eBooks and DMCA Abuse: A Few Suggestions Based on My Experience

Thanks to the fine people of the indie-publishing community, Nolander has recovered wonderfully from its week’s vacation. Folks on The Passive Voice blog and the Kboards Writers’ Cafe urged downloads, and a number of discounted/free book sites spontaneously advertised the book: big thanks to OHFB, Pixel of Ink, Flurries of Words, eBookDaily, and Free Kindle Books for your generous help. With so many people in its corner, Nolander got a couple thousand downloads and bounced up into the top two hundred free books on Amazon. It was an amazing and moving thing to see. The self-publishing community is strikingly diverse, and we don’t always agree on stuff. But we’re there for each other at the big moments, and that tendency to act together — fostered by those sites that give us places to gather — gives us some leverage. Thank you all so much for using that leverage on my behalf.

Now, I think we need to keep applying leverage: how retailers respond to DMCA take-down notices needs adjustment.

The best-case scenario is that my experience was a one-off event — that my scammer had something against me, personally, and this won’t happen to anyone else. Fingers crossed that’s the case. But it might not be. This could’ve been a money-making scheme, with the target being selected wholly or partly at random. Worst-case scenario, Nolander was a trial balloon for someone(s) with bigger plans.

I think distributors and retailers need to figure out how they’re going to deal with this sort of thing if it happens again. It’s obviously no good for retailer sites to become hunting preserves where scammers troll around, looking for their next mark. And if retailers unintentionally and unwittingly ended up making blackmail easier in a consistent way, that would be awful.

Solving this problem is probably above my pay grade. I hope the retailers have people working on it, and that they come up with better and more creative ideas than mine. But FWIW, here’s what I’d suggest:

  1. Send the author the full name, email address, and physical mailing address of the filer of any DMCA notice immediately. Include a link to the evidence of copyright infringement the filer submitted. These things did not happen in my case. From one retailer, I received the name and email address only; from the other, I received none of the above.
  2. If the author submits a DMCA counter-notice, restore the book to the site within the time-frame stipulated by the DMCA. What I’m recommending here would, apparently, be a significant change of policy. Unlike ISPs, retailers consider themselves exempt from the counter-noticing provisions of the DMCA (I don’t know if this is a reasonable assumption, on their parts, or a legally established status). On the face of things, the exemption makes some sense: retailers have the right to sell whatever they want for whatever reasons they want, right? If Amazon wants to refuse to sell any book with the word “The” in the title, it can go ahead and do that, so far as I know. The problem with this approach is that the counter-noticing provision is the DMCA’s one and only safeguard against abuse by non-U.S. residents, who cannot be curbed through the U.S. courts. It was built into the law for a reason. If retailers react to noticing (as they must) while ignoring counter-noticing, they render the law dysfunctional and create a dangerous imbalance of power.
  3. Put some well trained people to work actually looking at the evidence submitted with DMCA notices and counter-notices. (So far as I can tell, this did not happen in my case. The evidence seems to have initially been accepted without examination.) A retailer must remove a book if it receives a DMCA notice. So far as I know, there’s no way around that rule, even if the notice is obviously fraudulent. But does the law say a retailer cannot then reach out to the book’s author and suggest independent resources that would help the author move forward with appropriate counter-noticing? Not that I know of. So, in cases where they see clear evidence of fraud, retailers should reach out to authors in this way, IMO. Perhaps authors identified as potential victims of fraud could be directed to the Electronic Frontier Foundation or some other source of assistance.
  4. Indie authors should support any organization that steps up to provide effective advice and assistance in these matters, especially if caseloads rise in the future. I’m sure even small donations would help. We don’t have large corporate legal departments standing behind us. (That’s something traditionally published authors get in exchange for their lower royalty rates.) Sending some of our profits to organizations that help with this sort of thing would probably be a good idea.

Would these changes solve the problem completely? I don’t think so. But they’re the best ideas I’ve been able to come up with. If you think of other possibilities, please share them.

Distributors and retailers obviously have a big stake in this issue, legally. But the repercussions for individual authors may be even bigger, when you consider possible career impact. If we have ideas to offer, we should make them heard. Perhaps we can help our book-selling partners make the marketplace safer for all.

With deep thanks, Happy reading to all!

Becca

P.S. Not sure what this is all about? Start here.

21 thoughts on “eBooks and DMCA Abuse: A Few Suggestions Based on My Experience

  1. Reblogged this on Storyteller in the Digital Age and commented:
    The world of indie publishing, and publishing in general is in danger. Ths account by one of my favorite indie authors is her struggle to regain control of her published book because of a scammer trying to gain from another person’s original work. The issue is important as are the questions it raises. We should all be cognizant and supportive of those authors who put their careers on the line to pursue their dreams through self-publishing.

