Forgot your password?
typodupeerror
Software Linux

Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice 349

Posted by Soulskill
from the we-invented-the-for-loop dept.
An anonymous reader writes Qualcomm has forced GitHub to remove over 100 repositories due to "unauthorized publication, disclosure, and copying of highly sensitive, confidential, trade secret, and copyright-protected documents." Among the repositories taken down were for CyanogenMod and Sony Xperia. The issue though is that these "highly sensitive" and "confidential" files are Linux kernel code and reference/sample code files that can be easily found elsewhere, including the Android kernel, but GitHub has complied with Qualcomm's DMCA request.
This discussion has been archived. No new comments can be posted.

Qualcomm Takes Down 100+ GitHub Repositories With DMCA Notice

Comments Filter:
  • by Anonymous Coward on Friday July 04, 2014 @01:04PM (#47384249)
    Freedom, in the land of the just.
    • by Jane Q. Public (1010737) on Friday July 04, 2014 @02:06PM (#47384581)

      Freedom, in the land of the just.

      And you can blame every bit of it on the DMCA.

      This is a great example of how the takedown process established by DMCA is inherently abusive. Lots of perfectly legitimate information is taken down with no proof of anything, just because some copyright troll wants to say so.

      That ain't America.

      • by jbolden (176878) on Friday July 04, 2014 @02:12PM (#47384613) Homepage

        This is America. This is how the legal system has always worked.

        A does action X.
        B objects and threatens to sue A if the doesn't stop X.
        A agrees.

        GitHub is a distributor. To distribute they need to be properly licensed. They are now asking for assurance of licensing given that Qualcomm is contending they are the copyright holder. That's all that is happening. Qualcomm is factually wrong and under the law they can be sued for being wrong by the licensees (the people about whom they made false complaints).

        That is in no way different than what would have happened 100 years ago if someone was distributing a book and someone else complained that the distributor didn't have license to the material.

        • by EasyTarget (43516) on Friday July 04, 2014 @02:27PM (#47384701) Journal

          Qualcomm is factually wrong and under the law they can be sued for being wrong by the licensees

          Yeah good luck with that.

          • by jbolden (176878)

            I understand. But the inequality between rich and poor in court ain't something new which is what GP was claiming. :)
              There are other justice systems where wealth is less of a factor which have other different minus.

          • I'd think that any company selling Android based mobile phone, tablet or other Linux based device built from GPL code they received directly from Qualcomm would have good standing to take this to court. End users not so much.

            Maybe Qualcomm really have made the decision that they only want their chips used in Windows Phone devices from now on, because this is the signal they are sending to manufacturers that rely on their hardware support for Linux and Android with this move.

        • by profplump (309017) <zach-slashjunk@kotlarek.com> on Friday July 04, 2014 @02:43PM (#47384797)

          No. It's not sufficient to be "factually wrong" -- the claims must be "knowingly false". You can issue all the "accidental" takedown notices you want without any fear of being sued over it. Which is nothing like 100 year ago.

          • by jbolden (176878)

            Before the DMCA you could issue a Cease and Desist in good faith that was factually wrong. That hasn't changed.

          • by Teancum (67324) <robert_horning@n e t z ero.net> on Friday July 04, 2014 @04:11PM (#47385203) Homepage Journal

            An accidental take-down notice is fine. File the counter-notice to have the content restored, at which time if they persist and file a lawsuit in court it no longer is considered accidental and the standard is moved much more into your favor if they are simply trying to file thousands of these kind of lawsuits. Judges don't like class-action lawsuits where the defendant is a class of people of mostly "John Does".

            • Re: (Score:3, Insightful)

              by russotto (537200)

              As an individual, once you're in court, you lose. A DMCA counternotice is an invitation to sue -- literally, you tell them where you can be sued. Inviting companies with lawyers on staff to sue you is a great way to lose all your money. Regardless of merit.

              • by jbolden (176878)

                If Qualcomm after careful examination still believes they own copyright that isn't the situation everyone is complaining about but another question. You are asserting you are properly licensed. Qualcomm would be asserting they have copyright. Given this is GitHub you are talking open source software. That should be an easy suit. This is exactly what people are asking for, that Qualcomm look carefully.

        • This is America. This is how the legal system has always worked.

          NO, IT ISN'T.

          Prior to DMCA, copyright law worked the same way as most other areas of law: in order to make somebody stop doing something, you had to show they were actually doing something wrong.

