I believe for all of the above to apply, it would have to be proven that the request was knowingly malicious, as in they had full knowledge that the page did not infringe but decided to send a takedown notice anyway. That's highly unlikely, and good luck proving it anyway.

However, they are still liable and can absolutely be sued civilly for an improper takedown notice. But the penalty probably wouldn't extend beyond a monetary payment.

They were informed by the victims that they made an error and proceeded anyways.

Their inability to route that information to the right person should not be a valid defense or else incompetence becomes a business advantage.

> Their inability to route that information to the right person should not be a valid defense or else incompetence becomes a business advantage.

I don't mean to sound trite but hasn't it pretty much been proven to be already?

Look at things like the Equifax situation. A competent team performing security reviews and fixing and maintaining things would cost money. Repeat for N data breaches. And that's just software security -- it doesn't consider even more serious cases like those of infrastructure failures (bridge collapses, levee failures, dams breaking etc.) that have more important consequences.

I agree with what I believe was the main point you were making which is that SEGA should not be excused here. I just think businesses have come to view competence as being expensive and so it's optional, and that this seems to be somewhat okay with people until it directly affects them.

Yeah, SEGA is inevitably going to argue that the left hand didn't know what the right hand had received from the victims.

In a just court, that argument would be thrown out. But courts aren't always just, unfortunately.

And so we now have a legal framework such that the Shaggy Defense is valid and effective.

What a time to be alive.

So the approach is to write a bot, do zero human checks and then say "well, see, yes, we sent this complaint, but we didn't actually send it ourselves, the bot did, so we didn't know that it was wrong, because we've decided to never check these things before sending them out"?

It's weird, when you can write a program to do something in your name and as your agent, and then claim "it totally wasn't me, lol".

Well the law was basically written by the big media companies, so we're lucky that there's any recourse at all.

At what point does neglicent become knowingly malicious?

More generally: we need a legal framework that makes people deploying automation responsible for what the automation does to the same extent as they would be if they hired people to do the same work. "It's a false positive in an automated system" should never be acceptable justification for invalid legal action, nor should it be used as extenuating circumstances. Either you're prepared to pay for the mistakes of your algorithm, or you should not be deploying the algorithm at all.

If you knew that your algorithm produced false positives and you deployed it anyway, then you had fraudulent intent for the subset of automatically generated takedown notices which were false positives.

That's a nice theoretical definition of "fraudulent intent" but you're not going to get a court to agree with it, I don't think.

Say that the false positive rate is 3 in 4, so that 75% of takedown notices are invalid. Do we have fraudulent intent? I dare you to tell me that we don't.

OK, we've established that delegating to an algorithm doesn't provide an impenetrable shield. Now it's just a question of how irresponsible you have to be for the court to go against you.

Now, is there any difference between the injured parties who are affected by your false positives when that rate is 1% versus 75%? For the subset of assessments affecting the injured party, your false positive rate is effectively 100%. Why should they bear your burden?

An algorithm can be used to identify prospects for takedown notices. If you choose not to vet those prospects, then any mistakes are on you. If you can drive down the false-positive rate low enough, you might choose to accept the costs every time you falsely accuse someone and turn the algorithm loose anyway. But if you can't absorb the costs of the algorithm's mistakes, don't rely on the algorithm.

Really? You run something knowing that it's going to file invalid claims; how is that not intent to commit fraud?

You put out a product knowing that it can fail in X (very long) time or Y (highly unlikely) scenario. Does that mean you intentionally put out a faulty product?

"This process is inherently subjective, so creating perfect software while properly protecting our copyrights would be impossible. We determined that the false positive rate would be quite low, and had no intention of pursuing action against any invalid claims."

IANAL, but I think it's when, in a follow-up lawsuit, they find emails or other such evidence showing the takedown submitting party did so with knowledge that it was a false notice ahead of time. If you can't find something like that, then it stays negligence.