GitHub Reinstates youtube-dl After RIAA Demanded Its Removal github.blog

Abby Vollmer of GitHub:

As we explained, the key claim in the youtube-dl takedown is circumvention. Although we did initially take the project down, we understand that just because code can be used to access copyrighted works doesn’t mean it can’t also be used to access works in non-infringing ways. We also understood that this project’s code has many legitimate purposes, including changing playback speeds for accessibility, preserving evidence in the fight for human rights, aiding journalists in fact-checking, and downloading Creative Commons-licensed or public domain videos. When we see it is possible to modify a project to remove allegedly infringing content, we give the owners a chance to fix problems before we take content down. If not, they can always respond to the notification disabling the repository and offer to make changes, or file a counter notice.

That’s what happened in this case. First, we were able to reinstate a fork of youtube-dl after one of the fork owners applied a patch with changes in response to the notice.

Then, after we received new information that showed the youtube-dl project does not in fact violate the DMCA‘s anticircumvention prohibitions, we concluded that the allegations did not establish a violation of the law. In addition, the maintainer submitted a patch to the project addressing the allegations of infringement based on unit tests referencing copyrighted videos. Based on all of this, we reinstated the youtube-dl project and will be providing options for reinstatement to all of its forks.

The additional information was a letter sent to GitHub by Mitchell Stolz, an attorney at the Electronic Frontier Foundation, that showed youtube-dl does not “circumvent” anything on YouTube:

We presume that this “signature” code is what RIAA refers to as a “rolling cipher,” although YouTube’s JavaScript code does not contain this phrase. Regardless of what this mechanism is called, youtube-dl does not “circumvent” it as that term is defined in Section 1201(a) of the Digital Millennium Copyright Act, because YouTube provides the means of accessing these video streams to anyone who requests them. As federal appeals court recently ruled, one does not “circumvent” an access control by using a publicly available password. Digital Drilling Data Systems, L.L.C. v. Petrolink Services, 965 F.3d 365, 372 (5th Cir. 2020). Circumvention is limited to actions that “descramble, decrypt, avoid, bypass, remove, deactivate or impair a technological measure,” without the authority of the copyright owner. “What is missing from this statutory definition is any reference to ‘use’ of a technological measure without the authority of the copyright owner.” Egilman v. Keller & Heckman, LLP., 401 F. Supp. 2d 105, 113 (D.D.C. 2005). Because youtube-dl simply uses the “signature” code provided by YouTube in the same manner as any browser, rather than bypassing or avoiding it, it does not circumvent, and any alleged lack of authorization from YouTube or the RIAA is irrelevant.

GitHub has also committed one million dollars to a fund for defending developers from bogus claims of circumventing intellectual property protections.