Megaupload: A Lot Less Guilty Than You Think(cyberlaw.stanford.edu) |
Megaupload: A Lot Less Guilty Than You Think(cyberlaw.stanford.edu) |
(I never said that Megaupload is innocent though, but I like well followed procedures, they are the guardians of our liberties)
This article is really about the merits of the case, which is separate from the question of following due process upon arrest and indictment.
But if the FBI loses this case and its image is tarnished then it could be a precedent and may change the way these copyright infringement cases are conducted. I am not american and I would hate to see the FBI take away my startup business on the ground that I am violating copyrights because of my users.
Now, since as you say, this was a large multi-national operation, I don't know if all those charged will be extradited to the USA, or if they'll be tried in other countries. I really have no idea about laws & procedures around the globe, but if they are extradited to the USA, I wouldn't count the MegaUpload folks out just yet. It's probably very dependent on how much of their assets are frozen, which will affect how much of their money they can spend on legal representation. (I say unfortunately, because it seems to me that in an ideal justice system, everyone should have the same level [high!] of representation, rather than some being able to "buy" better lawyers).
But outside of that, it's not up to the judge. It's a criminal case, and they will be tried by a jury. If they're convicted, the judge will determine their sentence. But it's not up to the judge to determine their guilt. (Unless the defendants forgo a jury trial and elect for a trial by judge, but I doubt they will.)
They took down individual links only, while still keeping the infringing files on the server, and all the other un-reported links to that exact file (they also hashed each upload, so to detect duplicates, and complete the upload instantly and have 1 data file... a fingerprint system they never used to prevent re-uploads of copyrighted material that was reported).
Then they conspired (shown in leaked emails) to only follow DMCA requests coming from large US entities (while ignoring requests coming from Mexico, for example).
Their entire business revolved around tricking people into signing up for paid accounts so they could download copyrighted material. And made 175 million from it.
Oh the humanity! How can these people be allowed to live. /s
The time for cyber villans is not now, when the streets are still full of their ancestors.
Now, seriously, comparing the amount of misery illegal drugs cause with the amount illegal file sharing does is, at best, ludicrous. It's like all the more serious problems are solved and now they have to turn their attention to the copyright infringers.
Even if, for some reason, this isn't getting Megaupload off the hook, it's worth remembering why exactly this isn't going to (gasp!) destroy that "cloud" thing everyone keeps writing about.
[1] http://www.vibe.com/content/worldstarhiphop-exposed-truth-be...
Now we have a single file with the same hash, but two pointers, one legal and one illegal. If UberUpload deletes the file, it is deleting legal and illegal content. If it deletes the illegal pointer, the legal copy of the file still exists.
That's a good point. The legal principle that bits have colour[1] works -- or ought to work -- equally when it's against the MPAA as for them.
[1]: What Colour Are Your Bits? http://ansuz.sooke.bc.ca/entry/23
Then you should use a service that:
1) Does not provide unauthenticated access or public links for anyone to use to your backed-up MP3s from Amazon.
2) Is not known as the internet’s hub of piracy.
3) Did not offer bounties for people to upload copyrighted material.
You would be committing copyright infringement at that point. The rest is irrelevant.
Also, those leaked emails, as you call them were actually emails that the feds obtained from MU's mail server, probably via warrant. Those emails were used as the foundation of the indictment that was later presented to a grand jury. So, there is a huge question as to what probable cause the feds had to search MU's mail server in the first place, given that MU was complying with the DMCA safe harbor provision. MU appeared to only honor DMCA requests that came from legitimate parties; the email snippit claiming that they ignored a request from Mexico does not state the name of the entity that made that request, probably because it was made by a guy named Jose from an aol.com account.
Anyway, this whole case is going to dissolve in front of the prosecutors' faces on Thursday when any trace of offending material is deleted do to discontinuation of service from Cogent & Carpathia. Dr. Evil appears to always get away with it.
From a Carpathia rep: “In reference to the letter filed by the U.S. Department of Justice with the Eastern District of Virginia on Jan. 27, 2012, Carpathia Hosting does not have, and has never had, access to the content on MegaUpload servers and has no mechanism for returning any content residing on such servers to MegaUpload’s customers. The reference to the Feb. 2, 2012 date in the Department of Justice letter for the deletion of content is not based on any information provided by Carpathia to the U.S. Government. We would recommend that anyone who believes that they have content on MegaUpload servers contact MegaUpload. Please do not contact Carpathia Hosting”
When there are 100 more links to it? Yes. It exists.
> So, there is a huge question as to what probable cause the feds had to search MU's mail server in the first place, given that MU was complying with the DMCA safe harbor provision.
