212 comments

[ 602 ms ] story [ 314 ms ] thread
(comment deleted)
Good of a platform to stand up for their users against DMCA abuse. Obviously Shopify relies on credibility if they are to handle the business transactions of their customers, so it is a smart move. Though it may be costly for them. Wish certain other platforms would do the same, if not for every bogus claim, then at least to set a precedent.
Let's not be too generous here. From the article it appears that:

• An account with unverified credentials was allowed to make a substantial number of DCMA takedown requests without any kinds of checks or limits

• Shopify had DMCA automation that either assumed guilt for each accusation or applied woefully inadequate heuristics in apllying them

• The accused have access to appeal process that leaves them suspended and thus unable to operate their businesses in the Shopify market for two weeks

• Shopify took legal action, not to protect their customers, but because reputational loss from the uproar their handling of this situation caused

From my perspective, there are two parties at fault here:

• The user that made this false takedown requests

• Shopify for:

    • not doing due-dilgience on the user making them,

    • for automating the process with poorly tested and/or inadequate algorithms/heuristics,
    • for not promptly following up on appeals, leaving businesses unable to trade for an unreasonably long period of time
If Shopify wish to aggressively automate to save costs (increase their own profits), then they should have a large enough team to handle appeals promptly, i.e. within 24 hours.
agree, it's unfathomable to me how an unauthenticated user can just make shops go offline with a false claim. This should send a strong signal to shopify users to change to a provider that cares about all users, not just the aggregate numbers.
Is shopify membership free?

If not, you definitely can't require companies pay you to be able to make DMCA takedown notices.

Oops, went and looked - it's not free. So that's why.

Obviously a bug in the system there needs to be another tier for companies to make DMCA takedowns somehow, I bet someone there is working on that now. Bet it's not easy though.

on edit: what I don't understand though, do other companies pay for shopify just to make takedown notices? Their pricing model and the wording of the article implies they do - that's weird. If I was a lawyer doing shopify takedown notices for my clients I'd get pissed.

> it's unfathomable to me how an unauthenticated user can just make shops go offline with a false claim

That behavior is strongly incentivized by US law (the DMCA), which holds Shopify liable for any copyright infringement by the shops on its site unless it performs takedowns in exactly this fashion.

To be sure, the law does require the person or entity filing the complaint to attest "under penalty of perjury" that the accusation of copyright infringement is true. But I am not aware of any cases ever where someone was prosecuted for filing false DMCA claims.

If this Shopify lawsuit were to hold the person submitting false claims liable for Shopify's expenses in handling the false claims, that might set a useful president.

Is there no governmental IdP they could connect to for matching the DMCA's with real entities?
No, there is not.
>To be sure, the law does require the person or entity filing the complaint to attest "under penalty of perjury" that the accusation of copyright infringement is true.

It doesn't. It requires them to attest under penalty of perjury that they are authorised to act on behalf the copyright holder, but not to the accuracy of the take-down claim.

I’m flummoxed by the fact that anyone would understand “under penalty of perjury” to include an anonymous guy who is under no risk of being prosecuted for perjury. I would have interpreted this (maybe with the aid of a declaratory judgment?) as a defective notice.
> To be sure, the law does require the person or entity filing the complaint to attest "under penalty of perjury"

Yet another case where powerful legal actions are taken onlime with a single mouse click. Some (FEW) things really would benefit from a physical world friction, like notarization.

Isn't the onus on the provider (Shopify) to quickly respond to DMCA requests lest they are legally liable for the content on the platform? Let's say they completely manually responded to DMCA requests, for example, what is the amount of time they're allowed to take before responding - 24 hours, 7 days, 30 days?
I'm not suggesting they manually respond to DMCA requests. I'm saying that should they wish to automate the process, they should have a large enough team to handle the appeals from such an automated process promptly.

A business being taken offline for two weeks without notice or recourse is unacceptable in my opinion. How many small businesses have the reserves to weather that? And even if they did, the stress of it happening again a week later, or the week after that?

The DMCA requires that the material be restored “no less than ten days”[1] after receiving the counter-notice, to allow the person who filed the original takedown to file a suit to keep it down if they are serious.

The penalty for the platform is that they lose their safe harbor; if a takedown has merit and they restore it before 10 days they could be sued too. I do wish platforms would go to bat for their users when a takedown was obviously fraudulent and restore the content immediately, but getting it wrong would be expensive.

[1] https://www.aclu.org/documents/text-digital-millennium-copyr...

Alternatively, the same law that created the takedown process should be amended to handle the requestor authentication process. It doesn't make sense that every company needs to duplicate these efforts.
The DMCA takedown process is broken as it misaligns incentives. It should be a challenge-response based, with statistics counted:

Rights holder claims IP violation -> content uploader challenges the claim -> IP owner challenges the counter-challenge -> governmental agency steps in -> elevated number of unfavorable judgements result in legal action.

The current process places very little disincentive to place bogus claims, because very few content uploaders gain enough from content distribution to challenge the claim in a court of law and put possible perjury to the test, especially in non-obvious situations.

The modified process still places incentives to file claims out of judicial system, however it places disincentive on submitting bogus claims. Claims can still be submitted by automated systems, but presence of counter-claim incentivizes detection quality as drop in automated detection quality is automatically balanced by increased manual review cost, which is in turn balanced by risk of losing access to the quick process itself. Such system still incentivizes finding mutual agreement out of judicial system while protecting those willing to challenge on both ends.

I wish some people from non-western countries would step up and file more fraudulent DMCA notices. Preferably from Russia or China, where they are out of reach for a western court. The current DMCA system needs to learn some defenses against misuse.
They have defenses. I invite you to go and try to send a DMCA takedown request for any of the videos on this channel https://youtube.com/@therecordingindustryassoci7122 and tell me if your request gets denied or if the video actually goes down for a few hours. Reverse the roles and you get an insta-takedown.
I would imagine the music industry largely doesn't file DMCA notices on YouTube.

YouTube has an additional layer on top (Content ID), through agreements with music, tv, and movie industry, to automatically flag supposedly offending material so it can be 'acted on' without anyone needing to file a DMCA notice (or Youtube get sued even more).

That's an incorrect assumption. There's large volumes of music content that slips through content-id regularly that is then manually flagged (sometimes years after uploading). However the quantity is overall less for music than it is for protected video content takedowns.
The current system is incredibly one-sided. I had a company remove a video that was saying negative things about it with a fraudulent takedown. It eventually went back up, but they were able to keep it offline for 10+ days and I had no recourse.

I wish the free speech caucus realized how it can be weaponized to suppress speech. Sometimes I wish someone would DMCA a bunch of congressional campaign ads, because if pols realized how one-sided and ripe for abuse the system is they might actually fix it.

From what I see in the news from the US the free speech cause is basically about freedom to harass, so DMCA notices fit well into this narrative.
That is because good uses of free speech don't make the news. Anytime you see the news remember if it is common or good it isn't news.
Solution: use fraudulent DMCA takedowns to take down harassers.
Your news is biased and your intellectual discernment of motivation for free speech is that of a child (or slave, or wannabe tyrant).
You should reevaluate where you source your news from because that blatantly false. One of the biggest defenders of free speech in the US is the ACLU and that is a categorically incorrect assessment of their motivations and activities.
(comment deleted)
Importantly, I think there is a useful parallel here with the behavior that led to SLAPP laws which now exist in most states.
I was working for a start up company that had internal documents leak and got published by the media. The DMCA takedown requests were ignored by the big tech companies hosting the documents.
If the big tech companies apply human review to takedown requests against major media clients - I have no idea if they do despite having previously worked for one of them in an entirely unrelated role - they may have concluded that the posted leaked document was non-infringing fair use under the law.

