dmca/2017/2017-12-29-DJI-CounterNotic...

8.0 KiB

Are you the owner of the content that has been disabled, or authorized to act on the owner's behalf?
I am the user of the GitHub account that forked the code in question.

What files were taken down? Please provide URLs for each file, or if the entire repository, the repository's URL:
All of the files mentioned here:
https://github.com/github/dmca/blob/master/2017/2017-12-06-DJI.md
in particular my forked DJI repos:
https://github.com/MAVProxyUser/green
https://github.com/MAVProxyUser/hanking-PR
https://github.com/MAVProxyUser/batch_py
https://github.com/MAVProxyUser/skypixel_lottery
https://github.com/MAVProxyUser/backup
https://github.com/MAVProxyUser/wdx-before-2017
https://github.com/MAVProxyUser/test
https://github.com/MAVProxyUser/dji-games

Do you want to make changes to your repository or do you want to dispute the notice?

I am clearly stating that I believe my forked content was mistakenly disabled because DJI does not understand GitHub terms of service that granted me the right to fork it. As such I would like to contest the DMCA takedown that DJI mistakenly filed as I explain in detail below.

The entire basis of DJI's claim per the wording of the notice from DJI is inaccurate, the do not understand how GitHUB ToS work. DJI mistakenly marked code repositories as public subsequently granting license for anyone to fork said repos. This accident can be evidenced by their press release: https://www.dji.com/newsroom/news/statement-about-dji-cyber-security-and-privacy-practices

Per the last GitHub support email to me: "please be aware that we do not accept counter notices that simply dispute the wording of a DMCA takedown notice, and we will not take any steps to revise the wording of the original notice". I am not seeking to dispute the actual GitHub takedown wording, more so stating that DJI's claims are not based on factual statements, and in fact their own statements are conflicting in their own request. Per GitHub ToS I am allowed to fork public repos, DJI has an organization of approximately 88 some odd employees and contractors on GitHub, simply because they are unable to manage their developers (contract and direct employees) access, and rights to privileged repos (accidentally marking them public), does not mean they can imply that I personally "leaked" their code and make a claim against a proper fork of a public repo. In reality they accidentally left code set to public via lack of developer, or contractor education. As such code that was forked by myself, and others was actually within our rights granted by the terms of service.

DJI Openly admits to accidentally publishing AWS keys and as such needed to fire the responsible employees, the specific keys they mentioned in their press release are the ones that I found in the forked public GitHub repos mentioned above, and subsequently outlined in their takedown request. This is the quote from their press release https://www.dji.com/newsroom/news/statement-about-dji-cyber-security-and-privacy-practices below:

"AWS Server Data

DJI received a report from an independent security researcher that an AWS server repository was accessible by unauthorized parties. We took this issue very seriously, and fixed it within a day of receiving the report.

After doing an internal audit, we identified the DJI developers responsible for this error, and took immediate disciplinary actions against them. We terminated their employment because we considered their behavior inexcusable and not in line with company policy. We also reduced the number of people who had authorization to change the public and private settings of our servers to prevent this situation from happening in the future. In addition, DJI further enhanced security measures and employee training to prevent similar incidents from occurring again.

Similar to the SSL Certificate issue we have engaged a third party cyber forensics firm to investigate this incident. Based on our analysis so far, only one party was able to download data from the server, including personal information of our developers. The investigation is ongoing, and we will notify customers if evidence suggests that the data has been misused."

As such this statement in the DMCA notice specifically is not factual, and it is part of the basis of their DMCA claim against me: "These information has not been and would not be posted online by us, and includes but is not limited to our code related to our internal systems and confidential information of our websites".

Although they may not have wanted to, they accidentally did publish this info in a public repository which I forked, which per ToS they granted me a license to do so.

It is more factual to state that DJI employees accidentally uploaded code that should have been into a private repo, into public repos. Misrepresenting the code as "Leaked" is not factual. The statements further into the document accurately reflect the situation, which accurately reflects the fact that I forked a "public" repo, per my right in Terms of Service.

"This is a private project but be mistakenly put on public GitHub repository." "Leaked code of our private project mistakenly be put on public repository." "Leaked source code of our UTM Server mistakenly be put on public repository." "Leaked code of our MES project. This is a private project but be mistakenly put on public GitHub repository."

Code can't both be "leaked" and "mistakenly put on public GitHub". There is a big difference. One implies that I have done something wrong, where as the other admits an actual mistake of putting something in a public repo that should not be there, and allowing someone to publicly fork it.

Is there anything else you think we should know about why you believe the material was removed as a result of a mistake? (optional)
See above... ALL repos were forked from public repositories, meaning I did NOT upload them myself, rather DJI "mistakenly" placed this code out for the world to see / download / fork.

Per GitHub ToS I was granted the right to fork: "License Grant to Other Users

Any User-Generated Content you post publicly, including issues, comments, and contributions to other Users' repositories, may be viewed by others. By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies of Content from your repositories in repositories they control)." https://help.github.com/articles/github-terms-of-service/

Type (or copy and paste) the following statement: "I swear, under penalty of perjury, that I have a good-faith belief that the material was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled."

Per my understanding of the ToS listed above regarding public repos, and my subsequent right to fork them: I swear, under penalty of perjury, that I have a good-faith belief that the material was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled.

Type (or copy and paste) the following statement: "I consent to the jurisdiction of Federal District Court for the judicial district in which my address is located (if in the United States, otherwise the Northern District of California where GitHub is located), and I will accept service of process from the person who provided the DMCA notification or an agent of such person."

I consent to the jurisdiction of Federal District Court for the judicial district in which my address is located (if in the United States, otherwise the Northern District of California where GitHub is located), and I will accept service of process from the person who provided the DMCA notification or an agent of such person.

Please confirm that you have you have read our Guide to Submitting a DMCA Counter Notice: https://help.github.com/articles/guide-to-submitting-a-dmca-counter-notice/

So that the complaining party can get back to you, please provide both your telephone number and physical address:

[private]

Please type your full legal name below to sign this request:
[private]