Github needs to go on the offensive and begin to take action against fraudulent DMCA notices, including justification to seek damages for these claims.
IANAL, but I am pretty sure Microsoft has little recourse here. The requests would need to be knowingly fraudulent for recourse and that is a huge hurdle to prove that the MPA is knowingly acting in bad faith rather than just being overaggressive.
The DMCA desperately needs to be reworked at the very least.
If they can be sure there is no copyright violation, then what would the downside be? By not acting on the DMCA notice, they would lose their safe harbor, which would be inconsequential.
The downside is that the safe harbor protections apply to the entire site. Even if this content is fine, there is certainly some content on GitHub that violates copyright and Microsoft would want safe harbor protections in those instances. They therefore can't completely abandon the DMCA.
My understanding is that in order to continue participating in the DMCA the recipient needs to act on all requests. That doesn't necessarily mean they need to take down the content, just that they need to respond to requests.
There is also no penalty setup within the DMCA for sending a request in which the response is that the content is not in violation. The only part of the DMCA that sets up penalties for the requester is if the requests are made in bad faith. That basically would require Microsoft to show the MPA is malicious in their requests rather than incompetent. That can be difficult to prove.
>> The downside is that the safe harbor protections apply to the entire site. Even if this content is fine, there is certainly some content on GitHub that violates copyright and Microsoft would want safe harbor protections in those instances.
Hey! Finally a legal reason not to have massive centralization! OK my enthusiasm is exaggerated.
Well the material in question here is without a doubt not copyrighted by the MPA.
And the safe harbour provision only protects Github from hosting or referring people to infringing material, or material that's "subject to infringing activity" (which is different from what's being claimed here as nyaa is very clearly the object).
That said the DMCA contains all kinds of vague phrases, such as
> linking users to an online location containing [...] infringing activity
> Microsoft would never do that unless their hands were forced. Too much potential business with them.
The upside of Microsoft's acquisition of GitHub (and the entire strategy that resulted in the acquisition) is that Microsoft has created incentives for themselves to have GitHub being regarded as a truly open platform that you can depend on. Having repositories exposed to flimsy DMCA takedowns is not part of that.
Microsoft, very transparently, wants to make money by being important in how people develop software. If exposure to flimsy takedowns is a part of GitHub, then people will be more motivated to send their money to GitLab, Atlassian's stuff, or a bunch of other options. They have legitimate competition here.
Developer's opinions of GitHub and Microsoft in general may be of more longer term importance to them than the MPAA's opinion of them. I'm not saying that that is definitely the case (maybe they're still getting there), but it's worth acknowledging that Microsoft has legitimate actual cold money reasons to fight this. No need to rely only on personal convictions of the people at GitHub.
More effective would be those who are at orgs paying for Github Enterprise to express to their account managers they'll take their business elsewhere if Github is unable to defend it's platform from malicious actors.
Github don't care if you take your code elsewhere. They most definitely care about revenue (and developer mindshare a somewhat close second).
Such a claim is pretty weak, actually. MS would not be held responsible for code in someone's GHE instance any more than they would for a movie stored on an NTFS file system.
So the sales rep is likely just going to be confused by the attempt to use unrelated leverage.
No, but GHE is paid software. And not like it's impossible to migrate, it's just a fancy git frontend after all. Gogs/Gitea/Gitlab CE is completely capable of doing what it does.
Depends on how you do it. Of course if you want to move instantly then that's gonna be hard. But slowly moving isn't that bad, or creating new projects somewhere else and slowly porting old ones.
Even then, it's possible that just companies that planned to buy GHE will simply not buy it and use something open source instead.
Wrong, Microsoft’s internal incentives are aligned with GitHub remaining independent and building developer mindshare. The, relatively, minuscule business they get from MPA (No Azure, Office subs, Windows subs) is extremely fringe in comparison to losing long term developer mindshare. Even if you thought of representative companies in the MPA,e.g., Netflix, Warner, etc., which are only loosely coupled to the MPA itself, this is still tiny in contrast to overall developer mindshare. This is why they reinstated popcorntime etc etc.
I'm anxiously waiting for a quit-GitHub movement. I hold my source code there because of its popularity and "defaultish" nature. Of course I can go someplace else right now, but then people won't find my software.
The occasional prominent developer has left GitHub for GitLab, but it hasn’t made much of a difference. I don’t see organizations moving off GitHub if they’re already using it. I think GitHub is independent enough from Microsoft that the two could take different stances on these disputes. Certainly I’d expect a DMCA takedown of content on a Microsoft service like OneDrive to be ultimately handled differently from a takedown aimed at source code on GitHub...
Thankfully I am not yet required to sign on to github using 2FA that can only be confirmed on a Zune. Microsoft has been pretty good at leveraging github for the publicity of supporting developers (hosting informational streams and the like) while leaving the platform pretty independent.
I wouldn't be surprised if Microsoft viewed Github like McDonalds views the Ronald McDonald House - a long term PR investment that's well worth the marginal cost.
