DMCA notices are sent in their millions every single week, mainly to restrict access to copyright-infringing content. These notices usually target the infringing content itself or links to the same, but there are other options too.
The anti-circumvention provisions of the DMCA allow companies that own or provide access to copyrighted works to target tools and systems that facilitate access to that content in an unauthorized manner. Recent examples can be found in the war currently being waged by the RIAA against various YouTube-ripping sites, which provide illicit access to copyright works, according to the industry group.
This week Facebook-owned Instagram entered the arena when it filed a DMCA notice against code repository Github. It targeted Instagram-API, an independent Instagram API created by a Spain-based developer known as ‘mgp25‘. Instagram claims that at least in part, the notice was filed to prevent unauthorized access to its users’ posts, which can contain copyrighted works.
“The Company maintains technological measures to control access to and protect Instagram users’ posts, which are copyrighted works. This notice relates to GitHub users offering, providing, and/or trafficking in technologies, products, and/or services primarily designed to circumvent the Company’s technological measures,” the complaint begins.
According to Instagram, Instagram-API is code that was designed to emulate the official Instagram mobile app, allowing users to send and receive data, including copyrighted content, through Instagram’s private API. It’s a description that is broadly confirmed by the tool’s creator.
“The API is more or less like a replica of the mobile app. Basically, the API mimics the requests Instagram does, so if you want to check someone’s profile, the mobile app uses a certain request, so through basic analysis we can emulate that request and be able to get the profile info too. The same happens with other functionalities,” mgp25 informs TorrentFreak.
While Instagram clearly views the tool as a problem, mgp25 says that it was originally created to solve one.
“Back in the day I wasn’t able to use Instagram on my phone, and I wanted something to upload photos and communicate with my friends. That’s why I made the API in the first place,” he explains.
There are no claims from Instagram that Instagram-API was developed using any of its copyrighted code. Indeed, the tool’s developer says that it was the product of reverse-engineering, something he believes should be protected in today’s online privacy minefield.
“I think reverse engineering should be exempt from the DMCA and should be legal. By reverse engineering we can verify whether apps are violating user privacy, stealing data, backdooring your device or doing even worse things,” he says.
“Without reverse engineering we wouldn’t know whether the software was a government spy tool. Reverse engineering should be a right every user should have, not only to provide interoperability functionalities but to assure their privacy rights are not being violated.”
While many would consider that to be a reasonable statement, Instagram isn’t happy with the broad abilities of Instagram-API. In addition to the above-mentioned features, it also enables access to “Instagram users’ copyrighted works in manners that exceed the scope of access and functionality that would be permitted by a user with a legitimate, authorized Instagram account,” the company adds.
After the filing of the complaint, it took a couple of days for Github to delete the project but it is now well and truly down. The same is true for more than 1,500 forks of Instagram-API that were all wiped out after their URLs were detailed in the same complaint.
Regardless of how mgp25 feels about the takedown, the matter will now come to a close. The developer says he has no idea how far Instagram and Facebook are prepared to go in order to neutralize his software so he won’t be filing a counter-notice to find out.