Of course, they could be right or wrong, but you’re allowed to sue them in order for a court to decide that question if they decline to take it down. The takedown procedure is not legally mandatory, although the DMCA safe harbor limiting service provider liability does not apply without it.

I’m not a lawyer and am just discussing here for general information purposes rather than legal advice, so double check this with your own lawyer before filing any such lawsuit. But I am far more familiar with this area of law than most non-lawyers, for various reasons.

> Sometimes I wish someone would DMCA a bunch of congressional campaign ads, because if pols realized how one-sided and ripe for abuse the system is they might actually fix it.

By giving themselves an exemption, like the anti-telemarketer laws.

The defective system is the legal invention of "copyright".

Get rid of the nonsense that "stop copying me!" should be raised to a cause of action, and we're good.

The world can survive if the top few percent of musicians, writers, and actors make a little less money, that they were receiving based on that fictitious tort.

Would you even have heard of those "top few percent" of musicians if there wasn't some way for them the capture some of the value they create, both for themselves, and to pay for marketing etc? Or would they just play for fun for a few friends? Why bother?
The best musicians are playing for fun anyway. Some latter make it big, but most don't
Actors and musicians used to basically be hobos wandering from town to town, because their art was not essential. Copyright made them kings, yet their usefulness hasn’t evolved. But don’t get me wrong, I love music. It’s just that essential activities like farming didn’t receive the same treatment.
Concerts. Music's version of the freemium model.
OP is having problems because he is a "random" Shopify customer.

If non-Western actors targeted the top 1,000 Shopify stores with an automated system --> I imagine it would get fixed sooner.

notices, even legit ones, get ignored when against powerful parties that could change the law. So (ab)use won't work to change the law.
How about narrowing their intake of DMCA notices to certified mail? That ~$5 tax would go a log way to eliminate fraud.
Shopify is ecommerce. A competitor that wants to bring another website down can gain millions of dollars. So $5 is irrelevant here.
Sending certified would require the sender to be Ided and not be anonymous.

It would also probably be mail fraud to submit a bogus claim.

Though there is a balance here that needs to be found.

I still find it a little wierd that those takedowns are sent to shops. What copyright are the shops violating?

> Sending certified would require the sender to be Ided and not be anonymous.

I sent a certified letter a few weeks ago and was not required to show ID.

> Sending certified would require the sender to be Ided and not be anonymous.

Sending certified mail in the United States absolutely does not require showing any identification at all. You can even do it all online.

I'd be very wary of committing a potential fraudulent action over certified mail itself. Doing so will allow an entirely different police force to investigate you, and one that may be much more willing to investigate if the victim brings a claim you're committing fraudulent actions via the postal service.
(comment deleted)
>Through discovery, Shopify hopes to identify the John Doe and hold them responsible for the recent wave of DMCA abuse.

This sounds quite bizzare. Is this a DMCA feature or just Shopify's sloppiness ? How did they act upon DMCA notices without even knowing the identity of the claimant ?

Claimants don't need to provide any sort of identity documents. This is a common path of harassment on YouTube for example - make a fake email and submit a DMCA against someone's channel.
That seems horrible
It’s even worse. If you have an anonymous YouTube channel, I could file a false DCMA claim against you, unauthenticated, and if you want to counter it you have to dox yourself to me (or hire legal counsel to act as your agent and be doxed instead).
That is not part of the law, and infact the legal requirement to submit a DMCA take down is to affirm under penalty of perjury that you own the copyright or are authorized to act on behalf of the owner

paragraph 3A(vi) requires:

    A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly in-fringed.

This would then necessitate some kind of identity confirmation, the fact these companies for their own expedient and costs have implemented an easily abused system because "scale" and over reliance on automated systems
Further, it requires that notices contain (per paragraph 3A(iv)):

> Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.

so if they can't get a hold of John Doe, these notices would seem to be invalidt to me.

> affirm under penalty of perjury

But unless that penalty is actually imposed the law isn’t worth the paper it’s printed on.

> Shopify says that it’s not feasible for the company to investigate the validity of all takedown notices in detail. As such, these false claims resulted in actual removals and the affected stores also received strikes on their accounts.

Strikes are not part of the DMCA but something Shopify has chosen to add themselves. The DMCA does not require any account termination at all. Perhaps they should focus on fixing that first in order to protect innocent merchants.

Untrue. Service providers that wish to benefit from the DMCA liability safe harbor must indeed have policies in place to terminate repeat infringers, and must reasonably implement those policies (so not just written policies they ignore).

Source: 17 USC 512(i)(1)(A)

https://www.law.cornell.edu/uscode/text/17/512

Of course, these policies are not required by the law to count fake infringement claims toward the evaluation of whether a user is a repeat infringer, even though many do. So Shopify could add a “was this legit?” element to their repeat infringer policy in order to mostly or entirely negate the impact of fake claims, possibly with human review before termination. That’s more work than most companies at their scale want to put into making sure their strike system is equitable.

Maybe we need a provision of labels Shopify a repeat offender and as a result disallows their automated DMCA processing? YouTube too!
Interesting. Notice that 17 USC 512(i)(1)(A) calls for termination of repeat infringers but the rest of the law is careful to talk about alleged infringers. How is a service provider supposed to determine which of the alleged infringements were actually infringements?
Unstated. I imagine a range of approaches would probably be upheld by the courts.

In practice, there isn’t much incentive for the big providers to doubt the takedown notices as applied to most customers. After all, the pushback against them for being too quick to terminate will generally be comparable or milder than that for them being too slow to terminate, given who has the money and influence, plus it takes more work from the provider to be protective of legal reuse than to assume all notices are legitimate.

Some cases of reuse-protective approaches by service providers do exist, of course. I suspect this happens when the provider is small enough to either have a reuse-protective ideology or simply to take a personalized rather than automated approach, and also when a big provider views a customer as lucrative or influential enough that they don’t want to punish them incorrectly.

> How is a service provider supposed to determine which of the alleged infringements were actually infringements?

Here's an outline of what the service provider has to do when they receive a notice from a complainer about alleged infringing material posted by a user of the service, if the provider wants to take advantage of the DMCA safe harbor.

1. Do a simple check of the complaint to see if it contains the required information (contact information of the complainer, asserting that the complainer is authorized to act on behalf of the copyright owner, description of what specifically is allegedly infringing, etc).

2. If it passes the check remove the alleged infringing material.

3. If the alleged infringer tells service provider that the material is not infringing, the service provider must restore the alleged infringing material, and provide the complainer with contact information of the alleged infringer.

After that if the complainer wants to force the removal of the material they have to bring an infringement lawsuit against the alleged infringer.

If the complainer does so and wins then the person who was an alleged infringer becomes simply an infringer.

The complainer can again ask the provider to take down the material, but this time instead of making a DMCA request they can provide a copy of the judgement from that lawsuit. That makes the provider aware that the material is actually infringing, not just allegedly infringing, and the DMCA safe harbor is not available. The provider must take down the material or the provider itself might be liable for infringement.

The problem with Shopify is that literally anyone can open a fake account and submit a DMCA to take down any competitor.

Check how basic their form is >> https://help.shopify.com/en/legal/dmca#/form

We've been harassed by the same scammer that placed 7 fake DMCA over the past 2 weeks and Shopify automatically removes you content with zero check. That dude just mentioned the product pages he wanted and used totally irrelevant links as a source for what he claims was the original content even a .xyz domain.

