly be non-infringing, I'm not going to examine any of the results more closely. I require you to remove all these results I came up with or be subject to liability under ridiculous laws if it turns out my head isn't *completely* up my ass. In addition, unless you can *prove* that I'm not acting in good faith, through a time-consuming and expensive process, there's absolutely nothing you can do about it! Have a nice day! ---Jackass-in-a-suit"

    1. Re:"Good faith" by Nyder · · Score: 5, Insightful

      It's too bad that there's not a higher bar for "good faith." It'd be nice if it could be more readily disproven, in some cases.

      "I did a Google search for [term] and have a good faith belief that there's no possible way any of the results could be non-infringing. Because I can't believe that any of the results could possibly be non-infringing, I'm not going to examine any of the results more closely. I require you to remove all these results I came up with or be subject to liability under ridiculous laws if it turns out my head isn't *completely* up my ass. In addition, unless you can *prove* that I'm not acting in good faith, through a time-consuming and expensive process, there's absolutely nothing you can do about it! Have a nice day! ---Jackass-in-a-suit"

      Screw good faith. Places need to start charging to process DMCA notices, and then when they get fake or bad, or just plain wrong notices like this, you then charge them 1000x the price. They don't pay? Then you don't process any more DMCA notices from them.

      I thought we were about capitalism, this is capitalism at it's finest. Money is the only thing these people/corporations understand, so speak their language. They want to not be responsible about DMCA notices, then make it cost them.

      --
      Be seeing you...
    2. Re:"Good faith" by Anonymous Coward · · Score: 5, Informative

      The DMCA does not allow you to refuse to process notices due to unpaid processing fees. Therefore, if they refuse to pay the fee, you are still required to process all their notices anyway, or you lose safe harbor.

    3. Re: "Good faith" by jxander · · Score: 4, Interesting

      There also need to be rules for overturned requests.

      If Company A issues a takedown request against something on my website, and I successfully appeal the claim, that needs to be a strike against Company A.

      Three strikes and Company A is barred from making DMCA requests (either permanently or for some set timeframe). This would instantly stop these companies from issuing mass auto-generated takedown requests.

      --
      This signature is false.
    4. Re:"Good faith" by whoever57 · · Score: 4, Insightful

      You do know that takedown notices are supposed to be filed truthfully under penalty of perjury, yes?

      No. They don't.

      The penalty of perjury only applies to a very small part of the takedown notice -- that the person making the request is authorized to act on behalf of the copyright holder. The rest of the takedown notice is not under penalty of perjury.

      --
      The real "Libtards" are the Libertarians!
  3. Trolling by Kuberz · · Score: 5, Interesting

    Kind of ironic one of those repositories is owned by Qualcomm Atheros. Guess they are copyright infringing themselves?

    Oh the world we live in.

    1. Re:Trolling by adri · · Score: 5, Interesting

      It's pretty funny indeed. Except when it's not.

      I'm the guy that got that through the internal Qualcomm open source review process .. and now they've done this. Grr.

  4. There need to be costs by ggraham412 · · Score: 5, Interesting

    There needs to be a cost for issuing overbroad DMCA takedown notices.

    If a court finds out later that a company had no standing or no good reason to make a DMCA claim that resulted in a takedown, there should be statutory damages. Let's start at $10000 per infraction.

  5. Github overtaken by thuggish government by fnj · · Score: 5, Insightful

    Github FAILS the requirement for reliability due to being subject to DMCA horseshit. Will somebody please start the next github in a jurisdiction untouchable by DMCA and other thuggish regulations.

  6. Re:No validation by phoebe · · Score: 4, Interesting

    A lot of the reference repositories include a Qualcomm proprietary license header. Many are from the Vuforia SDK which has a clear license agreement that prevents such redistribution.

  7. Not githubs fault by Charliemopps · · Score: 5, Insightful

    I used to handle DMCA requests. We got thousands per day. You get them via email and there's no way to verify that the sender is who they say they are, the sender is actually the owner of the content, that the content can even BE owned, or that the contents of what's being complained about has anything to do with the complaint. DMCA requests are a logistical nightmare. You have a user thats hosting a file... Music.mp3 and you get an email from joesmith@lawfirm.com or whatever... How do you know they represent the content owner? Or are even really lawyers? Or that the claimed content owner owns the song in question? How do you know it's not just a recording of the guys kid singing the song in the bath? Maybe the person sending the complaint is just his ex-wife. There's very little you can do about any of it, so you have to make a wild ass guess. You're almost always wrong, but the one thing you can be sure of is that if someone like Qualcomm sends you a complaint, they can certainly follow through with a lawsuit, where-as the an open source project likely cannot. So which side would you err on?

    This is a problem with the law, not with Github or even Qualcomm. Fix the damned law.

