Oddly, this DMCA report is a straightforward (though harmless) example of perjury, since one literally cannot infringe one's own copyright, and the report alleges a self-infringement of copyright under penalty of perjury as required by the statutory DMCA regime.
Being therefore self-evidently invalid without needing external information beyond its text, the notice certainly doesn't impose any takedown obligation stemming from the DMCA even if GitHub wants to stay within the DMCA safe harbor.
GitHub can, of course, still choose to respond to the perjurious invalid notice by voluntarily destroying the repository as requested. That seems like the right thing to do in this case, so I hope they do it.
I believe the complaint is that Github is violating the copyright by leaving it public, not that the submitter is infringing against the submitter.
Though in this case there is the problem that when you push to GitHub you give them a license to provide it, and my first-pass skim doesn't show that you have arbitrary abilities to revoke it: https://docs.github.com/en/github/site-policy/github-terms-o...
You can revoke most of the rights by closing your account, but in this case that would be begging the question.
That said, I'd agree it's the right thing to do, except they should make some direct effort to double-check the ownership so that people can't just arbitrarily claim to own things like this and take them down.
> Being therefore self-evidently invalid without needing external information beyond its text, the notice certainly doesn't impose any takedown obligation stemming from the DMCA even if GitHub wants to stay within the DMCA safe harbor.
Companies that accept DMCA notices have made it plain as day that they have no interest in determining the merits of any particular DMCA notice on their own. Why bother taking the risk of ignoring a valid notice when there is no upside to declining an invalid one?
The courts have also made it clear that they implicitly endorse invalid notices as a matter of course. I don't think any copyright-troll-as-a-service has ever been held accountable for rampant abuse of the system.
In short, the material of the notice doesn't matter. The DMCA is a "how to delete someone else's post" button that requires no collateral from the attacker and the insurmountable lift of dragging oneself into an actual legal process for the victim to fight back.
No, it applies to the claim that you are authorized to act on an exclusive right that has been allegedly infringed. If the claim of infringement is so laughable that it cannot be or is not being alleged in good faith - as opposed to a good-faith but legally incorrect allegation of infringement - then there is no exclusive right allegedly being infringed, and the claim of authority is false.
I am pretty sure that the claimant didn't really believe he was violating his rights.
Though I guess one could argue that a bad-faith allegation of infringement still truly and honestly counts as an allegation of infringement, so maybe it's not so straightforward as perjury...
The wording of the statutory claim asserts the existence of "an exclusive right that is allegedly infringed", which means that the claimant is asserting that there is at least one such right that is allegedly being infringed.
It's clear that there is at least one exclusive right in existence for this work without regard to the question of alleged infringement, so the only question is whether infringement of the right is truly being alleged.
I accept that it's possible to interpret that last question either way in the case of someone asserting a self-infringement while probably knowing that self-infringement can't exist, since the interpretation will depend on whether a bad-faith known-meritless allegation still counts as an allegation for this purpose, and I guess also on whether the person knows the terminology enough to know that what they're claiming is false.
In any case, there are many reasons why this is not the kind of perjury claim that any prosecutor would ever bring to court, so we'll probably never get a ruling on it.
Haha, perjury. A straightforward and somehow also mostly harmless case of it too! This take is off the rails. They did not lie on the notice. Mistakes of law aren’t perjury in any case. Mistakes of any kind are not perjury! The word perjury in the declaration doesn’t make every slip-up an imprisonable offence. People should be wary of using the term perjury without knowing what it means, because you will get laughed at.
The only thing that would prevent GitHub from having to take it down is its terms of service. If you accept that this person and their alt account are the same person, then as GitHub does not contract with @usernames but actual people, they gave GitHub a license to publish it on the web, revocable by actions by the controller of the alt account. Or however the terms of service lay this out. I don’t think you need DMCA to get this done, you can probably just show you are the account holder and revoke the license via email. DMCA takedown obviously implies this and has a process already.
A mistake would not be perjury, fully agreed, and I do know what the word means. Knowingly making a materially false declaration under penalty of perjury in a circumstance where a federal law specifies that penalty, however, would be perjury.
So, the main question here is whether it's knowingly and materially false of the claimant to assert that they are the owner of an exclusive right that was allegedly infringed. They clearly own an exclusive right with respect to the work, so the question reduces to whether it's knowingly and materially false that the exclusive right was allegedly infringed.
