"youtube-dl stands in place of a Web browser and performs a similar function with respect to user-uploaded videos. Importantly, youtube-dl does not decrypt video streams that are encrypted with commercial DRM technologies, such as Widevine, that are used by subscription video sites, such as Netflix."
"We presume that this “signature” code is what RIAA refers to as a “rolling cipher,” although YouTube’s JavaScript code does not contain this phrase. Regardless of what this mechanism is called, youtube-dl does not “circumvent” it as that term is defined in Section 1201(a) of the Digital Millennium Copyright Act, because YouTube provides the means of accessing these video streams to anyone who requests them. As federal appeals court recently ruled, one does not “circumvent” an access control by using a publicly available password. Circumvention is limited to actions that “descramble, decrypt, avoid, bypass, remove, deactivate or impair a technological measure,” without the authority of the copyright owner."
The (English) phrase is used verbatim in the (German) 2017 LG Hamburg claim and verdict. It is not explained there, nor did the claimant explain where they got it from. I’m assuming that it’s based on a misunderstanding of “rolling codes” [1], an actual cryptographic technique, which isn’t applied here (the only overlap is that the “s” parameter of the YouTube video URI varies for certain videos; and, well, the key in rolling codes also varies).
Interestingly that verdict also claims that URL encoding is a valid, effective encryption measure (I’m not kidding! See [2]; the German word here is “Prozentcodierung”, i.e. percent-encoding).
The court in question (LG Hamburg) is infamous in Germany for its technically illiterate, consistently laughable verdicts in IT-related cases (this isn’t a recent thing — it’s been going on for about two decades).
"youtube-dl stands in place of a Web browser and performs a similar function with respect to user-uploaded videos. Importantly, youtube-dl does not decrypt video streams that are encrypted with commercial DRM technologies, such as Widevine, that are used by subscription video sites, such as Netflix."
"We presume that this “signature” code is what RIAA refers to as a “rolling cipher,” although YouTube’s JavaScript code does not contain this phrase. Regardless of what this mechanism is called, youtube-dl does not “circumvent” it as that term is defined in Section 1201(a) of the Digital Millennium Copyright Act, because YouTube provides the means of accessing these video streams to anyone who requests them. As federal appeals court recently ruled, one does not “circumvent” an access control by using a publicly available password. Circumvention is limited to actions that “descramble, decrypt, avoid, bypass, remove, deactivate or impair a technological measure,” without the authority of the copyright owner."