Saturday, January 23, 2016

Adobe files DMCA takedown notices to users sharing MacWorld article

Adobe filed DMCA takedown notices to Facebook for anyone who shared an article from MacWorld noting that Creative Cloud had been hacked and pirated.  The article (linked here) does not in any way encourage users to pirate Creative Cloud or provide them instructions for doing so.  It simply reports on the fact that pirated versions are available, highlighting the futility of considering software more secure simply because it runs in the cloud.

The DMCA takedowns were issued to Facebook more than two years after the article was shared.  Although there really is no damage here, they are very late. The "damage" is already long ago done.

You can almost feel the anguish from users like Susie Ochs who now have to jump through hoops to get their Facebook accounts reinstated.  While some just use their social media accounts for catching up with friends, Editors like Mrs. Ochs use them professionally.  Adobe is a large enough company to know better than to file this DMCA notice.  It is also pretty clear that rather than this simply being an inconvenience, lack of access to her Facebook account will have an actual financial impact for Mrs. Ochs.

Facebook went so far as to remove the share button entirely from the article.  But that hasn't stopped people from tweeting and retweeting it.

The security community has largely been at odds with the DMCA since it was originally passed into law.  The DMCA is pretty horrible legislation and simply allows the alleged copyright holder to issue takedown notices for anything they believe to be infringing.  The problem is that there is usually little verification performed to ensure that the material listed in the takedown notice is actually infringing.

Facebook clearly didn't do any verification for the MacWorld article after receiving a notice from Adobe.  Now, users who shared the allegedly DMCA infringing material have had their accounts locked and must jump through hoops to get them reinstated.

I used to work with someone who got a DMCA takedown notice for sharing open source graphics libraries on his website.  Yep, you guessed it. He was 'infringing' on the X Files by sharing an archive containing X11 files.  The problem of course is that the burden of proof is on him and not the party claiming infringement.  To compound matters, the reporting party gets nearly complete impunity against mistakes.  As written today, DMCA threatens every security researcher and tech reporter.  It's time for a change.

I always like to provide some actionable recommendations in my posts.  Here are a few:

  1. Educate those you come in contact with on how DMCA works. Most legislators who could change the law simply don't understand how horrible it is.
  2. If you are hit with a bogus DMCA notice, file a counter notice. Don't just take it. Someone has to stand up to the schoolyard bully.
  3. If your organization is considering issuing DMCA takedown notices, try to draft policies surrounding the verification of the infringing material. Adobe is getting nothing but bad PR from this - you can learn from Adobe's mistakes.


  1. This comment has been removed by a blog administrator.

  2. This comment has been removed by a blog administrator.

  3. This comment has been removed by a blog administrator.

  4. This comment has been removed by a blog administrator.

  5. This comment has been removed by a blog administrator.


Note: Only a member of this blog may post a comment.