DMCA section needs a option for third-parties to submit copyright reports.

[sebastiannielsen]

1. What's the name of the policy?

https://github.com/github/site-policy/blob/master/Policies/github-terms-of-service.md

2. Is this issue related to a specific section within one of our policies (e.g. the Terms of Service)? If so, please include a link to the section or subsection.

Yes. https://github.com/github/site-policy/blob/master/Policies/github-terms-of-service.md#e-copyright-infringement-and-dmca-policy

3. Did you already open a pull request? If so, please include a link to the PR.

No.

4. Sometimes it's easier to just put your feedback text into an issue. If that's how you'd prefer to contribute, this is the section to do that.

Yes.

5. Why do you think this section or language needs improvement?

For three reasons, I think this needs an improvement to allow for third parties to submit copyright flags.

First, theres a legal requirement in sweden, for someone that hosts user-generated content without pre-moderation, to take down any copyright infringing content when ANYONE reports, not just the copyright owner. The law is "Lag (1998:112) om ansvar för elektroniska anslagstavlor" (Law (1998:112) about responsibility for electronic bulletin boards) Even if the title of the law might be misleading, it does not only apply to forums, but ANY site where a third-party can post content without pre-moderation by a moderator or admin.

And here is an excerpt from that law, stating its requirement to delete or disable access to any illegal content, anytime the site administrator gets notice of that:

"5 § Om en användare sänder in ett meddelande till en elektronisk anslagstavla ska den som tillhandahåller tjänsten ta bort meddelandet från tjänsten eller på annat sätt förhindra vidare spridning av meddelandet, om ...

2. det är uppenbart att användaren har gjort intrång i upphovsrätt eller i rättighet som skyddas genom föreskrift i 5 kap. lagen (1960:729) om upphovsrätt till litterära och konstnärliga verk genom att sända in meddelandet. "

Translation: "5 § If a user submits a message to a electronic bulletin board, the entity who provides the service should delete the message from the service, or in other way prevent further distribution of the message, if ...

2. Its obvious that the user has infringed on copyright or any other right protected by 5chap law (1960:729) about copyright to litterate and art works, by sending in the message."

Two: Because DMCA does not prohibit taking down material that is infringing on copyright even if a third-party submits the DMCA notice. The only thing is that GitHub isn't required to take down (according to USA law) but they can do so if they choose so. https://law.stackexchange.com/questions/14084/is-it-prohibited-to-accept-dmca-takedown-notices-from-non-authorized-individuals

Three: The terms of service does have a section, C-2, "Content Restrictions", that specifically say: "infringes on any proprietary right of any party, including patent, trademark, trade secret, copyright, right of publicity, or other rights."

which means, content can be taken down either by DMCA, or C-2.

Thus, I suggest section E, to be updated to:

E. Copyright Infringement and DMCA Policy

If you believe that content on our website violates your copyright, please contact us in accordance with our Digital Millennium Copyright Act Policy. If you are a copyright owner and you believe that content on GitHub violates your rights, please contact us via our convenient DMCA form or by emailing copyright@github.com. There may be legal consequences for sending a false or frivolous takedown notice. Before sending a takedown request, you must consider legal uses such as fair use and licensed uses.

If you believe that content on our website violates a third party's copyright, please contact us in accordance with our Terms of Service, Content Restrictions Policy. If you are a third party who witnesses that content on GitHub violates a third party's right, please contact us by emailing copyright@github.com. Please write "C-2 takedown request" in the subject line. Please note that a C-2 takedown request isn't legally binding, will be judged by GitHub admins and/or moderators, and may be rejected. Only submit a C-2 takedown request if you are completely sure that the copyright owner does not allow that specific content there. If a GitHub Admin or Moderator approves a C-2 takedown request on your repository, you must send proof of copyright to have the content reinstated. Proof of copyright can be for example written agreements from a copyright owner about permission to use material, a license document, or any other documents that proves you have right to use the material, or proof that you created the material. You can also have the copyright owner to contact us. They will have to prove their position as a copyright owner, and then they can ask to have your material reinstated. We will in the case copyright owner asks us to have material reinstated, also block further C-2 takedowns on that particular repository. (DMCA takedowns will still be valid).

