They did a bunch of sites with similar tech shortly after. I can't help but think they are so out of the loop that they just found out the technology existed.
Or maybe the court that the RIAA thinks will ultimately hear any related cases just had a conservative judge confirmed that they think will be sympathetic to them.
That couldn't possibly shift anything; RBG was pretty much a copyright maximalist.
The best ACB (who AFAIK has very little if any notable copyright record, either as a judge or otherwise) could be, from their perspective, is no change from the status quo ante.
I'm completely guessing here but as ACB takes the stance of originalism, it doesn't seem like much of a stretch for her to look at the DMCA's ability to silence people talking about how to break DRM as a blatant disregard for the for the First Amendment.
Are conservative judges more likely to rule on the side of strengthening copyright? I didn't realize there was a liberal <-> conservative split on this.
I haven’t noticed a political association with copyright cases, I know some conservative Judges in Texas counties pretty much kicked copyright trolls out of the courtroom when they tried targeting defendants using IP addresses.
Intellectual Property also seems like a more liberal realm, Hollywood, Silicon Valley, RIAA, MPAA, Disney, Apple, etc. all seem to be quite left leaning.
They aren't. Like others have pointed out, RBG was a copyright maximalist and all the proponents of strengthening copyright, RIAA, Hollywood, Silicon Valley, etc tend to be left-leaning.
No idea where that line of thinking came from. Though if I were a little more cynical I'd say sometimes it feels like there's a trend to attribute everything negative to conservatives.
Besides the fact that DMCA was probably created specifically for the RIAA, is it possible for the EFF to push for the RIAA to be stripped of their right to use DMCA due to their abuse of it?
OSS developers as a whole can fight back by lobbying projects to add license exceptions against certain corporations. Viewing riaa.com, let's start with jQuery, WordPress and bootstrap.
It's sometimes very hard to change the license of an open source project. Technically you would need to contact all of the contributors to the project (and there may be a lot of them) and acquire their permission.
In any case, RIAA already has a license to use the existing software. That license can't be unilaterally withdrawn, unless RIAA violates terms of the license that invalidates it. New versions of the software can be released with the new license, but RIAA can continue to use the older version with the original license.
And, as other people have pointed out, this would create a software license that is "non-free", and therefore incompatible with other open-source licenses, causing all sorts of headaches with software distributions, and any other software that has a dependency on the software.
And if everybody add their own little restrictions on people / organizations they find evil, the whole thing could rapidly become unmanageable even if licenses are somewhat compatible when trying to combine codes from different projects.
This is not a good path to take, even if it sounds appealing.
Revenge is also often not the right response to a bad action, it can escalate where the opposite effect may be desirable.
Let's try other stuff and continue to allow RIAA to use our tools, they even may evolve for the better in the future and that would be great, no?
And it is not about revenge. It is about enforcing the spirit of those open source licenses. WordPress uses GPL to force users to contribute to open source.
Do you think the RIAA contributes? Instead they actively attack it.
Do you think the RIAA can evolve for the better? It has an explicit mandate to restrict copyrights. Its existence opposes the software they use.
True, sadly it is unfeasible. It is a nice fantasy.
This depends on whether the GPL includes (part of) the html-code distributed by the website (seems not, this is the domain of AGPL). GPL is widely known to be insidious.
If by rights, you explicitly mean "The right to be paid" then I think you're probably correct.
Although I'd note they're not really interested in having the musician get paid. Mainly just members of the RIAA.
Now - I have some sympathy for that view - I'd also like to get paid, and while I think the RIAA has little real value in the world, some of it's members certainly are working on the marketing and promotion front.
That said, I use many of these downloading services to save conference talks from youtube. So they're attacking a service I use legally for a useful purpose. At some point, ethically, I start to lose ANY sympathy for them as an organization.
You're not going to get a lot of traction asking open source projects to stop being Open Source.
