IANAL, but as far as I know GitHub has to comply with DMCA requests. Otherwise, they would lose their safe harbor protection and become liable for all distributions of copyrighted content through their service.
However, GitHub is also required to reinstate `youtube-dl` if the creator files a DMCA counter-notice.
This is not a valid DMCA takedown request, as the claimant has not asserted copyright ownership of anything in the repository.
This notice is a conflation of two separate aspects of the DMCA, the copyright takedown process and technological circumvention devices. If the RIAA wishes to claim that youtube-dl is a circumvention device, the proper route is to sue the authors of youtube-dl. This notice is an abuse of process, and highlights the need for a penalty for fraudulent DMCA requests.
This is a good point, but I think ultimately Github has to comply with it to maintain their legal immunity, it's not their responsibility to determine if a copyright claim is valid.
Similarly, youtube-dl can issue a counter-notice, and Github will have no responsibility to determine the validity of that either. They simply restore access unless they have been notified that a lawsuit is in progress.
That's exactly how it works. The content carrier is on the hook to be responsive to DMCA takedown requests, and they are ~allowed~ (actually, also required) to be responsive to counter-notices as you describe.
Their responsibility begins with removing the hosted data in question, where a valid DMCA notice is issued (and there is no incentive for them to make a judgement about whether the notice is valid or not.) If the authors of youtube-dl want to file a counter claim, that is their right, (which would put GitHub within their rights to restore the content too.)
All of these declarations are made under penalty of perjury, both claims and counter-claims:
> The DMCA requires that you swear to the facts in your copyright complaint under penalty of perjury. It is a federal crime to intentionally lie in a sworn declaration. (See U.S. Code, Title 18, Section 1621.) Submitting false information could also result in civil liability—meaning you could incur a financial penalty.
The civil liability here is a liability to the party who was damaged, (the author or copyright holder), so even if GitHub wanted to assert by themselves that the DMCA takedown claim was invalid, they would not have standing to sue anyone about it. So pretending even if you did believe youtube-dl authors are in the right and that the courts would be inclined to rule in their favor, and you're Microsoft, you have to honor the DMCA request and take down the content in order for there to be justice, since there can be no party with standing unless there are actual damages. (IANAL, you probably already figured that out by now, and I have no idea what the legal definition of "actual damages" is, but I do know what standing is.)
Personally I agree that this does not represent a valid DMCA claim, but for GitHub to assert that and ignore the claim based on the way these laws are written, and those safe-harbor laws as well, I think any lawyer would say this is not possible.
> DMCA takedown claim was invalid, they would not have standing to sue anyone about
If this exact same logic were extended to YouTube: an invalid DMCA claim will absolutely reduce YouTube ad revenue causing measurable financial damage.
Besides arguing: "they should have known it was invalid and refused to comply," how exactly would this not grant standing?
That may be true, but this is not a claim on YouTube, (or the case of many frivolous claims made by these same RIAA folks on YouTube, that I know we're both thinking about.) There is no advertising sold on GitHub that I am aware of, and unless the youtube-dl authors are paying subscribers, I'm not sure how there could be any monetary damages to GitHub or Microsoft.
YouTube was just an example as it's easier to show damage and remedy.
GitHub?
- How does this third-party unlawful request not constitute tortious interference between GitHub and all users (or just the paying member who owns this repo)?
- If not directly tortious interference, this action could absolutely result in the loss of paying members and reputation damage.
- The very fact we're discussing this means GitHub has suffered damage to their brand.
- How does this resulting loss of source code not diminish the value of GitHub as a company?
As I said, I am not a lawyer and you may have out-lawyered me here already, but I'll do my best to respond. The law prescribes this path for youtube-dl authors to respond to the claim, if youtube-dl authors want to put their names behind the project and make a legal case out of it. That severely limits the calculable damage that is possible, (especially if youtube-dl won't pursue the matter further.)
