GitHub, EFF Push Back Against RIAA, Reinstate Youtube-dl Repository

from the DEAR-RIAA-YOU-ARE-CORDIALLY-INVITED-TO-GFY dept

A few weeks ago, the RIAA hurled a DMCA takedown notice at an unlikely target: GitHub. The code site was ordered to take down its repositories of youtube-dl, software that allowed users to download local copies of video and audio hosted at YouTube and other sites.

The RIAA made some noise about copyright infringement (citing notes in the code pointing to Vevo videos uploaded by major labels) before getting down to business. This was a Section 1201 complaint -- one that claimed the software illegally circumvented copyright protection schemes applied to videos by YouTube.

The takedown notice demanded removal of the code, ignoring that fact there are plenty of non-infringing uses for a tool like this. It ignored Supreme Court precedent stating that tools with significant non-infringing uses cannot be considered de facto tools of infringement. It also ignored the reality of the internet: that targeting one code repository wouldn't erase anything from dozens of other sites hosting the same code or the fact that engaging in an overblown, unjustified takedown demand would only increase demand (and use) of the software.

Youtube-dl is a tool used by plenty of non-infringers. It isn't just for downloading Taylor Swift videos (to use one of the RIAA's examples). As Parker Higgins pointed out, plenty of journalists and accountability activists use the software to create local copies of videos so they can be examined in far more detail than YouTube's rudimentary tools allow.

John Bolger, a software developer and systems administrator who does freelance and data journalism, recounted the experience of reporting an award-winning investigation as the News Editor of the college paper the Hunter Envoy in 2012. In that story, the Envoy used video evidence to contradict official reports denying a police presence at an on-campus Occupy Wall Street protest.

“In order to reach my conclusions about the NYPD’s involvement... I had to watch this video hundreds of times—in slow motion, zoomed in, and looping over critical moments—in order to analyze the video I had to watch and manipulate it in ways that are just not possible” using the web interface. YouTube-dl is one effective method for downloading the video at the maximum possible resolution.

At the time, GitHub remained silent on the issue, suggesting it was beyond its control. Developers who'd worked on the youtube-dl project reported being hit with legal threats of their own from the RIAA.

There's finally some good news to report. The EFF has taken up GitHub/youtube-dl's case and is pushing back. A letter [PDF] from the EFF to GitHub's DMCA agent gets into the tech weeds to contradict the RIAA's baseless "circumvention" claims and the haphazard copyright infringement claims it threw in to muddy the waters.

First, youtube-dl does not infringe or encourage the infringement of any copyrighted works, and its references to copyrighted songs in its unit tests are a fair use. Nevertheless, youtube-dl’s maintainers are replacing these references.

Second, youtube-dl does not violate Section 1201 of the DMCA because it does not “circumvent” any technical protection measures on YouTube videos. Similarly, the “signature” or “rolling cipher” mechanism employed by YouTube does not prevent copying of videos.

There's far more in the letter, but this explains it pretty succinctly in layman's terms:

youtube-dl works the same way as a browser when it encounters the signature mechanism: it reads and interprets the JavaScript program sent by YouTube, derives the “signature” value, and sends that value back to YouTube to initiate the video stream. youtube-dl contains no password, key, or other secret knowledge that is required to access YouTube videos. It simply uses the same mechanism that YouTube presents to each and every user who views a video.

We presume that this “signature” code is what RIAA refers to as a “rolling cipher,” although YouTube’s JavaScript code does not contain this phrase. Regardless of what this mechanism is called, youtube-dl does not “circumvent” it as that term is defined in Section 1201(a) of the Digital Millennium Copyright Act, because YouTube provides the means of accessing these video streams to anyone who requests them. As a federal appeals court recently ruled, one does not “circumvent” an access control by using a publicly available password. Digital Drilling Data Systems, L.L.C. v. Petrolink Services, 965 F.3d 365, 372 (5th Cir. 2020). Circumvention is limited to actions that “descramble, decrypt, avoid, bypass, remove, deactivate or impair a technological measure,” without the authority of the copyright owner… Because youtube-dl simply uses the “signature” code provided by YouTube in the same manner as any browser, rather than bypassing or avoiding it, it does not circumvent, and any alleged lack of authorization from YouTube or the RIAA is irrelevant.

