… worse than the old Mega?
The MegaUpload saga exploded a year ago when 76 law enforcement agents, a couple of helicopters, and quite possibly sharks with laser beams on their frickin’ heads raided hacker/entrepreneur Kim Dotcom’s sprawling New Zealand lair, complete with 18 luxury cars, a panic room (it took them hours to find Dotcom), a giant chrome sign reading “Dotcom Mansion,” and perhaps a fleet of planes from Pussy Galore’s Flying Circus.
The suspect himself–a giant 6’7″ 300+ pound man-baby–routinely drove down the road to work on his album, so it’s not like the mega-raid was necessary. His arrest was dubbed “Operation Takedown” and orchestrated by the FBI, which watched from a video link. In case the reason for a top-secret Hollywood-style raid on a personal residence in the land of Hobbits might be lost on any, select media was invited to watch.
And there you have the real point of the whole thing: law-enforcement theater, conducted by the FBI at the instigation of powerful film, music, and television lobbyists. They weren’t making a case: they were making a point. Prosecutions would nice, but big headlines would be better.
Dotcom’s MegaUpload was seen as the key resource for illegal file trading. At one point, it accounted for 4% of all internet traffic on the planet, as people uploaded and downloaded illegal copies of Star Wars, Lady Gaga albums, and, for all I know, old episodes of My Mother the Car. Oh, and porn. Lots and lots of porn. I mean, just tons of the stuff.
Imagine it as a giant lawless Dropbox for people trading copies of Twilight.
Kim Dotcom (aka Kim Schmitz) feigned outrage over this use of his service, and claimed to have a staff of people dedicated to eradicating it. I can’t really imagine a staff large enough to vet 4% of all internet traffic, so that claim is worth just about zilch. The fact is Dotcom got filthy rich (I mean, “Hello, Tiffany? How much for a solid platinum toilet?”-type-rich) facilitating intellectual piracy.
Did he really? Did Xerox facilitate intellectual piracy by allowing people to copy print documents and books? I know that’s a specious comparison, but the question remains: is a person a criminal who provides a wholly legal infrastructure for what might be illegal acts? MegaUpload could just as easily be used for document and photo storage, or legal archiving of a private collection of digital media without any intent to share.
MegaUpload knew what was going on. An HD feature film is about a 4GB file, more or less. If you see enough giant chunks–or pieces of chunks–of data like that floating through your system, you know darn well what’s going on.
The problem is that we’re in new legal territory, and old copyright law is running headlong into new technology, with common morals and ethics left out of the equation altogether. It’s going to take time to sort it all out, and in the short term law enforcement agencies will do what they do best: bumble around violating civil liberties at the behest of powerful interests.
The Dotcom raid will result in no convictions. Judges are already tossing out warrants and releasing some of his frozen assets. What should anger you is that the American Department of Justice probably considered a conviction of Dotcom secondary: the real goal was simply to kill MegaUpload by seizing/freezing/destroying every piece of it. If MegaUpload was acting illegally (and I believe they probably were), they should have their day in court. Instead, they were simply arrested into oblivion. That’s not the way justice should work.
Their bumbling, however, let the real target slip away, and now Kim Dotcom is back is business with Mega, a file-sharing service that might be even worse for piracy than MegaUpload.
On January 20th, precisely one year to the minute after the raid on his home, Dotcom launched his new enterprise with a reenactment of that raid at the same home. A helicopter with “FBI” written on the side hovered overhead while “agents” rappelled down the side of the house. The Keystone Cops of US and New Zealand law enforcement really did a bangup job, because now Dotcom may have created a system where people can trade copyrighted files and he can’t even be touched.
Mega uses the power of HTML5 to create a client-side Advanced Encryption Standard (AES) 128-bit symmetric encryption key. That means your Mega password is your key to unlocking your files, which are encoded on your computer before they ever get to the Mega servers, and can only be decoded with the same password when downloaded. Users can share an encoded link and provide a password separately, or create a link that embed’s the password in the link. In the first case, the downloader would need the link and the password. In the second, they’d just need to the link.
Here’s the thing, though: Mega doesn’t keep the passwords, and they can’t look at your files. This means if you lose your password, you cannot retrieve it. It also means that if that password is hacked and changed, you’ll never get back to your files.
This removes Mega from the accountability loop. They don’t “see” anything but a jumble of encrypted data. They can’t cooperate with law enforcement agencies who want to crack down on file traders because they simply don’t have the information.
Do they or don’t they? Their terms of service say they perform a duplication check on your data, and if they determine it’s identical to other data already on the server, they delete it and just assign you the copy. This is not unusual (iTunes Match does it) and it saves space on servers. Basically, if 100 people upload the same copy of the exact same Amazon/iTunes download of a song, the servers don’t keep all 100.
(By the way, uploading songs to servers is perfectly legal. I do it for Google Play and Amazon Cloud in order to stream my music from different devices.)
But, but … if Mega doesn’t have the encryption key, how do they perform the duplication check? It’s a question that needs answering.
Mega’s entire existence is based on plausible deniability. They are performing a fairly unconvincing Colonel Schultz impersonation…
..and expecting international law enforcement agencies to accept it at face value. The thing is, Dotcom may have actually created a bullet-proof file-sharing scheme in which the person providing the service (him) is wholly inoculated from any copyright violations. That he created the system with this exact purpose in mind is where things get murky.
I believe people should be able to protect their data from prying eyes, and that very clear and definite American privacy rights should trump significantly less clear and definite international copyright laws. Yes, piracy is a scourge that’s tantamount to theft, but it can also use technology that’s not criminal. Law enforcement sweeps with too broad a broom in the digital arena. I care a lot less about Paramount losing a couple of bucks on a copy of their latest Star Trek movie than I do about governments (both democratic or otherwise) being able to smash systems that enable the free exchange of data. Piracy is bad for creators. Anti-piracy efforts, if they become overzealous, can be bad for everyone.
There’s one final element in this whole story that bothers me more than any other.
Most of the attention in the upcoming months will be on what Mega means to intellectual properties, because that’s where the money is. Much more disturbing however, is the potential for Mega to become a global exchange for child pornography. Dotcom is married with five kids, and although he’s a grandstanding clown, I doubt very much he’s the malevolent force presented by prosecutors. I would hope that the potential for his system to become the trading hub of choice for perverts the world over would cause him some concern, but he seems to have created a system where he can do nothing about it.
That’s a problem, and I’m honestly not sure what can done about it. Certainly Mega will enable pornographers to spread their filth without any risk of being caught, but didn’t the mail already do that? Laws prevent people from owning or sending child pornography through the mail, but laws also prevent authorities from opening mail without warrants. (Well, at least the law used to, before our collective post-9/11 insanity.)
Technology makes the distribution of criminal images easier and makes catching the culprits more difficult, but should it, like the mail, have certain inherent protections and assumptions of privacy?
Does the reach of a distribution or communication technology change the fundamental rights and assumptions of privacy?
Does the potential for damage to society by the speed, ease, anonymity and spread of harmful images tip the scales of privacy rights (which are not necessarily constitutionally guaranteed) and civil liberties away from the individual, and require us to surrender some freedoms in the interest of the public good?
I’m inclined to think not, but I admit that we’re in new territory here, and I’m just not sure where we go from here.