The claim in the takedown notice that is required to be submitted under penalty of perjury is simply that the party submitting the claim actually represents [copyright holder] and that notice which RIAA submitted also does not make any demonstrably false claims. It does not entirely fit the format of a regular DMCA copyright takedown request for copyright enforcement, it has two sections (one is called "Anticircumvention Violation"). It goes into detail about how the rights holders which RIAA lawyer represents are aggrieved, with language like:
> we have a good faith belief that most of the youtube-dl forks are infringing to the same extent as the parent repository.
# (This is probably the most dubious claim, and since the channel for takedown notices is for copyright enforcement, if your argument had a leg to stand on, I think it's this one. But is it calculable damage? And is the mention of Taylor Swift and other RIAA member artists in the README not plenty of evidence that there is actual infringement that is happening, or at least that it could have been asserted in good faith as it were that those rights holders believed there is a valid claim, as this infringement was happening?)
and
> the youtube-dl source code available on Github (which is the subject of this notice) circumvents YouTube’s rolling cipher to gain unauthorized access to copyrighted audio files, in violation of YouTube’s express terms of service
I think for this to be tortious interference, you would have to demonstrate that there was any intentionally false information in these claims, and that's going to be tough. There is part of a DMCA takedown claim that must be asserted under penalty of perjury, and after re-reading the law and jogging my memory I understand again that for the party sending the takedown notice, that is very limited. (Unlike the counter-claim, which has to assert ownership under penalty of perjury, the claim must only assert that claimant represents an owner as identified in the claim and that the factual claims made in the notice are true, in good faith.) Otherwise it's hard to argue that this notice is anything but an effort to enforce multiple sections of the law as it is written, by asking nicely for a hand through the channels that GitHub has made available for enforcement.
Whether or not it meets the definition of a valid DMCA takedown notice, it is a letter with many demonstrably true factual points, which GitHub has accepted through their channel for enforcement of claims. GitHub has "voluntarily" complied with their interpretation of the law here, in response, and there is an avenue for redress for the authors, if youtube-dl authors feel this is worth pursuing.
The DMCA takedown request process is exclusively for content owners and their representatives to gain remedy for their own works. Youtube-DL is not their own work.
The takedown request process is improper: they should have filed in an appropriate United States jurisdiction.
As you've noticed: the format is strange because this is an illegal attempt that GitHub really should not have complied with.
It makes both a copyright claim and a claim about circumvention devices. I don't agree, as you don't, that the copyright claim is valid, youtube-dl git repo clearly isn't hosting any copyrighted materials owned by the RIAA members represented in the letter. But the letter also never claims that it does.
The law does not demand automated enforcement of claims or the establishment of a channel for automated enforcement. That is a compliance device invented by GitHub/YouTube/etc. for managing the substantial volume of requests they must receive with as much transparency as their customers demand and its operational characteristics are not covered by the law, it's simply a tool that GitHub uses to make themselves responsive and in compliance with as little overhead and manual intervention required as possible.
The law does prescribe the "claim, counter-claim" process, which GitHub must respect if they are to maintain their compliance and safe harbor. If they were in the habit of reviewing every claim for validity (strictly not required by the law that insulates them), then I might agree with you, but I think that singling out this one claim and handling it specially would in fact open them up to a great big world of even criminal liability, that their straightforward compliance with the law insulates them from.
The law prescribes almost exactly how GitHub should respond to claims and counter-claims, down to how many days the content may be removed for if a counter-claim is laid.
> If you send a counter-notice, your online service provider is required to replace the disputed content unless the complaining party sues you within fourteen business days of your sending the counter-notice. (Your service provider may replace the disputed material after ten business days if the complaining party has not filed a lawsuit, but it is required to replace it within fourteen business days.)
What must happen now, is youtube-dl either responds with a counter-claim or they don't. Then either a lawsuit is filed by RIAA within 10-14 days, or it isn't. Possibly one is filed later. (They don't waive any rights by not filing the lawsuit right away.) By managing the claim this way, GitHub has ensured at least that they need not be party to the lawsuit. (They will not be on the receiving side of a lawsuit. This does not preclude them from going on the offensive and claiming tortuous interference, but it does protect them from imminent danger.)
