After previously filing DMCA takedown notices of a more general nature against tools such as Deezloader and Deemix, Deezer has now tweaked its language to directly accuse similar tools of "maliciously" obtaining its private encryption keys and publishing them on Github, in order to defeat its "effective technical measures."
In common with all music streaming services, French streaming giant Deezer played an important role in the fight against file-sharing and other forms of music piracy.
Millions of former pirates have left the high seas to join Deezer and rivals such as Spotify but for the past several years, Deezer has been trying to mitigate piracy of a different kind. With the assistance of third-party tools, it’s possible to download high-quality tracks from Deezer with minimal effort, without paying a penny.
Deezer’s Long History of Takedowns
Over the past five years, Deezer has targeted these pieces of software with DMCA takedown notices. Many have been filed against Github, requesting that the development platform removes tools such as Deezloader and severalsuccessors.
The company has mostly stuck to the same notice format, stating that third-party apps use “illegal methods” to download music. However, in a new notice filed against Github this week, the company goes into much more detail.
“Malicious” Tools Defeat Deezer’s Encryption
In common with earlier notices, Deezer highlights that downloading tracks from its service outside user licensing terms is forbidden. This time Deezer emphasizes that it has put in place “strong Digital Right Management tools” to protect musical content alongside “extremely high level encryption” to protect supporting systems.
According to the notice, the targeted tools (which include Deezloader, Deemix, Deezloader Reborn, Deezloader Remix, SMLoader and Deezer Grabber) circumvent Deezer’s systems to download copyrighted content and elements of its service. Specifically, the apps are illegally retrieving and then publishing Deezer’s secret encryption keys on Github.
“We have discovered that the following links make available Github repositories created to make available softwares which enable users to download the Deezer Content without any authorization,” the notice reads.
“To do so, these repositories are sharing the private encryption keys retrieved maliciously to bypass Deezer’s security measures to unlawfully download its music catalogue, directly from Deezer’s servers in total violation of our rights and those of our music licensors (phonographic producers, performing artists, songwriters and composers).”
At this point, Deezer drops in an important phrase that has become increasingly topical in recent times in respect of the DMCA’s anti-circumvention provisions.
“By creating and developing these projects, the developers have knowingly procured or offered to others, without our authorization, a mean especially dedicated to the circumvention of our effective technological measures, in order to allow unauthorized persons to directly download our phonograms and others producers’ phonograms out of our servers,” the notice adds.
Github Complies With All Takedown Requests
Github responded to the complaint by removing every repository and link listed in Deezer’s DMCA notice. While this isn’t a surprise, the platform’s actions stand in contrast to those taken in response to similar takedown notices filed by the RIAA against Youtube-dl, the well-known software tool that allows people to download content from YouTube.
In that case, Github reversed a decision to take down Youtube-dl and put $1 million into a fund to defend against wrongful takedowns.
The big difference here is that while there seem to be grounds for arguing that youtube-dl doesn’t circumvent a technical protection measure (TPM), the same cannot be argued for any of the projects that allow downloading from Deezer. They tend to use Deezer’s publicly available API but also exploit a flaw in Deezer’s encryption.
In the past, developers have suggested it’s Deezer’s fault for not fixing the problem but as far as the law goes, having an encryption system that can be easily bypassed doesn’t negate its standing as an “effective technological measure”. As a result, it is extremely unlikely that Github will reconsider the takedowns on any grounds.