If a known bad-faith/inaccurate allegation suffices to make the exclusive right allegedly infringed, then the statement is true and there was no perjury. I'm doubtful that a court would rule that way, but it is possible.
Otherwise, the question of perjury finally boils down to whether the claimant understands that no right was being infringed, and I guess also to whether the knowing falsity of the resulting allegation was material according to the standards of the perjury statute. My guess is yes to both questions, hence calling it perjury. I think the notice sender had simply given up on more appropriate ways to get the stuff taken down and was trying any procedure, however ill-matched, to achieve the goal.
But equally, I agree that some of this might be hard to prove and definitely that none of it is worth the time of a prosecutor or court. It's a purely academic discussion.
DMCA takedowns do not in general imply any revocation of a license, by the way. If the takedown notice is contrary to the scope of a current and valid license, then either GitHub can realize that fact and choose to step outside the liability protections of the safe harbor for that notice and decline to act on the notice, or the target of the notice (usually not the same person as the one who issued it) can give a counter-notification and eventually have their hosting restored in the absence of a lawsuit during the resulting statutory waiting period.
> the question reduces to whether it's knowingly and materially false that the exclusive right was allegedly infringed.
> If a known bad-faith/inaccurate allegation suffices to make the exclusive right allegedly infringed, then the statement is true and there was no perjury.
I didn’t read after this, because if that were the determining question for the crime of perjury, every person and their lawyer who filed an affidavit in a case that eventually failed would be a criminal. Fortunately it is not. It is not possible to perjure yourself about the answer to a question that nobody in the universe knows for sure until a judge decides it. It is impossible to meet the definition of perjury in this fashion; you have to know it was false at the time you made the statement. Nobody knows whether an allegation of infringement will turn out to be true when they file a DMCA notice. They cannot know it.
Let me say that again: nobody is waiting with baited breath for the decision in a court case to find out if they have perjured themselves by filing it. I don’t know what planet you are living on if you think that happens. DMCA perjury most certainly does not cover the allegation of infringement that you think it does anyway, so maybe next time read the law before running with it all the way out the stadium and into a nearby river. (Edit: you did read the law I suppose. Reading laws is difficult; the way you reduced the question was fatally flawed. Partly because you did not understand that perjury is a crime with a specific definition outside the DMCA, not a punishment, and partly because… well, the way you reduced the question was fatally flawed.)
Tangentially related. Facebook doesn't care if people use your photo as their profile photos. I once used DMCA like this to get fake Facebook accounts to stop using my face. I bought the photograph from the original photographer for a tiny fee and used the agreement (a digitally signed PDF) as a proof of ownership to send a DMCA.
I can't recall the exact procedure. I did write an article that I haven't published, if I can find it. I'll post it to HN. But I think I reported several URLs in my initial report, and they were all handled. The problem didn't crop up again, and so I didn't need to file an additional DMCA.
If I had to, however, I'd used the same signed PDF as proof of ownership.
To set different committer info for a repo, you'd run the same commands without the `--global` flag while in the root directory of the project.
When this person got re-interested in their project, they decided to squash all the commits into one new commit, but forgot to change their name and email on the repo and as a result exposed their real identity when they published the code on GitHub.
I had to look up what f-list was, and it seems to be some kind of furry role-playing community? (i didn't do any research other than briefly looking at the first page of google) so i understand why this person DCMA'd themself.
I recently learned, that you're able to switch the git user dynamically based on the folder the repository resides in, by using the includeif directive in your gitconfig. [1]
This is very useful, if you have separate accounts, for example a business and a personal account.
GitHub identifies commits only by their associated email addresses, and it is easy to manipulate them. This has a consequence that anyone can masquerade as any others.[1]
“zmessenger-dev” is, I believe, the “alt account” they lost the login info to. Their main account, presumably tied to their identity, was used to author a commit that was pushed the DMCA’d repo. They later lost access to the alt (zmessenger) and so cannot remove the repo.
