[mCOLlSVIxp6c]

Looks like this is the takedown request: https://github.com/github/dmca/blob/master/2020/01/2020-01-2...

The core allegation is:

> Mgp25’s Instagram-API repository (and its forks) offers a tool expressly designed to circumvent the Company’s effective access controls and protection measures by avoiding, bypassing, removing, deactivating, or impairing the Company’s technological measures without the authority of the copyright owners or the Company. Mgp25’s Instagram-API is designed to emulate the official Instagram mobile app when communicating with Instagram’s servers, which allows users of mgp25’s Instagram-API to send and receive data (including receiving legitimate, copyrighted posts by Instagram’s users) through Instagram’s private API. Mgp25’s Instagram-API also permits other types of access to, and collection of, Instagram’s users’ copyrighted works in manners that exceed the scope of access and functionality that would be permitted by a user with a legitimate, authorized Instagram account.

[wpietri]

Is this legally a legitimate reason for a DMCA request? That it's a tool that could be used to bypass copyright controls?

It's been a long time since I read it, but my understanding of the DMCA is that you need to claim an actual copyright violation on the thing being taken down. This sounds like a claim of contributory copyright infringement, which a) I don't remember being covered by DMCA, and b) there's a reasonable claim here for substantial non-infringing use, so I'm not sure contributory copyright infringement really applies.

[saurik]

This is about Section 1201, one of the most interesting parts of the DMCA, which is about banning circumvention devices. What is confusing me is that I am under the impression that the DMCA "takedown" process (which I know quite little about, to be fair) was unrelated to the anti-trafficking provisions (which I do stare at a lot), so I don't think this is a valid request (even if it were a valid lawsuit... though I frankly doubt that either as I don't think an "access token" can be considered an "effective TPM").

(I am not a lawyer, but I spend an unreasonable amount of my time staring at Section 1201 issues; if anyone needs legal advice they should contact a lawyer: nothing I say should possibly be construed as legal advice.)

[ldoughty]

From what I gathered: The author was banned from service on Instagram, he or she kept getting banned/denied new accounts because they flagged the device's UUID... So the author then made the API to mask/modify the device UUID and try to regain access to the platform (presumably signing up elsewhere, then using that token through this API to maintain access on their phone).

The author admitted to this in the readme of the repo.

Sounds 100% like the API was designed to try and bypass access control mechanisms...

Not sure if that falls under the legal definition or not.

[buckminster]

> Sounds 100% like the API was designed to try and bypass access control mechanisms...

Sure, but your parent's point is that this doesn't appear to be grounds for a takedown. Takedowns are for infringing content, which this isn't.

[crtlaltdel]

yeah this sounds more like it would be a T&C clause

[jacurtis]

According to the 2nd sentence on Wikipedia, which describes DCMA:

> [DCMA] criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works (commonly known as digital rights management or DRM). It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself.

While I initially thought (like many others on here) that DCMA was to keep you from spreading copyright content or passing it off as your own, the true purpose of DCMA is actually to criminalize the act of circumventing DRM. Access control on a social network I guess is considered a type of DRM for the content within the network (which, lest we not forget, is wholly owned by Instagram as soon as you post it). It specifically states that circumventing access control is a violation, regardless of whether any copyright was actually infringed upon.

So from my keyboard lawyer perspective, it seems like Instagram is actually within their rights here.

[Source](https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_A...)

[TheDong]

The point of the parent comment is not that the DMCA doesn't cover anti-circumvention, but rather than the DMCA contains many parts, and only the copyright content part has a safe Harbor and takedown notice provision.

The claim you're arguing against isn't that the DMCA doesn't cover this. The claim is that the DMCA takedown process doesn't apply to all infringements of the DMCA, only those of copyright wrt safe harbor.

[basch]

They don't own the copyright to what you post, you grant them a perpetual license to distribute it.

[wh1t3n01s3]

Problem is, why now. These kind of violations are not new. Too little too late

[Spoom]

Could one make the case that this client library enabled interoperability, since it allows one to use Instagram services on a previously unsupported device (e.g. a computer)?

[freewizard]

It's not first case, Popcorn Times was taken down from Github because it "is designed to allow an unlimited number of users to fulfill the unlawful purpose".

https://github.com/github/dmca/blob/master/2016/2016-03-16-M...

[deepsun]

Roads allow unlimited number of robbers to rob banks and drive away with money.

[nailer]

Interestingly, it's up back now: https://github.com/popcorn-official/popcorn-desktop

[capableweb]

That is indeed interesting. Anyone know what happened?

[ta999999171]

...it's no longer a headline?

[otakucode]

That's... not what the DMCA anti-circumvention clause means. At all. The anti-circumvention clause of the DMCA does not deal with the kind of technological measures they're talking about. It only forbids circumvention of technological measures that SPECIFICALLY protect copyrighted material. Not general access controls, not access throttling or user roles or anything general like that. It doesn't even protect against things like circumventing things and convincing Instagrams servers to send copyrighted data. It's meant to protect things like the CSS encoding/encryption on DVDs. It has been used (in RealNetworks v. Streambox, one of the first if not the first lawsuit involving the DMCA right after its passage) to prevent recording streamed content and a single totally undocumented bit ended up being ruled as an adequate 'protection mechanism' when 'circumvention' boiled down to "we didn't know what that bit did because no one would tell us, so we just ignored it". But that was specifically a transfer encoding of the content itself, it didn't have to do with user account control or anything. Courts are very displeased when companies try to use copyright law or the DMCA to facilitate other business goals - like protecting their ability to collect analytics, etc. It's obviously not copyright infringement to get images from Instagram, that's literally what it exists for you to do! Copyright protects copying. And absolutely nothing else.

[SilasX]

>offers a tool expressly designed to circumvent the Company’s effective access controls

Effective access controls? I think, when someone produces a tool that can access the API despite not having valid keys, you forfeit the right to call the access controls "effective".

[hw]

We considered using this client a year or so ago, due to Instagram/Facebook's reluctance to provide an API for Instagram Direct Messages, but eventually decided against it given some horror stories about ban sticks and them possibly shutting off access to the API some day.

Guess that day is here.

Seriously though, we've been waiting years for an Instagram DM API. Anyone know why they haven't yet released one?

[ceejayoz]

> Anyone know why they haven't yet released one?

Because it would immediately be leveraged for spam?

[mrlanderson]

mrlanderson1@gmail.com

Shoot me an email.

[tpmx]

Microsoft is running Github Legal now. It's on them. They happen to have a very long experience in shutting down third party access to unofficial APIs. (There was a lot of drama around this in the 80s, in the MS-DOS and Lotus 1-2-3 times.)

[WillPostForFood]

That’s not really how it works. If you claim DMCA protection, and you receive a DMCA request, you have to take the content down. GitHub/Microsoft doesn’t adjudicate the validity of the takedown request. The takedown can be appealed, but the burden falls on the person who’s content was taken down.

[basch]

Companies could choose to assess the validity of the claim, they just don't for practical purposes.

[tpmx]

That's dumb. I actually didn't realize it was this broken until now. Thanks.

[cortesoft]

Now? The DMCA came out 22 years ago.

[Mirioron]

Every day people learn new things that others think is common knowledge.

[cortesoft]

Whoops, I read the person I was responding to as saying "it has gotten worse now", not that they just realize it now. Didn't mean to shame someone for not knowing something!

[tpmx]

Turns out I was right though.