The rest of your post is one assumption after the other, that goes against what is reasonable to assume based on everything we've witnessed in this case.
In the case of something that is always illegal (say child porn) there would be a duty to remove all instances of a file, but when it's a case by case basis of whether or not there is a copyright issue it does not make sense to take files down en masse. Remember that uploads to MU were private--you received a secret link.
Dropbox has a very clear concept of private files and public files. If a DMCA request was issued for a file you're storing in your public folder, I would certainly expect Dropbox to remove all instances of that file in all public folders on all accounts.
I disagree.
If you're hosting copyrighted material that I own, and I file a DMCA, I'd expect you to remove that material from the server / to stop hosting it.
You just don't get to keep the data file and hide it behind more links.
Color me ignorant, but this doesn't sit right with me. Does the DCMA have international scope? Does the FBI enforce Mexican law?
You're copyright and IP rights don't disappear the moment the data crosses into the USA.
And MU will have their day in a US court of law, based on a system that's the worst in the world, except for all the others.
All of this is crazy, and the point in the article is very much valid in my opinion, on the other hand if the copyright holder allegedly affected were to sue Megaupload in a civil case in the country that Megaupload operates from then that would be perfectly fine in my opinion. I don't agree with the copyright laws that exist at the moment, but everyone should have the right to try to protect their rights in court, even if I don't personally agree with the law.
The reason I asked about what steps Megaupload made to comply with DMCA complaints, and what the law says about DMCA take downs, was out of curiosity about the legal landscape and the chances of Megaupload in this case, even though it shouldn't be a criminal case.
I am not sure if that is required by the DMCA. I know youtube has this "fingerprinting" system that stops copyrighted uploads, but is that the law?
Even other public links might be legitimate, and Megaupload would not have a way of determining that based merely on the presence of links.
Do I think they were aware that there were tons of illegal copies? Absolutely. But whether or not they could blanket delete content without in effect deleting content the people filing the DMCA takedown requests had no rights to request taken down is an entirely different matter.
They won and they are not required to operate a fingerprinting system.
But forget the download servers being hosted in Virginia - what is much much worse is that they hosted their email servers at the same colo. This entire case and almost all of the evidence is built up around the contents of that email server. The feds obtained a secret warrant to get the details and most of the facts in the indictment are based on what they found.
I wrote about this here:
http://nikcub.appspot.com/posts/how-megaupload-was-investiga...
I hope this case makes it to a trial because I would like to find out what probable cause was used to obtain the warrant to handover the email server.
I submitted it, but it looks like you already did so last week, and it didn't get much attention. I hope more people can see it from this thread.
I would also love to see some advances in client-side steganography that could be usable as easily as GPG. Probably the closest thing we have now is TrueCrypt hidden volumes but that doesn't really work for email.
http://www.hispalinux.es/sites/hispalinux/files/1-main.pdf
http://www.hispalinux.es/sites/hispalinux/files/order%20perf...
No sources for the rest, maybe someone knows something more.
There is no question in my mind that MU thrived by appearing to comply with the DMCA, while encouraging illegal use of its service.
However, if the gov't wanted to really send these guys to jail for a long time, they appear to have screwed up the foundation of their case pretty well. If the initial search of the MU mail server was not found to be valid, the feds lose. If Cogent & Carpathia delete all of MU's data (i.e. evidence) and the feds can't prove in court that offending material existed, the feds lose. It's turned into a real mess from a prosecution standpoint. No wonder Kim pleaded not guilty instead of taking a plea bargain.
In Germany/Switzerland.
http://news.ycombinator.com/item?id=3529536
I have also been spending some time reading over the Viacom vs YouTube case. The parallels between it and Megaupload are striking - the difference being that Megaupload is a criminal case while YouTube was a civil case. I found that the YouTube internal emails were much more incriminating than the MegaUpload emails. I plan on writing up the details of the emails and other parallels between the two cases sometime this week.
The comparison in this case might have the prosecutor go after some lesser charge just to stick anything in order to justify the huge operation in the first place.
In the USA at least, much of our government could function nearly the same regardless of if our market system is completely laissez-faire capitalism, or hardcore communist. In fact, you could argue that government and its' systems, like the judicial system should be completely devoid of any possibility for profit motives. Since, as saucetenuto states, those undermine the system.
Now, I don't want to get into an argument about whether good lawyers deserve to get paid better than bad lawyers, etc. But I don't think I'd want to meet the person who sees the justice inequality between rich and poor defendants and thinks "All is as it should be."
That makes no sense, whatsoever.
If I had files in dropbox for personal use removed because someone filed a DMCA request against the same file someone else was sharing with everyone I'd be rather annoyed. Especially in the day of digital downloads.
Just because 1 upload is using it in an infringing manor doesn't mean all of them are.
