> There is one thing that has been and is always going to be counterproductive, especially in such situations: blind actionism. Many people flooded the Internet (read: forums, Reddit, bug trackers of projects), inciting panic and suggesting to move to some other “free” hosted platform. This is clearly not a solution. Any hosting platform will sooner or later have to comply with such a request. It can become very expensive if you end up in court.
> Any hosting platform will sooner or later have to comply with such a request. It can become very expensive if you end up in court.
Given that this request was completely fraudulent, no matter your take on whether youtube-dl itself is legal the project itself is not an unauthorized post of copyright material, doesn't this give groups like the RIAA a free pass to do whatever they want until someone challenges them?
While it's good that github eventually returned it, their willingness to comply with such a sham should make projects consider moving from them.
Based on how easily the EFF resolved the problem by sending that notice to GitHub, it feels like this could be an easy problem to solve in the future..
The RIAA got effortlessly blocked here with a couple of lawyer man hours, which contained information gathered from a handful of really interesting blog posts.
I would say this entire story is something to celebrate, because it shows how easily a single person could stop this.
Mitchell L. Stoltz, Senior Staff Attorney at the EFF signed this letter, which probably took no more than handful of man hours to compile.
Not every project will have a sufficiently high profile for the EFF to notice. Relying on the EFF like this doesn't scale, isn't future proof, and doesn't address the long tail of the problem.
I think it'll most likely come down to a question of cost per incident - while a couple of lawyer hours is certainly relatively cheap if that same cost is required for every similar RIAA take down request then you'd need to look at how many hours it takes for RIAA to identify a good target and produce a take down notice. The effortlessness of this particular incident gives me hope that if the volume of take downs increased then maybe the EFF or someone else could essentially put together a form reply.
>The RIAA got effortlessly blocked here with a couple of lawyer man hours, which contained information gathered from a handful of really interesting blog posts.
It's not clear that the RIAA needed to spend any real lawyer man hours making the request, I don't think a designated agent needs to be a lawyer but even if they do they just send a form letter.
> it feels like this could be an easy problem to solve in the future
Welcome to the future. Github has received “a DMCA” from the RIAA’s film counterpart requesting they take down another repo for tool that does not contain proprietary copyrighted material (this time not even including a test suite that downloads it IIUC), and apparently instantaneously complied. As of the time I’m posting this, it’s been more than a day (an order of magnitude longer than “a couple of lawyer man hours”, times 1–2?) since it was posted here https://news.ycombinator.com/item?id=25836503 and I’m still not aware of any other response from them so far.
Even if the RIAA payed 1.5 lawyer hours to the EFF’s 1, this is a bad trade IMO. And I doubt the RIAA is spending significant time on these cases based on their record of general sloppyness (ex- the time the RIAA sued charter for infringement on songs they didn’t have the copyright to, after making the same mistake with Cox https://abovethelaw.com/2020/03/riaa-realizes-it-sued-charte...)
Oh, a legal memo like that, for something that is going to be high-visibility and you want to get right and you want to win, definitely took more than a few person hours. I bet several people were working on it for a few days, minimum.
It's also something that requires lawyers/law staff, not just random people, for maximum effect.
But yes, this is definitely a positive thing! I'm not sure anyone but the EFF would have done it succesfully, I am grateful to the EFF... and, yes, to github for their response, which not every company would have had.
> Given that this request was completely fraudulent, no matter your take on whether youtube-dl itself is legal the project itself is not an unauthorized post of copyright material, doesn't this give groups like the RIAA a free pass to do whatever they want until someone challenges them?
The takedown request didn't claim the project was an unauthorised post of copyright material. It claimed it was a DRM circumvention measure, and US law is sufficiently vague on that matter it really can't be said definitively one way or another if that's correct unless someone is willing to litigate it.
Nobody does, in this case. Certainly, describing the request as "completely fraudulent" is wrong. It may or may not have been valid, but the legislation is sufficiently vague in most of the US and Europe that it's entirely possible this could go to court and the RIAA would win.
The takedown notices do not apply to DRM circumvention measures, only copyright material.