Shopify support does absolutely nothing even if you send them 20 emails.

Hundreds of legit businesses are affected by this loophole exploited by scammers.

See https://twitter.com/hashtag/FixShopifyDMCA?src=hashtag_click

What does the scammer get out of it, is it a way to “take over” someone else’s order flow by being the sole supplier of some good?
Not a scammer, per se, but a competitor. Easier to compete when the other products have all been taken down.
That is the benefit I see. The scammer is eliminating the competition.
take down competition
There are many people who make their livelihood by drop-shipping products from China.

Since the products are identical the only way of succeeding is being the store that the customer sees first. Some invest heavily into SEO/Paid Ads. Others try and harm competition like the DCMA requests and leaving negative reviews.

But one thing I've seen first hand is that the competition is brutal. Everyone just steals website content, images, marketing material etc from the competitors. Whatever they can do to get ahead.

I’m sympathetic to content creators generally but I find it hard to sympathize with drop-shippers - it seems like such a silly, useless and unnecessary business. Perhaps there’s an analogy to High Frequency Trading though - they “provide liquidity at the margin” for crappy goods?
Drop-shipping DID have a purpose back in the 80-00s when you couldn't buy the stuff one off from platforms like AliExpress, but most dropshippers aren't doing it like the drop-shippers of yore did it.

Starting the "back in my day rant": In the past, you would actually negotiate with your manufacturers about how many items you would purchase over the year, and that would determine the discount you got on their SRP. You could then mark it up, but for the most part you didn't, and your profit was your discount.

Now days, though, everyone is just plugging directly into AliExpress/Temu/Wish, and marking it up. They are just a lazy low/no-value middle-person between me and cheap knockoffs from China. The "clever" ones are worse, because you might not even realize you are buying a knockoff. The packaging, images, titles, and descriptions will be 1:1 with the real product.

While this is true of people only doing drop shipping, my company does a lot of drop shopping and JIT delivery. We have our own inventory, but we also have contracts with vendors that are not available to consumers.

We are also better equipped to guarantee supply chain integrity and have much better customer service. Getting a warranty on a part can be difficult, but we have dedicated people who work with vendors every day. All the customer has to do is stick a shipping label on box.

Philosophically, how do drop-shippers compare to, say, furniture shops that only have showpieces on display. And when you pick a piece, they pass along the order to the manufacturer to deliver.

Or for that matter, car-dealerships operate on the same model.

They're not operating a showroom.
It would be more analogous to hft if

1. Platforms could detect they're sellng the same piece of good and automatically sort by price

2. There's no material difference between vendors other than pricing and offering, e.g. in customer service

3. vicious anti-competitive behaviour like those illustrated here are heavily regulated

When all these are true the vendors that survive would be ones that offer the best price among those who offer goods of the same level of crappiness.

You raise a interesting point that is lost on a lot of anti wall street folks. Imagine if consumer products had Reg NMS.

No matter where you go and buy a fungible consumer product (SKU), the retailer was regulated by law to give you the best price available anywhere in the world at that exact microsecond.

1. Identify a thriving niche, and stores within that niche.

2. Copy everything they do. Steal their photos, descriptions. Everything, really. Launch a bunch of stores that sell the exact same thing, with exact same listings, etc.

3. Attack the store with bogus DMCA takedowns, deluge them with fake reviews.

4. Boost your own store(s) with fake positive reviews.

5. Replace the stores you are competing against.

If you're located in China and can do that with impunity, what are the owners going to do? Amazon seems to be happy for any business.

> We've been harassed by the same scammer that placed 7 fake DMCA over the past 2 weeks and Shopify automatically removes you content with zero check.

So much for " The e-commerce platform typically receives thousands of takedown notices per month from rightsholders, which are in part processed automatically. That works well in most instances, but not always."

As a person who's built at least half their career on Rails, I want Shopify to succeed in a big way, but every "platform" acts the same way. What's worse is that I've read other stories from Shopify creators who are having their stuff directly ripped off, and their complaints have no effect.

Why do the people running platforms all wink and nod, and agree to enshittify the service for the creators in the same way, leaving them nowhere else to go? Seems like there's an opportunity to make more money by breaking the mold, and being a platform that favors creators over complaints.

Ahhh, don't worry; I'm sure AI will sort all of this out shortly. <eyeroll> Anything to avoid hiring actual people with brains to sort these kinds of things out.

If these automated systems are so great, you'd think there'd be relatively little gray area for human beings to sort out, but no one seems to actually do that, until a stink is made on some social media that the company can't avoid.

Providing good service costs more and the vast majority of customers will not pay for it no matter how much it hurts them.
How does a major corp allow this to happen. Isnt the solution as simple as:

1. Forcing a seasoning period on new accounts before they create DMCA requests

2. Ranking the # of DMCA requests by account and increasing scrutiny of top complainers

Could someone in the know explain how Shopify can continue to avoid the problem despite obvious solutions?

I think they legally have to allow anyone to submit these requests and act on them immediately otherwise they could be held liable for copyright violations

https://en.m.wikipedia.org/wiki/Notice_and_take_down

> Provided the notification complies with the requirements of Section 512, the online service provider must expeditiously remove or disable access to the allegedly infringing material, otherwise the provider loses its safe harbour and is exposed to possible liability.

>> requirements of Section 512

Which include :

> Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number and email address

To which they respond:

>> Shopify says that it’s not feasible for the company to investigate the validity of all takedown notices in detail. As such, these false claims resulted in actual removals and the affected stores also received strikes on their accounts.

(comment deleted)
Unlike the DMCA takedown, the "strike" is by no means required by any laws. That's just Shopify choosing to penalize takedown recipients without doing any investigating.
The idea of "strikes" is pretty standard in the US from the 90s era "3 strikes" crime laws (i.e. commit 3 crimes and you get life without parole; these have generally been repealed in the last 5-10 years or so) that were inspired by the rules of baseball where the batter is out after 3 unsuccessful swings or hittable pitches he didn't swing at.

It isn't a good system but Youtube in particular was loaded with pirated content in the early days before Google invented automated copyright moderation so they most likely needed to do something drastic to delete pirate accounts to avoid legal trouble with the copyright lobby and everybody else just copied the idea as a "best practice".

It is kinda required. The DMCA requires you to implement a policy for terminating repeat copyright infringers. You aren't required to call them "strikes", but you have to keep track of who is a repeat infringer and terminate their account. You have some leeway in how you implement it, but you do need to take action against repeat infringers. As such, any infringement that doesn't get overturned will end up as a strike against you (whether it's called a strike or not).
> Shopify says that it’s not feasible for the company to investigate the validity of all takedown notices in detail.

In other words, they don't want to spend the money to fulfill their responsibilities.

While true, the DMCAs abusability is the real problem here.

That was built into it on purpose.

I suspect it's easy for the complaining party to assert that an email address qualifies as enough information.
Then change the form and make the address, email address and phone contact mandatory. If they want to file a DMCA through a less inconvenient mechanism, let them.
> Then change the form and make the address, email address and phone contact mandatory

That's the context I was referring to. If Shopify requires an address and phone number from DMCA claimants, then won't the DMCA claimants simply sue Shopify for making the process too restrictive?

It looks like Shopify has decided not to play that specific game.

No, any form that sites provide are purely a convenience and are not required by law. Legally all you need is contact information where a lawyer can mail a DMCA complaint.
Hmm, I think the law is bad here, though there might be relevant precedent that a lawyer can point to:

>Information reasonably sufficient to permit the service provider to contact the complaining party //

The complaining party is a party with a [genuine] complaint of copyright infringement. A specious claimant is not really a complaining party. Whilst an email address may allow you to contact a party, it's not really sufficient to contact a [genuine] complaining party; the email address will put you in touch with lots of correspondents who are not complaining parties but instead are vexacious complainants.