You just don't get to keep the data file and hide it behind more links.
Why not? (A genuine question, btw. I'd be interested in any tested case law.)
> 1) Does not provide unauthenticated access or public links for anyone to use to your backed-up MP3s from Amazon.
UberUpload does not provide public links for "anyone to use your backed-up MP3s".
It provides links so material can be accessed but those links aren't public unless I make them so.
(Obama's direct phone number is private even though we know its format. The same principle applies here.)
If you have any concrete evidence that storing copyrighted files in non-local storage is copyright infringement I would be very interested in seeing the case law.
The law is US Title 17
§ 106. Exclusive rights in copyrighted works Subject to sections 107 through 122, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following: (1) to reproduce the copyrighted work in copies or phonorecords; (2) to prepare derivative works based upon the copyrighted work; (3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending; (4) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works, to perform the copyrighted work publicly; (5) in the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly; and (6) in the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio transmission.
§ 107. Limitations on exclusive rights: Fair use Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include: (1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and (4) the effect of the use upon the potential market for or value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors.
Of the other sections from 107 through 122,
§ 108 allows libraries to reproduce "no more than one copy or phonorecord of a work".
§ 109 allows the owner of a physical copy to sell it, but forbids renting or lending software media (CDs etc) without a license.
§ 110 allows schools and churches to hold plays.
§ 111 allows the local loop of a network to repeat the network signal without obtaining an extra license for every single retransmission.
§ 112 allows TV stations to save a single copy of their transmission.
§ 113 prevents reproduction of a "pictorial, graphic, or sculptural work"
§ 114 regulates music streaming services.
§ 115 forces the RIAA to allow anyone to license copies of "non-dramatic" music (ringtones) at royalty rates set in law.
§ 116 allows jukebox owners to form a union to negotiate licensing fees.
§ 117 allows you to let your computer make a copy of software from disk to ram to run programs.
§ 118 gives PBS extra powers in negotiating license fees.
§ 119 allows satellite TV to convert the satellite signal to a TV signal.
§ 120 allows people to photograph buildings.
§ 121 allows the government and nonprofits to make Braille copies of copyrighted works.
§ 122 forces the satellite TV networks to obtain an extra license again.
Source: http://www.law.cornell.edu/uscode/html/uscode17/usc_sup_01_1...
Source: http://arstechnica.com/media/news/2011/03/amazon-on-cloud-pl...
In the following article[1], an intellectual property lawyer indicates that Amazon's move is on unclear legal ground.
[1] http://arstechnica.com/media/news/2011/03/music-industry-wil...
Your assertion that all copying is illegal is also false, as found in SCOTUS's refusal to hear the Cablevision case in 2009.
In addition, in the UMG vs. MP3.com decision the problem was that MP3.com was doing the copying. The judge made a clear distinction between what MP3.com was doing and time and space shifting, which are closer to what cloud storage services are doing.
The ongoing damage here, if any, is only economical and a much more narrowly construed seizure could still largely prevent further damage while safeguarding their legitimate customers.
That's way too subjective for law. The prosecution has to prove to the jury (NOT the judge) that what they found is, in a criminal case, beyond a reasonable doubt, an illegal substance.
The FBI will attempt to prove that MegaUpload was an illegal business. Why should they just let it keep running if that is the case?
You can call technicalities and process and mandates and whatever, but the facts stand: Megaupload is dead, and there was absolutely no trace of a fair trial.
If you allowed all organizations to continue to operate until they were proven to be breaking the law you'd have something very closely resembling anarchy. Imagine if ever pump and dump boiler room operation had 1-3 years advanced notice before being subject to asset seizures.
Steganography is a good idea, though.
(edited: corrected stenography -> steganography per too-aggressive spellchecker usage)
The fact remains that you are much better off encrypting in the first place even if you are eventually forced to decrypt. You can challenge the order to decrypt, you can add more time to the investigation and give your lawyers more time to put together a strategy for whatever angle they consider most prudent, you can prevent surreptitious listening that may arouse interest in your activity in the first place, and so on.
Even if you ultimately are forced to comply with an order to decrypt, which again is by no means guaranteed, you still do yourself a lot of favors by encrypting from the get go. And we haven't even mentioned protection from non-governmental entities like script kiddies, competitors, or tabloids.
Steganography is provably secure but requires a lot of cover data and careful implementation.
Steganography is less useful for most purposes than most people want.
Can anybody suggest a country/host that is cheap, fast and outside of the reach or co-operation of a US federal investigation?
IF they're found guilty, the additional time of operating in a situation where everyone who might want to use them to pirate knows they're under significant government scrutiny is not likely to make the damage done all that much greater.