    • Thank you for your support, amyoung! And thank you for reblogging. if your readers offer promising suggestions, I’d love to hear them. :)

  2. I agree with many of your suggestions. However I am not sure about the provision of the DMCA’s filer’s data to the author. I completely understand why authors (including me) would find this information extremely helpful. There are, however potential data protection issues. In the UK the Data Protection Act protects personal data. Among other provisions of the Act personally identifiable data may only be shared in exceptional circumstances. So, for example if a government department receives a communication about a policy matter which, it believes may be helpful to share with others it would (if that comes from a member of the public) need to gain their consent prior to doing so. Names and contact details can not, usually be shared. I think the USA has similar data protection legislation? Kevin

    • Hmm, yeah, that may be true, Kevin. Hadn’t thought of that.

      Service providers who respond to counter-notifications according to the law are supposed to forward the entire counter-notification to the original DMCA filer, including correct contact info. That’s so he/she can file a lawsuit if he/she wants. But I don’t know if there’s such a requirement for the original notification to be copied to the author. Perhaps Amazon sent me the Rajesh Lahoti name and email address because I was supposed to work things out with him on my own.

  3. Hey! I’m on the WordPress.com Terms of Service team, dealing with fraudulent DMCA takedown notifications like you’ve described every day. You make some really good suggestions here, so I thought I’d respond with some thoughts. The numbers correspond to your own:

    1. Online service providers aren’t obliged to forward on DMCA takedown notifications, but it’s definitely something that they should be doing out of good practice. At least, if they care about their users at all. At WordPress.com we always forward on the full notice – with very limited and specific exceptions. If we aren’t going to process the notice (for example if we believe it to be fraudulent), we will send these on to the blogger as well, without taking any action.

    2. Retailers aren’t distinct from other platforms with regards to how they deal with counter notifications. The crux is that any service provider – be that Amazon/WordPress.com, or whoever – can choose what material should be active on their site. If Amazon receives a counter notification, it should definitely restore access to the content within the 10-14 day period, but if they don’t, there isn’t really any come back against that.

    3. ‘A retailer must remove a book if it receives a DMCA notice. So far as I know, there’s no way around that rule, even if the notice is obviously fraudulent.’ – this isn’t actually correct. The notification and takedown process is designed to protect service providers from the actions of their users. In order to receive ‘safe harbor’ from liability, then a platform needs to take action when they receive a valid DMCA takedown notification. However, they are perfectly able to assess whether a notification is potentially fraudulent or abusive, and refuse to take down the material. This means that they open themselves up to liability, which is why many platforms don’t choose to do it. WordPress.com do, and I’m proud to be part of the team that fights for our users.

    Hope this is helpful!

    • Clicky Steve, thank you so much for these responses! This is extremely interesting and helpful. But what you’ve said prompts a few questions for me. I’m going to go ahead and ask in hopes you drop by again! :)

      On #1:
      – What about the privacy concerns associated with forwarding the notification raised by Kevin in an earlier comment?

      On #2:
      – The law seems to say that a service provider cannot be held liable for removing or restricting access to material so long as they 1) notify the material’s poster promptly that it’s been taken down; 2) promptly provide the notifier with any counter-notification; and 3) restore the material 10-14 days after counter-notification, so long as no suit has been filed.* This suggests to me that, in not restoring access in response to counter-notices, service providers lose their safe harbor and become vulnerable to liability. Do you agree?

      On #3:
      – Fascinating! This makes perfect sense to me. But here’s my question: if most service providers (unlike WordPress) are so cautious that they don’t want to judge the validity of a notification and just automatically take stuff down in whenever they receive one, why then aren’t they equally cautious in responding to counter-notifications? If your biggest concern is avoiding liability (which would be sort of sucky, but I’m sure lots of companies think this way), wouldn’t the “safest” approach be to maximize safe harbors by following the letter of the law exactly (always take down in response to notifications; always restore in response to counter-notifications)? Why would a service provider choose the most cautious route on the front end and throw caution to the winds on the other?

