GitHub: Changes to EU copyright law could derail open source distribution
A proposed European law would mandate that content providers utilize some kind of content filter to make sure rights holders get their royalties. But for a public open source code repository, such a contraption could be a nuisance, or it could be catastrophic.
"Automated upload filtering of code would require entirely new technology," stated GitHub Policy Director Mike Linksvayer, in a note to ZDNet Wednesday, "and would result in either vast numbers of false positives -- causing software to become much more fragile, literally breaking builds -- or vast numbers of false negatives -- because most software, including proprietary software, includes some open source components."
The E.U. Parliament's Legal Affairs Committee voted 14-9-2 Wednesday, Brussels time, to approve the latest draft of a directive to impose sweeping changes to the continent's copyright protections. Ostensibly, the purpose of this Parliamentary Directive would be to ensure the accessibility of all forms of content to "cultural heritage institutions" (mainly libraries and museums). Tucked into that draft is a mandate for a method for artists and rights holders to negotiate, perhaps electronically, to negotiate for and receive royalties from the distribution of their work.
But despite a flurry of proposed amendments (some of which may not have been fully circulated among members prior to being voted down, according to one member's objections), the Directive as it stands may fail to distinguish between a multimedia site like YouTube or Spotify, and a source code repository like GitHub or GitLab.
So the fear among a growing number of organizations is that a government mandate for content filtering could put a potentially crippling damper on the world's most effective means for maintaining the currency and integrity of open source applications -- all in the name of protecting people who weren't being threatened by it anyway.
'Appropriate and proportionate'
The original draft of the relevant part of the legislation -- Article 13, paragraph 1, of the proposed E-commerce Directive reads as follows:
Information society service providers that store and provide to the public access to large amounts of works or other subject-matter uploaded by their users shall, in cooperation with rightholders, take measures to ensure the functioning of agreements concluded with rightholders for the use of their works or other subject-matter or to prevent the availability on their services of works or other subject-matter identified by rightholders through the cooperation with the service providers. Those measures, such as the use of effective content recognition technologies, shall be appropriate and proportionate. The service providers shall provide rightholders with adequate information on the functioning and the deployment of the measures, as well as, when relevant, adequate reporting on the recognition and use of the works and other subject-matter.
At issue is the nature of the phrase "information society service providers," (ISSP) which E.U. law has, in the past, applied very broadly. According to regulations that came into effect in 2002, an "information society service" is any service whatsoever that may involve a reciprocal transfer of funds, and that takes place at a distance. Even the telephone could be a viable medium -- it isn't even necessarily a digital transaction.
Up to this point, a form of safe harbor has protected ISSPs from liability for copyright infringement, when that infringement is triggered by a third-party uploader. The E.U.'s member states are each responsible for designating the extent of that safe harbor, but the Union as a whole recognizes each member's interpretation as equally valid. In a landmark case decided in Madrid in 2014, YouTube was found not liable for infringement when a recording from a Spanish TV network appeared on its service for public download.
Service providers could all claim to be protected by this safe harbor, because it was so broadly defined. Ironically, it's the fact that such protections have been applied so widely that's being leveraged as justification for applying the reversal of that measure equally broadly. Theoretically, GitHub as an ISSP could be compelled to implement a revenue-sharing, royalty-dispensing mechanism, tied to a content filter undoubtedly searching for evidence of popular music videos, for a service in which no one would rightly claim royalties anyway.
"Upload filters are especially concerning for software developers," wrote GitHub Policy Liaison Abby Vollmer, in a company blog post last March, "given that software developers create copyrightable works -- their code -- and those who choose an open source license want to allow that code to be shared."
Vollmer's point is that open source license holders may still be copyright holders -- the two are not on opposite sides of a legal pole. Indeed, copyright may be used as a tool to grant other developers freedom of distribution. If the purpose of a filtering mechanism were to identify copyrighted material, it would certainly find it on GitHub, as well as GitLab or any other competitive public code repository. But that identification would serve little purpose, since such a copyright would undoubtedly have been claimed in order to protect the legitimacy of the rights holders' chosen distribution method.
The Explanatory Memorandum accompanying the initial draft of the proposed Directive, includes this: "Article 13 creates an obligation on information society service providers storing and giving access to large amounts of works and other subject-matter uploaded by their users to take appropriate and proportionate measures to ensure the functioning of agreements concluded with rightholders and to prevent the availability on their services of content identified by rightholders in cooperation with the service providers."
The 'value gap'
Proponents of the legislation cite what they call a "value gap" in Europe's information economy: a difference between the profits that service providers reap in the act of distributing content, and the revenues the artists and originators generate from that content. The Memorandum implies that the mere act of making content public exploits this value gap, and in turn, penalizes artists.
The E.P.'s definition of the value gap published in late May, though not part of the Directive, appears to leave open the possibility of an exception for GitHub and others in its category, referring specifically to "online marketplaces whose main activity is online retail and which do not give access to copyright protected content."
"Code sharing does not contribute to the 'value gap' the Directive's upload filters proposal is intended to address," argued GitHub's Linksvayer. Specifically, in the open source economy, it's not the distribution of code from which revenues are derived. Arguably, it's the free distribution of that code which creates opportunities for developers to support it -- and it's those opportunities that earn them revenue.
"It is both feasible and imperative to exclude software development platforms from the Directive," continued Linksvayer. "Upload filters for software would be disastrous for software development, and thus the future of the European economy."