I agree it's completely possible that a court case could rule against youtube-dl, but the only method for taking down a DRM circumvention tool is to get a court order.
DRM circumvention measures don't have a takedown provision as such, but the hoster becomes jointly liable as soon as they are notified, which was the point of the letter.
If this were true, it would make no sense for github to have reinstated youtube-dl. I assume such legal liability would need the start of a lawsuit to be valid.
> If this were true, it would make no sense for github to have reinstated youtube-dl.
Github took a punt that the RIAA weren't going to take it to court, because they don't want to risk establishing that the circumvention provisions are more limited in a court case. They got a lot of free PR out of it with little risk, that's why they did it.
As I said at the time, I wouldn't want to litigate on either side of this case. The law is badly drafted, there's little precedent, and I think it's a genuine 50/50. Any lawyer on both sides would advise you not to do so. I suspect the main reason is that the RIAA can now go back to Google and say they are in breach of contract for not preventing downloads on YouTube using technical protection measures, and push them to switch to Widevine on everything with any music in it.
> Any hosting platform will sooner or later have to comply with such a request. It can become very expensive if you end up in court.
Yet it wasn't actually DMCA takedown request, but a strange new kind of takedown request, where a a private company claimed (falsely) that youtube-dl violated section 1201 and demanded that github remove it.
Unfortunately github seems to have codified these new "1201 takedowns" which didn't seem to exist previously.
Even if DMCA 512 doesn't cover DMCA 1201 violating circumvention tools, that wouldn't make GitHub in the clear to host them. If anything, it would actually increase their liability: the whole point of DMCA 512 is to provide a process by which an ISP can disclaim liability for contributory copyright infringement.
If they refuse the request on the grounds of "you can't DMCA a circumvention tool", then they're still liable regardless of if a DMCA 512 takedown can or can't apply to a 1201 violation, since there's still an underlying tort of distributing a 1201 circumvention tool. If they accept the request, and get sued anyway, they could at least argue that they have a safe harbor (or should have a safe harbor).
Advocating for even more centralization isn't necessarily more productive. I'd love for someone to manage a mirror of all github repos in a place that is less likely to face these kinds of legal jeopardies.
Why not try to direct people toward that, rather than direct them towards crossing their fingers and hoping the lone company wins the fight?
Because the only way to “win” a “battle” is to take a stand and “fight,” running and hiding isn’t winning.
By building up sufficient case law, everyone can do things better and the next time this comes in front of law makers, there will be a better understanding of edge cases and better laws can be written.
I’d really love to see a Developer’s Guild or Union that could collectively take on these sorts of fights and argue for all software devs. The EFF can’t stand alone.
> Any hosting platform will sooner or later have to comply with such a request.
The Pirate Bay would disagree? Somehow they've been mostly online for over 10 years despite blatantly and obviously facilitating copyright infringement.
Now YouTube-DL doesn't actively intend for its software to be used for infringement, however its inherent capability to do so is apparently enough to piss off the media industry, so maybe it's best to learn from the aforementioned "expert" in this field and move to infrastructure that's outright immune to the industry's complaints?
In addition, there is huge benefit if you can persuade a large company to defend against this. GitHub/Microsoft is one of the few entities that actually has the financial and legal firepower to take on the recording and music industry.
The smaller hosts may not have the financial and legal cushion to do anything but rollover if the music industry lawyers send them a notice.
>Regarding GitHub, it is sad that they took down the repository at all. It’s a well-known pattern: platforms rather comply with such requests than risking litigation, requiring projects to invest time and money to fund lawyers themselves (or hope for an association such as the EFF to pick up their case). The moment they published the request and took down the repositories, many experts immediately raised concerns that the request itself is illegal. It remains questionable why GitHub’s legal team didn’t recognize this.
ok... am I crazy? I thought when someone sends a DMCA request to you, the platform, that you are required to take the content down and wait for a counter notice from that contents author. The legality of the message is not your problem. You receive the DMCA, you take the content down, if you get a counter claim, you put it back up, the two parties go to court.
If that's correct, then can you really criticize github for following an odious law? Whether we like it or not, they are bound by these requirements.
