EFF Seeking Information of Legal Users of Megaupload

The Electronic Frontier Foundation, with the assistance of Carpathia Hosting, has issued a call for information on users who lost legitimate data as part of the Megaupload takedown. No promises are made at this point, but Carpathia at least notes: "We have no immediate plans to reprovision some or all of the Megaupload servers. This means that there is no imminent data loss for Megaupload customers. If this situation changes, we will post a notice at least 7 days in advance of reprovisioning any Megaupload servers."

Re:I'm confused...

MegaUpload's assets have been frozen, so they can't pay their hosting bills. Carpathia Hosting has several terabytes of web-facing storage that are no longer earning revenue. Eventually, they will sell that capacity to someone else, and the data will be overwritten. This has to be one of the most misunderstood, misquoted, and misdirected stories of the year so far.

There's no FDIC for data, and the bank just closed. Caveat Emptor.

Re:I'm confused...

[Baloroth]

Surely they would had cleaned up their act if they were indeed found acting unlawful. What happend was completely unnecessary.

While I agree at least partially with the last sentence of your post, the problem was MegaUpload knew they were acting unlawfully, and profited through such behavior, with full knowledge of the illegality of the content they were hosting. They wouldn't have changed. In fact, they didn't, after repeated notifications. Google even ceased doing business with them. Two years ago, which is (probably not coincidentally) around the time this investigation started. When other legitimate businesses stop doing business with you because they think you are breaking the law, that is a good sign you need to clean up.

With that said, the whole mess is blown out of proportion and was taken way too far. I think someone is trying to make an example out of MegaUpload.

Please don't cry for Megaupload...

[nweaver]

I reviewed an academic paper (which unfortunately the others on the PC didn't like, so it wasn't accepted) which examined the economic model of Megaupload, related services, third-party links to Megaupload, and the popular files, especially the "Uploader Rewards", and concluded that the company's business model really was about "Profit from Piracy".

Combined with the email trail that the feds apparently got (eg, emails concerning scraping of Youtube for the creation of MegaVideo, emails about reward payments including clear descriptions of the types of uploads), and the RICO indictments etc are not a surprise. (the indictment)

For example, if its true that their takedown is by URL, but they duplicate based on hash (so one can have multiple URLs for the same file), thats clearly attempting to game the system, as any legitimate takedown system would take down all separate URLs which point to the same file. (Paragraph 23 on the indictment). Especially if this is related to the creation of a "dummy lifetime premium user" to "to prevent the loss of source files due to expiration or abuse reports" (from a Megaupload email).

Also, at least according to the indictment, there really should be very few legitimate files lost in this: Anonymous uploads needed to be downloaded every 21 days or they were deleted, and even free named accounts required 90-day downloads, which is very different from Dropbox and other systems, where persistence, rather than popularity-of-download, is the goal.

Re:Please don't cry for Megaupload...

[dgatwood]

For example, if its true that their takedown is by URL, but they duplicate based on hash (so one can have multiple URLs for the same file), thats clearly attempting to game the system, as any legitimate takedown system would take down all separate URLs which point to the same file. (Paragraph 23 on the indictment). Especially if this is related to the creation of a "dummy lifetime premium user" to "to prevent the loss of source files due to expiration or abuse reports" (from a Megaupload email).

Wrong. The DMCA puts the onus on the copyright holder to provide enough information to identify the offending material, not the service provider. A legitimate takedown system would take down the URL they request be taken down, and no more.

The reason this is crucial is that deduplication is an established technique for preventing data redundancy, and does its job without regard to who uploaded the content or how it is being used. It is not at all a given that every copy of a file uploaded by multiple people is equally infringing.

For example, you and I both buy a copy of a movie. We each have the right to make a backup. I make my backup and upload it to a sharing site, but mark it "for my eyes only". This is still a backup. You do the same, but mark it "public" and post the URL to a bunch of pirated movie bulletin boards or whatever. This is no longer a backup. Your data and mine are, or at least should be, identical because they were ripped from the same DVD. They are deduplicated to the same underlying hash. When the copyright owner complains about that URL, your copy must come down. However, if my copy comes down as well, that would be illegal destruction of my personal property, and would subject both companies to civil (and possibly criminal) liability.

Taken one step further, I might have a relationship with the copyright holder that allows me to redistribute a copy of that movie to my clients. I might make that URL "public" (accessible without my password), but I might not publish the URL except in the form of sending it to my clients. That is still not a copyright violation. However, it is still technically a publicly shared URL. When yours gets taken down, mine must not, or else it is tortious interference. Yet there is absolutely no difference, as far as the sharing service is concerned, between those two URLs. Both are public. Both are backed by the same tag.

The DMCA requires that the requested URL be taken down, not every possible copy of the content in question. Any representation to the contrary is a misrepresentation of the law, and would render infeasible the standard operating procedures for large, shared server farms.

Don't get me wrong; I'm not saying that these sites aren't sleazy operators that knowingly distributed copyright-infringing material. However, their following of the DMCA to the letter to the law (and no further) should not be considered evidentiary support for such an argument.

Re:I'm confused...

And this is where it gets stupid and proves the judge was most likely paid off.

MegaUpload maintained files in a file system to minimize wasted, duplicated data. A file available by one link might be actually pointed to by a dozen links, each "uploaded" by a different person.

Now, here's where it gets dicey:
- If the file was something known illegal pointed out to them, like child pornography, they took it down AND they nuked the file details so it couldn't be reuploaded later. Because there is NO jurisdiction in which child pornography would be legal.

- If on the other hand it was a DMCA request, they took down the link indicated only.

Why? Because we can easily have the following situation:
1) Person #1, not authorized to put up the file, uploads it.
2) Person #2, who IS authorized to put up the file, uploads it.

This is not out of the realm of possibility, since a legitimate use for MU was to send files to someone that wouldn't fit into email for collaborative purposes.

Now, Person #1's link is taken down by DMCA complaint. But person #2's link is still authorized. The file itself was the same file: one person was authorized, and behaving within the law, one person was not. DMCA is satisfied by making the offending link no longer available.

But they forum-shopped till they found a bribable, brain-dead judge too stupid to understand the principles involved so they could get rubber stamps to have their little Kristallnacht reenactment instead.