GitHub's post on the subject explains the situation more fully, breaking down what the site's obligations are under the DMCA and what it does to protect users from abuse of this law. It also states that its overhauling its response process to Section 1201 circumvention claims to provide even more protection for coders using the site. Going forward, takedown notices will be forwarded to GitHub's legal team and if there's any question about its legitimacy, GitHub will err on the side of USERS and leave the targeted repositories up until more facts are in. This puts it at odds with almost every major platform hosting third-party content which almost always err on the side of the complainant.

And the cherry on top is the establishment of a $1 million legal defense fund for developers by GitHub. This will assist developers in fighting back against bogus claims and give them access to legal advice and possible representation from the EFF and the Software Freedom Law Center.

Youtube-dl is back up. And the RIAA is now the one having to play defense. It will have to do better than its slapdash, precedent-ignoring, deliberately-confusing takedown notice to kill a tool that can be used as much for good as for infringement,

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: circumvention, copyright, copyright 1201, copyright 512, counternotice, recording software, takedowns, youtube-dl
Companies: eff, github, riaa, youtube


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Thad (profile), 17 Nov 2020 @ 11:00am

    See, Twitch? This is how you do it.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Nov 2020 @ 11:15am

    GitHub will err on the side of USERS and leave the targeted repositories up until more facts are in. This puts it at odds with almost every major platform hosting third-party content which almost always err on the side of the complainant.

    This really just means other companies are being more honest about it. Fundamentally, GitHub reviewing these take-down notices will be no different than trying to moderate at scale. Once the requests come in faster than the lawyers can handle them, they'll start erring on the side of the complainant. It's the only way to shield GitHub from unnecessary liability (other than changing the law of course).

    link to this | view in chronology ]

    • icon
      Pjerky (profile), 17 Nov 2020 @ 10:14pm

      Re:

      With this in mind, I think that complainants should automatically be throttled on submits. When they reach a certain number in a short amount of time, they get denied further submissions until the existing ones have been validated and shown at least 60% valid. Anything below that threshold auto-locks their submission account for 90 days. Basically, a way to enforce play nice and play by the rules or you get the boot. If they are found doing this with multiple accounts, they should be auto blocked across all accounts and have a lawsuit for abuse of the system automatically filed against them.

      link to this | view in chronology ]

      • icon
        Jeroen Hellingman (profile), 17 Nov 2020 @ 11:50pm

        Re: Re:

        The problem with this approach is that you still loose your protection under the law if you do so. Now, the law allows for only having a postal address to send take-down notices to, so you could do that (and have an address somewhere in a very remote corner of Alaska), but that will hurt you as much as the sender of all those notes.

        What you could try to do is impose a significant handling fee on non-DMCA compliant notices, and set it up such that sending non-DMCA compliant notices to the DMCA address implies acceptance of a contract to pay such fees. (You cannot charge for DMCA compliant notices).

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Nov 2020 @ 1:31am

      Re:

      Fundamentally, GitHub reviewing these take-down notices will be no different than trying to moderate at scale.

      Who is going to generate mass notices to GitHub? Microsoft... they own it, IBM... they are fully committed to open source software; Oracle, Adobe, Autocad they have market dominance and/or customer lock-in

      The usual suspect for mass DMCA campaigns will have difficulty finding anything more than a rare reference to one of their works.

      link to this | view in chronology ]

      • icon
        PaulT (profile), 18 Nov 2020 @ 1:59am

        Re: Re:

        "Who is going to generate mass notices to GitHub?"

        Anyone who stands to profit from taking down competition or tools that don't fit their business model, however temporarily.

        "Microsoft... they own it"

        You underestimate the amount of research that the (often 3rd party) lawyers and IP trolls undertake before issuing DMCA takedowns. Some MPAA/RIAA members have demanded delisting their own websites from Google or removal of videos they uploaded to YouTube themselves. I wouldn't be shocked if some MS lawyer demanded DMCA takedowns from GutHub because they didn't realise they were a MS company.

