GitHub has re-instated repositories for online backup tool, YouTube-DL. This after the Electronic Frontier Foundation (EFF) sent a letter.
It is a tool used by many, but for a short while, it was no longer accessible via GitHub. Last month, the Recording Industry Association of America (RIAA) issued a DMCA takedown notice against the tool. The RIAA claims that the tool is meant to circumvent DRM and download copyrighted material. As a result, the tool is somehow to blame for copyright infringement and needed to be taken down. Of course, as we noted at the time, the tool was still available through their official website.
As many pointed out, this is a general purpose tool. Many journalists use the tool to download an analyze video’s uploaded to various social media platforms. It also has a number of fair use applications such as downloading the contents of the video and uploading criticism or educational material after. In a number of cases, video’s uploaded to YouTube are also under various Creative Commons license. Yet, despite the many legal uses of the tool, the RIAA felt that it had the right to overrule that and suggest that the tool in question is merely used for infringing purposes.
Legally speaking, thanks to how broken the Digital Millennium Copyright act (DMCA), the RIAA is actually just stretching the laws. The DMCA does have provisions regarding circumvention of copy protection. Of course, this incident does more to make the case that the copyright laws are broken. Thanks to this, the EFF used the opportunity to highlight why anti-circumvention laws are broken. In a nutshell, DRM overrides what would be otherwise legal uses of copyrighted works (ala “Fair Use”). More often then not, the anti-circumvention laws actually stymie innovation and cast many innovative products into various legal grey area’s at best.
While the EFF’s comments does satisfy their advocacy role, some might wonder if the organization could to more. As it turns out, they did do more. The EFF apparently sent a letter to Github asking to re-instate the tool. From the letter:
The Electronic Frontier Foundation represents the current maintainers of the youtube-dl software utility, a free software project that uses GitHub as a home for development. As you are aware, GitHub disabled the youtube-dl repository in response to a demand from the Recording Industry Association of America sent on September 21, 2020.
We write to thank GitHub for striving to protect the rights of free and open source software developers, and to provide more information about youtube-dl to address the claims made in RIAA’s letter. First, youtube-dl does not infringe or encourage the infringement of any copyrighted works, and its references to copyrighted songs in its unit tests are a fair use. Nevertheless, youtube-dl’s maintainers are replacing these references. Second, youtube-dl does not violate Section 1201 of the DMCA because it does not “circumvent” any technical protection measures on YouTube videos. Similarly, the “signature” or “rolling cipher” mechanism employed by YouTube does not prevent copying of videos. Below we explain each of these points in more detail. It is our hope that, upon consideration of this information, GitHub will reactivate the youtube-dl repository.
We presume that this “signature” code is what RIAA refers to as a “rolling cipher,” although YouTube’s JavaScript code does not contain this phrase. Regardless of what this mechanism is called, youtube-dl does not “circumvent” it as that term is defined in Section 1201(a) of the Digital Millennium Copyright Act, because YouTube provides the means of accessing these video streams to anyone who requests them. As federal appeals court recently ruled, one does not “circumvent” an access control by using a publicly available password. Digital Drilling Data Systems, L.L.C. v. Petrolink Services, 965 F.3d 365, 372
(5th Cir. 2020). Circumvention is limited to actions that “descramble, decrypt, avoid, bypass, remove, deactivate or impair a technological measure,” without the authority of the copyright owner. “What is missing from this statutory definition is any reference to ‘use’ of a technological measure without the authority of the copyright owner.” Egilman v. Keller & Heckman, LLP., 401 F. Supp. 2d 105, 113 (D.D.C. 2005). Because youtube-dl simply uses the “signature” code provided by YouTube in the same manner as any browser, rather than bypassing or avoiding it, it does not circumvent, and any alleged lack of authorization from YouTube or the RIAA is irrelevant.Similarly, youtube-dl does not violate section 1201(b) of the DMCA because the “signature” code does not “prevent[], restrict[], or otherwise limit[] the exercise of a right of a copyright owner” — in other words, the code does not prevent copying of video data. Any program capable of running JavaScript programs can run YouTube’s “signature” code, regardless of whether it can also save a copy of the video streams it receives. The YouTube code is entirely different from the CSS encryption used on DVD discs and described in Universal City Studios, Inc. v. Corley, 273 F. 3d 429 (2d Cir. 2001), or from the Widevine DRM owned and used by YouTube’s parent company Google. Although I express no opinion here about how the DMCA might apply to these technologies, I note that both CSS and Widevine require licensed players containing secret keys, which are distributed only to technology vendors who agree to limit their use and maintain secrecy. In contrast, the YouTube “signature” code, is distributed to all comers and contains no secrets. YouTube does not require Web browser vendors to accept a license or a
commitment to secrecy in order to use the “signature” code, as it does with Widevine.
It seems that the letter worked. GitHub later announced that it was re-instating YouTube-DL. From GitHub:
Today we reinstated youtube-dl, a popular project on GitHub, after we received additional information about the project that enabled us to reverse a Digital Millennium Copyright Act (DMCA) takedown.
At GitHub, our priority is supporting open source and the developer community. And so we share developers’ frustration with this takedown—especially since this project has many legitimate purposes. Our actions were driven by processes required to comply with laws like the DMCA that put platforms like GitHub and developers in a difficult spot. And our reinstatement, based on new information that showed the project was not circumventing a technical protection measure (TPM), was inline with our values of putting developers first. We know developers want to understand what happened here, and want to know how GitHub will stand up for developers and refine our processes on these issues.
After explaining how they would overhaul it’s DMCA 1201 review process, GitHub said that they are also putting together a software developer defense fund:
Developers who are personally affected by a takedown notice or other legal claim rely on non-profits like the Software Freedom Law center and the Electronic Frontier Foundation (EFF) to provide them with legal advice and support in the event that they face an IP claim, under the DMCA or otherwise. These organizations provide critical legal support to developers who would otherwise be on their own, facing off against giant corporations or consortia.
Nonetheless, developers who want to push back against unwarranted takedowns may face the risk of taking on personal liability and legal defense costs. To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims. We will immediately begin working with other members of the community to set up this fund and take other measures to collectively protect developers and safeguard developer collaboration.
If you want to support developers facing legal challenges, you can consider supporting SFLC and EFF yourself as well.
In response, the EFF seemed pleased with the developments and offered their own comments. From the EFF:
It’s no secret that EFF doesn’t like Section 1201 and the ways it’s used to shut down innovation and competition. In fact, we’re challenging the law in court. But in the case of youtube-dl, Section 1201 doesn’t apply at all. GitHub agreed, and put the repository back online with its full functionality intact.
GitHub recognized that accusations about software projects violating DMCA 1201 don’t make valid takedowns under section 512. GitHub committed to have technical experts review Section 1201-related accusations and allow code repository owners to dispute those accusations before taking down their code. This is a strong commitment to the rights of GitHub’s developer community, and we hope it sets an example.
EFF is proud to have helped the free software community keep this important tool online. Please consider celebrating this victory with us by making a donation to EFF.
So, thanks to the EFF, we see a positive resolution in all of this. Journalists can more readily access the software to continue their analysis of video’s, Fair Use is protected, and software developers are now better protected. A great day all around, really.
Drew Wilson on Twitter: @icecube85 and Facebook.