RIAA Uses DMCA To Take Down YouTube-DL Repositories on GitHub

On October 23rd, the RIAA used a DMCA letter to takedown the YouTube-DL GitHub repository, along with a couple of dozen forks of the project. As of Friday, 10/23/2020, many of those repositories returned the following message.

Repository unavailable due to DMCA takedown.

This repository is currently disabled due to a DMCA takedown notice. We have disabled public access to the repository. The notice has been publicly posted.

If you are the repository owner, and you believe that your repository was disabled as a result of mistake or misidentification, you have the right to file a counter notice and have the repository reinstated. Our help articles provide more details on our DMCA takedown policy and how to file a counter notice. If you have any questions about the process or the risks in filing a counter notice, we suggest that you consult with a lawyer.

GitHub posted the RIAA’s takedown request letter in its DMCA repository. The letter reads in part,

I am contacting you on behalf of the Recording Industry Association of America, Inc. (RIAA) and its member record companies. The RIAA is a trade association whose member companies create, manufacture or distribute sound recordings representing approximately eighty-five (85) percent of all legitimate recorded music consumption in the United States. Under penalty of perjury, we submit that the RIAA is authorized to act on behalf of its member companies on matters involving the infringement of their sound recordings, audiovisual works and images, including enforcing their copyrights and common law rights on the Internet.

Copyright Violations. We have learned that your service is hosting the youtube-dl source code on its network at the following locations, among others:

. . .

The clear purpose of this source code is to (i) circumvent the technological protection measures used by authorized streaming services such as YouTube, and (ii) reproduce and distribute music videos and sound recordings owned by our member companies without authorization for such use. We note that the source code is described on GitHub as “a command-line program to download videos from YouTube.com and a few more sites.”

We also note that the source code prominently includes as sample uses of the source code the downloading of copies of our members’ copyrighted sound recordings and music videos, as noted in Exhibit A hereto. For example, as shown on Exhibit A, the source code expressly suggests its use to copy and/or distribute the following copyrighted works owned by our member companies:

• Icona Pop – I Love It (feat. Charli XCX) [Official Video], owned by Warner Music Group
• Justin Timberlake – Tunnel Vision (Explicit), owned by Sony Music Group
• Taylor Swift – Shake it Off, owned/exclusively licensed by Universal Music Group

Last.Fm: TechCrunch Are Full of Shit

Wasn’t it just other day that Michael Arrington was whining about how unfair and mean people were to him? And yet that didn’t stop Erick Schonfeld from running a long story on TechCrunch about a completely baseless rumor that Last.Fm was sharing user data with the RIAA in order to track down people who had obtained leaked copies of the new U2 album.

The rumor Schonfeld chose to higlight was even third-hand as reported by his alleged source,

As a result, word is going around that the RIAA asked social music service Last.fm for data about its user’s listening habits to find people with unreleased tracks on their computers. And Last.fm, which is owned by CBS, actually handed the data over to the RIAA, according to a tip we received:

I heard from an irate friend who works at CBS that last.fm recently provided the RIAA with a giant dump of user data to track down people who are scrobbling unreleased tracks. As word spread numerous employees at last.fm were up in arms because the data collected (a) can be used to identify individuals and (b) will likely be shared with 3rd parties that have relationships with the RIAA.

What an asshole. If this were true, this would pretty much kill Last.Fm like yesterday. To run such a rumor based on “some guy told me he heard from this other guy …” is just idiotic. Schonfeld would be fired at any organization with ethics, but presumably Arrington is still crying like a goddamn baby about how no one is nice to him anymore to pay much attention.

At least Last.Fm didn’t release some boring denial,

So do us a favour – if you see people spreading the rumour, refer them to this blog post and mention you heard from a friend that “Techcrunch are full of shit.”

Yeah, I think we’ve known that all along.

Boing! Boing! and Slashdot Distort Statement by RIAA’s Cary Sherman

The last thing that any anti-RIAA activists needed to do was distort what RIAA chief Cary Sherman had to say about the Sony rootkit debacle. And yet both Boing! Boing! and Slashdot have chosen to push completely ridiculous interpretations of a comment Sherman made in response to Sony’s actions.

Boing! Boing! claimed that Sherman said that lots of companies install rootkits. According to Boing! Boing!,

RIAA President Cary Sherman gave a recent college press-conference where he addressed Sony’s rootkit fiasco (among other things — the whole transcript is worth reading for a quick visit to the planet greed). His take? Other companies do the same thing all the time!

Slashdot one-ups that claiming,

President of RIAA Says Sony-BMG Did Nothing Wrong

But Sherman’s comments do not support either interpretation. You have to willingly distort his actual comments to arrive at either claim. Here’s what Sherman actually said,

“They have apologized for their mistake, ceased manufacture of CDs with that technology, and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they’ve taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?”

Sherman’s point is clear — Sony screwed up, but it was far more responsible and pro-active than even many software companies are when vulnerabilities come out. He’s absolutely right on the recall point. When was the last time a software company pulled product off the shelf to avoid exposing consumers to software vulnerabilities? I seem to remember a publisher pulling a game that contained a virus, but not much other than that. Most prefer, as Sherman notes, to simply post a patch on the Internet.

Now Sherman’s point about the responsiveness of Sony is certainly debatable. An alternate interpretation is Sony had to be browbeaten into recalling the CDs — after all one of its executives said the rootkit wasn’t a big deal because most users wouldn’t even know what a rootkit was.

But Sherman is clearly not saying he approves of Sony’s actions, and he’s also clearly not saying that many companies use rootkits.

Distorting his words and meaning to say so is really a dumb thing to do.