The big copyright news overnight was not the continuing protests against the Stop Online Piracy Act (SOPA) and PROTECT IP Act (PIPA), but the shutdown and seizure of Megaupload.com, a popular “cyberlocker”, and 17 related sites.
The Mega empire was hosted on servers in the United States, the Netherlands, and elsewhere around the world. Acting on a grand jury indictment obtained from a US district court, US authorities coordinated with their counterparts in New Zealand, Hong Kong, the Netherlands, the UK, Germany, Canada and the Philippines to:
- seize 18 domain names and take the related sites offline
- seize a reported US$50 million of assets, and
- arrest four of the seven individuals charged in the indictment.
At the time of writing, the three remaining individuals are yet to be apprehended.
Cyberlockers are websites that provide private data storage facilities by allowing individuals to upload content for later retrieval or sharing with others. Many of us probably already use cyberlockers such as Dropbox, Microsoft’s SkyDrive or Amazon’s Cloud Drive in our work.
Such services have plenty of obvious non-infringing uses – if you want to share a 700MB video you took of your recent trip with family and friends, uploading it to a service such as Megaupload and giving your friends the download link is one of the cheapest and most efficient ways to do so.
Anybody could upload files to Megaupload, but files that failed to be downloaded for a short period (21 days for material uploaded by unregistered users, 90 days for registered “free” users, no limit for registered “paid” users) were deleted. In practice, this ensured Megaupload was used largely for the storage of popular content which, not surprisingly, often turned out to be infringing.
That material was made somewhat difficult to find because Megaupload (probably for strategic legal reasons) had no search tool on its website. Instead, users had to find the URLs for content from an external source – directly from a friend, from another website or via a search engine.
The business made money from selling premium use subscriptions, and from advertising on the site. All in all, the indictment alleges Megaupload made some US$175 million in income since opening shop in 2005, from a claimed 1 billion+ visitors.
(Incidentally, the breakdown is US$150 million from user subscriptions, and just US$25 million from advertising. If this is correct, it’s more evidence that many users are willing to pay to access “free” content. If this single site can make US$150 million from user subscriptions when offering a hodge-podge of files of dubious quality and without the ability to effectively search among them, imagine how much content owners could make if they made their content more reasonably available.)
While there’s no doubt that many of Megaupload’s visitors were intent on downloading infringing content, it’s less clear whether the site’s providers can be held liable for those infringements. In an interview given to TorrentFreak just a month ago, founder “Kim Dotcom” (aka Kim Schmitz) claimed that:
“Mega has nothing to fear. Our business is legitimate and protected by the DMCA [Digital Millennium Copyright Act] and similar laws around the world. We work with the best lawyers and play by the rules. We take our legal obligations seriously. Mega’s war chest is full and we have strong supporters backing us. We have been online for 7 years and we are here to stay, so no need to worry about us.”
The legal protection that Dotcom was referring to is the safe harbour provided to online service providers (including cyberlockers) as long as they satisfy certain criteria.
The indictment alleges that Mega does not qualify for a number of reasons, including because they themselves had actual knowledge that the materials on the sites were infringing (or knew “facts or circumstances that would make infringing material apparent”), and because they were receiving a financial benefit directly attributable to copyright-infringing activity within its control.
The indictment discloses plenty of evidence of potentially illegal conduct. Megaupload paid money to users who supplied its most popular files via the “Uploader Rewards” program, and it seems that key employees sometimes paid out that money with full awareness it had accrued courtesy of infringing files.
Other executives uploaded infringing content themselves, and on various occasions distributed Megaupload links to infringing content. Plenty of emails demonstrate their intention to engage in wholesale copyright infringement of YouTube’s content (that’s right – they tried to copy ALL of it).
But as Professor James Grimmelman of New York Law School told online technology publication Ars Technica, “much of what the indictment details are legitimate business strategies many websites use to increase their traffic and revenues: offering premium subscriptions, running ads, rewarding active users.”
This case opens the door to vigorous pursuit of other online hosting providers. As this case demonstrates, the US government already has considerable powers to shut down such sites. If the SOPA legislation (discussed on The Conversation on Wednesday) is eventually passed in the US, it will give the US government additional powers over foreign sites that have no connection to the US.
Even more problematically, the legislation (as currently drafted) will give private entities unprecedented abilities to interfere with revenue and advertising of sites, including foreign sites, by alleging that they are “dedicated to theft of US property”.
It’s vital that any future attempts to target file hosting sites make principled, transparent distinctions between those providing useful, legitimate services with substantial non-infringing uses, and bad actors engaging in unlawful conduct.
That holds good whether they’re in the form of official government action to enforce the criminal law, or private action by rightholders such as that envisaged by SOPA. If SOPA is enacted in its current form, no such distinction seems likely to be made.
Those of us who currently use cyberlockers for lawful purposes should enjoy them while we can – but create offline backups just in case.
Rebecca Giblin can be found on Twitter @rgibli.