          DMCA takedown provisions made it so that anybody -- almost ANYBODY -- can "claim" a copyright infringement without ANY evidence, and force other people to remove their "speech" from public view, until they give evidence that it's NOT infringing.

          That is directly contrary to the concept of "innocent until pro

          • by jbolden (176878)

            Prior to the DMCA most distributors demanded proof of licensing prior to distributing. The DMCA establishes a process for a distributor (like GitHub) to distribute without a strong claim of license in their possession prior to distribution.

  • Hopefully they will quickly submit a counter-notice.
    • Re:Counter-notice! (Score:4, Interesting)

      by adri (173121) on Friday July 04, 2014 @02:23PM (#47384679) Homepage Journal

      I am. I'm just fine-tuning it at the moment.

      (github.com/qca/qca_open_hal_public)

      *sigh* and I wanted to enjoy my weekend..

      -a

      • by Spazmania (174582)

        What fine tuning?

        "My name is X, and legal service may be made to Y. Acting on behalf of the information identified at Z I assert under penalty of perjury my belief that the material does not infringe a copyright as claimed. I request and require that the material be restored until such time as any dispute regarding infringement is resolved at law. I respectfully remind you that only timely compliance with this put-back notice absolves you of liability under the Digital Millennium Copyright Act."

        That's it. T

  • "Good faith" (Score:5, Insightful)

    by jargonburn (1950578) on Friday July 04, 2014 @01:14PM (#47384305)
    It's too bad that there's not a higher bar for "good faith." It'd be nice if it could be more readily disproven, in some cases.

    "I did a Google search for [term] and have a good faith belief that there's no possible way any of the results could be non-infringing. Because I can't believe that any of the results could possibly be non-infringing, I'm not going to examine any of the results more closely. I require you to remove all these results I came up with or be subject to liability under ridiculous laws if it turns out my head isn't *completely* up my ass. In addition, unless you can *prove* that I'm not acting in good faith, through a time-consuming and expensive process, there's absolutely nothing you can do about it! Have a nice day! ---Jackass-in-a-suit"
    • Re:"Good faith" (Score:5, Insightful)

      by Nyder (754090) on Friday July 04, 2014 @01:19PM (#47384339) Journal

      It's too bad that there's not a higher bar for "good faith." It'd be nice if it could be more readily disproven, in some cases.

      "I did a Google search for [term] and have a good faith belief that there's no possible way any of the results could be non-infringing. Because I can't believe that any of the results could possibly be non-infringing, I'm not going to examine any of the results more closely. I require you to remove all these results I came up with or be subject to liability under ridiculous laws if it turns out my head isn't *completely* up my ass. In addition, unless you can *prove* that I'm not acting in good faith, through a time-consuming and expensive process, there's absolutely nothing you can do about it! Have a nice day! ---Jackass-in-a-suit"

      Screw good faith. Places need to start charging to process DMCA notices, and then when they get fake or bad, or just plain wrong notices like this, you then charge them 1000x the price. They don't pay? Then you don't process any more DMCA notices from them.

      I thought we were about capitalism, this is capitalism at it's finest. Money is the only thing these people/corporations understand, so speak their language. They want to not be responsible about DMCA notices, then make it cost them.

      • Re:"Good faith" (Score:5, Informative)

        by Anonymous Coward on Friday July 04, 2014 @01:42PM (#47384423)

        The DMCA does not allow you to refuse to process notices due to unpaid processing fees. Therefore, if they refuse to pay the fee, you are still required to process all their notices anyway, or you lose safe harbor.

        • by Nyder (754090)

          The DMCA does not allow you to refuse to process notices due to unpaid processing fees. Therefore, if they refuse to pay the fee, you are still required to process all their notices anyway, or you lose safe harbor.

          Okay, then let's do this the way. If you don't pay the fines, then your DMCA notices are put in the low priority queue. You pay your fines, we put you back in the high priority queue.

          That works for Netflix & Comcast, so I don't see why it shouldn't work for DMCA notices.

      • Re: "Good faith" (Score:5, Interesting)

        by jxander (2605655) on Friday July 04, 2014 @01:47PM (#47384457)

        There also need to be rules for overturned requests.

        If Company A issues a takedown request against something on my website, and I successfully appeal the claim, that needs to be a strike against Company A.

        Three strikes and Company A is barred from making DMCA requests (either permanently or for some set timeframe). This would instantly stop these companies from issuing mass auto-generated takedown requests.

