M&E Daily

MegaUpload Founder's Encryption Prescription

MegaUpload Founder's Encryption Prescription

By Paul Sweeting

The Motion Picture Association of America and the U.S. Justice Department say they are still reviewing the details of the new encrypted online file-locker site Mega launched at an extravagant press conference yesterday in New Zealand by Kim Dotcom, the fugitive founder of MegaUpload. But one conclusion already seems clear: file encryption is poised to become the next major battleground in the ongoing struggle over online file-sharing.

 MegaUpload was once among the most popular file-locker sites on the Internet. But it was shut down a year ago by the FBI, which alleged the site was being used to store and share pirated content. Dotcom, who was born Kim Schmitz, was arrested by U.S. and New Zealand authorities in an armed raid on his compound near Auckland and charged with criminal copyright infringement. Since then, the Justice Department has been trying to have him extradited to face trial in the U.S. But his extradition has been on hold for months while the New Zealand courts try to determine whether the raid on his house was lawful, and if not then what to do about it. 

While that case remains pending, Dotcom and two partners are back, this time with a site that functions very much like the old MegaUpload but which automatically encrypts files as they’re uploaded by users, such that Mega has now knowledge of the file’s content. The system was essentially reversed engineered by lawyers from the Digital Millennium Copyright Act to try to shield Mega from liability or obligation for infringing material posted to the site.

Mega users choose their own password. That password is then used to generate the user’s login credentials when connecting with the service, as well as a unique encryption key used to encrypt a particular file. By design, Mega knows only the user’s login credentials, not the password used to generate them. Nor does it know the name of any file the user uploads, or have any way to access a decrypted version of any of those files, since both the file name and contents are encrypted using a unique key tied to the user’s password.

The ability to encrypt files online is not new, of course, and has been used by sophisticated copyright pirates for years. But it has required a certain amount of specialized knowledge. As Dotcom himself admitted at his press conference, however, the automated system employed by Mega “is going to take encryption out to the mainstream.” Within a few hours of Mega’s launch, in fact, it had lined up over 500,000 registrants worldwide.

The mainstreaming of encryption will likely leave anti-piracy groups with little choice but to challenge the practice, whether in a new case against Dotcom or against some other operator.

The key legal issue will be whether Mega’s carefully engineered ignorance of what its users are posting to its servers really protects the operator from liability. In the past, courts have held that online service providers are only required to remove infringing material under the DMCA when provided with particular knowledge of a specific infringing file. Mere awareness that infringing material is available on a site has not been enough for courts hold the site’s operator liable for secondary copyright infringement.

There are limits to that protection in the law, however, where a site operator willfully turns a blind eye to blatantly infringing behavior. So far, courts have granted service providers a lot of latitude on the willful blindness standard, depsite efforts by copyright plaintiffs to invoke it. But no one has gone as far before as Mega seems to have gone in deliberately engineering their own blindness into the design of a service. At some point, it’s likely to be up to the courts to determine whether it has gone too far.

 

  • linkedin
  • fb
  • twitter
  • google plus
  • email

EVENTS

TOP HEADLINES

  • Deluxe’s Beast, Company 3 Test Drive New Panavision DXL for ‘Underwater’ Short Film (Deluxe Blog)Director Russ Lamoureux’s ethereal short film more...

  • Amazon Sets Up Shop in the Heart of the Publishing Industry (NYT)Amazon is bringing its experimental, data-driven a more...

  • Spoiled by Agile (Wazee Digital Blog)Is it possible to practice agility and not have th more...

  • Cannes: Netflix Movies Dominate Early Digital Buzz Amid Screening Controversy (Variety)Netflix might not be returning to the Cannes Film more...

  • CFO: Disney Not Interested in Premium VOD (HMM)While studios and theater operators engage in talk more...

  • FCC Budget Showcases Rapidly Shrinking Media Regulatory Agency (THR)Don't expect much policing of indecency, competiti more...

  • The Best Digital Offense Starts With the Best Security Defense (Cisco)We have been talking about digitization for a whil more...

  • Cyberattacks Again Roil Hollywood … Can Anything be Done About It? (L.A. Times)Like most large corporations, major Hollywood stud more...

  • Five Security Lessons WannaCry Taught Us the Hard Way (Dark Reading)The scope and severity of the fallout from the Wan more...

  • Not Investing in Cybersecurity Has ‘Inverse ROI’ (TechTarget)If the cyberattacks that infected computers in mor more...

  • XML vs. JSON: A Security Perspective (Independent Security Evaluators)XML and JSON are both universal formats for arbitr more...

  • Stopping Ransomware Starts With Your Inbox, Cybersecurity Professionals Say (KQED)A screenshot of a virus-infected computer has been more...


OUR MEMBERS