        "IBM... they are fully committed to open source software"

        So? Get the wrong idea into someone's head and have them think that, say, the best way to get their tools to be industry standard is to block people from working on alternatives.... That's counter to the open source mindset, but again the people who are issuing DMCA takedowns aren't going to be the developers.

        "Oracle, Adobe, Autocad they have market dominance and/or customer lock-in"

        So, a good reason to use dirty tricks to try and make development of competing open source solutions more difficult? Or to kill any tool that allows users to interact with their file formats without paying a toll?

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Nov 2020 @ 11:39am

    Instead of courts and polticians protecting the likes of the RIAA and MPAA, they need suing for false accusations and takedowns, just ad they are so fond of doing! Perhaps if that was to happen and get it plastered all over the media, they wouldn't be so keen on throwing baseless claims around!

    link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 17 Nov 2020 @ 11:40am

    GitHub erring on the side of users makes sense.
    GitHub makes money from devs, not the AA's.
    The
    AA's can't threaten to take their ball & go away (although they should in this case) leaving no content for GitHub to show.

    The **AA's responses are unhinged, everything only exists to steal from them & cost them trillions of dollars.
    Its the same look on my face when cops proclaim they found "bomb making supplies" in the suspects house... most people expect TNT, fuses, high tech stuff... except basic household items can be used to make a bomb. They claim bomb making supplies to get people on their side of the narrative & to stoke more fears.

    This reminds me of all of the "unique" lawsuits & legal theories used by groups trying to magically ban all guns because they can be used for bad things. We should stop blaming the tools b/c it can do something... tools are neutral its the user that can use it for good or evil. (I mean DLing a Taylor Swift video is punishment enough).

    @Tim - I miss you. TwitMo is a sad place.

    link to this | view in chronology ]

    • icon
      Thad (profile), 17 Nov 2020 @ 12:45pm

      Re:

      Course, it gets a little weird when you consider how consolidated everything is now.

      Github is owned by Microsoft. Microsoft is a member of the RIAA. It's easy to see how this could have gone another way.

      link to this | view in chronology ]

      • icon
        That Anonymous Coward (profile), 17 Nov 2020 @ 3:37pm

        Re: Re:

        Given that the AA's have attacked general computing before it might just be MS making a stand to protect themselves.
        I mean they got a cut from every plastic disc sold to home consumers b/c it MIGHT be used to steal music from them, taking this program out opens the door to go after other targets in software. Imagine if they sued Nero for daring to have software that lets people make their own audio cds... its all stolen!!!!!!!!!

        link to this | view in chronology ]

    • icon
      PaulT (profile), 17 Nov 2020 @ 11:14pm

      Re:

      "GitHub makes money from devs, not the AA's."

      That doesn't stop the RIAA from fighting to have them completely shut down because 0.0001% of their earning might be related to piracy if you squint at the figures in a certain way...

      "groups trying to magically ban all guns"

      Do those exist, or is that just the argument used to shut down the "maybe someone living in a 3rd floor apartment doesn't need a small military's arsenal to hand" and "maybe known psychopaths should have access to the same" arguments by applying reductio ad absurdum?

      I mean, I don't hear that actual argument over here in countries where guns are quite rare, let alone a serious argument over there.

      "We should stop blaming the tools b/c it can do something... tools are neutral its the user that can use it for good or evil"

      Tools can be very dangerous in the wrong hands and it's right to believe that they be restricted to certain trained professionals in those cases. Happens all the time in many industries. But it's absurd to conflate the arguments over whether or not someone gets a free song with the argument over whether regular massacres are the price of freedom.

      link to this | view in chronology ]

  • identicon
    Dave, 17 Nov 2020 @ 1:24pm

    It was at this moment the RIAA knew…

    …it EFF-ed up.

    link to this | view in chronology ]

  • icon
    r_rolo1 (profile), 17 Nov 2020 @ 2:26pm

    Mixed feelings ...

    link to this | view in chronology ]

    • icon
      r_rolo1 (profile), 17 Nov 2020 @ 2:29pm

      Re: Mixed feelings ...