A copyright owner or a entity authorized to act on behalf of the copyright owner, can choose if they want to send a DMCA notice or a C-2 notice. If a C-2 notice is chosen, the content will be judged by GitHub, and material taken down if the C-2 notice is approved. C-2 notices protects you from counter-notices. If a C-2 notice is rejected and you are the copyright owner or a entity authorized to act on behalf of the copyright owner, you can escalate it to a DMCA notice.

We will terminate the accounts of repeat infringers of this policy, regardless of if the takedown notice was a DMCA one or a approved C-2 one.

Also a moral thing to consider:

I can report to the admins that a repostiory contains for example pornography, drug trafficing, promotes illegal activites or other illegal/prohibited content, and have the content taken down.

I can also, if I see someone shoplifting in a store, call the police and also file a formal police report. I don't need to ask the store owner for permission.

Why is it so hard to report copyrighted content to be taken down unless Im the copyright owner?

[MouseProducedGames]

Why is it so hard to report copyrighted content to be taken down unless Im the copyright owner?`

Note: I Am Not A Lawyer.

Far too many people who aren't the copyright owner, flag things just because they "don't like X", where "X" is a legitimate behaviour.

Including flagging pages for copyright violation, when the item on the page that supposedly violates copyright, was placed there by the copyright holder.

It is a matter of scale. If Bob accuses Bill of shoplifting, then a security office and a camera recording is a few minutes away, and that may be the only incident worth nothing all month (varying by scale of store).

A large website, however, can get so many violation reports that it is functionally impossible to look through them all, thus resulting in things like automatic filtering and response, which results in things like spammers and (effectively) DDoS attacks being able to effectively take down content for illegitimate reasons.

For that matter, it is entirely possible for people to flag copyrighted content out of a legitimate concern that its use is illegitimate, thus requiring investigation of complaints where, ultimately, the use of the copyrighted item was allowed by the copyright holder.

[sebastiannielsen]

Such frivolius reports should be easy to filter out. Im talking about clear-cut infringements now. Like finding a bypass-DRM-protection tool on GitHub, or finding obvious pictures with a large "PIRACY DETECTED - PLEASE REPORT" banner straight over the pic. (Because they used a picture editing program that they cracked). Or finding code that is obviously stolen, like confidental comments and copyright comments belongning to internal use.

For those abusing the tool to reports things they don't like, it would be easy to shut down or warn those accounts. With clear-cut copyright infringement, it should be so clear-cut that GitHub personell can see its a obvious & blatant infringement. And in that case, the uploader must show proof he has permission to upload the content to keep it.

I found a tool that was made to bypass DRM protection on Capcom games. GitHub did refuse to take it down because im not copyright owner, and Capcom's page with contact details to their copyright office, is password protected. Good luck with getting the infringement to Capcom's knowledge. Checked and the DRM bypass tool is still up on GitHub.

And in the rare case the copyright owner allows the usage (for example if a copyright owner wants a bypass-DRM tool for bypassing a old DRM they no longer have control over) then the copyright owner can simply tell GitHub to keep the content and all C-2 reports on that tool will be blocked.

If we take the store example again. As you say, you can see on security cameras that it is shoplifting. Same with certain infringements, they are so clear-cut they are out in the blue. Like a 5 year child can see its a copyright infringement.

And in the same case with shoplifting, you still don't know if the guy taking the item is a friend to the shop owner that is allowed to take a few items. But still you can file a police report and then the owner of store has to say to the police it was okay. (Or the "shoplifter" needs to show proof of permission).

And of course, in the cases where the copyright owner gets his own content taken down, the copyright owner normally has itself to blame for not using a official account tied to the owning organisation for example - but in that case content restoration is easy by arranging for the official account to give permission to the sub-account. Most organisations have a official account on most sites and its easy to tell uploads made by copyright owner apart from illegal uploads.

[MouseProducedGames]

I am not an accountant, either. Feel free to run your own numbers.