Requirement for a notarized affidavit delivered by registered mail would seem like it would be no bar for genuine complainants who were subject to a loss that the court, or public process, should care about.

That might be too onerous? Maybe parties should prove they have registered the copyright in their works at the USPTO, as they would in an infringement proceeding?

This situation seems like what happens when you let corporate interests write the laws and you just sign them in.

That sentence defines the need for contact information in explicit respect to contacting the complaining party.

That does not answer whether Shopify is free to use more information to filter out fraudulent claims; though my understanding is that Shopify is not really allowed to filter out fraudulent claims at all, so that point is moot.

You do not have to register your copyright unless you intend to go to court. The DMCA should be a first notice of "I think you are offending, take this down so we can all avoid the trouble and cost of court". If you refuse to take things down than the claimant should get a lawyer, register the copyright, and go to court. However as first notice I want the DMCA take down to be simple and cheap for both parties if the guilty admits their mistake and fixes the problem. In generally nobody registers a copyright until just before they open a court case (you get triple damages for everything after the registration)

Where the DMCA went wrong in my opinion is it should have been upon notice you have one business day to notify whoever posted the content, and they get one business day to respond. If they take down the offending content, then all is well (the amount you could gain from two days of something being up isn't worth your court costs) If there is no response at all, only then is content taken down automatically. If there is a response that the content doesn't infringe then content stays up, but the response must contain full legal contact information: the accuser is required to go to court to get the content taken down. Note that court mean the count of law in the country the accused lives in.

The above is how normal cases should work. There are some tricky things that need to work different. If the accused is in a country that doesn't recognize copyright, if the legal contact information is invalid, if the accuser is submitting many false claims, or the middle party doesn't do their part there are problems. I'll post my ideas, but there is room for better ones and a lot of details need to be worked out.

If accused party is in a country that doesn't recognize international copyright (China being the big example), then take downs need to happen immediately - we cannot trust your courts to protect our people so you in turn are assumed wrong, take it up with your government. (I can't think of anything better here - I'm open to better ideas)

If the legal contact information given in the response is invalid, then the entire account should be terminated and all content deleted.

Many false claims needs to be legally defined. I'm going with the copyright owner and (not or!) their authorized agents send more than 100 take downs that after 1 year are still up and no court case has been filed.

If the middle party (youtube) doesn't react to court orders to take things down, or to the poster asking to take infringing content down then they are in trouble. Otherwise they are only a middleman.

The DMCA does not allow 1, and they risk the possibility of legal liability if they do 2. The DMCA has no concept of fraud prevention builtin, and any efforts a web operator takes to prevent fraud fall into a legal grey area that could increase the operators liability. This is either a flaw in the DMCA, or a.feature, depending on who you are.
>depending on who you are.

The writers definitely intended towards that spectrum's latter.

As a piece of enforceable legislation, it is heavily-flawed.

There are plenty of solutions within the law that aren't a grey area.

As an example, send a DMCA/C&D to shopify.com - do they have to take down their homepage? Of course not. Did they set up a robot to take down their homepage when it receives a request? Of course not.

> DMCA has no concept of fraud prevention

Yes it does. The safe harbor requirements require that material removed expeditously upon proper notice. A bogus notice is not proper notice. Acting on a bogus notice is against shopify's own notice and takedown procedure. They are creating more harm for themselves by doing this.

But if the recipient gets it wrong and misclassifies a proper notice as a bogus notice, they are liable under the law. There is no safe harbor for "we acted in good faith but we were wrong".
The real problem is Shopify is not the one who should receive this notice. They should act like a post office and pass it onto their users. Shopify should only do more if the poster does not respond in a reasonable amount of time, or if a court order is obtained. (Or of course the user takes things down). Of course a user responding to leave content up needs to provide their legal contact information so this can go to court.
But if they don't take it down as soon as they are "notified" then they lose the safe harbor protections. I find the DMCA enraging but the law is pretty clear. You incur some liability by not taking down immediately, and no lawyer or business is going to incur liability when they don't have to.
What I wrote is how the law should have been written (IMHO), not how it is. You are correct the law forces them to act as they do.
Fraud prevention is a lot more than "you don't have to respond to a bogus notice"
The difference with the home page is that it isn’t subject to safe harbor like third party content assuming the home page doesn’t contain user content (I haven’t actually looked). Shopify is already civilly liable for copyright issues on their home page. Since they have no safe harbor, there is no reason to follow the safe harbor rules.
The website operator is obviously prepared to file a counter-notice in respect to their own content.

What they are not prepared to defend is their users' content.

Yup. DMCA needs to be taken out and shot. Immediately.

Then build something reasonable to replace it.

There is nothing reasonable. Intellectual Property is, to its core, unreasonable.
To its core? I disagree.

To the implementation established through corporate lobbying of media corporation over the last century; yes, I'd very much agree.

The core is, people who create useful works deserve to make a living and not simply have the financial benefit of those works go to others who are rich enough to exploit them.

I'd be interested if you don't agree with that core, if you could explain why?

Every person living deserves a living.

Monopoly is not the route we should be taking to achieve that. Copyright only manages to support a select few artists. It does so by making it more difficult to create art in the first place!

The overwhelming majority of copyright benefit (in dollars) goes to "others who are rich enough to exploit" the system itself, not to the artists who are in need of "a living". Those absurdly wealthy groups make it more difficult and more expensive for artists to compete with them. The tool they use for anti-competitive behavior is copyright. Copyright is only useful for anti-competitive behavior, because copyright is literally defined as monopoly.

---

If we did not have copyright, people would still be free to financially support artists. There would only be two major differences:

1. Artists would not be able to compel people to financially support them.

2. Giant corporations would not be able to compel artists to give them monopoly over their art. Artists would be entirely free to create new art, and to seek direct financial benefit from that art.

I argue that the second effect is by far the greater of the two, particularly in respect to artists who need a living wage.

>The overwhelming majority of copyright benefit (in dollars) goes to "others who are rich enough to exploit" the system //

Yes, in the copyright system we _have_ in USA/Europe (probably globally). But fundamentally copyright was birthed out of protecting creators of works (authors of books in the case of Queen Anne's Statute). Capitalism is fundamentally corrupting of every system, but that doesn't mean the "core" of the underlying system was bad -- that is all I argue for here, that a just copyright system that actually encourages sharing of works could exist, modelled on the fundamental core of copyright which is protecting authors/creators from predatory industries and maintaining things such as right of authorship (being acknowledged as author).

I'm just curious; should I be able to profit from selling high-quality prints of a living artist's paintings that I surreptitiously photographed in a gallery?
We can debate the exact length copyright should be (I favor 25 years), but that is the real question. If the copyright is expired, then you can, if not you cannot. I don't care if the artist is living or dead. A dead artist may have heirs (kids, wife...) that they expected to still be supporting except they happened to die.
Yes. Your prints are inherently valuable, as is their distribution.

To be clear, you should not be able to profit from claiming original authorship of those works: that would be fraud.

I am not opposed to intellectual property. (And, in fact, create it: I'm a programmer.)

The problem with the DMCA is that in practice it's ridiculously lopsided. It's *supposed to be* under penalty of perjury but no harm comes to those who make false claims.

> they risk the possibility of legal liability if they do 2

Have any companies been successfully sued for attempting to police DMCA fraud on their platform? Be interesting to know how courts treat good-faith efforts and if there have been instances where a company just phoned it in and got in trouble for half-measures.