      Ok, pressed enter too much...

      Anyway, good for Github for sending RIAA to eat grass.

      Bad for Github for having folded in the first place. Seriously, any reasonable human would know that RIAA was bluffing as high as high comes and still the default position was to fold back and trash the youtube-dl devs.

      link to this | view in chronology ]

      • icon
        Thad (profile), 17 Nov 2020 @ 3:16pm

        Re: Re: Mixed feelings ...

        It was an ass-covering move, and I would have preferred they not make it but it strengthens their position if this goes to court. They complied with the request in good faith and took time to review with counsel before determining that the request was in error.

        Sometimes the best legal move isn't the best PR move, or vice-versa.

        link to this | view in chronology ]

  • icon
    That One Guy (profile), 17 Nov 2020 @ 2:44pm

    ... oops

    Well that didn't work out so well now did it? Sure the site caved in the short term but after people pointed out what a stupid move it was they've now decided that, horror of horrors protecting their users is kinda important, and will actually do so.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Nov 2020 @ 3:23pm

    This was a Section 1201 complaint -- one that claimed the software illegally circumvented copyright protection schemes applied to videos by YouTube.

    Um... run that by me one more time?

    ... copyright protection schemes applied to videos by YouTube.

    So, tell me again, how the RIAA or its component companies would even have standing, were this brought to court? It's not their copyright protections schemes (or implementations) theoretically being circumvented.

    While yes, it is content they authored and have copyright in, they aren't bringing a copyright (DMCA) claim. Who determines the rights and privileges of people to receive these files, or to post these files? It sure ain't the RIAA, except in as much as they accept YouTube's terms.

    link to this | view in chronology ]

    • icon
      nasch (profile), 18 Nov 2020 @ 3:50pm

      Re:

      So, tell me again, how the RIAA or its component companies would even have standing, were this brought to court?

      Because of section 1203:

      "Any person injured by a violation of section 1201 or 1202 may bring a civil action in an appropriate United States district court for such violation."

      https://www.copyright.gov/title17/92chap12.html

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Herb Sluftwm, manager of Linux windows, 17 Nov 2020 @ 4:11pm

    You're lying again! Was NOT simply re-instated. CHANGED.

    First:

    It ignored Supreme Court precedent stating that tools with significant non-infringing uses cannot be considered de facto tools of infringement.

    SO? In the US, machine guns can't be considered de facto illegal. -- That's just your boilerplate ignoring that a significant use of this IS to infringe.

    link to this | view in chronology ]

    • This comment has been flagged by the community. Click here to show it
      identicon
      Herb Sluftwm, manager of Linux windows, 17 Nov 2020 @ 4:12pm

      Re: You're lying again! Was NOT simply re-instated. CHANGED.

      Going forward, takedown notices will be forwarded to GitHub's legal team and if there's any question about its legitimacy, GitHub will err on the side of USERS and leave the targeted repositories up until more facts are in.

      THEN, GitHub just abandoned DMCA protections, shifted its legal position from immune "platform" to active party and joint defendant.

      link to this | view in chronology ]

      • icon
        bhull242 (profile), 19 Nov 2020 @ 8:49am

        Re: Re: You're lying again! Was NOT simply re-instated. CHANGED.

        You’re not entirely right. The DMCA simply requires a policy be in place and be followed so long as it adheres to certain requirements. The new policy still does so, so GitHub is still immune.

        link to this | view in chronology ]

    • icon
      bhull242 (profile), 19 Nov 2020 @ 8:46am

      Re: You're lying again! Was NOT simply re-instated. CHANGED.

      Doesn’t matter. They still ignored Supreme Court precedent. In court, how you get the end result is more important than the end result itself.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Herb Sluftwm, manager of Linux windows, 17 Nov 2020 @ 4:12pm

    This time it's personal. And far riskier than geeky CEO thinks.