Here, a link for you: https://www.google.ca/search?q=youtube+fake+copyright+claims&ie=utf-8&oe=utf-8&gws_rd=cr&ei=xCJsWdWNF4rY0gK85JPgCA

I'm not talking theoretical; this is stuff that has happened on other sites, has happened a lot on other sites, and has caused a number of problems on other sites.

It's easy to say "it's simple to check for obvious infringement". There's a few problems:

1) GitHub had *24,000,000 users in 2016. Based on long experience with people, for every 20 people, you have 1 person who's going to cause trouble or friction. I don't just mean trolls. I'm also including mistakes, ignorance, and etc. in with bad actor. 1a) Let's say 10% of them file a complaint every month. 1b) That's 120,000 complaints a month, and about 4,000 every day. 1d) Let's say 95% of complaints can be handled within 5 minutes, 3% within 15 minutes, 1% take 3 hours, and an additional 1% take indeterminate time. 1e) Assuming that anything that takes longer than 5 minutes is ignored, that means 19,000 minutes of work per day, or 317 hours (rounded up from 316.6~). 1f) At 8 hours of work per day, minus 30 minute lunch, minus 15 minute break, minus bathroom breaks, minus twiddling thumbs, minus discreetly checking Facegroup, that would mean (/6) 53 new workers (rounded up from 52.833~). 1g) 53 new workers at $25,000 USD per year means $1,325,000 per year in pay for the group, not counting management, facilities, maintenance, and other expenses. 2) Complaints will not be restricted to GitHub users alone. 3) Under ideal circumstances, your complaint mechanism would see mostly valid complaints. 3a) We do not have ideal circumstances.

• https://www.quora.com/How-many-users-does-GitHub-have

[nukeop]

On Youtube, allowing third party dmca requests led to taking down video huge companies didn't like regardless of their actual breach of dmca.

Also, dmca is american law. I do not see why it should be obeyed in countries that are not the USA.

[sebastiannielsen]

nukeop: Exactly what im pointing out, that DMCA is american law. Sweden law is actually stricter on that point that you must, as a service provider, investigate any copyright complaints regardless of who is submitting the complaint. (But on the other case, you only need to take down material when its clear case, for example obvious infringements or the copyright owner submits the complaint)

[nukeop]

DMCA allows companies to take down repositories that represent a "threat" to their business, for example by using their services in a way they do not like (for an example, see: https://github.com/github/dmca/blob/master/2017/2017-07-13-byond.md )

That has much more dire consequences that threaten the fundamental freedoms regarding the creation and use of software, than just uploading "copyrighted" materials to Github.

[sebastiannielsen]

Yeah but all that content constitues DRM bypass tools. Its not because just of a "threat" to their business. For example, a spider tool or a scraping tool couldn't be taken down, even if that poses a "threat" to their business.

[nukeop]

There should be nothing illegal in bypassing oppressive DRM, and in fact in many countries there isn't.

[sebastiannielsen]

In sweden its illegal for example. The only exception is that if a technical fault in the DRM appears so you cannot access paid content, for example if you paid for a music but can't listen to it, then you may "fix" the error, but only if its clear that the error is due to a technical fault and not intended.

In all other cases, for example when a company shuts down their activation servers so you cannot no longer listen on a bought song or use software you paid for, then you have to go to court if you want to have access reinstated. Its illegal to take the matters in your own hands and circumvent the DRM.

[KOLANICH]

First, theres a legal requirement in sweden ...

sounds nearly like

First, there are legal requirement in Democratic People's Republic of Korea (also known as North Korea), just Republic of Korea (also known as South Korea), People's Republic of (mainland) China and Taiwan, Russian Federation and Ukraine, Saudi Arabia, Iran, Oman, Ethiopia, United Kingdom, EU ...

Do you suggest to satisfy the legal requirements of ALL the jurisdictions existing (and imaginary, because of "define existing")? If not, why do you suggest GH to satisfy the requirements of any jurisdiction other than the one on which territory GitHub is placed?

[nukeop]

Listing the UK along with DPRK was a nice touch.

