Social media companies tend to take up copyright issues only when a) mitigating the pain in the ass of takedown notices and b) ensuring users keep reposting memes. Instagram has erred cautiously on the side of supporting potential infringers for the latter reason, so we found it curious when TorrentFreak reported that Instagram issued a DMCA takedown notice (an official copyright removal request) against Github to remove an independent developer’s tool which, Instagram claimed, could potentially enable copyright infringement of its users’ works. Essentially, Instagram is filing a copyright infringement notice against an independent developer for copyright infringement that hasn’t necessarily occurred on works that Instagram doesn’t hold the rights to. That’s very nice of Instagram to care, but how does this make sense?
Instagram is operating under the anti-circumvention measure in the 1998 Digital Millennium Copyright Act, which prohibits circumvention of “access controls,” mechanisms in place to prevent cracking into copyrighted works (think: an encrypted DVD). The developer known as mgp25 described “Instagram-API” to TorrentFreak as a tool that mimics the Instagram mobile app, which they created through reverse engineering, after finding that the official Instagram app didn’t work on their phone.
“First, I’d like to mention that the project used non of Instagram’s copyrighed code,” mgp25 told Gizmodo. “It merely used API ‘endpoints’ (or urls) to communicate with the Instagram servers.” Mgp25 called Instagram’s copyright claim as “a very odd stance to take, as anyone can just go to Instagram’s website and save images themselves without my tool, but it’s probably the one they have the most strength over (especially considering the Google vs Oracle case on copyrighting APIs).”
“Anyways,” mgp25 added, “I think that reverse-engineering should be exempt from the DMCA and be made fully legal. As it currently stands, companies can threaten legal action against security researchers who public post their findings of stealing userdata, backdoors, or worse. For example, check out what the ToTok app did.”
Instagram did not state that any copyrighted code was infringed by the app. However, Instagram’s stance, as laid out in its notice, is that “the core functionality of the [allegedly infringement-enabling] Instagram-API tool is to circumvent Instagram’s technological measures used to protect and control access to, and use of, copyrighted works.”
Electronic Frontier Foundation Senior Staff Attorney Kit Walsh told Gizmodo there’s reason to suspect that Instagram just didn’t like the ways in which the tool operated. In its takedown notice, Instagram claimed that Instagram-API circumvented Instagram’s copyright-protecting access controls, including “prevent[ing] automated liking and commenting”–a feature which doesn’t seem to have much to do with copyright, but plenty to do with freer access to the services. “The ability to use the API to interact with posts without going through an app helps interoperability and undermines the walled garden isolation that the dominant companies have enforced,” Walsh said.
“I don’t think that this is about copyright,” she added.
It is a convenient banner since the DMCA takedown all but ensures that Instagram obliterates its problem; like most major platforms, GitHub’s policy is to expeditiously disable content or allow a user 24 hours to modify specific elements of the content. The user can file a counter-notice but could face a very expensive copyright suit. “The DMCA provides a very cheap way of getting something off the internet without having to convince a judge that you’re right,” as Walsh put it.
After a few days, GitHub removed the entire repository, along with over 1,500 related forks, and mgp25 told TorrentFreak that they don’t plan to file a counter-notice for fear of the repercussions from Facebook and Instagram. The upshot is that, in the name of creative agency, Instagram destroys a developer’s work virtually overnight with specious logic and a brief letter.
Instagram has lately soured on the idea of allowing developers to improve upon its works; following the Cambridge Analytica scandal, Facebook and Instagram started shutting off the faucet to developers, restricting their rate limits to the extent that many apps were no longer functional.
Maybe Instagram is just trying to shore up its dam for potential liabilities. Or maybe it’s watching its back, as Instagram would know; the company has mastered the art of “improving” upon other platforms. In any case, Instagram-API’s swift annihilation doesn’t look good for devs.
Update 1/2: A Facebook spokesperson declined to address Walsh’s concern that a copyright takedown might dually function to reenforce “walled garden” sovereignty, but reiterated that Instagram-API circumvented Instagram’s access controls in violation of the DMCA. They wrote:
“Contrary to its claims, Mgp25’s ‘Instagram-API’ tool was designed to access and collect information from Instagram by circumventing technological protection measures we have in place. This behavior is prohibited under the Digital Millennium Copyright Act (DMCA), and we sent a takedown request to GitHub in accordance with the law.”
Update 1/4: The post has been amended to include comment from mgp25.