The DMCA (Digital Millennium Copyright Act) is an odd piece of legislation; it was another centrist bit of legislation signed into law by Bill Clinton. I’m not going to say it’s bullshit because it was produced under Clinton. It’s bullshit because it’s American.
Let’s go back to the early days of the internet boom: there were businesses preparing to make huge amounts of money by carrying other people’s content: search engines, image hosting sites, print on demand services, – tons of sites that were going to carry “user-generated content” and that brought with it a problem: copyright. It escaped literally nobody’s notice that many extremely valuable “sharing” sites were built out of intellectual property that was posted in violation of the owner’s copyright. Allegedly, the original founders of Youtube promoted the site by deliberately uploading materials that violated copyright – users and visitors quickly learned it was a place where you could find stuff, and things took off. Content draws content. And a lot of people don’t understand copyright.
As a photographer who used to post images online, I was constantly having problems – several times a week, sometimes several times a day – I’d get notices from other online fans, “this guy has a gallery of your images” and I’d have to figure out how each site did its copyright discipline, then send emails and wait. Sometimes it would result in the images being taken down, but often I was just wasting my time. The DMCA changed that. But not for the better – it just looks like it might be an improvement.
It’s complicated but I’ll try to explain DMCA in a nutshell: as long as a site has a process in place for managing copyright “take down” requests in a timely manner, they are freed from liability regarding user-generated content. Seems reasonable, right? A site gets a specific format of email to a specific account (generally abuse@site…) and they don’t have to worry about getting sued as long as that happens within a specific amount of time. There is one side-effect of this: sites have no interest, in fact are discouraged from, investigating a claim – in order to be safe, they just take down the content. For sites of any significant size, that means automatically.
There’s a more subtle side-effect, and that’s that it shifts responsibility from the site’s knowing what data they are hosting, to the owner of the data having to know about any site on the great big internet that is hosting their data. And, there are many sites on the internet, right? At last approximation, 1.88 billion – and it’s a content owner’s responsibility, now, to protect their intellectuial property on 1.88 billion sites and none of the sites are responsible for a damn thing except responding in a timely manner to a DMCA request assuming it’s a site in the US. If it’s a site somewhere else, the copyright holder can pretty much go fuck themself. That’s the legalese for it. Of course, different countries have their own copyright laws, but for a small-timer to deal with filing an international lawsuit in another language and time-zone – it’s pretty much “forget it.” So the way things work out is:
- Suppose you are Disney and you employ a literal brigade of lawyers and have effectively an infinite amount of money: you can afford to use a service that uses various image-scrapers and fancy-ass content-matching algorithms to find your content, automate sending DMCA or whatever’s appropriate for whatever jurisdiction, and people pretty quickly realize that posting pornographic Star Wars edits will get them a very lawyerly “Cease and desist” and their hosting site may delete their account – or worse.
- Suppose you are some amateur photographer or artist (or blogger) and you don’t make any money doing it, and do not have an infinite amount of time and money: you can get fucked. In order to ‘protect’ your rights you would have to spend every waking hour of every day, pro bono, sending out DMCA “take down” requests and learning copyright law in every country where your content is being stolen. And it still won’t have any noticeable effect. Thanks a lot, US legislation.
If you want to understand anything about anything in the US, ask yourself first, “how does this benefit corporations and rich people?” and if that doesn’t lead you to an answer, then ask yourself, “how does this benefit white people?” (Slightly redundant since white supremacy and oligarchy overlap a fair bit) and that’s going to tell you all you need to know about DMCA: it shifted the burden of worrying about copyright off of all the huge websites that make vast fortunes off of user-generated content, and onto the little guy.
