noDRM’s GitHub repo DeDRM_tools is disabled due to Readium’s DMCA notice

3
noDRM’s GitHub repo DeDRM_tools is disabled due to Readium’s DMCA notice

Before disabling any content in relation to this takedown notice, GitHub

  • contacted the owners of the affected repositories to give them an opportunity to make changes.
  • provided information on how to submit a DMCA Counter Notice.
  • offered to connect the owners of the affected repositories with legal resources as part of our commitment to standing up for developers.

To learn about when and why GitHub may process some notices this way, please visit our README.


Note: Because the parent repository was actively being forked when this DMCA takedown notice was received, and the submitter had identified all known forks at the time they submitted the takedown notice, GitHub processed the takedown notice against the entire network of 10 repositories, inclusive of the parent repository.


Are you the copyright holder or authorized to act on the copyright owner’s behalf?

Yes, I am the copyright holder.

Are you submitting a revised DMCA notice after GitHub Trust & Safety requested you make changes to your original notice?

No

Does your claim involve content on GitHub or npm.js?

GitHub

Please describe the nature of your copyright ownership or authorization to act on the owner’s behalf.

Readium LCP is a DRM solution, i.e. a set of technological measures of copyright protection through copy control and encryption. Ebook distributors, e.g. public libraries and online booksellers, are using LCP to limit the dates between which a publication can be read, the number of characters a user is able to copy/paste or the number of pages a user may print. They can also control that the content is not overshared.

The core LCP specification (https://readium.org/lcp-specs/releases/lcp/latest) defines the notion of encryption profiles. Encryption profiles are a way to include a secret algorithm in an otherwise open solution, secrets being the basis of effective technical measures of protection.

We are the copyright owner of the official LCP encryption profile used by ebook distributors worldwide (named Profile 1.0). More information about our role relative to LCP is found in https://www.edrlab.org/readium-lcp/. LCP adopters are listed in https://www.edrlab.org/readium-lcp/certified-apps-servers/.

Please provide a detailed description of the original copyrighted work that has allegedly been infringed. If possible, include a URL to where it is posted online.

The LCP encryption profile 1.0, its algorithm and associated keys are not posted online, nor open in any manner. Instead they must be licensed through an explicit agreement with EDRLab.

What files should be taken down? Please provide URLs for each file, or if the entire repository, the repository’s URL.

The following git repository contain circumvention technology that enables users to illegally access ebooks protected by copyright:

https://github.com/noDRM/DeDRM_tools

Do you claim to have any technological measures in place to control access to your copyrighted content? Please see our Complaints about Anti-Circumvention Technology if you are unsure.

Yes

What technological measures do you have in place and how do they effectively control access to your copyrighted material?

The protection is based on the encryption of each resource of a publication. Without going into details of the LCP technological measures, only trusted LCP compliant client applications can give access to unencrypted content. In order to decrypt such encrypted content, LCP compliant applications use a user passphrase and a secret algorithm which is part of the LCP encryption Profile 1.0. LCP compliant client applications cannot save decrypted ebooks.

LCP possesses several interesting characteristics:

  • This DRM solution is available on every client platform (iOS, Android, Windows, MacOS, Linux, specific eInk Readers); with the open-source Readium development toolkits, EDRLab provides an open-source codebase which eases such integration. LCP does not lock the user into a proprietary environment. This is why e-lending libraries are moving to this solution, worldwide.

  • The DRM solution is especially useful for library e-lending, as it provides loan extensions and early return features.

  • This DRM solution does not hurt the accessibility of the content it protects, for people with reading impairment; this is why is it promoted by the DAISY Consortium.

  • This DRM solution lets users share LCP protected ebooks with friends and family; there is no predefined number of devices which can use an LCP protected ebook.

  • This is the only DRM solution which is based on an open standard. This means that inspecting the software for flaws is easy. The encryption profile is the only confidential information.

How is the accused project designed to circumvent your technological protection measures?

The user noDRM has published on GitHub software which specifically allows the decryption of ebooks protected by the LCP Profile 1.0 and allows saving them as non-protected ebooks. This infringement violates our legal business and affects authors and publishers’ IP. This codebase is presented as a plug-in of the well-known Calibre software, an open-source ebook manager.