      *Here is the hideous legalese challenging verbiage in question:

      (g) Replacement of Removed or Disabled Material and Limitation on Other Liability.—
      (1) No liability for taking down generally.— Subject to paragraph (2), a service provider shall not be liable to any person for any claim based on the service provider’s good faith disabling of access to, or removal of, material or activity claimed to be infringing or based on facts or circumstances from which infringing activity is apparent, regardless of whether the material or activity is ultimately determined to be infringing.
      (2) Exception.— Paragraph (1) shall not apply with respect to material residing at the direction of a subscriber of the service provider on a system or network controlled or operated by or for the service provider that is removed, or to which access is disabled by the service provider, pursuant to a notice provided under subsection (c)(1)(C), unless the service provider—
      (A) takes reasonable steps promptly to notify the subscriber that it has removed or disabled access to the material;
      (B) upon receipt of a counter notification described in paragraph (3), promptly provides the person who provided the notification under subsection (c)(1)(C) with a copy of the counter notification, and informs that person that it will replace the removed material or cease disabling access to it in 10 business days; and
      (C) replaces the removed material and ceases disabling access to it not less than 10, nor more than 14, business days following receipt of the counter notice, unless its designated agent first receives notice from the person who submitted the notification under subsection (c)(1)(C) that such person has filed an action seeking a court order to restrain the subscriber from engaging in infringing activity relating to the material on the service provider’s system or network.

      (If your eyes are glazing over, I don’t blame you; a friend walked me through it.)

      • Hey! What a thoughtful, and great response. My eyes aren’t glazing over – don’t worry. My Masters is on the DMCA.

        >> On #1:
        >> – What about the privacy concerns associated with forwarding the notification raised by Kevin in an earlier comment?

        Good question. There are privacy concerns with submitting your details along with a takedown notification if the service provider then forwards them on. We sometimes get people who ask that we do not forward notices on, or redact their information. However, here’s the WordPress.com position/logic:

        1. The DMCA takedown process is already a very powerful, and blunt tool for copyright holders. If it is allowed to become a completely anonymous one as well, it would not be a good thing.
        2. You can already submit a takedown notification through a third party agent, so don’t need to give up your own details. Note that you can’t do this for a counter-notification – which is part of the imbalance in the process, leaning towards copyright holders.
        3. To submit a valid takedown notification, you only need to provide details that are ‘reasonably sufficient’ for the service provider etc to contact you afterwards. As a result, you can legally submit a takedown with just an e-mail address – no phone number, etc required. Lots of service providers still ask for the maximum amount of information, but you don’t need to give it if you send the takedown directly rather than using their form.
        4. We ask users to affirm their understanding that we will forward notices on when they submit DMCAs – and are pretty public about that.

        >> On #2:
        >> This suggests to me that, in not restoring access in response to counter-notices, service providers lose their safe harbor and become vulnerable to liability. Do you agree?

        I don’t agree with that, but I would need to check the case law on this to be 100% sure. My understanding is that the safe harbor is only relevant if the service provider doesn’t take down the material – as they would then be (potentially) liable for the unauthorised use of copyrighted material on their platform. However, if it’s already offline, I don’t see what action could be brought against them by either the user or the copyright holder – at least not relevant to that material anyway – and provided that this is allowed for in their Terms of Service (which it almost definitely will be).

        >> On #3
        >> if most service providers (unlike WordPress) are so cautious that they don’t want to judge the validity of a notification and just automatically take stuff down in whenever they receive one, why then aren’t they equally cautious in responding to counter-notifications?

        Again, good question. Part of the reason is for the above. There isn’t any real additional liability that comes from ignoring counter notifications, or not restoring in time. The crux of the DMCA is the takedown part, rather than the restoring part. As for exactly why they don’t stick rigidly to that time-frame, or upload it at all… not sure. It’ll depend on the platform. There may be a desire to avoid hosting contentious material if they themselves are suspicious that it might indeed be infringing, or there might be an internal policy debate over what to do about this particular case so it gets delayed… a whole host of reasons.

        I hope that’s helpful! It’s a pretty fascinating topic.

        • It is helpful, CS, thank you!

          I must say, it seems wrong to me that the poster of the removed material should not have legal recourse if the material is not restored in 10-14 days after counter-notification.

          I mean, Nolander is free and available elsewhere, so I suffered no or insignificant losses during its week of downtime. And both Amazon and Smashwords ended up restoring it well before the 10 days, anyway. But imagine a book that’s been selling 300 copies a day at $3.99, a figure well within the realm of possibility for very successful indie authors. Let’s say that the scammer does a better job setting up the scam, so the author can’t prove it’s a scam as easily as I did. So the book remains down as retailers wait to get permission from both parties, per their policy.

          After 15 days, the author would be out more than $12,000 in royalties, and losses would continue to accrue. Eve if the book eventually were restored, it might never regain the momentum it had before.

          This is one way in which retailers’ situation may different from that of other service providers, where the direct monetary impact of the material’s removal could be harder to prove. I wonder if anyone has ever tried to sue a service provider under that g.2.C. section.