      • by jbolden (176878)

        Screw good faith. Places need to start charging to process DMCA notices, and then when they get fake or bad, or just plain wrong notices like this, you then charge them 1000x the price. They don't pay? Then you don't process any more DMCA notices from them.

        The DMCA process is the law. ISPs don't get to charge. They have two choices

        a) Accept liability
        b) Get a statement of license from the person distributing the content

        If DMCA continues to grow what is going to happen is ISPs will just need license ass

    • Good faith, my ass. You do know that takedown notices are supposed to be filed truthfully under penalty of perjury, yes? Has anyone who's filed obviously false claims ever been charged accordingly?
      • Re:"Good faith" (Score:5, Insightful)

        by whoever57 (658626) on Friday July 04, 2014 @02:01PM (#47384551) Journal

        You do know that takedown notices are supposed to be filed truthfully under penalty of perjury, yes?

        No. They don't.

        The penalty of perjury only applies to a very small part of the takedown notice -- that the person making the request is authorized to act on behalf of the copyright holder. The rest of the takedown notice is not under penalty of perjury.

      • by jbolden (176878)

        Yes. The RIAA got their head handed to them for these sorts of claims. In a sort of related ways banks have paid 10 digit fines collectively for false foreclosure notices.

      • Incorrect. The only part under penalty is that the notice is filed with authorisation of the copyright holder. There's no requirement the rest of the information be accurate. This is what makes it possible to, say, google every site hosting a file with the words 'justin bieber' in the filename and extension '.mp3' and send automatic takedowns. Sure, there will be a few errors - but it's prohibatively expensive to actually manually download and listen to every one of those files.

    • by jbolden (176878)

      To win any lawsuit (including copyright) the burden of proof is on the person suing. The last thing America needs is easier ways to make money suing people.

  • Trolling (Score:5, Interesting)

    by Kuberz (3568651) on Friday July 04, 2014 @01:15PM (#47384313)

    Kind of ironic one of those repositories is owned by Qualcomm Atheros. Guess they are copyright infringing themselves?

    Oh the world we live in.

    • by cusco (717999)

      I remember the original VCR lawsuits, where the principal complainant, Sony Entertainment, sued manufacturers of VCRs to try to somehow disable them from copying tapes. The principal defendant? Sony Electronics, the largest manufacturer of VCRs at the time. Then we got to see the whole show play out again a few years later with CD burners.

  • And stay there.

  • You got some 'splainin' to do. rickyricardo.jpg

  • by ggraham412 (1492023) on Friday July 04, 2014 @01:19PM (#47384335)

    There needs to be a cost for issuing overbroad DMCA takedown notices.

    If a court finds out later that a company had no standing or no good reason to make a DMCA claim that resulted in a takedown, there should be statutory damages. Let's start at $10000 per infraction.

    • by ATMAvatar (648864)
      That will only work if each repository shut down counts as a separate infraction. $10k overall is a pittance. Even if they all counted as separate infractions at $10k apiece, it may still be seen as a valid business expense to shut down certain projects temporarily with bad faith takedown notices. After all, a project owner would have to bring this to court and prove that the notice was issued in bad faith before the fine would be issued, and the legal expenses to do so would probably cost more than the
    • by mysidia (191772)

      There needs to be a cost for issuing overbroad DMCA takedown notices.

      I have a proposal: civil forfeiture of copyright assets spuriously alleged to be infringed, if the number of legitimate uses affected by wrongful DMCA letter exceeds 10 per work per calendar year.

    • There is no possible fix for the DMCA. It is working exactly as designed. The better solution is to elect people who will repeal the law. Aside from that, the fine should be a million per infraction. $10000 won't stop the big offenders. And aside from that, we need an internet that can better resist censorship and tracking. As long as it is possible to vote away our rights, we need technical solutions to make it impossible.

    • by znrt (2424692)

      if a court finds out later that a company had no standing or no good reason to make a DMCA claim that resulted in a takedown, there should be statutory damages. Let's start at $10000 per infraction.

      won't work. many of dmca trolls have no problem in shelling out 10k, even several times a day. this would just alienate the guy or small company that may have a legitimate claim but can't afford it and also has reasonable fear that he will get trampled over in court. it's the same problem with patents: the rich will almost always win. patent fights nowadays only make sense between megacorps.

      the only real solution is going full underground. free source simply cannot depend on private companies' goodwill, wit

    • by mpe (36238)
      There needs to be a cost for issuing overbroad DMCA takedown notices.