This is possible since GitHub attributes commits to certain accounts based on the email that authors the commit, so they used an email tied to their main account to author the commit. Only the email is actually attached to the commit though, GitHub just associates the account based on a lookup. They then push the commit to the repo using their ssh or password authentication for zmessenger, which they later lose, and so they can no longer alter the repository and remove the offending commit/email
This definitely feels like the Streisand effect in action, I wonder if they could ask for the DMCA letter to be removed as it's their own content on both sides of the claim.
I’ve always wondered whether legal copywriting was covered by copyright (it certainly is, but to what extent), and therefore whether you could take down someone else who is showing your legal letters in public (or using your contract as a template to write their own).
Maybe I'm reading too much into it but "I absolutely do not want this activity linked to my main account." gave me the impression they didn't want it known to be connected to them and now there's a HN thread about the connection and a GitHub DMCA post about the connection.
1. The DMCA notice itself only contains the repo name and the DMCA submitter. Connection, sure. But a connection to what? Which brings me to...
2. If the person keeps going up the chain and sending takedown request to any copies, like archive.org and this website, the connection will be even more muddy.
> Provide your contact information. Include your email address, name, telephone number and physical address.
They redacted a couple of those on the actual DMCA request, but if via their form mail name/email was in a different field.
That's a bunch of info they could verify, though:
> You May Receive a Counter Notice. Any user affected by your takedown notice may decide to submit a counter notice. If they do, we will re-enable their content within 10-14 days unless you notify us that you have initiated a legal action seeking to restrain the user from engaging in infringing activity relating to the content on GitHub.
[...]
> GitHub Isn't The Judge. GitHub exercises little discretion in the process other than determining whether the notices meet the minimum requirements of the DMCA. It is up to the parties (and their lawyers) to evaluate the merit of their claims, bearing in mind that notices must be made under penalty of perjury.
They say just "don't be a bot", "ask nicely", etc. There's a lot of trust on the DMCA notice itself... kind of a weird way to handle this. It's also the same way Google/YouTube and the like handle them, just trust the submitted implicitly.
I wonder what percentage of Facebook/Google/etc "censorship" claims are just their inherent belief that threat of perjury is something that a criminal/miscreant gives a crap about.
"But they promisssseddd it was the truth!!", technically legal, probably legally safer to argue that in court than leave it "knowingly" distributing copyrighted work after you've been notified. Thanks legal system! This country is a complete mess.
TIL that GitHub are still using Hubot (or at least an account in its name) ... to process DMCA submissions!
Hubot (the framework) has seen little to no maintenance activity from GitHub since a few years back - I'd love to see something from GitHub for how the project could continue.
The person probably would have had greater chances of the request being taken seriously if he or she did not disclose the fact. Now that the powers that be know that it's difficult to harm oneself with one's own copyright, it might not take the request seriously. Should have made a cloaked attempt at least
In my experience, grievances are dealt with more priority when the listener believes a party actually feels wronged
I think this would allow anyone with enough information on an account to claim it to be their own and have it removed which puts GitHub in a tough spot, DMCA claims on the other hand have legal ramifications so this route is more difficult to abuse so easily, although as seen with youtube-dl it's still abused sometimes.
If all the commits on an account have person X's name on it, letting person X hide the repo isn't going to do much harm. And you can send an email to the account owner asking if they dispute the claim.
Yes, GitHub support is pretty bad. I have an alt account that I want to log into that I can't remember the exact <myemail>+<suffix>@gmail.com I used to register the account. They won't tell me what the email address is, I can't prove to them I made the commits on the account, no matter how much information I give them. The only recourse I have is to wait a certain number of years when GitHub classifies the account as dormant and then I can request the account be reclaimed due to it having the username I prefer (my name).
I completely understand the security reasons for not leaking any information such as the email address but come on, I already know the password to the email if I could send a password reset and every other related piece of info, etc. They won't even send a password reset on my behalf. All I ask for is the email address. I didn't activate any advanced security features like 2FA on the account.
In addition, they take around a week or more to respond to the contact form, so disregarding my specific situation entirely, their response time is a bit meh
Being therefore self-evidently invalid without needing external information beyond its text, the notice certainly doesn't impose any takedown obligation stemming from the DMCA even if GitHub wants to stay within the DMCA safe harbor.
GitHub can, of course, still choose to respond to the perjurious invalid notice by voluntarily destroying the repository as requested. That seems like the right thing to do in this case, so I hope they do it.