Except that Facebook has been integrating their sign on service into various acquisitions - using Zune (or any hardware) was quite hyperbolic of me. For a more even handed comparison: I'm not required to use a Live login to authorize with github.
I'm a bit doubtful of this. It's possible but Microsoft uses Live for both business and gaming, but they've only had a track record of forcing Live account adoption onto users in the gaming sphere. It may happen, sure, but I don't think it's likely.
That all said I didn't think it was likely that Minecraft would switch over to using Live accounts since Minecraft is so famously cross platform and Live accounts have struggled with that in the past.
They're also boiling the frog on Windows local accounts at the moment. It's no longer possible to set up a new install of Home, or Windows 10 (any SKU) in S mode with a local account without either disconnecting internet during installation or going back and converting to a local account after
Whether we contact our representatives or not, the MPA / Disney / etc have deeper pockets than we do.
We've reached the point where a candidate for the senate will only get the nomination and have a chance to be elected if they spend a significant amount of money on their campaign. There's no campaign limits, so if you don't spend much, you're liable to lose.
As a result, the people who run successful campaigns almost always have already agreed to side with the MPA and other interests that have money.
Us telling our legislature we're not happy about it won't help either because, well, what are we going to do? Vote for the person on the other party? Not likely. Vote for another guy? It's unlikely anyone else will even be on the ballot since both the democrats and republicans will avoid having multiple candidates to avoid splitting the vote within the party.
I agree that the problem is really legal at its root, but I think we need better plans than "contact your representative".
Deep pockets are only useful as a proxy for getting people to vote. What means more than deep packets is votes. If we can bring in votes that is far more powerful than money.
So get out there and convince voters that this is an important topic. The law will change fast if congress decides that not changing it will mean they are thrown out and some other person who will replaces them. So long as they think few people care it will get lib service. (also so long as there seem to be a signification amount of people on the other side nothing will change)
This year many high profile campaigns that spent the most money also lost, and the ones that won by spending the most were not "corporate" but were Bernie aligned.
Sanders, despite some reformist tendencies, is a also corporate-aligned. He is a staunch supporter of the Democratic Party and of its pro-corporate leadership; supports the military-industrial complex and most (not all) of its foreign interventions; and recently voted for the CARES act, which transferred huge amounts of wealth to large corporations.
Those "Bernie-aligned" elected members of the house have just recently chosen to support Hundred-Millionaire house member Nanci Pelosi for speaker of the house. They did not even do this in exchange for anything. Other Bernie-aligned representatives, already in office before this year, have also neglected to act against their pro-corporate party line.
So, the moneyed elites can indirectly win even if they ostensibly lose.
> and recently voted for the CARES act, which transferred huge amounts of wealth to large corporations.
That was a payroll support program like every other country did, plus airline bailouts which were good because they have giant union contracts.
CARES is the greatest anti-poverty measure the US has done in a hundred years and probably the largest downward transfer of wealth in the world. You didn't notice because all left-wing commentators decided to lie about it ("we only got $1200 checks") instead of reading about how the unemployment benefit worked.
While you may be able to point to one or two anomalies, we need more than that. If the MPA has the ear of 70% of congress, that's still enough to have their way on legislation, regardless of a few fringe elements.
is not necessarily incorrect. But it is also possible that it is the other way around:
being popular => receiving funding => winning
I.e. candidates which are more popular tend to have an easier time receiving funding. Or, it could be some combination. This would also explain the outcomes you point to.
Has there been even a single move away from ever more draconian copyright? Just the last budget bill had provisions for more criminal enforcement of copyright and with bipartisan support. If this is a slippery slope it's a steady and worryingly unstoppable one so far.
Civil disobedience through distributed systems seems like the only answer right now.
Your legislators can't hear you over the sound of millions of dollars from Hollywood getting deposited in their campaign accounts.
It's weird that we expect Github to do that, in a way. The repo might well be hosted on there for free, but we all want Github to spend a ton in legal fees to defend something they make zero cash from.
I'm not sure what my point is here other than finding it sad that code hosting is so centralised.
Github's market position is in no small part based on network effects and depends on nearly every open source project being hosted there.
Now imagine a competitor promising some kind of protection against these kinds of frivolous DMCAs. That could lead to a large chunk of media, p2p and security software moving there, threatening Github's position in those niches and putting that competitor on more equal footing.
I think it's in Github's interests to push back on this. MPA's dubious legal requests likely cost Github time, money, and PR to resolve properly. It adds up over time and I doubt any company wants to be caught in the middle of an arms-race conflict like this, nipping it in the bud could very well be worth the upfront legal fees.
I imagine MPA would also be emboldened by this if Github removes the Nyaa repository forever on what is basically a pretty flimsy basis ("Nyaa.si uses the code and that's a piracy website so the code itself is piracy").
>A better way would be to start excluding MPA and their behaviour in our open source licenses.
This is a remarkably good idea. Add an explicit clause to major open source project licenses that disallow use by the MPAA and similar groups, along with enough explicit damages spelled out to give it teeth.