As far as I am aware, companies are largely very risk averse to this sort of thing and no e have yet made any effort to combat fraud. In fact, I am pretty surprised to hear about Shopify even taking this step.
I doubt the DMCA provides a provision for seasoning. IIRC, there is cause for suing someone over misrepresentation and customers should have the ability to file counter notice before having content removed.

However, companies often have policies that are more restrictive than DMCA (YouTube, for example, will remove things that the DMCA would not require).

> How does a major corp allow this to happen.

Because if Shopify gets the take-down request and ignores it, they are now potentially liable for the infringing content remaining available after the complaint has been made. Reviewing each complaint requires billable hours for someone, and just blanket accepting every one and removing the content is easily automated and incredibly cheap. And because they're so big and handle so many websites, even if every complaint is invalid and bullshit, the stores that get nuked in the process won't hurt their bottom line as much as a potential IP lawsuit would.

Not running afoul with laws, regulations and other large companies is more important to them than keeping one person's business online. DMCA in general is flawed. It forces companies to be judge, jury and enforcer on something that should be a lawsuit or criminally enforced. The truth is its impossible to police so we ended up DMCA out of desperation from big business mad they might lose a few dollars.
It’s all because the penalty of perjury, which is accepted in the claim, is nothing. Nobody has ever been punished for sending a false DMCA claim.

If sending fraudulent claims like this resulted in the sender going to jail this wouldn’t be much of a problem at all. But it doesn’t.

False copyright claims are a civil matter. A fine equal to a fifth of the last five years of annual income and wealth increase (eg share value accrued, house value accrued), plus restitution of all actual losses, plus payment of court fees should be sufficient.

Prison is a massive cost to society, we should avoid it except where it's entirely necessary.

False DMCA claims are perjury, which is (at least in some states) a felony.

The rationale is that the DMCA gives complainants the ability to restrict others' speech, and so the law wants to strongly disincentivize abuse of that power.

Are DMCA claims under oath?

In any case, I didn't express it well. What I intended was that, in my personal opinion, these matters should be treated as a civil matter in view of copyright essentially being a tort.

USA Americans seem to contort the notion of speech beyond recognition. Being prevented from publishing a video someone else created, say, doesn't inhibit your right to express any opinion (aka freedom of speech). But of course, disincentivising abuses of power is always good.

> Are DMCA claims under oath?

Yes. DMCA claims are made under penalty of perjury.

> Being prevented from publishing a video someone else created, say, doesn't inhibit your right to express any opinion (aka freedom of speech).

Indeed, the inhibition of free speech is when you are prevented from publishing a video you created, because someone else falsely claims that they created it. Hence the felony.

The solution to it all is discourage false reporting by imposing penalties.

The reason for frivolous lawsuits, DMCA takedowns, rape accusations, fake news and internet misinformation is that people feel no practical consequences for false reporting.

If you are caught with a blatantly false report you should be faced with a stiff penalty.

The penalty should be just enough so that normal people feel twice before false reporting. This should discourage 99.9% people from false reporting and then allow authorities to assign adequate resources to deal with the rest 0.1%.

This can have a chilling effect on the reporters - remember that small businesses and large corporations are on both sides of this interaction at different times. If Sony BMG can just wholesale steal your music from bandcamp and threaten to drown you in legal fees if you dare formally file a DMCA it'll lead to a lot of pain and marginalization for some people - just like the ability for anyone to make these complaints with very little verification causes pain for other folks.

I personally think that DMCA was terribly designed - but a replacement would need careful consideration from all sides.

I also think DMCA is terribly designed, but it is no wonder -- it was designed by and with only interest of copyright holders.

As to chilling effect on reporters, I disagree.

We have laws to protect people from libel, and yet it does not have chilling effect on reporters. And yet it is essentially exactly the same thing I am thinking about.

The damage from libel is to an individual. The damage from misinformation is to entire society.

The reason libel laws work is that the number of cases isn't overwhelming the court system.

But if you rewind time 20 years and you suspended libel law for a moment, if everybody could publish in a newspaper or TV whatever they want about whoever they want. What do you think would happen? A deluge of false information about everybody.

What would people say about somebody wanting to introduce a libel law? That "it would have a chilling effect on journalism".

Are you on the plus tier? They would verify before they would act, nothing was automated.
There's something dystopian about "Oh, fair legal treatment is available... for a subscription."
I had a business a decade ago where our competitor hired someone to consistently email PayPal and tell them we were actually selling CSAM. PayPal had to act every time by immediately blocking our account and putting us out of business for a week while they checked and saw that we were not in fact selling anything untoward.

If you're an asshole there are many methods online to really screw with your competitors :(

The sad part is that legitimate users are the ones being affected when the content actually infringes on other persons right. There must be a faster way to counternotice without the lose of revenue in case something untoward is happening.
My sister’s Etsy shop (which is her family’s sole source of income) was hit by this scam last Christmas during the holiday rush. DMCA takedowns from copycat vendors to wipe away competitors to (temporarily) steal business.

It’s not a problem Etsy or others take seriously, even when the attack hits stores with multi-million dollars per year in sales.

It’s yet another case of a tech company refusing to staff enough workers to manually review and verify things that computers shouldn’t be doing by themselves.

Etsy makes the same amount of money regardless which seller you order from, so they have little motivation to prevent sabotage amongst sellers
Well, maybe short term. But this looks like something that can very well kill them in the longer term by making their platform so toxic no one would want to touch it.
The app we're currently releasing does not have an auto-signup. Each account signup request is reviewed manually.

Needless to say, this is difficult to scale. It's fine for our app; which Serves a fairly small demographic, and does not make money, but it would be a big problem for major-league outfits.

I have a feeling that one of the first commercial applications of AI, will be moderation and response to customer complaints.

We'll have to see how well that works.

> I have a feeling that one of the first commercial applications of AI, will be moderation and response to customer complaints.

> We'll have to see how well that works.

Worth noting that almost all of YouTube's front facing customer service is heavily, heavily automated, which is a source of constant hostility and aggrivation for YouTubers, in that they must interact with these ML agents, get a stupid, nonsensical answer, then reply again to get a human reviewer who (usually) resolves the situation that would've been faster resolved by a human in the first place and let to less frustration for all involved.

I think it's a fantastic idea to not automate the process of signups for a service, and yes, it will substantially slow down the process. But I think everyone has just about had their fill of all these services that produce bad outcomes extremely quickly when a trivial amount of human involvement would've handled whatever issue better, in a perfectly acceptable time frame.

If you don't want to have a customer service department that is well staffed and well paid to handle customer complaints/problems/issues/what have you, then my suggestion is do not involve yourself with or build a company that will need one. Simple as.

Edit: And like, I think it's fair to extend this to all these sectors of a normal, functioning business that silicon valley companies are happy to "automate" to cut their costs:

- If you don't want to provide the resources for human approval for your platform, then don't start a platform.

- If you don't want a provide the humans to moderate content, do not host content.

- If you don't want to handle verifying ID's and driver's licenses, running background checks, and all the rest that is Bog Fucking Standard for a cab company, then don't start a cab company.

It just blows my mind how many of these business have gone into the field of X or Y and just... not done or half-assed huge aspects of those fields, and then shrug their shoulders when people get pissed that they can't get help. Do you think all these dinosaur businesses you're trying to disrupt went out of their way to find an excuse to hire on customer service agents for the hell of it? No! They needed people to solve problems for customers with the product they sell!

I'm bearish on AI/ML in the customer support space. It's been terribly easy to trick these tools.