There’s another side-effect to DMCA, which law-makers were warned about, which is that DMCA effectively offers a “heckler’s veto” of sorts: someone who does not like a particular person or their content can file a fraudulent DMCA takedown, and the hosting site will immediately require the material be taken down – whether or not it’s clearly a violation or a fraudulent request – because otherwise they risk being caught outside of the “safe harbor” provision, and the only safe path for a content hoster is to stick within the safe harbor. Of course, they have provisions whereby you can challenge the takedown and re-instate the content, but once again, it’s the content creator that has to bear the brunt of the activity. But wait – it gets worse – sites that “monetize” (i.e.: can pay content providers for adding value to the site) are incentivized to make it difficult for a content provider to re-instate their content because that way they don’t have to pay the content provider. This has happened many times on Youtube, for one example: someone doesn’t like some popular content provider and files a spurious DMCA from an email address that’s hosted in Russia – the content provider’s entire account may be locked and Youtube no longer pays them for the time that the account was de-monetized or during the entire time that the content provider frantically worked to defeat the spurious takedown. Then, when everything is back up – another takedown. Frequently a content provider will “flip their shit” at the site, which then makes the ban permanent, pocketing all the money and leaving the non-contested content up. There are internet “haters” who go around trying to lock up atheists, transpeople, drag queens, and people who disagree with them politically. That’s their hobby, and damn cheap fun it is, too. The end result is a ruthless pressure to post content only for free, and only that you completely control. The site bears nearly none of the costs, the providers bear almost all of it, and the hacker’s vetoers bear none whatsoever. It’s all backwards but that’s capitalism.
I’m not a lawyer or a billionaire, unfortunately, or I’d spend a lot of money on lawyering to blow a great big hole through the situation by pushing to amend DMCA to encompass “constructive knowledge” – i.e.: I ought to be able to notify a site “this image is mine (and here is proof) and anywhere you see it being uploaded, you now have been served notice it is mine and it’s your responsibility not to host it.” That, by the way, is the situation that prevails for the big guys: does anyone who is reading this not know that Mickey Mouse belongs to Disney, Inc.? See what I mean? You have advance knowledge of Disney’s copyright. Why not require that anyone with advance knowledge of a particular copyright should not get the DMCA safe harbor provisions if they host it? Of course that would make life difficult to the content hosters. They would scream bloody murder, because it upsets their sweet little applecart, which depends, in effect, on their saying “no we have no idea who owns what so it’s not our problem.” That’s a ridiculous position to take, but DMCA is based on exactly that fake agnosticism.
Right, so why is all this relevant?
FTB recently got a DMCA takedown order forwarded down from the hosting provider, naming one of my articles as infringing on someone’s copyright. The article in question is one in which I used my own photography – and all my own arrangements of English words – it’s the one that used to describe the “how to make a delicious dish out of noodles and peanut butter and sriracha” [stderr] Naturally, after the Richard Carrier lawsuit, FTB’s legal advisors are going to be conservative so I was asked to take the content down. That doesn’t bother me, because I don’t get paid for any of this, but it ought to bother you because now you can’t get to my recipe.
Well, that’s not strictly true, because you can still read it, in its entirety, [here] But for now I am expected to waste time on this and potentially have to worry about bringing legal liability onto FTB, because I posted a fucking recipe with my own fucking photography on a fucking website and some rando asshat on the internet decided to submit a takedown. What’s completely freaky about that, is it makes no sense at all that they would want to draw attention to themselves, but – that’s what they did.
First, and most infuriating, how did I violate the copyright of an article written September 3 with my article written August 10? I know it’s pretty simple to edit dates but for fuck’s sake that’s just stupid. But FTB’s hosting service said “take it down” and are completely – as a side-effect of the safe harbor – uninterested in reason.
Secondly, I have the originals of the images, still. I won’t post them here but here’s one of them without being edited with my usual suite of edits – I just resized it. In a rational world, all I’d have to do is respond, “Obviously the image is mine. Ask the complainant to provide a full-size unedited copy (like this: attached) and you’ll see they can’t unless they build a pretty exacting reproduction of my kitchen counter including the vintage Dualit toaster and Keurig machine.
