After spirited discussions in the TvB offices, we’ve decided to introduce a new topic area on online privacy and data protection rights. In this inaugural post, we’re taking another look at the Kim Dotcom case, which is now slogging it’s way through the US District Court of Eastern District of Virginia. This one has not wanted for coverage (see Electronic Frontier Foundation, Wired, Ars Technica), but in reviewing some of the briefs, motions, redacted search warrants, and court transcripts, I found myself thinking this is less a case about the Fourth Amendment being stomped on, than the risks you take when you store your data in the cloud.
It also looks to me like the Government has a pretty darn good case, though resorting to scorch earth policies regarding copyright-violating cloud provider in order to make their points. Someone had to be an object lesson and Kim Dotcom fits the bill better than the folks at say BitTorrent and other services.
Along the way there are also lessons in bad data administration, tech illiterate judges who get pushed around by just about everyone, grandstanding attorneys, and vengeful movie studios. I’ll take up some of this in other posts.
For those new to the Kim Dotcom saga, I provide now a short recap.
New Zealand-based Kim Dotcom, a Dr. Evil (substitute other evil figure metaphor) former hacker, and his crew, set up a giant online storage sharing site, Megaupload, that, according to the Government, was really a front–”world-wide criminal organization–for sharing copyrighted material–movies, games, apps, movies–and “caused harm to copyright holders in excess of $500 million in losses.” Unlike, other sharing services the whole intent of Megaupload, says the Justice Department, was criminal, so safe-harbor protections–read DMCA–don’t apply. Megaupload admits to having pirated content on their site–by the way, the Department of Justice has proof that Megaupload servers held a “Zack and Miri Make a Porno” flick!. According to the Government, Megaupload was very selective about which content they removed when asked to honor copyright infringement requests.
In early January 2012, backed by criminal asset seizure laws (that’s 18 USC 981, 982), the US Department of Justice swooped in with a search warrant– publicly available but heavily redacted–for Megaupload’s 1000+ servers, which were mainly co-located at Virginia-based hosting service called Carparthia Hosting. G-men “imaged’ a few servers, and then left with the smoking gun evidence. A multi-count indictment (money laundering, copyright infringement, money laundering) was then unsealed naming Dotcom and his cadre, who to this day remain holed up in New Zealand, which does not have an extradition treaty with the US.
In late January, after the government finished their forensic work, the servers, or more accurately the disk drives containing the pirated content, again became the property of Carparthia. Because Megaupload money assets were seized, Carparthia could no longer afford to keep these servers running at $9000 per day in power, cooling, and overall maintenance. At first they were interested in either deleting the data or selling the servers on the market. They ultimately tried to sell the servers and drives back to Megaupload. But because of interest in the data from different parties, notably from the MPAA (Motion Picture Association of America dba “Hollywood”) and the Government, they were forced to store the idle servers and disks in a Carparthia-owned climate controlled data center at a cost, Carparthia says, of about $37000/month.
In March, Carparthia filed a protective order with the Court asking that one of the parties–read the Government–to take the blasted servers along with upkeep expenses. The Government responded by rejecting this motion. By the way, in that order, Carparthia suggests deleting the data again, an action that the Government did not explicitly find unacceptable.
Then a Mr. Kyle Goodwin, who runs a sports video business out of Ohio using Megaupload servers, enters the stage. Represented by Electronic Frontier Foundation, Goodwin asks for his digital property back from the … Government (not Carparthia, the actual owner of said property). Unfortunately, with the servers in Carparthia’s somewhat uncooperative hands and effectively offline, Mr Goodwin was out of luck.
That’s the broad outline.
To me it’s still unclear why the Carparthia didn’t more gracefully pull the plug. The Government effectively put Megaupload out of business, of course, and took over its domain names. Before Carparthia crated the servers, it’s conceivable they could have worked out some kind of web app announcing the pending closing, and accept and redirect Megaupload URLs on a limited bases. That never happened.
And Kyle Goodwin’s EFF attorneys seem less interested in getting Kyle his data, then in making a good Constitutional case. After reading a court transcript, it doesn’t seem they’re working very hard on this matter. Here’s an idea: Carparthia turns the servers on, without accessing the Intertoobz, so that their client can enter his bloody URLs and regain his videos. Or perhaps unleashes it one last time to the Web with URLs to copyyrighted materials, a list that the Government has, appropriately blocked by the firewall.
And there was lots of misinformation about the total amount of actual content in Megauploads “awesome universe” and the time it would take to copy it. Attorneys from all the relevant parties were enabling these misconceptions, snookering the judge into believing some of the technical issues were insurmountable.
One lesson for anyone who thinks cloud providers are infallible: back your s#!t up locally.