Maybe instead of moderation and response, it would function better as a blackbox middleware to the customer support onboarding process. So instead of tackling the problem at the customer level, you use AI/ML to enable your existing support staff to scale their workload.

The picture I have in my mind is a pre-processor for new tickets that would add a series of tags to a support request. That would allow your support staff to be assigned to tags where they specialize. This simplistic implementation would probably integrate into existing service management platforms without having to stand up Yet Another B2B.

>but it would be a big problem for major-league outfits

Not only is this a lie you've been willingly sold, it appears you've bought it and taken it home.

This said I don't think you should feel too bad, we the consumer buy these same lies all over the place "If we have to follow these regulations then it's going to be a big problem for the industry".

At the end of the day some of the problems do not scale easily and cheaply. In these cases business have the choice of willingly being good societal actors and taking a loss of profit in order to prevent issues, or by means of regulation be forced to behave in a fitting manner.

> Not only is this a lie you've been willingly sold, it appears you've bought it and taken it home.

That was unkind. I didn't think we behaved that way, here, but I'm often wrong...

It certainly can be done, but that usually means the shareholders need to hold off on that second lambo. That doesn't often play well, in the boardroom.

I don't think OP was unkind at all; maybe a bit blunt, but telling someone you think they've been lied to and duped and that they're a victim is not unkind in my opinion. Powerful entities have been lying and duping common people for... well, probably for all of human history. The OP may or may not be correct, but from my reading of their post, I don't think they intended that as an attack of any kind, but rather a commiseration.
I agree that tech companies have nonexistent support because they refuse to hire people to do it, but the DMCA is a terrible law and enables people to do this way too easily. It should cost money (or something) to file a DMCA claim to prevent copyright trolls and people from abusing the legal system.
Tech companies _cannot_ do anything. The DMCA is a terrible law, and requires that the company receiving a DMCA take down immediately take the claimed URLs down, or become liable if the claims aren't fraudulent. I recall originally it sounded like not only was an immediate take down required, but also they had to keep it down for two weeks even if the victim files a counter claim showing that it's BS.

The law is designed specifically to enable this, because the recording industry bought a bunch of politicians, and said "hey we need to have a zero cost zero risk mechanism for us to remove content we believe to be pirated, without having any penalties for being wrong, but there must be penalties for the host services if they try to stop us".

If the cost to file is less than the opportunity cost, it's not a deterrence.
it creates a paper trail that is far more harder to obfuscate. I agree with gp, filing dmca should come with a filing fee.
It could be a large deposit, to be returned if the case is verified, or to be rewarded to the victim if it turn out to be vicious.
I like this. Large deposit with some gov agency and the money gets awarded to the victim (or refunded to the claimant) when the dispute is finally resolved. You don't submit a claim unless you're really sure that you'd win.

This is how the DMCA should have been designed in the first place.

> literally anyone can open a fake account and submit a DMCA to take down

Doesn't the law require this?

> Shopify automatically removes you content with zero check

Doesn't the law also require this?

AFAIK, the only thing the DMCA allows is for them to put the content back after you swear to them that it's not copyright infringement. But it's not very clear how much evidence they should request.

> after you swear to them that it's not copyright infringement. But it's not very clear how much evidence they should request.

Should they? I thought the whole point of DMCA Safe Harbor is that third parties (such as providers and hosting services) don't have to figure out what's infringing and what's not but merely accept statements from all the involved parties.

If removal on notice is one-click process, restoring on counter-notice could (should!) also be an one-click process.

And if DMCA doesn't prohibit proactive counter-notices, marketplaces that care about their sellers should let them preemptively swear that all their products are not infringing on anything, and save the counter-notice, so takedown requests would be immediately served with "we took the content down for a femtosecond (as legally required), but we got this counter-notice, so we restored the content - now you can go to a court". Not sure how legal this could be, but giants like Etsy's or Amazon's legal teams surely can test those waters if they would want to stop the DMCA abuse.

Does the law require the website to provide an UI to every user for filing DMCA take downs? Can't Shopify only receive DMCA through mail?
All I see is a login page when I click your twitter link
Just spitballing here, but why can't you file a DMCA takedown against the scammer immediately?

Because if everyone did this, the scammers would eventually not bother.

That wouldn't remove the takedown against your account, or stop the scammer from sending more takedowns (with new, free accounts).
> That wouldn't remove the takedown against your account, or stop the scammer from sending more takedowns (with new, free accounts).

If everyone retaliated to fake takedown notices by spamming every single page and/or item listed by that account, they'd have no choice but to stop.

They do what they do because it makes them money! If they want to sell, they need an account which doesn't have every single item DMCA'ed.

The person spamming DMCA notices is not going to do it from an account that has items for sale.

Quoting the parent, emphasis mine:

> The problem with Shopify is that literally anyone can *open a fake account* and submit a DMCA to take down any competitor.

We've been affected by these fake DMCA for one months now and there is ZERO support from Shopify.

(thanks to the OP for shedding light on this situation)

Running a business through Shopify has become very risky these days.

We are now working on transferring our online stores to Woocommerce where it is far more difficult to get your content removed with bogus DMCA.

Picture the situation to understand the Nightmare:

1) You are driving paid traffic to a product page with good ROAS because your ads are optimized after months.

2) Then the competitor submits a fake DMCA

3) Your page is content is removed automatically by Shopify (no check on their end)

4) Your optimized ads are now directing customers to an empty page

5) Then you risk having your ads accounts flagged

You might think you could just redirect the url to a duplicate? That would be a great solution indeed. BUT

6) The competitor is monitoring your product page and immediately submits another fake DMCA

7) You redirect again

8) Then another fake DMCA

Now WAIT for the cherry on the Cake.

9) After 4 or 5 fake DMCA, you Shopify account admin is locked

10) You may even get suspended automatically by shopify

11) Then you can no longer fulfill your orders from customers

12) Then your customers start making chargebacks

13) Then the payments processors on which you've built a reputation over the years can suspend you

14) Shopify (zero)support asks you to reply to the DMCA with a counter notice and WAIT for the Trust & Safety Team to get back to you

15) Then you receive an auto reply from them telling you that the other party has been informed and that you may repost your content in 2 weeks unless the scammer has filed a court action.

16) Then after 2 weeks, you repost your content

17) Then the same or the next day, the same scammer (watching you like a hawk) issues another fake DMCA for the same product page through the same fake account.

ISN'T IT BEAUTIFUL?

** Shopify could literrally STOP 80% of these false DMCA by just adding a field on their rudimentory form: asking to verify a phone number or upload an ID but NO, that seems to be a task too Challenging for a billion dollar company like Shopify

This could easily be fixed by having a consequence to fake DMCA reports. A fine or something. Something messed up that Youtube does is when someone files a copyright claim they get to take the money from your video. I have had times when I was sent a copyright strike for videos I have made and when I check my video is usually much older than the music that I am being accused of stealing.

I always win these disputes for obvious reasons but Youtube has never offered to make things right.

Basically the accused is guilty until proven innocent which is not how it should be.

Somehow this issue always seems to arise when forming agreements with large platforms.
Wait, is youtube still doing that? I thought they moved to putting the money in escrow until the dispute was settled, which cut down on the majority of the false claims?
It’s been a couple years since my last attempted strike but it’s good to hear that they are trying solutions. Maybe that’s why I haven’t gotten one in a while.
Part of the problem is many of these companies have a faux DCMA process.

Rather than use the “official” DCMA process, they build a reporting mechanism in front of it. People can abuse it without facing federal repercussions.