The OSI open source definition (and the Debian Free Software Guidelines that it was adapted from) specifically prohibit discrimination against Persons, Groups or Fields of Endeavor.
> Viewing riaa.com, let's start with jQuery, WordPress and bootstrap.
More interesting perhaps would be a restriction on using the software on a device that implements DRM. Then wait for the software to end up on RIAA member servers or hardware products and enforce the license.
Surely there exists better terms than an explicit blacklist. I see this as a social weakness in GPL and other open source. GPL wanted to restrict people from profiting without contributing back. Now they profit and attack other projects.
What about this: GPL is supported by the FSF. Add a term which allows license use as long as no other projects explicitly supported by the FSF are attacked. (For some definition of attacked, supported,...)
Everything remains open, yet the FSF/OSI gets ways to fight back against egregorious takedowns.
Even just terms revoking the youtube-dl license the RIAA has (because you can bet one of them has used it), would be a step forward.
microsoft had a rare chance here to actually stand up for developers in a way that would gain them a lot of mindshare, goodwill and respect. i wish they would’ve taken it.
* Complied with a DMCA take-down request which he had no legal reason to comply with. DMCA takedown requests are for infringing content. DMCA bans anticircumvention measures, but that's between youtube-dl and RIAA. RIAA does that by initiating litigation, or sending a demand letter to the youtube-dl project.
* Took down forks of youtube-dl, which he had no reason to do. Those should have been independent DMCA requests.
* Threatened to ban users who forked youtube-dl, in violation of his own ToS and DMCA policy.
If Nat was doing the bare minimum required to maintain legal compliance, I wouldn't fault him. Legally, he's zealously pursuing youtube-dl and acting as the RIAA's lapdog. At the same time, he's publicly making statements of empathy towards youtube-dl.
Which is more of an indication that they realized this is costing them too much good will after the fact.
He did still require code to be removed in order to reinstate the repository and the RIAA still managed to cause turmoil, so I would call this too little, too late.
Microsoft had a rare chance to stand up for developers? By what, tackling the DMCA head on by defending a tool which is _clearly_ against the provisions of it? I can get behind them standing up when its an issue thats actually debatable, but this case seems so clear cut it would have just been a waste of everyones time. But hey, anything to shit on MS right?
microsoft has lawyers and can afford to pay them. I find your characterization of “_clearly_” as anything but. As to Microsoft, with Ballmer in charge, this is definitely how they would act, but I guess I was under the mistaken impression that under Nadella things would operate differently.
i certainly hope the Streisand effect brings the general public the knowledge that this program exists and proliferate its existence.
Whether the RIAA is acting correctly within the law or not is irrelevant to me. If they are indeed acting correctly within the existing laws, then i would call for civil disobedience against unjust and unfair law.
It would be super nice if they published a copy of their latest git repository. It doesn't need to be anything fancy. Just a .gz file pushed to the website once a day (or week even) would be great.
Thank you! I tried that one a few days ago but it hadn't been updated since the github takedown so I incorrectly assumed development was happening elsewhere.
You must have missed the whole DeCSS debacle. That was code that absolutely was meant to circumvent an encryption protection scheme regardless of how weak its encryption was. They went so far as to print the source code of DeCSS on t-shirts[0] as first amendment gestures after that code was deemed enemy number 1.
This is a gross misremembering of how DeCSS went down. They didn't just print "source code" on shirts, they very specifically printed the "magic number" that the MPAA was claiming was copyrighted CONTENT, not a circumvention device.
Who's grossly misremembering what? CSS was the encryption scheme attempting to protect DVDs. AACS was the encryption for Blu-ray. DeCSS could defeat CSS encryption because it was so weak. AACS was defeated because the master key that generated all other keys was discovered [0]. That's the magic number to which you are referring. Totally different subjects on somewhat similar topics. These 2 cases were separated by years.
