The DMCA (Digital Millennium Copyright Act) is, more often than not, brandished too zealously and sometimes with little prior investigation in a “shoot first, ask questions later” style of legal (mis)management. That might just be the case here when Qualcomm issued takedown notices on some Github repositories, including one of CyanogenMod‘s, but then retracting it later.
The DMCA notice was filed on behalf of Qualcomm by a cyber security company named Cyveillance. According to the letter, several Github projects were found to be carrying files that contained highly confidential Qualcomm information without authorization from Qualcomm. Several files were listed, spanning from different projects hosted on Github. Interestingly, one of those hit by the DMCA is CyanogenMod, whose repository for the Sony Xperia SP, model name “huashan”, contained one of the offending files.
However, on Saturday, Qualcomm issued a public statement retracting the takedown requests. Apparently, they have been informed after the fact that at least one those files aren’t actually part of the company’s secret files, making the notices either flawed or unnecessary. Unfortunately, through a combination of circumstances (July 4 plus weekened), some of those Github pages are still unavailable and still reflect the takedown notice.
To its credit. Qualcomm did apologize to project maintainers for how the situation was handled in the first place, promising to look into the matter or reach out to maintainers. However, it does betray the rather trigger-happy way the DMCA has been used, especially by outsourced companies who are more than happy too jump at each and every seemingly offending file or content. Perhaps for them it is easier to click that button and apologize later than it is to go through the painstaking process of making sure everything is in order in the first place. After all, it’s Qualcomm that will be paying the PR price for it.