Isn't a fake DMCA report "lying for profit" AKA fraud? And it's done on a computer making wire fraud, a federal crime. AFAIK this is already against the law and can be prosecuted, no need to add a new law for fines.
DMCA claims are made under penalty of perjury. Perjury is usually a felony.
To blindly listen to anonymous reports on the internet is not good faith. Shopify has a duty to handle these in good faith and it’s infinitely foreseeable that this bad faith conduct could result in serious damage to their customers (as you explain).
> asking to verify a phone number or upload an ID

I’m pretty sure they’re not legally allowed to add extra requirements like this. If they were, sites could make it almost impossible to take things down by adding a lot of requirements

As I learned from this comment [0], that kind of is a requirement. Section 512 requires a notice contain:

> Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number and email address

I think another poster hit the nail on the head, when they said (and I'm paraphrasing), these aren't real DMCA takedowns. They're a different system these hosters bend to that acts outside of it. By being more liberal in what gets shut down, they comply with DMCA which is much more onerous on what is required to shut things down.

In fact, if this was really the DMCA process, people would have legal standing to go after the accusers via Section 512.

Further, I'm also pretty sure you don't have to take things down right away. You do have time to investigate the alleged violation and decide whether you are in the right.

Basically, all these players are hiding behind systems they put in place so they wouldn't come close to DMCA issues or have to pay anyone to investigate notices.

[0]: https://news.ycombinator.com/item?id=37986095

Has anyone managed to prove that an email address is not "reasonably sufficient to permit the service provider to contact the complaining party"?

I doubt it. I expect that Shopify doubts it, too.

The law itself is explicit, no one needs to prove what the word "and" means.

> such as an address, telephone number and email address

In this context, I think "and" could be reasonably argued to mean either "and" or "or". And given that the purpose of the contact information is "Information reasonably sufficient to permit the service provider to contact the complaining party" and not for identity verification, I'd guess that no company is willing to go to court to test this.
And means and. Arguing that and means or is an interesting strategy I suppose but and means and.
But is "and" being used to form a set of acceptable forms of identification (any of which would be sufficient), or is it joining the forms of identification together as all being required?
It's joining them all together, but the whole thing is presented as an example. Any avenue that provides the ability to contact presumably meets that standard.

If Shopify were to alter their contact info requirement, it would clearly be with a different goal in mind than the one laid out in that sentence. That's assuming of course, that the current requirements have actually led to communication.

Coming back to add, I think the following sentences have identical meanings:

"Acceptable forms of identification include driver's license, passport, and birth certificate."

"Acceptable forms of identification include driver's license, passport, or birth certificate."

> Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number and email address

The words "information reasonably sufficient" set the bar of compliance. The list is an example, not an explicit requirement; hence the words "such as".

These companies need to be dismantled. Every small shop this happens to should focus on documentation and suing for damages. This is negligence.
That does sound unbearable. May I ask what market segment you operate in? Do you make your own products or are you rebranding some kind of generics?
I absolutely applaud Shoppify for filing this suit, it's great, doesn't happen enough.

But a question:

> The strikes will be removed if the merchant files a successful counternotice, but those can take up to two weeks to process.

Is there any legal reason acting on the counternotice can't be as quick and automatic as acting on the initial DMCA claim? It seems like this is something Shoppify could do to help, that is completely under their control. Why should processing the counternotice take two weeks?

Or is this a legal issue in the DMCA process, that a lag is required here?

It is supposed to be instant. It's a notice and notice system. One party claims infringement, hosting takes it down. Other party counters that it's legit, hosting puts it back up. With both parties having given legal statements, the claimant can proceed to sue the defendant.

But it never works out this way because this system wasn't intended to protect individuals, but rather large media groups. Record labels and movie studios didn't want their stuff easily copied. Hosting companies don't fear the wrath of an individual, but they do fear a multi billion dollar corporation. So they respond instantly and automatically to takedown notices, but are hesitant to put back anything based on a counter notice, lest the claimant - likely a large corporation or their agent - decides to take them to court for continuing to make it available.

Etsy takes this one step further and straight up doesn't implement the DMCA. Instead, they take copyright infringement notices and make that an automatic take down and strike. There is no counter notice option at all. As the defendant, you are told to contact the claimant and convince them to reverse the claim. Which of course they will never do no matter how good of a case you can make for it. In the mean time, your store gets shut down and any money still in your account is frozen. Ask Etsy what to do and you'll get one automatic reply followed by radio silence forever. I lost two years of work building up my first store and had to start another from the ground up.

So sounds like Shoppify should make the counternotice take effect instanteously.

Elsewhere in this thread people are posting that they are leaving shoppify because fake DMCA takedowns are such a problem. So this is clearly self-interested on Shoppify's part. The lawsuit against the John Doe is a good thing, but it's more just an announcement of intent, they haven't even found the guy yet!

Making the counternotices instantaneous, as the notices are, would remove a huge chunk of the harm here to shoppify's customers, no?

> but are hesitant to put back anything based on a counter notice, lest the claimant - likely a large corporation or their agent - decides to take them to court for continuing to make it available.

This is weird, as they scrupulously followed the DCMA, and should be immune from such suits, right? Of course, anyone can sue for anything, but if they put it back up only after a counter-notice, a judge should throw out a suit pretty quick, no? The whole point of the DMCA is that hosts are not liable if they have adhered to it, and putting something back up after a proper counternotice is adhering to it.

This is the way, Shoppify.

As another commenter pointed out, it cannot be instantaneous because the DMCA requires at least 10 business days before you can restore the content. So that way they would not be following the DMCA and thus not be eligible for the safe harbor. From [1].

"promptly provides the person who provided the notification under subsection (c)(1)(C) with a copy of the counter notification, and informs that person that it will replace the removed material or cease disabling access to it in 10 business days; and"

"(C) replaces the removed material and ceases disabling access to it not less than 10, nor more than 14, business days following receipt of the counter notice, unless its designated agent first receives notice from the person who submitted the notification under subsection (c)(1)(C) that such person has filed an action seeking a court order to restrain the subscriber from engaging in infringing activity relating to the material on the service provider’s system or network."

1: https://www.aclu.org/documents/text-digital-millennium-copyr...

Aha, thanks for clarifying. It sounds like the two week delay is unfortunately part of the DMCA after all, doh!

10 business days may have sounded like a shorter amount of time 20 years ago, for the use cases anticipated then. With what's actually occuring, and the widespread use of unjustified takedown requests, it is much harser than I think was planned.

Unfortuantely, if there were any ammendments to happen to DMCA now, I think they'd be in the wrong direction.

Thank you for the clarification.
DMCA abuse is rampant all over the net. The main problem is that companies like Shopify have implemented these DMCA processes very sloppily, and as the recession continues, there are fewer resources available for making improvements and fixing it. The recession also provides more incentive for bad actors to misuse DMCA as a way to gain an advantage over their competition.

So it is a vicious circle all over the net.

It seems to me that DMCA abuse is far more harmful than the copyright infringement it intends to fight. At the very least, DMCA takedown notices should only be accepted from verified, existing people, and not from anonymous accounts. And then those verified people need to be held accountable for any abuse.
The DMCA requires that you assert you own the copyright on some work (under penalty of perjury), and also that some other work infringes on that (no penalty at all).

Adding liability in the case that the work is found not to be infringing, including substantial punitive damages paid to the accused (covering their time, emotional distress of being targeted by a lawsuit, attorney fees, and some amount extra) and the hosting provider (for wasting their time), would be a good reform.

The DMCA arguably did not envision mass, often false, takedown requests.