The GitHub account was created especially for the upload of his DeDRM fork (the user certainly exists with another username on GitHub):

https://github.com/noDRM?tab=repositories

The file which explicitly deals with LCP circumvention is:

https://github.com/noDRM/DeDRM_tools/blob/master/DeDRM_plugin/lcpdedrm.py

References to LCP are also found in:

https://github.com/noDRM/DeDRM_tools/blob/master/DeDRM_plugin/config.py

https://github.com/noDRM/DeDRM_tools/blob/master/DeDRM_plugin/epubtest.py

https://github.com/noDRM/DeDRM_tools/blob/master/DeDRM_plugin/prefs.py

https://github.com/noDRM/DeDRM_tools/blob/master/DeDRM_plugin/ReadMe_Overview.txt

https://github.com/noDRM/DeDRM_tools/blob/master/DeDRM_plugin/DeDRM_Readium%20LCP%20passphrase_Help.htm

The latter being a documentation on how to use his plug-in to circumvent the LCP protection.

The user noDRM is actively promoting the activity of cracking both library loans and one-off purchases:

https://github.com/noDRM/DeDRM_tools/issues/2#issuecomment-979106126

This departs from the policy of the user [private], from which noDRM has forked the repository DeDRM_tools. The user [private] does not provide circumvention material for the LCP solution, therefore it is not part of our request for takedown.

The user noDRM also expressed his will to extend his circumvention material to other publication formats protected by the LCP DRM:

https://github.com/noDRM/DeDRM_tools/blob/master/CHANGELOG.md#fixes-in-v1000-2021-11-17

The way the user noDRM is expressing his rejection of technical protection measures and the use of an anonymous email address leads us to conclude that asking nicely first is sadly not applicable in this case.

Have you searched for any forks of the allegedly infringing files or repositories? Each fork is a distinct repository and must be identified separately if you believe it is infringing and wish to have it taken down.

Here are the current forks of the infringing project:

https://github.com/GMagician/DeDRM_tools which is up to date with noDRM:master

https://github.com/jibin23/DeDRM_tools which is up to date with noDRM:master

https://github.com/thurask/DeDRM_tools which is up to date with noDRM:master

Is the work licensed under an open source license?

No

What would be the best solution for the alleged infringement?

Other Change

Describe the change.

The purpose of this repo is to illegally access copyrighted material, and the content of the repo was illegally obtained. The repo and its forks must be shut down entirely.

Do you have the alleged infringer’s contact information? If so, please provide it.

We have no information regarding the identity of the alleged infringers beyond their Github account names and an email: [private]

I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.

I have taken fair use into consideration.

I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.

I have read and understand GitHub’s Guide to Submitting a DMCA Takedown Notice.

So that we can get back to you, please provide either your telephone number or physical address.

[private]

[private]

Tel : [private]

Please type your full legal name below to sign this request.

[private]

Join the pack! Join 8000+ others registered users, and get chat, make groups, post updates and make friends around the world!
www.knowasiak.com/register/
Read More

Leave a Reply

2 thoughts on “noDRM’s GitHub repo DeDRM_tools is disabled due to Readium’s DMCA notice

  1. Aditya avatar

    Looking at the python file they are complaining about, it simply implements the "encryption profile" that is mentioned. There is no circumvention; it still requires the user password. It is also clearly a novel implementation, so there is no copyright violation here. Their "algorithm" or whatever is obviously not protected under DMCA.

    So this is totally bogus, again. Bonus points for the DMCA notice obviously not being written by a lawyer.

  2. Aditya avatar

    > I have taken fair use into consideration.

    This is always a fucking lie, and I wish we (as a community) would band together to make it more painful for giant companies to just spam DMCA takedowns as part of their DRM strategy.

    Ignoring the entire issue with the fact that there probably wasn't any copyrighted material in the repo to begin with and that code is speech, and speech is protected in the US – in other words, taking the most charitable (for corporations) interpretation of the DMCA and assuming that neither of those holds true, a fair use provision still should hold!

    Circumvention for purposes of transposing your media to a different platform (time-shifting, archival) are already explicitly allowed per USC and rulings (if I'm not mistaken).

    I don't have the energy to type more. All in all, the DMCA needs some fangs pulled. Or fangs added, in the "perjury" category for entities that send out bad faith takedowns for code that they don't like. Has anyone ever been held legally responsible for a bad-faith DMCA takedown request? Don't think I've seen it.