Disclaimer: IANAL.
The legal reasoning here is shaky. Notice that they cite a German court and assert that the law there is materially the same as that in the US.
I did some research on this specific issue at one point, and I'm skeptical that Youtube's controls qualify under the law in question.
RIAA cites two sections of the law: >the provision or trafficking of the source code violates 17 USC §§1201(a)(2) and 1201(b)(1).
It almost certainly doesn't violate 1201(a)(2), which is for access controls. This is intended to be used by someone who already has access to Youtube, so no access controls are bypassed.
R. CHRISTOPHER GOODWIN & ASSOCIATES, INC. v. SEARCH, INC., Dist. Court, ED Louisiana 2019:
>While the user id/password combination required for access was surely a "technological measure" that controlled access to the works at issue, Pevny did not circumvent that measure. She validly accessed the system using her id/password combination while she was still an employee with Plaintiff. Even if the use that she made of that access is not something that Plaintiff would have authorized her to do, i.e., copy the materials at issue, it remains that Pevny's alleged abuse of her logon privileges does not rise to the level of descrambling, decrypting, or otherwise to avoiding, bypassing, removing, deactivating, or impairing anything. As the district court observed in Digital Drilling Data Systems, LLC v. Petrolink Services, Inc., No. 4:15-CV-02172, 2018 WL 2267139, at *14 (S.D. Tex. May 16, 2018), many different district courts have held that using the correct username and password to access a copyrighted work, even without authorization to do so, does not constitute circumvention under § 1201(a) of the DMCA.
Youtube-dl either involves access to files that don't require a login, or it uses your password / cookies to access the file, so it doesn't bypass access controls.
The claim under 1201(b)(1), which is for copy controls, has more potential.
There are the subsections:
>(A)is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; >(B)has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or >(C)is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.
A and B clearly don't apply. The primary purpose of youtube-dl isn't to download copyrighted content, but simply to download Youtube videos, whether they're copyrighted or not. There's clearly more than limited legitimate uses (such as downloaded public domain videos.) The question here is about C - there's an arguable case that the examples in the repo that this letter cites are "marketing" usage for infringing purposes. I'm somewhat skeptical that counts as "marketing", however, and it could be easily remedied by removing those examples or replacing with public domain examples.
The concrete action they're accusing youtube-dl of is that it "circumvents YouTube’s rolling cipher". The RIAA has used this same complaint to have other sites/tools taken down. I've looked into the implementation, and it turns out the Youtube is at most merely rearranging the characters of the CDN url of the video, and they send you JS code in the page to correctly arrange the characters of the URL so you can download it. Youtube-dl is using the Google-supplied JS and a JS interpreter to transform the Google supplied URL into the URL they need to download the videos. Youtube is asking Google what to do, and Google is saying "here's how you download the video".
I explained the full RIAA complaint, with links to prior complaints and the youtube-dl source code, here: https://news.ycombinator.com/item?id=24874111
Sounds like the next step should be: "embed a JS interpreter and use Google's own code."
That is in fact, exactly what youtube-dl is doing. They download the JS code provided by Google, then use regexes to figure out which function is the function that Google provides for un-arranging the characters, then they load Google's JS into an interpreter and provide it with the Google supplied URL to get the original signature. See the code here:
https://gitlab.com/HacktorIT/youtube-dl/-/blob/master/youtub...
So yeah, Youtube/Google is doing (basically) nothing to protect the content, and for the absolutely token obfuscation they do use, they also provide you with the way to get right back to directly accessing the data without any protections.
The RIAA is lying in saying that Google is using technical protections, and they're lying in saying that youtube-dl is doing anything other than what Google tells them to do in order to access videos.
Ah: I assumed this was something a la DeCSS - copyrighted numbers or a decryption algorithm or something.
I don't see how this is technically different than implementing any other conforming User Agent. Legally...
Ahem, your honor, please use the gavel to make it official.
Are they lying when they say ‘YouTube’s “rolling cipher” is an effective technical measure within the meaning of EU and German law, which is materially identical to Title 17 U.S.C. §1201 of the United States Code’? That seems quite plausible to me. Executing Google’s code in a regular web browser doesn’t give you a way to save an .mp4 file on your computer.
You can use Chrome's Network Tools to download the files. Hard to argue that it's effective when Google's own software can bypass it out of the box.
Just check the network tab, copy the URL and remove the range parameter. You'll get one for video and another for audio, which you can merge to recover the original file. This is effectively what youtube-dl does.
(A) seems applicable to me. It is obvious that the primary purpose of youtube-dl is to download videos from YouTube. It is also obvious that most videos on YouTube are copyrighted, and the absence of a ‘download’ button protects the copyright holder’s right to prevent viewers from redistributing the videos. The contentious part is whether not YouTube has “effective” anti-downloading controls that youtube-dl “circumvents.” The fact that it needs to be continually updated to defeat attempts at blocking it suggests that this is a fair characterisation.
> It is also obvious that most videos on YouTube are copyrighted
"Most" is not the same as "primary".
The conspicuous lack of a feature is not an active measure to be circumvented. Also, no one says you need to consume HTTP payloads with a traditional browser, no matter how much the rest of the worldwants to think that the Internet is all about the WWW.
Finally, there is most definitely gobs of YouTube public domain or CC-by-SA. Copyright owners who reserve all rights are not the center of the Universe.
The RIAA says the technological measure at issue is YouTube’s “rolling cipher,” which is more than the conspicuous lack of a download button.