The problem with substantial punitive damages however is that you will have people who do legit requests that are determined to be false per haps by algorithms. (Or that are in some gray area.)

>damages paid to the accused (covering their time, emotional distress of being targeted by a lawsuit, attorney fees, and some amount extra)

Now you're talking fining people thousands of dollars even though they may have been in the right.

No, I'm talking about fining people thousands of dollars after being found guilty of falsely accusing others of infringement.
Okay, yes, but essentially all abusive takedown requests are filed under a false name altogether, or by scummy law firms adept at hiding the people who actually run them.

So, if you are the victim of a fake takedown request, either you are not going to find them because they don't exist, or if they do exist, they are beyond your reach.

There is no means to enforce this penalty unless your opponent decides to by the rules. (Spoiler: they won't.)

> It seems to me that DMCA abuse is far more harmful than the copyright infringement it intends to fight.

This is by design. Every single person involved was well informed about the consequences of the law when the US Congress was discussing it.

Sad no major platform implemented step two of the DMCA process as it was written in law (as far as I remember):

The subject of the DMCA takedown can appeal and then the original filer has a time period where they can escalate to a court case or drop it.

Shouldn't the person/org filing the take down notice be required to prove they own the copyright they allege is being infringed?
Be very careful. The DMCA is bad but at least the internet actually functions. We can all hate on it and propose ideas to improve it but most proposed changes (actual proposed law rather than forum posts) in the last few decades have been truly horrific. Most wanted to expand the DMCA's approach to other areas such as DNS.

COICA, PROTECT IP, E-PARACITE, SOPA ... these evil ideas are just waiting to fill the void should anyone reopen the DMCA. And they will probably add language to make all online open for "inspection" by copyright holders, yet another attempt to outlaw proper encryption.

1. Shopify just admitted gross negligence in issuing 52 strikes.

If it were Shopify's tail on the line, they would build automated tools to do things like compare all images posted on their site to those found online - there are search engines to do this. Then they would consider those results when looking into a DMCA notice.

2. Good for Shopify for suing these fraudsters.

I wish we had been successful in going after fraudster and US Senator Kay Bailey Hutchison who shut down everyone who ran against her with phony DMCA notices.

Interesting that Shopify clearly documents the cost when moderation isn’t externalized to either ML/AI or underpaid contractors:

> Shopify launched an investigation and the company ultimately restored all items and removed all strikes, but that came at significant cost. “Those efforts cost Shopify tens of thousands of dollars in personnel time and resources.

“Dozens” is legalese for [x>12; x<151], so Shopify is suggesting a cost of moderation per single DMCA of “tens of thousands” / “a hundred or so” = “tens of tens or so”, which is “hundreds of dollars per request” in plain language.

So, if Shopify is placing the cost of actually considering a DMCA notice — as opposed to just machine-processing it like any other bigcorp — then that explains a lot about modern bigcorp account closures. They would rather lose your business to a false positive, than risk owing a process that costs $X00 per “please reconsider, here is my evidence” request from a customer.

This also makes it possible to estimate the potential cost in “risk of exposure” SEC filing terms for any proposed law that compels providers to 1) explain algorithmic decisions, 2) process appeals with human beings.

requiring a telephone contact (SMS verification or code from robocall) would provide enough sufficiency in scaring the perps to probably solve 90%+ of these.
> Shopify says that it’s not feasible for the company to investigate the validity of all takedown notices in detail. As such, these false claims resulted in actual removals and the affected stores also received strikes on their accounts.

Excuse my language but that is 100% bullshit. If it's not feasible for you to investigate these claims before kicking your own customers out then it's not feasible for your business to exist. Investigating these claims before acting on them should be considered a cost of doing business.

The fault here lies with the US government for passing an easily abused law like the DMCA where there are woefully insufficient consequences for fraudulent takedown requests and where fighting fraudulent takedowns requires you to dox yourself to the individual committing DMCA fraud.

I can't blame businesses for not having sufficient staff to investigate takedown fraud when any business that did would probably be uncompetitive given how easy it is to send fraudulent takedowns and how much time and money it costs to investigate them. Most customers would almost certainly rather accept the risk of being the victim of a fraudulent DMCA takedown than pay extra to avoid it, in part because most people probably don't understand how easy it is to abuse the DMCA.

I agree in principal but I think it depends on the process to submit DMCA takedown requests. If it's trivially easy to abuse this system then I don't think it's fair for the burden to fall on the company (note: in general I'm pro-consumer, not pro-corporation).
This is a very easy position to take when you are not familiar with the scale of the task at hand. You have 10,000 reports come in every day. How do you get through them? One person won't do, so you will need a team. Who will you hire? Are they educated in copyright law? Hiring people with that sort of education for something as rote as content moderation will be difficult and take a long time (and probably cost a lot), so good luck. Are they interns and people with no related education hired for low wages? Great, now you have a team, but it seems that reports are being mishandled and copyrighted content is getting through. Legal liability is on the line and a PR disaster is brewing. We need to reign in these minimum wage moderators. Where do we go from here? Moderator-moderators who validate the validation from the moderators? Now we're back to where we started. And who will validate them? Etc, etc...
The scale is a problem they created for themselves. If they didn’t take the time to build the legal/monitoring team you describe, they shouldn’t have taken on more customers than they could afford to support.

Would you make the same defense if the company that makes M&M candies said that since they have hundreds of factories they would have to hire 10,000 janitors a day to keep cockroaches out of candy bags? After all, it’s very complicated to collect and manage so many people and schedules.

Eh, this is a two part issue...

They are under a strict legal obligation to follow the DMCA.

They are under a far less strict to nearly non-existent legal obligation not to fuck their customers completely over.

The first issue is an "IS" problem. The second issue is an "OUGHT" problem. If you want to solve the Is-Ought problem you have to change both sides of the equation to an is, or to an ought via law.

The difference is that keeping cockroaches out of candy bags is a much more black-and-white problem that can be solved by following the same unchanging set of steps every time. Moderating and distinguishing copyright material requires awareness of a lot of abstract and often arbitrary rules and is prone to being done incorrectly. I am not defending this, it is for sure a shitty situation and is exactly why things like Youtube suck when it comes to DMCAs, but I am clarifying that it is a non-trivial issue with no easy solution that is brought on by the DMCA being ripe for abuse. It's just the reality of the thing. Moderation at that scale is probably never going to graduate from being shitty purely because of the nature of the problem.
It's not my problem to determine how a company complies with regulations. They can either resource themselves or go out of business. I don't care.
John Doe, Sacha Go, Sacha Ghosh. Is 'John Doe' wrongspeak now? I haven't heard this usage.
> Starting on October 5, an unknown person created the account “Sacha Go” which was subsequently used to file dozens of DMCA takedown requests.
Honestly the whole DCMA takedown is worthless. They should just require a legal form of identification like a driver license, a credit card that matches the drive and a phone number. Problem solved. Any violations result in a federal fine of 100K. You would see this stuff stop real quick.

There is no reason for the anonymity of a takedown.

I'm glad they're taking some action, but how about using some of that big business money and lawyers to try to get the law changed? Why haven't some of the big companies gotten together to lobby for fixing the law so it can't be abused so easily? I get that the rights holders are much, much more powerful and have many, many more lobbyists, but with enough funding we could do public-facing ad campaigns and start trying to raise awareness for the general public.
The DMCA is very broken. It needs to be amended to disincentivize frivolous claims, and to require that claims be processed manually by trained staff. Automation should not be permitted in this area. If that means some internet giants need to scale down to be able to service their accounts properly, that wouldn’t be a bad outcome.