This is interesting because the DMCA process is, as I understood it (as a paralegal working on DMCA issues in a past life), a fairly rigid prescription that provides a safe harbor for providers like GitHub, ISPs, YouTube, etc.
The simplified version of the process:
1. The party claiming to own the rights to copied content submits a well-formed DMCA takedown notice to the listed DMCA agent contact information of the provider.
2. The provider blocks access to the content as soon as possible, and informs their customer/user about the takedown notice.
3. The user may then submit a counter-notice to the provider claiming that they do indeed have the rights.
4. The provider then re-enables access to the content and notifies the claiming party of the counter-notice.
5. If the claiming party disagrees, they file suit in court, notify the provider, and the provider generally again disables access.
As long as the provider takes these steps without delay, it is safe from any claims that it is itself in violation of the DMCA.
So here, GitHub is actually stating that they're delaying proceeding from step 1 to step 2. It's certainly customer-friendly, but I wonder if it causes any issues with the safe harbor.
Here's the actual relevant text from the bill [1]:
> upon notification of claimed infringement as described in subsection (c)(3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity
Immediately contacting the repository owner, and asking them to remove the content themselves within a short window of time, sounds like an expeditious response to my non-lawyer ears.
One nitpick as well:
> it is safe from any claims that it is itself in violation of the DMCA
§ 512 of the DMCA provides for immunity from liability for breaking another law, the copyright act. It's not "violating the DMCA", and service providers do not have to take advantage of § 512 safe harbor provisions if they don't want the benefits of doing so. Without this safe harbor, the service provider could be guilty of infringing the copyright of whomevers' property they're distributing copies of on behalf of their user. If they _voluntarily_ opt to meet the § 512 requirements by expeditiously taking down content, then they can't be held liable for that illegal act, even though it did happen.
"Immediately contacting the repository owner, and asking them to remove the content themselves within a short window of time, sounds like an expeditious response to my non-lawyer ears.
Except, uh, you cut out the object of this sentence, which is the service provider, not the user.
That is, github, not the user, is supposed to be the person responding expeditiously to remove.
Contacting someone is neither "removing" nor "disabling access".
The law is simply not ambiguous here, and github trying to play this game is not likely to go well in an actual court, as much as i'd like it to be the case (i know other companies have been threatened on exactly this point before).
If the user doesn't do it themselves within that short window, then GitHub has to. Every web hosting company I've worked with in the last 10 years has forwarded DMCA notices on to customers. They only disable a server if you don't handle the removal yourself. I don't think GitHub is trying anything new here.
"If the user doesn't do it themselves within that short window, then GitHub has to."
It sounded like you were claiming otherwise, saying that asking the user is acting expeditiously "enough", and that they can then "not remove" or slow down removal.
If you aren't claiming that, then we have no argument :)
This caught me at first too. My guess is that they are blocking access to the infringing file for people other than the alleged offender.
Previously they disabled the whole repo, and this blocked everyone, including the alleged offender from accessing it.
Now it sounds like they will restrict access on a file level and give the alleged offender access to attempt to respond/modify the file to comply or appeal.
This effectively removes the offending content from public view, which should be interpreted as blocking access.
I'm not sure if this is exactly what happens but from how the process was described, it seems plausible and avoids some of the worries that Github isn't responding fast enough to claims.
Is there a mechanism they could use for blocking access to the file from within git without rewriting all of the commits (and therefore changing hashes)?
I'm not sure I completely understand your question, but my guess is they are blocking access to the file from github.com which is all they need to do to comply with the DMCA request. They can't do anything about people's local copies.
Sure, they can block access to the file from their web interface. I'm asking how they block access to a specific file when someone does a "git clone" or "git pull".
It sounds like they just wait 24 hours to get contact.
"because GitHub cannot disable access to specific files within a repository, we will contact the user who created the repository and give them approximately 24 hours to delete or modify the content specified in the notice. We'll notify the copyright owner if and when we give the user a chance to make changes."
If that's the law, then why isn't content from various large companies vanishing (and later reappearing, as in part 4) from the web all the time?
Pick any large company. Surely somewhere among the 7 billion people in this world is someone who (1) hates that company, (2) can put together a well formed DMCA takedown notice, and (3) is willing to give it a shot.
Following that, if your description of the law is correct, the specified content must be taken down, at least temporarily.
So why don't we see major corporate web pages & content disappearing & reappearing on a daily basis?
Was that what they said? Typically you have 24 hours to disable from a DMCA notice. All they said is they would give the user a chance to fix it before the takedown they didn't say how long that chance may be. Could be 23 hours.
If someone took my sourcecode and posted it up on github without my permission, I'm not entirely sure I'd agree that that stance is 'customer friendly'. Only the infringing customer wins in that scenario.
The simplified version of the process:
1. The party claiming to own the rights to copied content submits a well-formed DMCA takedown notice to the listed DMCA agent contact information of the provider.
2. The provider blocks access to the content as soon as possible, and informs their customer/user about the takedown notice.
3. The user may then submit a counter-notice to the provider claiming that they do indeed have the rights.
4. The provider then re-enables access to the content and notifies the claiming party of the counter-notice.
5. If the claiming party disagrees, they file suit in court, notify the provider, and the provider generally again disables access.
As long as the provider takes these steps without delay, it is safe from any claims that it is itself in violation of the DMCA.
So here, GitHub is actually stating that they're delaying proceeding from step 1 to step 2. It's certainly customer-friendly, but I wonder if it causes any issues with the safe harbor.