Could you point to the portion of 1201 that has a notice-and-takedown regime at all, as opposed to the ordinary default of the plaintiff needing a court order (which the RIAA hadn't bothered to get)?
I believe DMCA also applies to circumvention tools.
I don't personally agree that youtube-dl is a circumvention tool since all it does is emulate what your browser does anyway, but I presume that is the argument.
>believe DMCA also applies to circumvention tools.
There is a separate section of the DMCA that deals with circumvention tools requiring a court order to take them down. DMCA takedown requests do not cover circumvention tools.
> Unfortunately, companies have to respond to even grossly incorrect DMCA requests to avoid liability
No, they don't, because if they are grossly incorrect, there's no liability to avoid.
They have to respond to even grossly incorrect though facially valid DMCA requests to avoid the costs of trying to evaluate whether DMCA requests that are facially invalid are sufficiently grossly incorrect as to present no real risk of liability.
"DMCA 1201 says that it's illegal to bypass a digital lock in order to access or modify a copyrighted work."
No, 1201 says, among other things, that it is a violation of the Copyright Act (which may only carry civil liability, so not necessarily "illegal") to share the means to circumvent access controls to a copyrighted work. That is the part of 1201 the RIAA cited in its letter.
It is the sharing that is the alleged 1201 violation. Not any circumvention.
The RIAA letter cites 1201(a)(2) and 1201(b)(1). The letter alleges sharing of circumvention software.
The letter does not cite 1201(a)(1); it does not allege circumvention.
For a section 1201 violation to be criminal it needs to be willful and for the purpose of financial gain. See Section 1204. To me, the term "illegal" means "in violation of the law", and hence enforceable by so-called law enforcement. Here, non-wilful violations of "the law" that are not committed for financial gain are only enforceable by copyright owners. This, to me, falls into the category of violating someone's intellectual property rights, not violating "the law". If you see things another way, that's fine. I respect your opinion and ask that you in turn respect mine.
Note the use of the phrases "primarily designed", "has only limited commercially significant purpose", "is marketed ... for use in circumventing" -- I think the RIAA is on thin ice in this respect, but that's not for me to decide of course. Grepping through my bash history I see some stuff that could perhaps be RIAA stuff, and other things that aren't.
Anyway:
(a) Violations Regarding Circumvention of Technological Measures.—
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
(C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
(3) As used in this subsection—
(A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
(B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
(b) Additional Violations.—
(1) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof;
(B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or
(C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.
(2) As used in this subsection—
(A) to “circumvent protection afforded by a technological measure” means avoiding, bypassing, removing, deactivating, or otherwise impairing a technological measure; and
(B) a technological measure “effectively protects a right of a copyright owner under this title” if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title.
"No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter."
So circumvention itself is also illegal under the DMCA. But this issue is about trafficking in circumvention devices.
The question is that, AFAIK, there is nothing to circumvent by downloading from Youtube: there's no DRM or anything at all to actually be cracked. Right?
To over-simplify, you just need to implement a streaming client that saves to disk. That's the reason there are a gazillion youtube downloaders and custom, also open-source, clients that can "show" Youtube.
Thus, unless I've been misinformed and, extrapolating a little, they could just as well take down 'wget' in the same go because it also downloads potentially copyright-infringing files over various protocols.
I've seen a lot of speculation that the "rolling cipher" on certain Youtube videos could be classified as a protection scheme.
I'm actually more interested in what this could mean for Adblockers, which often need to employ a variety of tricks to get around anti-adblocking tech on websites.
According to the law, this is incorrect. A technological measure to control access is effective if, "in the normal course of its operation" (that is, when it is not being bypassed), it protects the rights of the copyright owner to some piece of work. The most trivial thing -- JavaScript code that disables right clicks -- can be effective under this standard. And getting around it would still be a crime.
The javascript example shows the problem of this definition.
What if I have disabled javascript or use a browser without javascript?
I wouldn't even know that some kind of protection exists.