      If a court finds out later that a company had no standing or no good reason to make a DMCA claim that resulted in a takedown, there should be statutory damages. Let's start at $10000 per infraction.


      Alternativly if the claimant does not represent the copyright holder treat their actions as copyright infringement with statutory damages according to how many times the file could have expected to be accessed whilst it was unavailable. Bas
  • by fnj (64210) on Friday July 04, 2014 @01:20PM (#47384343)

    Github FAILS the requirement for reliability due to being subject to DMCA horseshit. Will somebody please start the next github in a jurisdiction untouchable by DMCA and other thuggish regulations.

    • Re: (Score:3, Insightful)

      by fustakrakich (1673220)

      ...a jurisdiction untouchable by DMCA and other thuggish regulations...

      does not exist, not on this planet. You can bet that, if it came down to brass tacks, nuclear weapons would be used to enforce copyright when more conventional methods fail.

    • Will somebody please start the next github in a jurisdiction untouchable by DMCA and other thuggish regulations.

      The geek is forever looking for some safe haven.

      I don't know where you will find one when the stakes are high enough.

      I do know I'm not going to be looking eight to twelve thousand miles from home for a KIm Dotcom to protect my interests.

    • Basically you want Github hosted in Canada.

    • Get a repository some place outside the US. Where there is less of this nonsense.

    • by amaurea (2900163)

      To get that, I think you'll need a distributed peer-to-peer replacement - something like freenet [wikipedia.org] but without the enormous overhead incurred from the secrecy requirements there. Basically, parts of each repository would be stored redundantly on all clients, and these would all take part in push/pull requests etc. There is nothing preventing you from including the other, non-git features of github in such a program also, including bugtracking etc. But building it would not be trivial.

      All centralized architect

  • The important part, if one receives such a notice is to make certain that everything appears on other sites such that take down notices have no power at all. Matter of fact we could teach people that the fastest way to expose information is an order to take down the information.
  • by luis_a_espinal (1810296) on Friday July 04, 2014 @01:32PM (#47384383) Homepage

    but GitHub has complied with Qualcomm's DMCA request.

    Comply first. Litigate later. This is the smart thing to do most of the time. For GitHub, it is not like they are being forced to give the keys to the kingdom or to hand over sensitive data customers entrusted to it. No no data is lost or compromised. It is simply inaccessible while GitHub tries to litigate hopefully with sponsorship by those GitHub users that are being affected.

  • Not githubs fault (Score:5, Insightful)

    by Charliemopps (1157495) on Friday July 04, 2014 @01:38PM (#47384409)

    I used to handle DMCA requests. We got thousands per day. You get them via email and there's no way to verify that the sender is who they say they are, the sender is actually the owner of the content, that the content can even BE owned, or that the contents of what's being complained about has anything to do with the complaint. DMCA requests are a logistical nightmare. You have a user thats hosting a file... Music.mp3 and you get an email from joesmith@lawfirm.com or whatever... How do you know they represent the content owner? Or are even really lawyers? Or that the claimed content owner owns the song in question? How do you know it's not just a recording of the guys kid singing the song in the bath? Maybe the person sending the complaint is just his ex-wife. There's very little you can do about any of it, so you have to make a wild ass guess. You're almost always wrong, but the one thing you can be sure of is that if someone like Qualcomm sends you a complaint, they can certainly follow through with a lawsuit, where-as the an open source project likely cannot. So which side would you err on?

    This is a problem with the law, not with Github or even Qualcomm. Fix the damned law.

    • How do you know they represent the content owner? Or are even really lawyers? Or that the claimed content owner owns the song in question?

      They have to state under penalty of perjury that they are or represent the content owner. And they have to give you a contact address. As they make a statement under penalty of perjury, they are either right or criminals. If they are criminals, that will get sorted out.

      • by Gramie2 (411713) on Friday July 04, 2014 @02:00PM (#47384549)
        So you make up a completely fictitious name and address. Perjury problem solved! As long as the content gets pulled down, who cares?
    • by Tablizer (95088)

      There is a reason USA laws usually favor bigger companies: they wrote them.

    • The president has a pen.
      I'm sure he'll be right on this.
      Perhaps before tee time.