[sebastiannielsen]

This is the big problem. My tought is that it would be wise to implement a policy that is compatible with most of the countries, so all copyright complaints are handled in a way that supports most laws.

The copyright law isn't really much different in most countries due to it being a international law, but for those small differences, its wise to implement a policy that fits them all.

[KOLANICH]

This is the big problem. My tought is that it would be wise to implement a policy that is compatible with most of the countries, so all copyright complaints are handled in a way that supports most laws.

Do I understand you correctly, that you suggest to collect the worst parts of copyright (and not only copyright, you have mentioned

can report to the admins that a repostiory contains for example pornography, drug trafficing, promotes illegal activites or other illegal/prohibited content, and have the content taken down.

) legislations (if not to do that, laws of some jurisdictions will be violated) and implement them as GitHub policy, just to make some governments and some people I won't shake a hand of happy? I vote against that. My advise to you: if you don't like the content, don't open it. If you don't like the website - don't visit it. If you like censorship - censor the internet for yourself, don't use it.

[ssokolow]

Also keep in mind that "unifying" and "standardizing" is how copyright gets ratcheted to ever more draconian heights. Lobbyists make a change (eg. extending the term, tightening enforcement, chipping away at fair use) in a few jurisdictions, then push for everyone to standardize on those new, more restrictive laws, then repeat the process.

...all the while, brushing under the rug that the original purpose of American-style copyright was to enrich the public domain by encouraging future production with a limited-time (14 years + another 14 if renewed), opt-in monopoly on maps, charts, and books (and nothing else) to further the progress of "science and useful arts" and, prior to America, it began as a censorship deal between the British crown and printing guilds. (ie. You print only what we approve of and we'll make it illegal for anyone else to print anything.)

(How could things like "life of the author + 90 years" possibly encourage more production and are there any other kinds of entrepreneurs who get to freeload off of a limited amount of work? Do you pay your plumber a licensing fee every time you turn on the tap? ...or, conversely, do restaurants, fashion designers, and comedians starve because recipes, clothing designs, and jokes are exempt from copyright?)

EDIT: Corrected the duration of original U.S. copyright from 19+19 to 14+14 after double-checking this Wikipedia article and clarified what was eligible.

[lee-dohm]

The conversation here is an interesting one. Let's be careful to keep things civil and polite, please. Let's err on the side of asking questions and striving to understand each other rather than giving advice.

[nukeop]

In short Github should do the absolute minimum to avoid serious lawsuits, and we should not make the life of DMCA issuers any easier willingly (quite the opposite).

[nsqe]

Thanks so much for this proposal. It's an interesting suggestion, and this has been a great discussion. However, in the United States, only the owner of a right has the ability to enforce that right. A valid DMCA takedown notice can only be sent by the owner of a right (or that person's agent).

When it comes to copyright law, only the holder of a copyright knows whether or not he or she has given permission for it to be used. It can be very difficult to identify copyright violations. While a third party, like a fan or a user, might believe that certain content would never have been authorized, it's hard to know, and even experts with insider knowledge sometimes get it wrong. Even if you think you've found an obvious case of infringement, there may be a license you're not aware of, there may be fair use, or the copyright holder just may not care.

GitHub does not have the ability to determine whether or not a use is authorized. We are only able to wait until someone who has the right and ability to enforce their rights asks us to take down content. Because third parties don't have any rights to the content, and cannot send a takedown notice under the DMCA, we cannot accept a takedown request from them.

Another thing to consider is that every time we take down content, it can be very disruptive to the person who has had content taken down...especially when someone is sending a false or abusive notice just to remove a competitor's hard work. From our perspective, as a service provider that processes large numbers of takedown notices, we've seen many instances of people sending abusive complaints just to mess with another user who has angered them. Although the DMCA process isn't perfect, requiring the copyright holder to submit the notice is one of the safeguards against such shenanigans.

For all these reasons, we will not be opening up our DMCA takedown process to complaints from third parties. If you come across content on GitHub that you suspect has been infringed and you aren't the copyright holder, you always have the option to send an email to the copyright holder. It's only fair to give them the right to decide whether or not they want to follow up with us.