• 17 November, 2020
• No Comments

GitHub Reinstates YouTube-dl, Promises To Overhaul DMCA Reviews

GitHub has announced today that YouTube-dl’s repository was reinstated after reversing a Digital Millennium Copyright Act (DMCA) takedown from last month.

YouTube-dl is a command-line program that helps users download multimedia content from YouTube and several other sites.

The utility is also used by journalists for various reporting tasks including downloading press releases, videos, and audio transcriptions.

YouTube-dl’s repository is in the top 40 most starred GitHub repositories with more than 72,000 stars.

YouTube-dl takedown details

On October 23, GitHub took down YouTube-dl’s repos due to a DMCA infringement notice filed by Recording Industry Association of America (RIAA), an organization that represents the U.S. recording industry.

Today, GitHub shared more info regarding why YouTube-dl was kicked off the platform and about why GitHub handled this situation the way it did.

“Our actions were driven by processes required to comply with laws like the DMCA that put platforms like GitHub and developers in a difficult spot,” GitHub’s Director of Platform Policy Abby Vollmer said.

“And our reinstatement, based on new information that showed the project was not circumventing a technical protection measure (TPM), was inline with our values of putting developers first.”

GitHub says that YouTube-dl’s takedown was caused by RIAA’s allegation that the code was designed to bypass TPMs controlling access or copying of copyrighted material, in direct violation of Section 1201 of the DMCA.

However, the company says that Section 1201 making the use of TPM circumvention illegal even it doesn’t infringe copyright is dated and, in some cases like YouTube-dl’s, takedown can be avoided by working with the developers to fix problems.

Also Read: What is Pentest Report? Here’s A Walk-through

In YouTube-dl’s specific case, GitHub first reinstated a fork which was patched to address the issues signaled in RIAA’s DMCA claim and then the YouTube-dl project repo after the Electronic Frontier Foundation (EFF) sent in more info to show that the utility did not violate the DMCA‘s anticircumvention prohibitions.

“In addition, the maintainer submitted a patch to the project addressing the allegations of infringement based on unit tests referencing copyrighted videos,” Vollmer added.

“Based on all of this, we reinstated the youtube-dl project and will be providing options for reinstatement to all of its forks.”

DMCA review process overhaul, developer defense fund

“We are taking a stand for developers and have reinstated the youtube-dl repo,” GitHub’s CEO Nat Friedman also said today. “Section 1201 of the DMCA is broken and needs to be fixed. Developers should have the freedom to tinker.”

“To help open source developers fight against unwarranted 1201 takedowns we are establishing a $1M developer defense fund and overhauling our process for 1201 claims.

“We’ll have more to say about this, and other things we are doing to protect developers and their freedom to tinker, in the coming weeks.”

GitHub also says that the 1201 claim review process will be refined so that all the following steps will be taken before taking down projects:

1. Every single credible 1201 takedown claim will be reviewed by technical experts, including when appropriate independent specialists retained by GitHub, to ensure that the project actually circumvents a technical protection measure as described in the claim.
2. The claim will also be carefully scrutinized by legal experts to ensure that unwarranted claims or claims that extend beyond the boundaries of the DMCA are rejected.
3. In the case where the claim is ambiguous, we will err on the side of the developer, and leave up the repository unless there is clear evidence of illegal circumvention.
4. In the event that the claim is found to be complete, legal, and technically legitimate by our experts, we will contact the repository owner and give them a chance to respond to the claim or make changes to the repo to avoid a takedown. If they don’t respond, we will attempt to contact the repository owner again before taking any further steps.
5. Only once these steps have been completed will a repository be taken down.
6. After a repository is taken down due to what appears to be a valid and legitimate 1201 claim, we will continue to reach out to the repository owner if they have not already responded to us, in order to provide them the opportunity to address the claim and restore the repository. 
7. Even after a repository has been taken down due to what appears to be a valid claim, we will ensure that repository owners can export their issues and PRs and other repository data that do not contain the alleged circumvention code, where legally possible.
8. We will staff our Trust and Safety frontline team to respond to developer tickets in such cases as a top priority, so that we can ensure that claims are resolved quickly and repositories are promptly reinstated once claims have been resolved.

GitHub will also create a defense fund for developers affected by takedown notices or legal claims seeing that those of them “who want to push back against unwarranted takedowns may face the risk of taking on personal liability and legal defense costs.”

“To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims,” Vollmer said.

“We will immediately begin working with other members of the community to set up this fund and take other measures to collectively protect developers and safeguard developer collaboration.”

Also Read: The PDPA Breach August 2020: A Recap of 8 Alarming Cases

YouTube-dl’s revival comes after GitHub issued a warning earlier this month that accounts may face a ban if they continue to upload content removed due to DMCA takedown notices.

After YouTube-dl’s repo was taken down angry users have been fighting GitHub’s decision by flooding the platform with new repositories containing the YouTube-dl source code.

Some of them have also used more creative ways to taunt GitHub, including the exploitation of a bug that enables users to attach commits to GitHub repositories they don’t control.

One of these newly created commits — containing the YouTube-dl source code — was attached to the GitHub DMCA repository.