Github is legally required to do so, if they don't they're legally on the hook. The whole point of DMCA Title 2 (the Online Copyright Infringement Liability Limitation Act) aka DMCA 512 is to create safe harbour for service providers (protect them from liability), but to claim safe harbor requires:
1. not financially benefiting from infringing activities
2. not be aware of obviously infringing activities before being noticed
3. act expeditiously to remove the purported infringing material upon receiving a notice
Point 3 has two clauses: purported infringing material means the service provider must not make any attempt at judging whether the infringement is real, if he does that he becomes liable because he's injected his own judgement in a case previously between the copyright owner and the purported infringer.
The first clause has not been tested in courts (for precision), it's generally assumed to mean "under 24h" or at least "as soon as feasible" (e.g. ops may not be available over week-end). The service provider is not supposed to contact anybody before taking material down although he is free to notify the purported infringer before or while taking the content down (as long as takedown remains "expeditious").
Github can challenge a DMCA request, but in that case they lose their safe harbor provision and are on the hook if the DMCA was valid.
"DMCA notice is obviously invalid (e.g. misrepresentation cases)"
This DMCA notice is obviously invalid, as it is a claim not that the source code identified infringes copyright, but that activities performed by users of a program that is compiled from source code that can be found on github, infringes.
It's not even a remote indirect claim. There is nothing about the source code, as source code, that infringes.
Just because you can make out a possible copyright claim against someone in court does not mean you can form a valid DMCA notice about it :)
You're missing the point. Under the DMCA, the service provider doesn't get to make that judgment. If it receives a notice that complies with the bare requirements of the law, it must remove the allegedly infringing material, and the user may then challenge the notice as "obviously invalid."
Followup after actually reading the law. 17 USC 512(c)(3)(A)(iii) provides that a notice includes "Identification of the material that is claimed to be infringing or to be the subject of infringing activity..."
Popcorn Time is the subject of infringing activity, and hence this would be a valid takedown notice.
I'm the person in this discussion who is not actually a lawyer, but: it's not like "loss" of safe harbor is a landmine that blows Github's face off, right? They still have to be found contributorily liable for Popcorn Time, which would be a very difficult case to make given how Github works.
You also don't "lose" safe harbor, right? It's applied on a case-by-case basis.
I acknowledge that one very good reason to be careful about this stuff is to stay out of court, regardless of the fact that Github would inevitably avoid liability.
Right, it's a case-by-case "loss" of the right to use the safe harbor as a defense against infringement claims. But copyright infringement claims have sizable statutory penalties per act of infringement (up to $150,000), so it's a very important for a content site to maintain that safe harbor. Perhaps more importantly--the safe harbor also prevents them from being dragged into court and spending a ton of money on legal fees defending themselves.
In this case, what is being alleged is that Popcorn Time is being used for infringing activities. If Github had not responded to the DMCA notice, it could be successfully argued in court (remember, it's a jury of laymen that make this decision) that Github knew that PT was primarily used for an infringing purpose and continued to host PT despite this knowledge. This could have exposed Github to a finding of willful infringement, which carries the aforementioned $150k penalty. (Github and PT would both be defendants in such a case, but as the deeper pockets Github would be the primary target and the one required to pay up in the event of a loss.)
"You're missing the point. Under the DMCA, the service provider doesn't get to make that judgment. "
Actually, they do. Look, I'm a lawyer who, among other things, helps process DMCA requests. The service provider does not have to comply with obviously invalid DMCA requests to maintain safe harbor. In particular, things that are not properly the subject of a DMCA request are invalid requests, no matter how "well formed" they otherwise seem.
Alternatively, under 512(c)(3)(B)(ii), github could have asked them if they were the authorized owner of popcorn time, or otherwise attempted to get them to clarify.
"Popcorn Time is the subject of infringing activity, and hence this would be a valid takedown notice.
"
Err, no. Subject of infringing activity is talking about websites that host files for users, not source code to programs that, 65 steps later, may possibly be used to infringe.
As 512(c) itself says, it is "for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider"
IE direct hosting.
(one of the other subsections deals with linking sites, and that clearly doesn't apply either)
Please explain how github's storage of source code of popcorn time, alone, is somehow infringement of copyright (hint: there is no legal theory where it is, any more than there is a legal theory that owning the machinery to a printing press is).
It's way too remote a connection to be "the subject of infringing activity", and no court has ever held otherwise.
As for whether they get to make this decision, in order for it to be a valid DMCA notice, it has to be directed at something valid to be filing a notice for under 512(c). It isn't. It's not a valid notice, no matter how formal it looks.
Additionally, it requires
"A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law."
The material complained about is popcorn time. They cannot possibly validly make a statement that popcorn time is not being used as authorized by the copyright owner, it's agent, or the law, as the use is clearly authorized by the copyright owner of popcorn time.
Instead, they made a statement that operating and further evelopment of popcorn time causes a bunch of stuff that, later on, may cause something unauthorized by the copyright owner.
Here is the exact statement the MPAA made:
"occurring by virtue of the operation and further development of the GitHub projects Popcorn Time, and Time4Popcorn (the “Projects”)."
