Slashdot Mirror
Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice
An anonymous reader writes Qualcomm has forced GitHub to remove over 100 repositories due to "unauthorized publication, disclosure, and copying of highly sensitive, confidential, trade secret, and copyright-protected documents." Among the repositories taken down were for CyanogenMod and Sony Xperia. The issue though is that these "highly sensitive" and "confidential" files are Linux kernel code and reference/sample code files that can be easily found elsewhere, including the Android kernel, but GitHub has complied with Qualcomm's DMCA request.
Freedom, in the land of the just.
Kind of ironic one of those repositories is owned by Qualcomm Atheros. Guess they are copyright infringing themselves?
Oh the world we live in.
There needs to be a cost for issuing overbroad DMCA takedown notices.
If a court finds out later that a company had no standing or no good reason to make a DMCA claim that resulted in a takedown, there should be statutory damages. Let's start at $10000 per infraction.
It's too bad that there's not a higher bar for "good faith." It'd be nice if it could be more readily disproven, in some cases.
"I did a Google search for [term] and have a good faith belief that there's no possible way any of the results could be non-infringing. Because I can't believe that any of the results could possibly be non-infringing, I'm not going to examine any of the results more closely. I require you to remove all these results I came up with or be subject to liability under ridiculous laws if it turns out my head isn't *completely* up my ass. In addition, unless you can *prove* that I'm not acting in good faith, through a time-consuming and expensive process, there's absolutely nothing you can do about it! Have a nice day! ---Jackass-in-a-suit"
Screw good faith. Places need to start charging to process DMCA notices, and then when they get fake or bad, or just plain wrong notices like this, you then charge them 1000x the price. They don't pay? Then you don't process any more DMCA notices from them.
I thought we were about capitalism, this is capitalism at it's finest. Money is the only thing these people/corporations understand, so speak their language. They want to not be responsible about DMCA notices, then make it cost them.
Be seeing you...
Github FAILS the requirement for reliability due to being subject to DMCA horseshit. Will somebody please start the next github in a jurisdiction untouchable by DMCA and other thuggish regulations.
I used to handle DMCA requests. We got thousands per day. You get them via email and there's no way to verify that the sender is who they say they are, the sender is actually the owner of the content, that the content can even BE owned, or that the contents of what's being complained about has anything to do with the complaint. DMCA requests are a logistical nightmare. You have a user thats hosting a file... Music.mp3 and you get an email from joesmith@lawfirm.com or whatever... How do you know they represent the content owner? Or are even really lawyers? Or that the claimed content owner owns the song in question? How do you know it's not just a recording of the guys kid singing the song in the bath? Maybe the person sending the complaint is just his ex-wife. There's very little you can do about any of it, so you have to make a wild ass guess. You're almost always wrong, but the one thing you can be sure of is that if someone like Qualcomm sends you a complaint, they can certainly follow through with a lawsuit, where-as the an open source project likely cannot. So which side would you err on?
This is a problem with the law, not with Github or even Qualcomm. Fix the damned law.
It isn't Qualcomm directly that issued the DMCA notices, but rather, an IP protection agency that operates on behalf of Qualcomm. In my work, I've often had to respond to these DMCA notifications, and these IP protection agencies are often pretty bush league. They'll see something that possibly infringes on an IP, and then they'll jump on it, thinking it'll make them look good to their client, who hired them. Honestly, I doubt this company will be doing much more work for Qualcomm once they discover what has happened.
The DMCA does not allow you to refuse to process notices due to unpaid processing fees. Therefore, if they refuse to pay the fee, you are still required to process all their notices anyway, or you lose safe harbor.
That C file is part of the Android MSM kernel source tree and does contain a "Qualcomm Confidential and Proprietary" line while noting it's now under a Linux Foundation copyright.
Well, that could be just a tiny little problem for Qualcomm then. In a DMCA takedown notice, there are mistakes that you are allowed to make and mistakes that are criminal. A DMCA takedown notice against material that is not the one you own, or that has a license which you didn't notice, that's harmless. But you state under penalty of perjury that you are the copyright holder or represent the copyright holder of the item that you believe to be infringed. So if the Linux Foundation is indeed the copyright holder, that should be fatal.
Oh that DMCA was issued by Cyveillance - the incompetent company Hollywood and music labels hired for policing P&P by string matching filenames and then carpet bombing service providers with DMCA requests, even though the content was not infringing at all. I bet they simply crawled Github for Qualcomm copyright notices, something that is often left in source code, even though it was relicensed long time ago already. Unfortunately, their bot is not that smart.
Some references:
https://www.techdirt.com/artic...
http://arstechnica.com/tech-po...
etc.
These bozos are known and someone at Qualcomm should get fired for hiring them. This is going to backfire at Qualcomm in a spectacular way, IMO.
A third:
- Join them. Since you need no legal standing to actually FILE a takedown notice on a site, start a distributed clearinghouse to file takedown notices on website holdings of all companies who are seen to file such notices. Basically, if they're identifying similar content but it is obvious that they don't own the copyright, then that indicates that THEY are likely in violation of copyright, so THEIR pages should be taken down.
I think if someone set up a forum with automated takedown system using the original takedown notice against them (also filing the standard challenge response regarding the original notice), this kind of thing would stop pretty quickly. If every major corporation ran the risk of having its assets removed from the internet every time it issued a takedown notice, that SHOULD give them pause.
While anybody can issue a DMCA take-down request, you can also fire a counter-protest to any such action as a content holder. All it takes is to send a formal letter to the ISP and demand that the content is restored. The ISP is then found blameless and if the person who issued the take-down notice wants to go further they need to take the whole issue to a judge and resolve it through a normal legal process rather than getting the ISP caught in the cross-hairs.
If you do file a counter-protest though, make damn sure you really do have copyright licensing on everything you are asserting is legal, or that you are on the very sunny side of fair-use (such as a legitimate parody or even a review/commentary.... as appropriate) for whatever content you try to issue the counter-protest.
You don't need to roll over and play dead claiming you are helpless with the onslaught of stupid DMCA requests.
While not about GitHub, this article about the DMCA and its application of take-down notices done on YouTube (which is notorious about such things) and what you can do in a similar situation is very informative:
http://gamasutra.com/blogs/StephenMcArthur/20140624/219589/
You really don't need to roll over, especially for something really stupid like a take-down request applied on Linux Kernel code.