"Github is required to instantly remove infringing repositories when a DMCA request comes in."

In order to maintain safe harbor, Github is only required to remove things in response to a valid DMCA notice.

They are welcome to push back on invalid ones with no fear of anything.

Invalid DMCA notices do not give any notice, so they wouldn't even be in trouble under the red flag provisions.

> In order to maintain safe harbor, Github is only required to remove things in response to a valid DMCA notice.

Which is a dangerous bet to make, if they mis-classify a request as invalid they've lost their safe harbour and can be sued. It's easy to understand why they'd take the content down straight.

That's not entirely true. A website operator is not compelled to remove content on the receipt of a DMCA notice. If Githib fails to remove the content, they lose their 230 safe-harbor protections, meaning they could be sued for secondary liability for copyright infringement.

Github definitely has compelling incentives to remove content on receiving a DMCA notice. If they receive a notice that they think is completely bogus, they do have the option of not responding to it.

To clarify would they lose safe harbor site wide or be on the hook for this specific infringement if held up? If they choose to ignore, get challenged and lose do they lose safe harbor on all content after that?

Only to the content in the DMCA. But that can be very expensive. Do you think Github wants to fight a copyright suit on behalf of something obvious pirate software?

Plus they'd definitely lose.

It's not at all obvious they'd lose. Github is not violating anybody's copyright. They're only distributing source code, presumably with the full consent of the authors.

Github doesn't need to violate copyright. Github would be sued under a contributory infringement theory (i.e., the same one that took down napster and kazaa), and could be found liable for the infringement committed by others. The point of the DMCA safe harbor is that by responding to takedown notices (and by not deliberately hosting infringing material), they are immune to infringement actions for hosting infringing material.

How's that any different from Google linking to the thepiratebay homepage in its results?

... and to specific magnet links.

(Not a lawyer) My understanding is that you can't file a DMCA takedown against content/code that you don't own.

That's incomplete, you can also file DMCA takedown if you're the owner, an agent of the owner, or if the content is obviously illegal, as per 17§512 (c) (3) (A) (v):

> A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.

(emphasis mine)

Of course the third case is a very dangerous game to play, if you're DMCA-trolling (filling false notices) you're guilty of misrepresentations which is covered by 17§512 (f):

> Any person who knowingly materially misrepresents under this section—

> (1) that material or activity is infringing, or

> (2) that material or activity was removed or disabled by mistake or misidentification,

> shall be liable for any damages, including costs and attorneys’ fees, incurred by the alleged infringer, by any copyright owner or copyright owner’s authorized licensee, or by a service provider, who is injured by such misrepresentation, as the result of the service provider relying upon such misrepresentation in removing or disabling access to the material or activity claimed to be infringing, or in replacing the removed material or ceasing to disable access to it.

The copyright to the code of Popcorntime is held by its authors so a DMCA takedown on the code can't be issued on those grounds. However, it acts as a technology circumvention device (in a circuitous way) since it provides access to media that originally was encrypted.

17§1201 a.2:

No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that— (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

17§1201 a.3.A:

to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and

You're missing the relevant portion of the law. For a DMCA takedown notice for code, it doesn't matter who owns the copyright for the code. It is sufficient for purposes of the DMCA notice to allege that the code is being used for infringing purposes. 17 US 512(c)(3).

Well, you can, but that would be fraudulent. But whoever you sent the DMCA takedown notice to, it's not their concern and not their duty to check whether you're the rightful copyright holder or not.

Does this mean that someone could take down all of github by sending (fraudulent) DMCA takedown notices for every single repo (from some fake return address)?

And then it would then be incumbent on the users to fight that?

No. The main requirement for a DMCA request to be valid is that it come from a real entity. If you sent them with a fake return address they wouldn't be valid DMCA requests anymore.

That said, yes the DMCA can be abused. The check against that is the same check that exists against other kinds of fraud: it's illegal.

Yes. But in that case, GitHub would likely fight an obviously fraudulent copyright claim, as it would wreck their business.

They're not hurt at all by popcorntime going down.

I don’t know, they seem to be being hurt a bit in the eyes of developers right here in this discussion.

You can. It's just that the actual owners will probably sue you for doing so against their work if they've given permission to legally access it and you try to revoke that with a DMCA.