> Section 1201, specifically referenced in RIAA's letter, requires that the circumvention software be "primarily" designed for circumvention. It's arguable youtube-dl is not primarily designed for downloading the minority of YT videos that use the rolling cipher, or whatever "protection" Google may choose to offer the minority of YT accounts that want to use YT as a distribution channel for commercial content, e.g., VEVO.
I still think it's debatable whether youtube-dl constitutes circumvention of effective controls or not. This is the relevant definition:
> a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
I'm not intimately familiar, but is youtube-dl cracking the rolling cipher, or using the keys that YouTube provides? I believe there is a very valid argument that using youtube-dl is not evidence of circumvention of effective access control systems. There are a plethora of other reasons one might want to use it. One perfectly legitimate example is if you want to watch a video in 1080p without constant buffering, but you aren't on a network connection that can support that. You're basically using your hard drive as a much, much larger buffer. You can often even play the videos with the same browser that opened YouTube, so it really does become effectively cached content (albeit a cache external to your browser).
I think they would also have to demonstrate that downloading one of those videos is a copyright violation. You could argue that as long as the video is available, it should be valid for you to cache those videos. If I'm going on a plane, or I know my internet is going to be out, is it really a DMCA violation for me to download those videos and time shift my viewing to when my internet is out?
> Through the use of the rolling cipher, YT does not restrict access to the the download URL. It simply changes the URL periodically. The rolling cipher is thus not an effective access control. For example, when Google promises YT account holders Google can prevent users in a certain geographic region from accessing a video, does Google use a rolling cipher in the Javascript player as the access control.
I disagree with this part. As much as I don't like it, I can't find any way that the rolling cipher is not "effective access control". I linked the definition above, but to the layman (and these laws were written by laymen, so you do have to bear in mind their intent) periodically changing the download URL is an effective access control because they can't bookmark it and go back to it later. We can argue that using the Developer Tools is "in the normal course of operation", but I think you're extremely unlikely to get a judge to agree that opening the Developer Tools is "in the normal course of operation". It's normal to us, but it is not normal for the US as a whole.
In short, I think anything that you can't bookmark a download for probably counts as "effectively controls access". I'm sure other industries feel the same way; oil execs say what they're doing is slightly different than what the law stipulates, doctors says what they did doesn't exactly match up with what malpractice law requires, etc. The only person who's opinion matters is the judge, and they probably aren't an expert.
As an overall summary, I think we're more likely to succeed by poking holes in the RIAA's case. Youtube-DL is under no legal obligation to prove anything; the RIAA as the plaintiff is responsible for proving all of the facts they assert. As long as we try to combat that with our own assertions, they can simply try to poke holes in those. It seems much more difficult to prove that youtube-dl's usage is legitimate than it is to poke holes in one of the assumptions underlying the RIAA's lawsuit. If this is legitimate use, youtube-dl wins. If this is not circumvention, but an alternate access mechanism, youtube-dl wins. If you can prove that rolling ciphers are not an effective control measure, youtube-dl wins. I think the most likely of those options is demonstrating that youtube-dl is fair use (I wonder if there are any accessibility reasons to use youtube-dl; that would hamstring the RIAA, as they'd be caught between the ADA and the DMCA. They either have a valid DMCA complaint but YouTube is liable under DMCA, or they don't have a valid complaint because youtube-dl is required to meet ADA specifications). I don't even have to think very hard to come up with a few non-infringing reasons why someone would use youtube-dl. The RIAA then has to prove that youtube-dl is "primarily designed ... for the purpose of circumventing a technological measure", rather than for the variety of non-infringing reasons one might use youtube-dl.
Inside the source of the Javascript player (base.js) was a function to transform (update) the value of the video signature (s) parameter. All you had to do was look at base.js and duplicate the string operations used to produce the updated s, whatever they were. No need to use Javascript. yt-dl chose to use Python. Only a minority of videos used this "technological measure". Most videos on YT do not require a continually updated s; the value of s stays the same.
Regarding the "bookmark" comment, there is no way to "bookmark" any YT download URL because all YT download URLs (not just ones that have a changing signature) include timestamps; as is typical of download URLs on video sites, they have an expiration. Generating URLs that expire is not done as a means of copyright-related "access control"; the purpose has to do with caching.
RIAA depends on it being debateble. Debatable means you get to spend hundreds of thousands of dollars arguing over it in court. Sine the RIAA’s members business model depends on it, they are willing to spend whatever it takes. No one else is.
I still think it's debatable whether youtube-dl constitutes circumvention of effective controls or not. This is the relevant definition:
> a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
I'm not intimately familiar, but is youtube-dl cracking the rolling cipher, or using the keys that YouTube provides? I believe there is a very valid argument that using youtube-dl is not evidence of circumvention of effective access control systems. There are a plethora of other reasons one might want to use it. One perfectly legitimate example is if you want to watch a video in 1080p without constant buffering, but you aren't on a network connection that can support that. You're basically using your hard drive as a much, much larger buffer. You can often even play the videos with the same browser that opened YouTube, so it really does become effectively cached content (albeit a cache external to your browser).
I think they would also have to demonstrate that downloading one of those videos is a copyright violation. You could argue that as long as the video is available, it should be valid for you to cache those videos. If I'm going on a plane, or I know my internet is going to be out, is it really a DMCA violation for me to download those videos and time shift my viewing to when my internet is out?
> Through the use of the rolling cipher, YT does not restrict access to the the download URL. It simply changes the URL periodically. The rolling cipher is thus not an effective access control. For example, when Google promises YT account holders Google can prevent users in a certain geographic region from accessing a video, does Google use a rolling cipher in the Javascript player as the access control.
I disagree with this part. As much as I don't like it, I can't find any way that the rolling cipher is not "effective access control". I linked the definition above, but to the layman (and these laws were written by laymen, so you do have to bear in mind their intent) periodically changing the download URL is an effective access control because they can't bookmark it and go back to it later. We can argue that using the Developer Tools is "in the normal course of operation", but I think you're extremely unlikely to get a judge to agree that opening the Developer Tools is "in the normal course of operation". It's normal to us, but it is not normal for the US as a whole.
In short, I think anything that you can't bookmark a download for probably counts as "effectively controls access". I'm sure other industries feel the same way; oil execs say what they're doing is slightly different than what the law stipulates, doctors says what they did doesn't exactly match up with what malpractice law requires, etc. The only person who's opinion matters is the judge, and they probably aren't an expert.
As an overall summary, I think we're more likely to succeed by poking holes in the RIAA's case. Youtube-DL is under no legal obligation to prove anything; the RIAA as the plaintiff is responsible for proving all of the facts they assert. As long as we try to combat that with our own assertions, they can simply try to poke holes in those. It seems much more difficult to prove that youtube-dl's usage is legitimate than it is to poke holes in one of the assumptions underlying the RIAA's lawsuit. If this is legitimate use, youtube-dl wins. If this is not circumvention, but an alternate access mechanism, youtube-dl wins. If you can prove that rolling ciphers are not an effective control measure, youtube-dl wins. I think the most likely of those options is demonstrating that youtube-dl is fair use (I wonder if there are any accessibility reasons to use youtube-dl; that would hamstring the RIAA, as they'd be caught between the ADA and the DMCA. They either have a valid DMCA complaint but YouTube is liable under DMCA, or they don't have a valid complaint because youtube-dl is required to meet ADA specifications). I don't even have to think very hard to come up with a few non-infringing reasons why someone would use youtube-dl. The RIAA then has to prove that youtube-dl is "primarily designed ... for the purpose of circumventing a technological measure", rather than for the variety of non-infringing reasons one might use youtube-dl.