Five years ago the US Government launched a criminal case against Megaupload and several of its former employees. One of the main allegations in the indictment is that the site only deleted links to copyright-infringing material, not the actual files. Interestingly, this isn't too far off from what cloud hosting providers such as Google Drive and Dropbox still do today.

Last week we reported that Google Drive uses hash filtering to prevent users from sharing alleged copyright infringing content, while leaving the actual files on its servers.

This practice is similar to what its competitor Dropbox does, and probably many other cloud hosting providers as well.

However, it also reminded us of a more controversial hosting service, Megaupload. When the US Department of Justice announced its allegations against the company five years ago, a similar issue was at the center.

One of the main arguments in the indictment is that Megaupload would only disable a URL when it received a takedown notice, not the underlying file. As a result of the deduplication technology it employed, this meant that the file could still be accessed under different URLs.

“…the Conspiracy has, at best, only deleted the particular URL of which the copyright holder complained, and purposefully left the actual infringing copy of the copyrighted work on the Mega Conspiracy-controlled server and any other access links completely intact,” the indictment reads.

The RIAA and MPAA later highlighted the similar takedown related issues in their civil complaints, with the latter stating:

“And although Megaupload had implemented a technology called ‘MDS hash’ filtering to identify and block uploads of various types of illicit content, Megaupload chose not to deploy that technology to identify and block infringing uploads of copyrighted works that had already been subject to takedown notices by plaintiffs and other copyright holders.”

Admittingly, the Megaupload cases are much broader than this single issue, but it does raise questions.

The apparent ‘failure’ to block infringing content from being uploaded by other users isn’t illegal by definition. In fact, neither Google Drive nor Dropbox does this today. So how is the Megaupload situation different?

The main difference appears to be that Megaupload only removed the links that were reported as infringing, while Dropbox and Drive also prevent others from publicly sharing links to the same file. All three services keep or kept the original files on their servers though.

There are good arguments for keeping the files, as others may have the legal right to store them. If someone downloads an MP3, he or she can’t share it in public without permission. However, making a private backup on Dropbox would be acceptable in many countries.

Since Dropbox and Drive don’t face criminal indictments, the question should therefore be whether Megaupload was legally required to delete all public links to the underlying file, even those that were not directly reported.

This is something legal experts have their doubts over, including Professor Lawrence Lessig.

“It is possible for one uploader to have a right to fair use of a copy of a file, e.g., a purchaser uploading a backup or an educational organization offering critical commentary, while other uploaders might have no such fair use right,” he explained earlier in an expert report.

In other words, while one person might not have the legal right to store a file, another person might. The same argument also applies to publishing such links. This is something we also see on YouTube, where rightsholders pull down videos which they themselves have openly published on the same site.

This week, Megaupload counsel Ira Rothken clarified that the service tried to strike a balance between the rights of copyright holders and its users. If one link is infringing, that doesn’t mean that all of the others on the service are as well.

“While Megaupload made efforts to curb abuse of its service, it recognized a competing obligation to its users who legitimately use[d] the service to store their own copies of copyrighted material,” Rothken tells TorrentFreak.

“For example, a music file that was purchased or covered by fair use and uploaded by a user for the purpose of ‘space shifting’ would look the same to Megaupload’s automated processes as a music file to which the user had no legal right.”

This was also brought up in the Dancing Baby” case recently, where it was held that copyright holders should consider fair use before requesting a takedown. This means that removing an underlying file may be too broad, as fair use isn’t considered for all URLs.

Megaupload saw it as an obligation to its users, who had a legal right to the files, to ensure that there’s a proper and legitimate basis to disable links or remove files.

“As a result, where a user was subject to a proper and specific take down notice for their unique link or URL, that user’s link to the file in question was taken down or broken.”

In sum, we can say that Megaupload operated slightly differently from Dropbox and Google Drive today. However, the difference is subtle. Not taking down the actual copyright infringing file from the servers is still common practice, for example.

When it comes to proactively preventing public sharing of links that are not reported yet, the service operated differently. Here Megaupload put the interests of its users first. Of course, the Megaupload case is much broader, but the above should illustrate that when it comes alleged hash filtering and file removal ‘crimes’, there is still an open debate.