What if I distribute youtube-dl behind some trvially bypassed JavaScript protections and some passwords and "you're not authorised" messages a la CFAA, then have an "enemy" spread knowledge of how to bypass all this on some shady forums? Who sues me? And how many felonies do they commit in building their case against me?
In other words, there's a catch-22 in how strict we are about the definition of effective protection. 99% of the public won't even open their browser tools so I guess if youtube-dl is put behind some very generously documented JavaScript that is easily bypassed then it is not actually out in public because it is effectively DRM protected, right?
More importantly, if a work is distributed under a "protection" mechanism that is regularly bypassed by browsers, does that mean that browsers are circumvention tools too?
Browsers don't bypass the protection mechanism, they implement it. Certain YouTube videos are licensed only for streaming playback by the YouTube site or app. There's JavaScript on the YouTube site that descrambles the URL of the content. Going to the YouTube site and playing back a video from there is fine. However, if you were to write, say, a Node version of youtube-dl that downloads and 'eval's the descrambling code from the site, and use that to download a video for uses not licensed or authorized by the rightsholder, that too would be circumvention under the DMCA and thus illegal.
There's really is no way around this. YouTube videos are protected by technological copyright restrictions. ANY attempt to get around those restrictions is a crime.
Even if this were not the case, you would be committing copyright infringement by downloading the videos for unauthorized use anyway. The DMCA just gives legal teeth to technological attempts to prevent casual infringement.
> Browsers don't bypass the protection mechanism, they implement it.
This is incorrect. The website implements the protection mechanism, browsers execute it, just as youtube-dl. The implementor is the person writing the code, not the system executing it.
> Certain YouTube videos are licensed only for streaming playback by the YouTube site or app.
The meaning of this sentence is unclear. What does it mean for playback to only be allowed by the (web)site? Websites alone cannot do anything -- they require a web agent which fetches and executes them. Firefox, Chrome, Safari and youtube-dl are examples of such agents.
> Even if this were not the case, you would be committing copyright infringement by downloading the videos for unauthorized use anyway.
Luckily for me, I am in a jurisdiction where this is not the case and where DMCA plays no role.
And when defining "effective" we should not only consider YouTube, but also the software protecting that one guy's personal collection of over 9000 movies that he has exposed to the web for his own personal use.
For example, if YouTube has effective DRM. Then I suppose I should be good to throw up all the latest Disney movies on my personal website, for personal viewing, behind that same effective DRM, right?
Effectively of course means "in effect" in this context, for example YouTube doesn't have to prove the measure was designed to limit access, only that it does in some way.
Pretending yt-dl simply does what YouTube does is obviously not true either, because if it did, then yt-dl wouldn't exist. The copyright holder decided he would allow the streaming of the work, if you want to download it you should either get the ok from the copyright holder for that or choose another work to download, or even make one yourself. V8 doesn't change that.
I was curious about this as well, so I watched Leonard French's discussion about this case, as he is both a copyright defense lawyer and has some background with code.
He discusses exactly this issue, and points out that it does not matter how strong the protection really is...even if it's a basic obfuscation that could be reversed with a one-liner, it still qualifies.
In short, even though the above comment is being downvoted, I think it is correct from a legal perspective, in the sense that even YouTube's basic approach to obfuscation will be sufficient to quality.
> Effectively of course means "in effect" in this context
No, it means "in an effective manner"; that's also how it is specified in European legal languages (which have more different words with less ambiguity); the effectiveness must be an objectively ascertainable characteristic of the technology, not simply an (unsubstantiated) claim by the claimant; A "mock protection" would not be protected by the law.
> because if it did, then yt-dl wouldn't exist.
You mix up design decisions made by Youtube with copyright law. Even if Youtube requires users to not download videos in their terms of services this has nothing to do with copyright law and the DMCA based actions.