    • Sounds like there's a simple solution to DMCA. Start a Kickstarter project for a system to send everyone DMCA requests for everything. Either a website takes their entire website offline, or they start ignoring DMCA requests.

  • by tsnow (3732101) on Friday July 04, 2014 @01:40PM (#47384421)
    It isn't Qualcomm directly that issued the DMCA notices, but rather, an IP protection agency that operates on behalf of Qualcomm. In my work, I've often had to respond to these DMCA notifications, and these IP protection agencies are often pretty bush league. They'll see something that possibly infringes on an IP, and then they'll jump on it, thinking it'll make them look good to their client, who hired them. Honestly, I doubt this company will be doing much more work for Qualcomm once they discover what has happened.
  • by gnasher719 (869701) on Friday July 04, 2014 @01:42PM (#47384425)

    That C file is part of the Android MSM kernel source tree and does contain a "Qualcomm Confidential and Proprietary" line while noting it's now under a Linux Foundation copyright.

    Well, that could be just a tiny little problem for Qualcomm then. In a DMCA takedown notice, there are mistakes that you are allowed to make and mistakes that are criminal. A DMCA takedown notice against material that is not the one you own, or that has a license which you didn't notice, that's harmless. But you state under penalty of perjury that you are the copyright holder or represent the copyright holder of the item that you believe to be infringed. So if the Linux Foundation is indeed the copyright holder, that should be fatal.

    • by Greyfox (87712) on Friday July 04, 2014 @01:51PM (#47384481) Homepage Journal
      It seems to me that it's awfully close to breaking the terms of the license under which Linux is published. Perhaps the copyright holder should demand that Qualcomm cease and desist using Linux.
    • by jandrese (485)
      As long as they believed "in good faith" that the material was infringing they'll get off scott free. The bar for proving bad behavior on the claimants part is extremely high.
    • by LordNimon (85072) on Friday July 04, 2014 @04:51PM (#47385351)

      I'm a Qualcomm employee working on the Linux kernel. Qualcomm has a very thorough vetting process for publishing open source code. I would have to see the file in question to be sure, but it appears that someone in Qualcomm messed up and allowed that C file to be published. It probably should have had the Proprietary line deleted, although I have a suspicion that the file was copied from some actual proprietary code and should never have been submitted.

  • Cyveillance (Score:5, Interesting)

    by janoc (699997) on Friday July 04, 2014 @01:51PM (#47384477)

    Oh that DMCA was issued by Cyveillance - the incompetent company Hollywood and music labels hired for policing P&P by string matching filenames and then carpet bombing service providers with DMCA requests, even though the content was not infringing at all. I bet they simply crawled Github for Qualcomm copyright notices, something that is often left in source code, even though it was relicensed long time ago already. Unfortunately, their bot is not that smart.

    Some references:
    https://www.techdirt.com/artic... [techdirt.com]
    http://arstechnica.com/tech-po... [arstechnica.com]

    etc.

    These bozos are known and someone at Qualcomm should get fired for hiring them. This is going to backfire at Qualcomm in a spectacular way, IMO.

  • I don't know enough to comment on the validity of the claimed copyrights in general. But I do know one thing: The fact that material appears elsewhere online is not evidence that it is not copyrighted.

    The important question is not whether the stuff appears elsewhere. The important question is only whether Oracle's claimed copyright is real/valid.

    • by msauve (701917)
      " The important question is only whether Oracle's claimed copyright is real/valid."

      Getting your villains confused?
  • Is github just the canary for another SCO repeat? Will Qualcomm be demanding protection money from everyone who uses Linux?
  • I wonder if the DMCA sharks would have a more difficult time issuing this if github were not hosted within the United States. Anyone know more about this?

    I can understand why github would comply first, debate later -- they have many employees who could be at risk. I agree with a previous poster, in that there should be a "cost" for filing DMCA complaints, especially if they prove to be baseless. This process seems to be always associated with bullying or some form of abuse, rather than genuinely protec

  • I gotta ask (Score:4, Funny)

    by Opportunist (166417) on Friday July 04, 2014 @02:16PM (#47384641)

    Is it still not legal to shoot copyright trolls on sight?

    And if not, WHY THE HELL NOT?

  • If you issue a DMCA takedown notice against a product licensed under GPL, you no longer may use any products under the GPL. You have shown that you value milking software for money over its free distribution, and hence you obviously have no need for software that can be distributed openly.

"Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats." -- Howard Aiken

Working...