The actual content of the legal argument being made by the RIAA in this and associated documents is lying by omission at best, and arguably is straight up perjury.
The only _concrete_ circumvention they level at youtube-dl is that it "circumvents YouTube’s rolling cipher". I looked into this more, and before I go into how totally bulshit it is that they've apparently conned judges into believing this, you should read their full accusation (or just read the full DMCA letter from the RIAA):
For further context, please see the attached court decision from the Hamburg
Regional Court that describes the technological measure at issue (known as
YouTube’s “rolling cipher”), and the court’s determination that the technology
employed by YouTube is an effective technical measure within the meaning of EU
1 See https://github.com/ytdl-org/youtube-dl/blob/master/README.md#readme.
and German law, which is materially identical to Title 17 U.S.C. §1201 of the
United States Code. The court further determined that the service at issue in
that case unlawfully circumvented YouTube’s rolling cipher technical
protection measure.2 The youtube-dl source code functions in a manner
essentially identical to the service at issue in the Hamburg Regional Court
decision. As there, the youtube-dl source code available on Github (which is
the subject of this notice) circumvents YouTube’s rolling cipher to gain
unauthorized access to copyrighted audio files, in violation of YouTube’s
express terms of service,3 and in plain violation of Section 1201 of the
Digital Millennium Copyright Act, 17 U.S.C. §1201.
So that's what the RIAA is saying that youtube-dl is doing. However, they're referencing a document that I _presume_ was attached to their original email, the document from the Hamburg Regional Court, but we don't have that email, as Github didn't publish that document for us to see.
So I went looking, and it turns out that the RIAA has used this exact same excuse to go after some other people, their documents are available, and we can see more of what they wrote. I'm referencing this[1] document which I found through this[0] blog post about a 2016 case where the RIAA went after an online service called TYMP3. Here are the links, and here's what the RIAA said:
[0] - https://www.techdirt.com/articles/20160927/17062135646/can-s...
[1] - https://assets.documentcloud.org/documents/3114545/YTMP3-Com...
< The following is found on page 8 of the PDF linked above >
39. Plaintiffs are informed and believe, and on that basis allege as follows:
YouTube has adopted and implemented technological measures to control access to
content maintained on its site and to prevent or inhibit downloading, copying,
or illicit distribution of that content. YouTube maintains two separate URLs
for any given video file: one URL, which is visible to the user, is for the
webpage where the video playback occurs, and one URL, which is not visible to
the user, is for the video file itself. The second URL is generated using a
complex (and periodically changing) algorithm - known as a “rolling cipher” -
that is intended to inhibit direct access to the underlying YouTube video
files, thereby preventing or inhibiting the downloading, copying, or
distribution of the video files.
< further down, on page 12, they lay out their accusation >
Among other things, Plaintiffs are informed and believe, and on that basis
allege, that YTMP3 employs a means to circumvent the YouTube rolling cipher
technology described above, and other technological means that YouTube employs
to protect content on its site.
So, let's go see what the Youtube-dl source code actually is doing. The tl;dr version is that youtube does some slight rearranging of the characters in the URL of the remote resource, but they also supply you with the JS code to un-arrange that code into the actual working "signature" which you can use to request the video from youtube. So youtube-dl downloads the rearranged URL, and the JS that youtube provides, and uses a Python implementation of the JS interpreter to run YOUTUBE'S OWN JS THAT YOUTUBE SENT US IN CLEARTEXT TO FIGURE OUT HOW TO DOWNLOAD THE VIDEO. See the source code (hosted on gitlab for now, hopefully that stays up):
https://gitlab.com/HacktorIT/youtube-dl/-/blob/master/youtub...
So to summarize, youtube creates two URLs: one that's a public video URL, and one that's the URL to the actual video content. The URL to the video content changes on a rolling basis, and is slightly rearranged. All that's true. However, what the RIAA is avoiding saying, and which completely changes the context of this discussion is:
YOUTUBE SENDS YOU BOTH URLS IN CLEARTEXT, AND INCLUDES THE CODE FOR HOW TO DOWNLOAD THE VIDEO, SO YOU AND YOUR WEB BROWSER CAN DOWNLOAD THE VIDEOS WITHOUT USING ANY ENCRYPTION/DECODING.
So when a judge asks "how is it that you're getting around this 'rolling cipher' to access the video?" all you have to say is "Youtube told me where to download the video, so I followed Youtube's instructions and downloaded it from the URL that Youtube gave me."
Frankly, I'm amazed that any judge, or any lawyer, would ever lay out or believe such bare faced lies as is being spouted by the RIAA in this document.
FUCK THE RIAA
Let me be clear, basically the "rolling cipher" is DASH/HLS streaming for automatic quality changing. This has been an argument RIAA has been making since 2016, but outside of the judgement in Germany (which is wrong). All they have had on it are default judgements where no-one has even tried to counter it in court.