This is not a valid claim under 512(c) or 512(d), and i'd challenge you to find a case that says "operation and further development of a project" is the proper subject of a DMCA notice under 512(c).
The proper thing for the MPAA to do, if they wanted it down, was file a contributory or indirect infringement case against github.
Sorry. I removed it. It caused too many annoyances, to be honest (though i'm generally happy to chat with people from HN, it's not too hard to find me :P).
Subject of infringing activity is talking about websites that host files for users, not source code to programs that, 65 steps later, may possibly be used to infringe.
This language also refers to computer programs, such as Napster, et al., and by extension to the websites that host them.
If your employer is willing to gamble on its safe harbor exemption by making its own judgment about whether the substance of a notice is adequate, that's fine. If a copyright holder decides to pursue a matter further, your employer may be willing to accept the legal cost of defending itself in court from an invalid copyright infringement claim it shouldn't have had to fight in court. But most websites and businesses aren't in the same position, and would rather just avoid court (and the attendant costs) altogether by accepting a DMCA notice that is, on its face, valid under the law as presently written.
Instead, they made a statement that operating and further evelopment of popcorn time causes a bunch of stuff that, later on, may cause something unauthorized by the copyright owner.
Until recently, the PopCorn Time website, hosted by github, provided executable files that would provide access to infringing content on startup. It's an even worse example of contributory infringement then Napster or Kazaa were; those programs at least required the user to search for infringing material first.
The proper thing for the MPAA to do, if they wanted it down, was file a contributory or indirect infringement case against github.
They can't do this until and unless GitHub fails to properly respond to the DMCA notice. The whole point of the safe harbor is that a content hoster is protected from infringement actions so long as it responds to DMCA notices. Maybe you should work on the litigation side before you talk about the mechanics of how things work once a court gets involved?
"This language also refers to computer programs, such as Napster, et al., and by extension to the websites that host them.
"
No, it doesn't.
Napster itself was not the subject of a DMCA take down
It was the subject of a copyright lawsuit. Nobody filed DMCA notices about the hosting of Napster binaries.
Napster in fact, sought protection under 512 for other reasons.
"that is, on its face, valid under the law as presently written."
I don't know how many times i have to say this DMCA notice is not valid on it's face.
Do you think if i file a DMCA notice, and tell you to take down something because it is infringing my patent or trademark, that it is a valid DMCA notice?
Assuming not (because if yes, there is simply no hope for this discussion), what legal difference do you believe exists between that, and a DMCA notice also not targeted at something statutory to DMCA, like this one?
"They can't do this until and unless GitHub fails to properly respond to the DMCA notice. "
False. This assumes they were going to sue for direct infringement of a user hosted file. They weren't.
Wouldn't a properly formed DMCA complaint in this case be one of the few times you could commit perjury with one?
There's no way they have any good faith belief they own the copyright to (or are authorized by its holder to act in their stead about) the material explicitly named.
I'm just going to assume that their lawyer is smart enough to not have filed a DMCA notice, as such, and just send a thuggish letter instead.
Probably not. The MPAA knows how to well form a notice for this, the fact that they didn't in this case doesn't mean they won't in the future.
Expecting Google, GitHub, or anyone else to protect you when you are writing an app/service like popcorn time is dumb.
But that is a different argument than the one being made here.
The question here was whether ISP's or hosting services can ever push back. They can.
One of the bare requirements is a statement that the complainant has a good faith belief that the material itself is infringing. This letter says they have a good faith belief that the PopcornWhatevers are being used to infringe. They then back that up with citations of related cases. This request doesn't meet the bare requirements you mention, they're chancing it.
No, you need to read the actual law, 17 USC 513(c)(3)(A)(3), and the cited cases.
The statute on its face doesn't require actual facts of infringement to be included in the notice, only a good faith assertion that infringement (or use in infringing activities) is occurring. Consequently, that allegation is sufficient for purposes of the DMCA notice. Indeed, that is the holding of the cited cases, which are included with the notice to show that courts have found that a good faith belief of infringement is sufficient.
How is #1 not always true? In its early days, YouTube extensively benefitted from (then) copyright-infringing music, perhaps not directly via ads but certainly indirectly via a larger user base.
Github is legally required to do so, if they don't they're legally on the hook. The whole point of DMCA Title 2 (the Online Copyright Infringement Liability Limitation Act) aka DMCA 512 is to create safe harbour for service providers (protect them from liability), but to claim safe harbor requires:
1. not financially benefiting from infringing activities
2. not be aware of obviously infringing activities before being noticed
3. act expeditiously to remove the purported infringing material upon receiving a notice
Point 3 has two clauses: purported infringing material means the service provider must not make any attempt at judging whether the infringement is real, if he does that he becomes liable because he's injected his own judgement in a case previously between the copyright owner and the purported infringer.
The first clause has not been tested in courts (for precision), it's generally assumed to mean "under 24h" or at least "as soon as feasible" (e.g. ops may not be available over week-end). The service provider is not supposed to contact anybody before taking material down although he is free to notify the purported infringer before or while taking the content down (as long as takedown remains "expeditious").
Github can challenge a DMCA request, but in that case they lose their safe harbor provision and are on the hook if the DMCA was valid.