One of the key motivations behind Kim Dotcom’s launch of Mega earlier this month was to avoid the legal issues that plagued its predecessor, Megaupload. But will the encrypt-first-ask-questions-later approach work? University of Canberra law student Karl Schaffarczyk examines the issues.
Photo: Fiona Goodall/Getty Images
Just 12 months after being arrested for copyright infringement, racketeering and money laundering for his involvement with now-defunct cyberlocker Megaupload, and despite facing extradition from New Zealand to the US to face such charges, Kim Dotcom has launched Megaupload’s successor: Mega.
The site went live on January 19 with more than 100,000 users signing up in the first hour and more than 1 million registrations in the first 24 hours.
While there are obvious similarities between Mega and Megaupload, a key point of difference, according to Dotcom, is the fact Mega and its users are protected by a solid legal framework.
So is Dotcom right? Will Mega be able to avoid the legal issues that led to Megaupload’s demise?
Wait, What Is Mega Even For?
The idea behind such cloud services is simple: users may upload data and then access that data from elsewhere. Most services (including Mega) permit sharing of the uploaded files with others.
It is through this sharing mechanism that users can commit acts of piracy by sharing copyrighted material such as music, movies, books and so on.
Engaging in or facilitating copyright piracy is outlawed in many countries, and offenders face sanctions including liability to pay damages or disgorge profits to rights holders.
Content hosts and internet providers usually have access to “safe harbour” provisions limiting their liability when user behaviour infringes copyright. These provisions are generally conditional on the content host removing the infringing material as soon as they are aware of it, and having a policy of disciplining users who repeatedly break the rules.
The indictment of Kim Dotcom and others in the “Mega Conspiracy” claims instead that Megaupload actively supported users who used the service to share infringing material.
According to the indictment, Megaupload was the single largest piracy repository on the internet. And by facilitating piracy the service apparently cost copyright owners US$500 million in lost revenue while making US$175 million in profits.
Same, But Different
One of the the features that sets Mega apart from its predecessor is the encryption of files during the upload process.
Encrypting files in this way means all files stored on Mega are useless to anyone who doesn’t have the decryption key. This means the administrators of Mega cannot view the contents of a file, and so they cannot determine whether a file contains business material or the latest Hollywood blockbuster.
A simple legal argument can then be made: if Mega doesn’t know what it’s hosting, then it cannot be held responsible if that content is infringing, or otherwise illegal.
But like most simple arguments, this one is wrong.
Most content hosts have no idea what content they are hosting, but instead rely on notices from copyright owners to identify content which may be infringing. In the case of Mega, any links that are distributed for the purpose of sharing copyright material will still result in infringement notices being sent.
YouTube is an example of a site on which all uploaded content is checked via an automated content-matching process. This process is in place to detect unauthorised copies of video material or soundtracks. By providing this tool to copyright owners, YouTube avoids most claims of piracy.
Mega, on the other hand, uses across-the-board encryption, and because of this it is technically impossible to proactively filter or check content.
Without these automated tools, content owners are left with the Sisyphean task of locating and reporting infringing content to Mega.
Nothing has changed in the legal landscape with respect to liability of content hosts. In order to use the “safe harbour” provisions, Mega must remove infringing content as soon as it becomes aware of it, and must also discipline the person responsible. Without the “safe harbour” provisions Dotcom can expect another raid in the near future.
All responsibility for content is with the user. The help files and terms of service also set out processes for the handling of copyright notices, and how to make counterclaims.
In all, it’s fairly standard legal boilerplate comparable to most other content services – with the bonus that it invokes Article 12 of the Universal Declaration of Human Rights. That is:
No-one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
In theory, Mega is a model content host which appears to comply with best practice. User content is kept private through encryption, procedures are in place to take down infringing content upon notices being filed, and Mega promises to terminate the accounts of repeat infringers.
Those with a stake in Hollywood and the music industry are furious with Mega’s launch. Anti-piracy lobby group StopFileLockers has already commenced a successful campaign to cut off funding to Mega. They claim that the new Mega is simply a re-launch of Megaupload.
StopFileLockers has highlighted that as Mega only holds encrypted files, automated processes cannot be used to locate infringing material, and so will be a haven for copyright pirates.
The behaviour of Mega over the coming months will send a clear signal to copyright holders and those who file-share. The question remains: can Dotcom’s latest venture stick to the rules, or will the entrepreneur again find himself in hot water?
Dotcom is using privacy as the reason to offer a service which automatically encrypts all content. While privacy is important, it appears that the purpose of the automatic encryption is primarily to provide Mega with excuses to not proactively co-operate with rights holders.
By structuring their service to technically preclude co-operating with rights holders, Mega is a distinctly copyright unfriendly service.
Karl Schaffarczyk does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.