As for destroying evidence, in this case the feds are happy to let the hosting companies destroy data - they've apparently warned Megaupload that lots of user data will get deleted by the hosting companies soon for failure to pay, because Megaupload's assets were seizes so they can't pay...
So not only are they not allowing the files to stay online, they're preventing Megaupload from ensuring they can retain copies of customer data in the event they're found not guilty.
Regardless of whether or not they're found guilty, this way of acting is downright disgusting.
They were publically accessible (as in no authentication was required) regardless of how you want to spin it. But if that's not good enough for you...
It's my understanding that megaupload (and it's other sites) links were of the form: http://www.megaupload.com/?d=XXXXXXXX
I could be wrong, but the links I've found so far all have 8 characters.
Notice it's a somewhat easily searchable space. You can enumerate all links starting from point1 to point2 (I think they assigned sequential numbers so no need to search the entire space).
Hence the slew of public MegaUpload-search websites that you could go to and search for every file in the index.
The point of the response was that if you needed private backups of your Amazon MP3 you should use a service that is a true lockerbox, and not a pseudo sharing site thats designed for sharing content. Otherwise, you need to take the blame for 1) losing access to your backups, and 2) knowingly sharing it even if you did not give the link out.
A lockerbox service that requires some authentication, or a very large GUID type link that can't be enumerated.
MegaUpload was designed for sharing.
The case of someone losing their legitimate Amazon MP3 upload is an edge-case that inconveniences one person, but takes down the sharing of hundreds, or thousands, of copies of illegitimate copies.
> MegaUpload was designed for sharing. > Notice it's a somewhat easily searchable space. It would be nonsensical to store two copies of the same file as a service like MU or Dropbox. That file might legitimately be owned by user A and illegitimately owned by user B. Just because a DMCA takedown request was filed against user B's link doesn't mean user A should lose their legitimately owned file. This is analogous to someone storing stolen cash in a bank. Just because there was a stolen $20 in the vault, doesn't mean all $20 notes in the bank are stolen.
It will be interesting to see the outcomes of these events, it may make me lose all faith in humanity.
In of itself? Nothing.
In combination with all other factors. Everything.
> Just because a DMCA takedown request was filed against user B's link doesn't mean user A should lose their legitimately owned file.
As a copyright holder, that's not my problem that 1 in a million decided to upload some questionable copy of my work to a publicly accessible pseudo-sharing site that violates my copyright over and over and over again.
If you upload it to MU, then cry to someone else when that same criminal enterprise gets shut down and you lose the one copy you had.
Your right weren’t violated. Mine were.
Anyone crying about this is just playing a victim card here after making a bad decision. Or can't come to grips with reality after assuming that since copyright infringement is so easy to do, it must not be a bad thing to do, and it must be part of your entitlement.
I can understand if you're mad about copyright infringement, but why does that person who recorded all of their child's sports matches deserve this merely for using MU? They were sharing their own movies with the rest of the team, true, but that's all the more reason to use a site like that in the first place.
Instead of edge-cases, how about a common one? Or does that not count?
So yes, if any of the above is true, what happened to MU was good.
And as far as that loaded question about the person losing his child's sports matches... You can frame it however you want, it does not change the facts we know about MU. MU was most likely a criminal enterprise.
And all US phone numbers have 7 digits. (It's easy enough to figure out the relevant area code.)
Are you claiming that there are no private phone numbers in the US?
What the fuck.
You can call that "loaded" if you like, but it actually happened.
You're claiming that 8 character ids are inherently public. Why is the "publicness" of 7 numeral ids an unrelated analogy? After all, the universe of 7 numeral ids is significantly smaller than the set of 8 character ids, so if the former is private (by obscurity) then surely the latter is as well, absent some other factor.
So, what are some of these other factors?
I know of someone who may or may not have used a site like UU to get recent episodes of the show X. Once UU stopped sharing links, this person looked for other ways to get the recent episodes of X. She tried purchasing them from iTunes, but to no avail; She tried purchasing from Amazon Streaming but to no avail. Her only option is to wait for the DVD to come out or pirate.
There is a case where money is lost due to piracy. The answer is not to sue the pirates but to provide distribution methods.
> Your right weren’t violated. Mine were.
Actually, mine were. I bought a copy and you destroyed it.
You keep claiming that I deserve to lose the copy that I bought because Megaload may have paid someone else to upload copyrighted content. Exactly how was I supposed to know this? (Hint - at a mininum, you need to point to a public announcement by Megaupload to this effect.)
You drove to the Ghetto and threw your only copy into a crack house. That crack house got raided, shut down, sealed off.
You took that copy away from yourself. It's your problem. Not mine. Cry to someone else about your rights.