But, see, the way the DMCA slice-o-matic game works is that the hoster can deflect all rational argument and say “We don’t adjudicate because that would bring responsibility on us. We just act.” So my job then becomes that I have to contest the takedown, which I eventually will – but in the meantime, what about our mystery gomer?
Well, I looked on their site and there are a few things. One, it’s hosted on a German web-content platform that has a notable history in the security community of never replying to abuse@… emails. And the complainant’s address is allegedly in California. Personally, I doubt they exist, but that’s – thanks to DMCA – not their problem, it’s mine. Naturally, I sent an email to their hosting service but since it’s in Germany there’s no DMCA, I just have to make threatening copyright noises. Which is, as they say, “pissing in the wind” unless you’re Disney or Warner Brothers or Netflix.
Being a curious sort, I did a bit more research on the complainant’s pages. It looks as though the “site” has been populated by some kind of “page populator” AI for some reason. I’m not sure what’s going on or what’s the point, but there are many many postings and they’re all farmed from other places. (You don’t need to check.) Here’s an example [url]
But I’m patient, and I decided to do a search for the text of that first paragraph, because I suspected (being the suspicious sort that I am, right now) that maybe that content was not original to the site. And, this is what I found:
I’m intermittently targeted by spammers and scammers, ever since I taught classes for USENIX on spam-blocking, and wrote an expert opinion for ICANN that “spam is definitely a security threat.” The expert opinion triggered such a raft of complaints – exclusively from spammers – that their rights were being violated, etc., completely ignoring the main point of my opinion, which was that spam is often used as a vehicle for phishing and pharming attacks, in addition to basic credit card fraud, that it would take a dishonest idiot to claim that spam was not a security problem. So, I got on the radar screen of a lot of spammers and scammers and even got an anonymous email suggesting that someone might come to my house and “sort me out.” Unfortunately, they did not get a reply since the email was from a fake address. I have a stock reply for such things which is, in effect, “I’m usually home weekdays after 5, though you can call ahead and schedule an appointment. PS – I am going to be pissed if you “no show” me after I spend an afternoon lying in my field wearing my ghillie suit waiting for you, those things are hot.”
So, I know PZ isn’t particularly impressed with the quality of his annoying correspondents – christians, muslim evolutionary biologists, people who see worms on lunar rocks, etc. – but I have a higher order of jerks to deal with. Since I retired from security, I haven’t had a problem, so it’s a bit annoying although the last 20 years of my career were a veritable flotsam of this kind of shit. My Rolodex has gotten thinned out by being away from the scene, so I no longer have the clout and the phone numbers to call folks who work for police or intelligence agencies, and many of the folks who used to owe me favors have moved on. And, should I contact the security team at Facebook? Probably not – I hate Facebook and most of them know that. Back when I was still consulting, I kept much more quiet about things like that because you never know who might approach you as a prospective client. Yes, you’re probably thinking “Oh, so Marcus didn’t used to say nasty things about the FBI? Is he getting this stuff out of his system?” Yes, and you don’t know the half of it.
Anyhow, let’s see if our gomer antes back up. Typically, they don’t – they’re usually pretty ignorant and lazy and they just go somewhere else. They’re not interested in an extended battle because it doesn’t make them any money and it might cost them a fake site or a fake account or two. Meanwhile, over here, it’s cost you a recipe.
If anything else happens I’ll post about it, but otherwise I’ll try to get my page reinstated.
The example I gave, of how a well-funded adversary could seriously fuck over websites using the law is basically the strategy Peter Thiel used against Gawker: crush someone with lawyers and everyone else changes their behavior. If fate had dropped a few hundred million dollars on me, I’d peel off a few tens of thousands and tell my lawyer “go make a project out of this guy” and see what happens, but it’s just not worth the price of the show. By the way the “go make a project out of that guy” is a quote from a CIA intelligence officer I used to know – a real cold warrior – and, seriously, it makes your blood run a bit cold to think what a completely uncontrolled intelligence agency “making a project” out of someone means. Nowadays it’s probably a generational thing; they just send a drone.