  8. Qualcomm, but not really Qualcomm. by tsnow · · Score: 5, Interesting

    It isn't Qualcomm directly that issued the DMCA notices, but rather, an IP protection agency that operates on behalf of Qualcomm. In my work, I've often had to respond to these DMCA notifications, and these IP protection agencies are often pretty bush league. They'll see something that possibly infringes on an IP, and then they'll jump on it, thinking it'll make them look good to their client, who hired them. Honestly, I doubt this company will be doing much more work for Qualcomm once they discover what has happened.

  9. From the Phoronix site: by gnasher719 · · Score: 5, Interesting

    That C file is part of the Android MSM kernel source tree and does contain a "Qualcomm Confidential and Proprietary" line while noting it's now under a Linux Foundation copyright.

    Well, that could be just a tiny little problem for Qualcomm then. In a DMCA takedown notice, there are mistakes that you are allowed to make and mistakes that are criminal. A DMCA takedown notice against material that is not the one you own, or that has a license which you didn't notice, that's harmless. But you state under penalty of perjury that you are the copyright holder or represent the copyright holder of the item that you believe to be infringed. So if the Linux Foundation is indeed the copyright holder, that should be fatal.

    1. Re:From the Phoronix site: by Greyfox · · Score: 4, Interesting

      It seems to me that it's awfully close to breaking the terms of the license under which Linux is published. Perhaps the copyright holder should demand that Qualcomm cease and desist using Linux.

      --

      I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  10. Cyveillance by janoc · · Score: 5, Interesting

    Oh that DMCA was issued by Cyveillance - the incompetent company Hollywood and music labels hired for policing P&P by string matching filenames and then carpet bombing service providers with DMCA requests, even though the content was not infringing at all. I bet they simply crawled Github for Qualcomm copyright notices, something that is often left in source code, even though it was relicensed long time ago already. Unfortunately, their bot is not that smart.

    Some references:
    https://www.techdirt.com/artic...
    http://arstechnica.com/tech-po...

    etc.

    These bozos are known and someone at Qualcomm should get fired for hiring them. This is going to backfire at Qualcomm in a spectacular way, IMO.

    1. Re:Cyveillance by Megane · · Score: 4, Interesting

      Oh that DMCA was issued by Cyveillance

      Wow, I haven't heard of those assclowns in a LOOOOOONG time.

      I even have a firewall rule for them them that I added at least ten years ago, so it's probably way out of date:

      $IPFW add 100 deny ip from 63.148.99.224/27 to any
      $IPFW add 100 deny ip from 65.118.41.192/27 to any

      Yep, I see there's a more recent list here: http://www.vk2qh.net/blockedip...

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  11. Re:What else is safe ? by Anonymous Coward · · Score: 5, Interesting

    A third:

    - Join them. Since you need no legal standing to actually FILE a takedown notice on a site, start a distributed clearinghouse to file takedown notices on website holdings of all companies who are seen to file such notices. Basically, if they're identifying similar content but it is obvious that they don't own the copyright, then that indicates that THEY are likely in violation of copyright, so THEIR pages should be taken down.

    I think if someone set up a forum with automated takedown system using the original takedown notice against them (also filing the standard challenge response regarding the original notice), this kind of thing would stop pretty quickly. If every major corporation ran the risk of having its assets removed from the internet every time it issued a takedown notice, that SHOULD give them pause.

  12. Re:Not github's fault by jandrese · · Score: 4, Insightful

    Github isn't going to drive out to the address you wrote in there to verify that you are who you say you are. They're going to hit "reply" in the email. To date I know of no entity that has been punished for fradulant DMCA takedowns more than a written admonishment. The law is utterly one sided because it was written by people who were intending to use it to send millions of takedown requests. They didn't want any possibily of suffering legal liability if they could get away with it, so the sender only has to hurdle the lowest legal hurdle (good faith) to completely indemnify themselves against counter claims. The law was written to be abused, and shock, people are abusing it.

    --

    I read the internet for the articles.
  13. Re:What else is safe ? by Teancum · · Score: 5, Informative

    While anybody can issue a DMCA take-down request, you can also fire a counter-protest to any such action as a content holder. All it takes is to send a formal letter to the ISP and demand that the content is restored. The ISP is then found blameless and if the person who issued the take-down notice wants to go further they need to take the whole issue to a judge and resolve it through a normal legal process rather than getting the ISP caught in the cross-hairs.

    If you do file a counter-protest though, make damn sure you really do have copyright licensing on everything you are asserting is legal, or that you are on the very sunny side of fair-use (such as a legitimate parody or even a review/commentary.... as appropriate) for whatever content you try to issue the counter-protest.

    You don't need to roll over and play dead claiming you are helpless with the onslaught of stupid DMCA requests.

    While not about GitHub, this article about the DMCA and its application of take-down notices done on YouTube (which is notorious about such things) and what you can do in a similar situation is very informative:

    http://gamasutra.com/blogs/StephenMcArthur/20140624/219589/

    You really don't need to roll over, especially for something really stupid like a take-down request applied on Linux Kernel code.