Skip to content
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Cannot retrieve contributors at this time

Are you the copyright holder or authorized to act on the copyright owner's behalf?

Yes, I am authorized to act on the copyright owner's behalf.

Please describe the nature of your copyright ownership or authorization to act on the owner's behalf.

Google creates and distributes the Widevine Content Decryption Module (CDM), which is licensed for use by many browsers, including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera. The Widevine CDM is used in conjunction with the Widevine License Server to distribute DRM’d audio and video content over the internet and is used by content providers, including Disney+, Netflix, Amazon Prime Video, YouTube, Hulu, and others, to prevent piracy of copyrighted content.

Google LLC owns the copyright in the Widevine CDM and licenses others to use it without modification or redistribution under the terms of the Widevine Master License Agreement.

As [private] for Google I am authorized to file copyright infringement and related anti-circumvention claims on behalf of the company (Circumvention Ticket ID: [private]).

Please provide a detailed description of the original copyrighted work that has allegedly been infringed. If possible, include a URL to where it is posted online.

The following git repository contain circumvention technology that enables users to illegally access video and audio works protected by copyright.

From the description text:
Widevine is a Google-Owned DRM system that's in use by many popular streaming services (Netflix, Spotify, ...) to protect media content from being downloaded.

But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable.

This Chrome extension demonstrates how it's possible to bypass Widevine DRM by hijacking calls to the browser's Encrypted Media Extensions (EME) and decrypting all Widevine content keys transferred - effectively turning it into a clearkey DRM.

It is our belief that the repo as a whole represents a circumvention tool in violation of 1201 and therefore needs to be removed.

Additionally, the Git repo contains several files that violate Google’s copyrights:
Google license_protcol.proto (see Google copyright at the top of the file): /widevine-l3-decryptor/blob/main/license_protocol.proto
Copyrighted Widevine documentation distributed to Widevine licensees:
Widevine Modular DRM Security Integration Guide: /widevine-l3-decryptor/blob/main/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf
Widevine DRM Architecture Overview: /widevine-l3-decryptor/blob/main/docs/Widevine_DRM_Architecture_Overview.pdf

In addition to this request, we have filed a separate Sensitive Data takedown request of this file: /widevine-l3-decryptor as it contains the secret Widevine RSA private key, which was extracted from the Widevine CDM and can be used in other circumvention technologies.

What files should be taken down? Please provide URLs for each file, or if the entire repository, the repository’s URL.

The entire repository should be removed as it contains code that enables circumvention of DRM technology and unauthorized access to copyrighted works.

Have you searched for any forks of the allegedly infringing files or repositories? Each fork is a distinct repository and must be identified separately if you believe it is infringing and wish to have it taken down.

Please see above.

Is the work licensed under an open source license? If so, which open source license? Are the allegedly infringing files being used under the open source license, or are they in violation of the license?

No, the Widevine CDM and associated keys are not open sourced. Instead they must be licensed through an explicit agreement with Google.

What would be the best solution for the alleged infringement? Are there specific changes the other person can make other than removal? Can the repository be made private?

The purpose of this repo is to illegally access copyrighted material, and the content of the repo was illegally obtained. The repo must be shut down entirely.

Do you have the alleged infringer’s contact information? If so, please provide it.

I have no information regarding the identity of the alleged infringers beyond their Github account names.

I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.

I have taken fair use into consideration.

I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.

I have read and understand GitHub's Guide to Submitting a DMCA Takedown Notice.

So that we can get back to you, please provide either your telephone number or physical address.

[private], Google LLC

Please type your full legal name below to sign this request.