dmca/2020/03/2020-03-23-fcc.md

6.7 KiB
Исходник Постоянная ссылка Ответственный История

Are you the copyright holder or authorized to act on the copyright owner's behalf?

Yes, I am authorized to act on the copyright owner's behalf.

Please describe the nature of your copyright ownership or authorization to act on the owner's behalf.

The owner of copyright is Farm Credit Canada (FCC), a Canadian federal crown corporation offering financial services to the agricultural sector. I am [private] - Responsible for cyber security for FCC.

This complaint concerns content which has been stolen from FCC namely, FCC customer records which document confidential communications between FCC employees and customers. This data and information is protected by copyright and certain segments also contain personal information and trade secrets of FCC, our customers and employees (the “Works”). All of those rights have been violated by the user shivaheydari (hereinafter the “User”) whom has misappropriated the Works and posted them publicly on GitHub and the persistence of these records on GitHub continues to violate those rights and expose FCC and our customers to harm. We are currently investigating the issue internally.

In the interests of full disclosure and to mitigate the risk of further processing delays, we had reported this incident via the Sensitive Data Removal Policy (earlier this morning) in addition to reporting the privacy concerns (last evening). In both cases, Microsofts responses have been unsatisfactory, with each of those processes since the teams responsible correctly identifying that the contents posted by the User contain sensitive data as well as proprietary interests (i.e this breach is not simply a privacy, a copyright or a sensitive data issue, its all three).

As a consequence and somewhat surprisingly, rather than re-route or escalate this concern internally at GitHub or Microsoft, we are now pursuing our third process avenue to seek the removal of the Works from the public in order to mitigate the further risk to FCC, our employees and customers. In light of this, please escalate this issue urgently.

Please provide a detailed description of the original copyrighted work that has allegedly been infringed. If possible, include a URL to where it is posted online.

https://github.com/shivaheydari/txtclf/blob/master/classifier/classifier/datasets/interaction_360_for_labeling_15Jan20_AK.csv

All of the Works were generated by FCC personnel in the context of their employment or otherwise, as works for hire. And as a consequence, FCC holds copyright in the entire data set that is referenced above. The information has been misappropriated from FCC systems and posted to GitHub without authorization, license or approval.

What files should be taken down? Please provide URLs for each file, or if the entire repository, the repositorys URL.

https://github.com/shivaheydari/txtclf

Have you searched for any forks of the allegedly infringing files or repositories? Each fork is a distinct repository and must be identified separately if you believe it is infringing and wish to have it taken down.

The Works that have been infringed are not software code. Instead, they are comprised of data from FCC business systems as described above. The information does not involve data or code of any third parties and any suggestion that the contents have been innocently posted is patently false. The entire file is comprised of stolen data similar to the appropriation of data that was posted a year ago to GitHub in connection with another financial services provider based out of the United States.

Is the work licensed under an open source license? If so, which open source license? Are the allegedly infringing files being used under the open source license, or are they in violation of the license?

As noted above the Works are not software code and FCC has not authorized a third party to use, download, process or publish the contents to GitHub or any other platform. They contain notes about communications between FCC and customers and are proprietary and confidential records which contain personal and sensitive information.

What would be the best solution for the alleged infringement? Are there specific changes the other person can make other than removal? Can the repository be made private?

The best solution would be to immediately take down the content and for Microsoft to assist FCC in its investigation as to whether the User of the account has posted or shared the Works (or any other FCC content) in other public or private GitHub accounts.

FCC is in the process of forensically investigating this issue to determine root cause. The results of that report may be used to inform law enforcement and/or to assist in the pursuit of civil action. The persistence of this data increases the exposure to risk of loss and harm to FCC, its employees and customers and any suggestion that FCC or GitHub would consult with the User would be entirely inappropriate since such an action could effectively tip off the user, potentially resulting in the contents being downloaded, transferred and published elsewhere. We respectfully request that the totality of the circumstances make clear that contacting the User would do further harm to FCC and our customers.

Do you have the alleged infringers contact information? If so, please provide it.

FCC does not know who the infringer is and we suspect that the User name is simply a pseudonym to disguise the identity of a malicious actor in order to avoid or frustrate detection.

On the basis of the foregoing, FCC respectfully requests your immediate attention and action to address this concern. As noted above, we have attempted to report this breach through other methods, but our efforts with Microsoft and GitHub have been fruitless and the persistence of this is increasing exposure to harm to FCC and its employees and customers impacted by the breach. Please govern yourself accordingly and action this request as urgently as possible.

I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.

I have taken fair use into consideration.

I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.

I have read and understand GitHub's Guide to Submitting a DMCA Takedown Notice.

So that we can get back to you, please provide either your telephone number or physical address.

[private]

Please type your full legal name below to sign this request.

[private]