Technological measures shall be deemed 'effective' where the use of a protected work or other subject matter is controlled by the rights holders through application of an access control or protection process, such as encryption, scrambling or other transformation of the work or other subject-matter or a copy control mechanism, which achieves the protection objective.
There is no provision for effectiveness in any other sense than what I claimed.
WIPO WCT treaty article 11 (see https://www.wipo.int/treaties/en/text.jsp?file_id=295166#P56...): Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.
RICHTLINIE 2001/29/EG DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 22. Mai 2001 (see https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A...) Artikel 6, Paragraph 1: quote "gegen die Umgehung wirksamer technischer Maßnahmen", Paragraph 3: "Technische Maßnahmen sind als „wirksam“ anzusehen, soweit die Nutzung eines geschützten Werks oder eines sonstigen Schutzgegenstands von den Rechtsinhabern durch eine Zugangskontrolle oder einen Schutzmechanismus wie Verschlüsselung, Verzerrung oder sonstige Umwandlung des Werks oder sonstigen Schutzgegenstands oder einen Mechanismus zur Kontrolle der Vervielfältigung, die die Erreichung des Schutzziels sicherstellen, unter Kontrolle gehalten wird.
DIRECTIVE 2001/29/CE DU PARLEMENT EUROPÉEN ET DU CONSEIL du 22 mai (see 2001https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A...) Article 1: "le contournement de toute mesure technique efficace" and "Les mesures techniques sont réputées efficaces lorsque l'utilisation d'une œuvre protégée, ou celle d'un autre objet protégé, est contrôlée par les titulaires du droit grâce à l'application d'un code d'accès ou d'un procédé de protection, tel que le cryptage, le brouillage ou toute autre transformation de l'œuvre ou de l'objet protégé ou d'un mécanisme de contrôle de copie qui atteint cet objectif de protection."
So the laws in general only apply to technical measures objectively (i.e. corresponding to the state of the art) able to protect legal rights in an effective manner. Measures which are not considered effective cannot claim legal protection.
"technological measures in effect" (as you proposed) means "technische Maßnahmen in der Tat angewandt" in German or "les mesures technologiques en vigueur" in French which is not the same as "wirksame technische Massnahmen" or "de toute mesure technique efficace" or "effective technological measures"
YouTube may not only be limiting access. It may also, or alternatively, be limiting copying. See 1201(b)(1). There appears to be a distinction in the suggested interpretation of 1201 between "access controls" and "copy controls". RIAA cited both 1201(a)(2) and 1201(b)(1). Circumventing copy controls may be permitted under the DMCA, however trafficking in the means to circumvent copy controls is prohibited. Using youtube-dl in order to make a copy of a copy-protected video for oneself might be permitted under the DMCA, but sharing youtube-dl on Github could be prohibited.
I've only downloaded works with youtube-dl where I had permission of the copyright holder.
The whole point of youtube was to make it convenient for decentralized content creators to share things. Most WANT their stuff being downloaded. If I'm uploading an educational or family video to Youtube, it's because it's a convenient way for others to watch it, not because I want to maintain control, or earn $0.0001 in ad revenues for Auntie being shown a Trump campaign ad.
youtube-dl makes it possible for kids in the developing world to watch educational videos, for people to watch family videos in rural America, and for kids to learn remotely.
Youtube-dl doesn't do what Youtube does. What it does is extends Youtube to millions of people without high-speed internet connections. That's not a population Google particularly cares about including (not a lot of ad dollars), but it's also not one Google particularly cares about excluding (they are not douchebags, like the RIAA).
If the RIAA wants locked-down controls, they should go with centralized platforms. That's what they're there for. In the meantime, shooting educators using Youtube in the foot means, eventually, educators will go somewhere else.
yt-dl exists not just for youtube, it allows users to access audio and video streams from many different websites without the overhead of a full featured web browser.
