GitHub recently reinstated the repository for youtube-dl, a popular free software tool for downloading videos from YouTube and other user-uploaded video platforms. GitHub had taken down the repository last month after the Recording Industry Association of America (RIAA) abused the Digital Millennium Copyright Act’s notice-and-takedown procedure to pressure GitHub to remove it.
By shoehorning DMCA 1201 into the notice-and-takedown process, RIAA potentially sets a very dangerous precedent.
The removal of youtube-dl’s source code caused an outcry. The tool is used by journalists and activists to save eyewitness videos, by YouTubers to save backup copies of their own uploaded videos, and by people with slow or unreliable network connections to download videos in high resolution and watch them without buffering interruptions, to name just a few of the uses we’ve heard about. youtube-dl is a lot like the videocassette recorders of decades past: a flexible tool for saving personal copies of video that’s already accessible to the public.
Under the DMCA, an online platform like GitHub is not responsible for the allegedly infringing activities of its users so long as that platform follows certain rules, including complying when a copyright holder asks it to take down infringing material. But unlike most DMCA takedowns, youtube-dl contained no material belonging to the RIAA or its member companies. RIAA’s argument hinges on a separate section of the DMCA, Section 1201, which says that it’s illegal to bypass a digital lock in order to access or modify a copyrighted work—or to provide tools to others that bypass digital locks. The RIAA argued that since youtube-dl could be used to infringe on copyrighted music, GitHub must remove it. By shoehorning DMCA 1201 into the notice-and-takedown process, RIAA potentially sets a very dangerous precedent, making it extremely easy for copyright holders to remove software tools from the Internet based only on the argument that those tools could be used for copyright infringement.
Youtube-dl’s code did contain the titles and URLs of certain commercial music videos as a part of a list of videos to use to test the tool’s functionality. Of course, simply mentioning a video’s URL is not an infringement, nor is streaming a few seconds of that video to test a tool’s functionality. As EFF explained in a letter to GitHub on behalf of youtube-dl’s team of maintainers:
First, youtube-dl does not infringe or encourage the infringement of any copyrighted works, and its references to copyrighted songs in its unit tests are a fair use. Nevertheless, youtube-dl’s maintainers are replacing these references. Second, youtube-dl does not violate Section 1201 of the DMCA because it does not “circumvent” any technical protection measures on YouTube videos.
Fortunately, after receiving EFF’s letter, GitHub has reversed course. From GitHub’s announcement:
Although we did initially take the project down, we understand that just because code can be used to access copyrighted works doesn’t mean it can’t also be used to access works in non-infringing ways. We also understood that this project’s code has many legitimate purposes, including changing playback speeds for accessibility, preserving evidence in the fight for human rights, aiding journalists in fact-checking, and downloading Creative Commons-licensed or public domain videos. When we see it is possible to modify a project to remove allegedly infringing content, we give the owners a chance to fix problems before we take content down. If not, they can always respond to the notification disabling the repository and offer to make changes, or file a counter notice.
Again, although our clients chose to remove the references to the specific videos that GitHub requested, including them did not constitute copyright infringement.
RIAA’s letter accused youtube-dl of being a “circumvention device” that bypasses a digital lock protected by section 1201 of the DMCA. Responding on behalf of the developers, EFF explained that the “signature” code used by YouTube (what RIAA calls a “rolling cipher”) isn’t a protected digital lock—and if it were, youtube-dl doesn’t “circumvent” it but simply uses it as intended. For some videos, YouTube embeds a block of JavaScript code in its player pages. That code calculates a number called “sig” and sends this number back to YouTube’s video servers as part of signaling the actual video stream to begin. Any client software that can interpret JavaScript can run YouTube’s “signature” code and produce the right response, whether it’s a standard web browser or youtube-dl. The actual video stream isn’t encrypted with any DRM scheme like the ones used by subscription video sites.
It’s no secret that EFF doesn’t like Section 1201 and the ways it’s used to shut down innovation and competition. In fact, we’re challenging the law in court. But in the case of youtube-dl, Section 1201 doesn’t apply at all. GitHub agreed, and put the repository back online with its full functionality intact.
GitHub recognized that accusations about software projects violating DMCA 1201 don’t make valid takedowns under section 512. GitHub committed to have technical experts review Section 1201-related accusations and allow code repository owners to dispute those accusations before taking down their code. This is a strong commitment to the rights of GitHub’s developer community, and we hope it sets an example.