You’re correct. However, you only have to take down valid claims. If I issue a take down for a music video owned by, say, WMG, Google doesn’t have to listen if they can see I don’t have the right to. That’s where people are coming from: they’re saying the takedown was never valid, so GitHub (Microsoft) didn’t have to listen to it. The big problem with that is: if GitHub refused to take it down but the RIAA prevailed in court, GitHub would lose their “safe harbor” protections.
The DMCA is heavily tilted in favor of the supposed rights holder, and GitHub really did have no choice in that situation. It’s messed up, but it’s the reality of the laws of the land.
There’s also the issue of people who are mistaken and think it was a section 512 notice (direct copyright infringement) when it wasn’t. It was a section 1201 one (DRM circumvention). We can argue all day about whether it’s DRM circumvention or not, but the fact of the matter is: there was obfuscation of some sort, and it wouldn’t be hard to convince a judge that that counts as DRM. GitHub erred on the side of caution here.
> I thought when someone sends a DMCA request to you, the platform, that you are required to take the content down and wait for a counter notice from that contents author.
This is almost correct. GitHub could refuse to take it down and in doing so accept liability for any copyright infringement that exists. If the repository is not infringing (which in this case there's a solid chance it's not), then GitHub is doing nothing wrong. Of course, since the penalties for copyright infringement are so high and defending suits would not be worth it for GitHub, they are effectively required to take it down.
If Microsoft moved GitHub out of the US, Microsoft is still a US company and subject to their laws. Microsoft could move out, but the Long Arm of the US Law(tm) won’t care if the executives live in the US.
1. So GitHub should not have been sold to Microsoft.
2. Microsoft could spin off GitHub into a separate, non-US entity, outside its legal control for purposes of DMCA enforcement. Of course, it obviously won't do that, since it doesn't help the bottom line.
I think the hope is that getting a few high profile counters out there will have a chilling effect on the RIAA being so cavalier with their notices - but I do agree that if the counters would, in perpetuity, take hours of lawyers' time then I'm uncertain if RIAA or the counter notices will scale better.
Except that it keeps happening constantly and platform-owning companies just quietly "correct" the error and everything is fine.
It is not a fair process if it requires you to get public outrage.
Whenever I see a story of a kid which family succeeded to collect money for an expensive treatment thanks to public outcry, I always think about all those other kids who were not so fortunate to get public interested in them.
Should we be happy that we got one of a thousand saved or should we be thinking there is something fundamentally wrong?
> more importantly, all the metadata (for example, issues and pull requests) that was posted on the platform by users, developers and maintainers. Such information is invaluable to a project, and a takedown of the entire repository with all this data can hurt a project very badly.
That's why you regularly need to update your issues with `git bug bridge pull`. Then you have all the issues locally, and are not bound to slick but the unfree website UI. You can edit and add issues locally and push it eventually. Only problem is: corabolation on issues with such a temp. took down GH project relies on everybody interacting with it via git bug. But all the bug refs are pushed upstream, wherever that is.
About lost pull requests: Regular remote branches are the standard workflow, and an issue can carry the description, if the commits are not descriptive enough.
Problems: issues are not numbered, only have hashes. They can be merged out of order, there's no central truth. So references in docs or commits need to use the hash, like bug #4e327af, not just GH #403.
For those down voting, can someone comment on why this would not be a good idea? I hadn't heard of git-bug, are there other caveats one should be aware of, or is there a reason this isn't a problem worth solving?
$ man git-bug
No manual entry for git-bug
$ git bug
git: 'bug' is not a git command. See 'git --help'.
The most similar commands are
log
tag
$ git --version
git version 2.17.1
It sounds like the real "Lesson to be Learned" is:
"When a large organization makes asinine threats with spurious reasoning, take a lawyer friend to lunch and help them draft a sternly-worded email about the offending organization."
"Mail said letter to threatened party. No further action needed. Go back to solving meaningful problems."
I liked that date too :) - but I think the issue here is not the age of the article but the fact that there was a massive thread about this not long ago, which makes this post a dupe. Unless there's significant new info in there?