But in the case of youtube, it exists to automate what can trivially be done by hand using the inspector. Seriously, yt-dl really does just selectively run some javascript which gives it the video URL.
I disagree that "effectively" means "in effect", it's the first time I've heard of this and in past court cases regarding such protection measures, the plaintiff had to prove that the measure was effective (not trivially bypassed by an unskilled average user by accident as I think could be argued in this case).
Regarding your claim that I am "pretending" that yt-dl simply does what YouTube does: When I go to the inspector and find the URL for the video and audio streams, without prior knowledge that youtube is using some kind of "rolling cipher" I would have no idea that there was some kind of protection in use. I can access the video stream of a youtube video using just my mouse, I don't have to run any functions or find any decryption functions. You should try it. It's hard to argue that there is a protection mechanism in place if someone could by accident discover the video data if they were a curious user who started playing around with the inspector console.
Finally, to address your implication that the tool is designed to unlawfully acquire content from youtube. I don't think the tool is intended for that purpose, at least not the way it is presented. I think it's important to distinguish between "downloading with intent to keep" and "downloading with intent to temporarily access". I'm not sure if such a distinction is ever made in the courts but it should be considering the former may be illegal depending on whether you asked the copyright holder if you can do it and the latter is literally what your web browser does. 99% of the time I use youtube-dl (which is also the way it gets used by programs like mpv or the kodi youtube plugin), I use it to access and temporarily view a video. I may be on a machine where having a full fledged web browser would be impossible because of performance reasons or whatever. Or I just don't like the youtube viewer and want more control over the playback. The project also codifies in multiple places the intention that it is not designed for illegal use. Extractors which bypass DRM or access control measures are not accepted.
If you look at the implementation of youtube-dl's youtube extractor (please do, the code isn't that complex) it is easy to claim that: youtube-dl is simply a very heavily stripped down web browser which is intended simply to provide the ability to view videos and audio streams on websites with minimal overhead without any intent to circumvent any protection schemes.
As a final note: youtube does have DRM protected videos which use some kind of encryption, these do not work with youtube-dl, I tried (and I paid for the video not knowing that I would be stuck with it being encrypted unless I had EME enabled, in a last ditch effort to watch it I tried youtube-dl but it had the same problem, I got a refund).
Arguing the finer points of a law that is deeply flawed in the first place strikes me as a terrible waste of one's intellectual talents unless the goal is to get said law to be revoked.
2 out of the 3 First Amendment claims (overbreadth, prior restraint) were dismissed. The one that survived was that 1201 might be unconsitutional as applied to the specific set of facts: a researcher publishing a book on encryption. The case is ongoing; there are no indications that EFF will succeed.
Someone should succeed, may be legislators who shouldn't have allowed this to exist in the first place. Corrupt DMCA 1201 garbage should be eventually repealed.
I certainly believe it's unconstitutional but as an non-expert I think the courts feel skeptical of that argument (I believe they argue circumvention is conduct and not speech), and are perhaps less likely to review such cases because they feel it's unimportant. I'm hopeful about the EFF litigation though.
I'm always wondering about the coincidence of calendar proximity of google music moving to youtube music and that takedown that explicitly mentions VEVO
I'm surprised EFF bothered to say anything at all, now 13 days later. For those keeping score, Popcorn Time repo was only down for 15 days after RIAA's DMCA takedown.
This is mildly misleading. RIAA's argument is mostly about the marketing for use with copyrighted content. The statute clearly doesn't say what EFF is saying RIAA thinks it says, and I don't see any indication that RIAA actually thinks or claims that interpretation.
You mean the fact that buried deep inside some test scripts were test targets to test specific URL encoding schemes that only exist on uploads by specific youtube partners (e.g. VEVO) by downloading and discarding less than 1 second of video?
The youtube-dl documentation uses free videos uploaded by youtube-dl developers and by the Linux foundation.
The claims that youtube-dl used RIAA member copyrighted works as examples in their docs are false.