So, whether this was a valid claim by RIAA or an illegal attempt at tortious interference is surely a matter for the courts to decide, but suffice it to say I am far less confident than you are that GitHub would be safe from any kind of legal reprisal if they stood fast here, and tried to hold the position that you are arguing without letting the compliance channel play out however that goes.
It is a chilling law and we've known this since it was penned. I don't agree with the law and I am interested to see this play out, I hope this takedown is not the end of the story.
GitHub has voluntarily complied with this (bad IMHO) law. If that were true, and frivolous requests were being made and dismissed routinely, then GitHub might curb their voluntary "compliance" machine. Is that actually happening, or are you trying to argue that it's a slippery slope?
If bad complaints are not dismissed by the courts, then it's a really bad law, or a bad court. That is a problem for GitHub, granted. If you are shopping for a source code hosting service that will insulate you from such DMCA claims, then sure, GitHub has just shown they won't do that. I guess!
I'm not sure that will have any measurable impact on their business model. They were never to my knowledge in the business of providing that kind of protection, before or after Microsoft.
That logic is all fine and well, but that requires GitHub to determine if a takedown is valid or not. And if they determine incorrectly in a case, they’re open to damages in that case.
So, is it worth it? Or is it worth just letting the parties figure it out?
If the DMCA is truly invalid, a counter-claim can be filed. If the other party doesn’t want to file one, I guess GitHub wonders why it should keep the content up when the creator doesn’t have faith in it.
Obviously I note the possible flaw in the above logic, in that there’s a difference between an individual developer deciding it’s worth starting a legal faff with a big company by filing a counter-claim, verses GitHub doing it, but their service would go broke dealing with legal requests otherwise.
Correct way to deal with this is through your lawmakers, not saying Microsoft should foot the bill for a broken law.
If the notice had claimed copyright ownership of youtube-dl, then Github would have to act on it even though it was incorrect. But since it's not an actual well formed takedown notice, legally Github does not have to do anything with it - just as if it were missing contact information or were not signed. Unfortunately there is little downside for Github to act on it regardless.
It seems like the right process is to mosey on over to gitlab. If gitlab properly defends the developer, that will continue the gradual github exodus to more open platforms.
“For all distributions of copyrighted content through their service”
I don’t think that’s true? I think that only extends to this particular DMCA. Obviously it wouldn’t extend to eg me claiming Ruby on Rails is copyright infringement.
Not really. They're legally required to do so. The DMCA notice (despite what someone suggests downthread) is unfortunately quite properly served. Even if it is flat-out wrong, GH/MS has no reason (and likely no resources) to investigate whether or not that's the case. And if they did, and got it wrong, they'd lose their safe harbor status and be liable for damages.
If the youtube-dl author believes it to be bullshit, they can send a counter-notice, and GH/MS will then put it back up. If the RIAA still has a bone to pick, they can file a lawsuit. Unfortunately, they very well may.
> It's not that far from targeting wget or curl, were it not for the widespread use of them in industry.
I get really confused when I hear things like this, because this makes no sense. Targeting a program called "YouTube Download", which has the main purpose of downloading clean copies of YT videos, against the wishes of the content creators is absolutely not the same thing as targeting a generic HTTP/FTP download tool.
I think the DMCA is garbage, but it feels like willful ignorance to be at all surprised about things like this, and to compare this to something obviously non-infringing.
Because there's no upside and only downside. If they refuse to comply and it turns out that youtube-dl did infringe, then they won't have DMCA safe harbor status and could be liable for damages.
While the takedown request is outrageous, I'd probably respond the same in MS's shoes. Frankly defending it is not worth the corporate lawyering required from MS's perspective.
That said, I think if Youtube-dl self-hosted on Gitlab or something and received a similar takedown, they could probably mount a successful defense.
It's not that far from targeting wget or curl, were it not for the widespread use of them in industry.