          I mean … this part of the law:

          “Replacement of Removed or Disabled Material and Limitation on Other Liability.—
          (1) No liability for taking down generally.— Subject to paragraph (2), a service provider shall not be liable to any person for any claim based on the service provider’s good faith disabling of access to, or removal of, material or activity claimed to be infringing or based on facts or circumstances from which infringing activity is apparent, regardless of whether the material or activity is ultimately determined to be infringing.
          (2) Exception.— Paragraph (1) shall not apply with respect to material residing at the direction of a subscriber of the service provider on a system or network controlled or operated by or for the service provider that is removed, or to which access is disabled by the service provider, pursuant to a notice provided under subsection (c)(1)(C), unless the service provider—
          […]
          (C) replaces the removed material and ceases disabling access to it not less than 10, nor more than 14, business days following receipt of the counter notice, unless its designated agent first receives notice from the person who submitted the notification under subsection (c)(1)(C) that such person has filed an action seeking a court order to restrain the subscriber from engaging in infringing activity relating to the material on the service provider’s system or network.”

          If I were to translate that into regular language, it’d go something like this:

          (1) A service provider can’t be sued for taking material down as part of a good faith response to a DMCA notice.
          (2) But that doesn’t apply if a “subscriber” placed that material on the service provider’s site [that is, if the material belongs to a third party, such as an author]. In that situation, the service provider CAN be held liable, UNLESS the service provider —
          […]
          (C) Restores the material between 10 and 14 days after receiving counter-notice, assuming it is not informed that the original complainant has sued in response to the counter-notice.

          Am I reading this totally wrong??

          P.S. A master’s on the DMCA. Wow. You are the man, Clicky Steve. I want to squeeze you like a lemon until I understand this darned thing! ;)

          • Yeah, it can definitely be read that way, but that limitation on liability isn’t the be all and end all.

            Even if a provider didn’t receive protection under this section (for failing to restore material within 14 days, or at all), that doesn’t mean they’ve necessarily broken the law. Somebody would still have to sue under whatever grounds and win… which would be difficult, if not impossible given the wide range of discretion that they have over what material is active on their site. The terms of service that users agree to when signing up ensure this.

            • Hmm … yes, I see. Yeah. Makes sense.

              So, public relations is going to be the only real lever, here. There’s no legal remedy. :-/

              Thank you so much for explaining!

    • Hey Clicky Steve!

      I love that you fight for the users! Assuming you know why I get such a kick out of that, you will probably love the pseudonym we just published a new poetry book under: Bradley Flynn (title: A Little Bit Lost, Kindle and physbook on Amazon).

      (I hope you get the point I am making about your own reference! If you don’t get what I am talking about, google “he fights for the users” …and the names of the two main characters are…?)

      Anyway, thank you for the great input. And keep fighting the good fight!
      -Matt

      President
      Creative Global Publishing

  4. Firstly, please allow me to say my hat is off to your Becca, not only for fighting this good fight, but also detailing it for those who could also find themselves in the same situation. That you took the time to type out the entire even in such detail is worthy of praise alone. I’m glad things got resolved to your satisfaction.

    Secondly, I don’t know if this is 100% accurate (or accurate on any other level of percentage), but I’ve heard/read of people emailing Jeff Bezos directly with concerns about Amazon and he seems to take things seriously. I’m sure a little digging (on Amazon.com) is necessary for one to find his direct email, but it can be done and I think you should email him about this.

    Thirdly, I certainly am not one who can claim to come close to understanding all this legalese, but I wonder if one basic change that can be implemented quickly is that they take any DMCA’s from within the United States a bit more serious than those from outside the US? I know it’s easy for anyone anywhere to have a Gmail or Yahoo address, but I think there are enough details in the coding of an email to show country of origin. So let those outside of the US use their own dime to prove what they claim is fraudulent. I don’t know. Maybe that’s too stupid an idea.

    ~ BJF

    • Thank you, BJF! :)

      Your suggestion about emailing Jeff Bezos is exactly right. That is what I did, and it worked like gang-busters. I don’t think emailing him at that public address (you can just Google it) means you’ll necessarily be having a one-on-one chat with him or anything, but it does seem to get your concerns in front of Amazon people who are empowered to examine your individual case in ways your average KDP rep may not be.

      Interesting idea about weighting DMCA notices differently depending on nation of origin. It is frustrating that the citizens of some nations are beyond the reach of the U.S. courts, due to lack of reciprocity. I think that probably makes DMCA abuse from those nations more likely, at least in the long run. But it’d be terrible if the opposite problem got going: if U.S. citizens felt free to steal intellectual property from people living elsewhere because foreign DMCAs were more likely to be dismissed. Plus, the most enterprising scammers can get around geographical markers in electronic communications.

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s