"Yahoo isn’t happy that a detailed menu of the spying services it provides law enforcement agencies has leaked onto the web." That's how WIRED's Threat Level blog put it when describing Yahoo's recent effort to censor its own law enforcement compliance guide off the Internet using a bogus DMCA takedown demand.
The trouble all started when Yahoo stepped in to block a FOIA request for its law enforcement compliance "price list" (i.e., what it charges to law enforcement and spy agencies when responding to requests for information about Yahoo users). Shortly thereafter, a copy of the document, entitled "Yahoo! Compliance Guide for Law Enforcement," appeared on Cryptome.org.
Here's where the bogosity begins in earnest. Yahoo sent a formal DMCA takedown notice to Cryptome.org, demanding the removal of the compliance manual. In the letter, Yahoo's lawyers allege that posting the manual infringes Yahoo's copyrights (the only proper basis for a DMCA takedown), as well as claiming that it's a trade secret (absurd for a marketing document) and that posting it constitutes "business interference" (huh? informing customers about Yahoo's disclosure practices "interferes" with business?).
This should earn Yahoo a place in the Takedown Hall of Shame (we'll be updating our list of inductees soon). Posting the compliance manual is a clear fair use. Consider the "four factors" that courts examine in fair use cases: (1) publication is clearly for a transformative purpose (criticism, public debate); (2) publication does not harm the "market" for the original (since Yahoo doesn't sell copies of the manual); (3) the nature of the publication is factual, not highly creative; and (4) while the whole manual was published, that was necessary for the transformative purpose. And, perhaps most important, a federal court has already ruled in favor of fair use on nearly these same facts, when Diebold Election Systems was sued for trying to censor embarrassing internal documents off the Internet using bogus DMCA takedowns.
This brings up another important point: the DMCA does not require service providers to comply with bogus takedown notices. The DMCA offers a "safe harbor" from money damages for copyright infringement, but you only need a "safe harbor" if the activity in question might be infringing in the first place. Where (as here) the activity is clearly not infringing, a service provider doesn't need the DMCA for protection, and can just deposit takedown notices in the trash (as YouTube did a few months ago in the face of another obviously bogus takedown notice).