    This included GitHub CEO Nat Friedman, who was `annoyed' and personally offered his help to get the repository reinstated. This wasn't a false promise, as youtube-dl returned today.

    It's not just "personally" when CEO does it, but business. Again moves from a site immune IF takes down to active advocacy and spending money to protect users. That makes GitHub joint party and liable. -- Oh, gainsay all you want, but ignoring DMCA and interpreting it outside of clear terms is exactly what got Cox Communications on the hook for a BILLION.

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Herb Sluftwm, manager of Linux windows, 17 Nov 2020 @ 4:13pm

    RIAA WON. NOT SIMPLY RE-INSTATED. WAS CHANGED. C-H-A-N-G-E-D.

    You LEAVE OUT key point:

    GitHub has reinstated the repository after some changes were made. These changes include referrals to copyrighted music, which RIAA pointed out in its claim.

    As usual, you ignore parts that don't fit your story of valiantly re-instating.

    And it may still be aiding infringement, could be just a stalling tactic of cosmetic changes.

    link to this | view in chronology ]

    • icon
      Stephen T. Stone (profile), 17 Nov 2020 @ 5:25pm

      Aside from the removal of references to copyrighted works, what other significant change(s) did the Youtube-dl team make to its repository? And how can GitHub “aid infringement” when GitHub has no control over how people who download Youtube-dl use the program — including those who use it for wholly legal purposes (e.g., downloading public domain works such as Night of the Living Dead)?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Nov 2020 @ 6:08pm

      Re: RIAA WON. NOT SIMPLY RE-INSTATED. WAS CHANGED. C-H-A-N-G-E-D

      Nothing says "I have an intelligent argument" like spamming a bunch of garbage.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Herb Sluftwm, manager of Linux windows, 17 Nov 2020 @ 4:13pm

    "content won't always be removed right away"? FINE WITH ME!

    Again, see the Cox decisions. Acting (or NOT) outside of clear DMCA language opens up to BIG damages.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Nov 2020 @ 6:13pm

      Re: "content won't always be removed right away"? FINE WITH ME!

      They know and referenced the Cox decisions in every relevant article, and had plenty on the Cox case.

      The easy thing here is to see how your take on this plays out.

      (Another easy thing would be to organize your "thoughts" before posting, and avoid posting multiple times for no reason.)

      link to this | view in chronology ]

    • icon
      bhull242 (profile), 19 Nov 2020 @ 8:51am

      Re: "content won't always be removed right away"? FINE WITH ME!

      The Cox decisions were about failing to adhere to a policy. That’s not the case here.

      link to this | view in chronology ]

  • identicon
    David, 17 Nov 2020 @ 7:37pm

    AnyVideoConverter does the same thing and they haven't done shit to stop them.

    link to this | view in chronology ]

  • identicon
    Jimbo, 18 Nov 2020 @ 10:13am

    It's interesting......

    That this article appears the same day as https://www.techdirt.com/articles/20201112/16582545698/federal-court-says-state-regulation-that-comp els-production-code-may-violate-first-amendment.shtml.
    Isn't youtube-dl exercising its first amendment right when publishing a program? How can the federal government enforce the DMCA without violating a programmers right to free speech? It seems that copyright and the first amendment represent an internal contradiction within the Constitution.

    link to this | view in chronology ]

    • identicon
      Rocky, 19 Nov 2020 @ 1:47am

      Re: It's interesting......

      It seems that copyright and the first amendment represent an internal contradiction within the Constitution.

      In a way. Copyright in its current form is basically the government giving someone the right to infringe someone else's first amendment right, ie. "I'm sorry (not), you can't say that because I own the rights for that and I will use the government to censor your speech."

      If you look at the language in the constitution, the balance between someones first amendment rights and someones control over their works was supposed to be that the copyright was limited in time to a few decades at most.

      link to this | view in chronology ]

  • identicon
    Châu, 23 Nov 2020 @ 4:58pm

    RIAA forget about CC videos

    Some video in Youtube is public domain, CC0, CC BY, CC BY SA for other people download and remix, reuse, and recycle. Not all video have copyright monopoly.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.