Post Two Questions About MegaUpload’s Planned Successor

Charles Graeber at Wired has an article profiling Mega, the planned successor to MegaUpload. A key difference between the old service (indicted on criminal copyright charges in the US) and the new service is that all of the filed uploaded to mega will be encrypted upon upload, meaning that Mega won’t know, and won’t have any way of finding out, what’s actually sitting on its servers. That should prevent it from being accused of ignoring activity it knows is infringing. Mega also says that if copyright holders find users providing the keys and the links to infringing files, Mega will abide by the DMCA and take down those files. A couple of parts from the article, though, stuck out to me.

Investigation Through Litigation?

The article quotes an anonymous content industry spokesman as follows:

As we learned from the first iteration of Megaupload, how it describes itself and how it really operates can be two very distinct things…We’d rather not wade in here until we can see the thing with our own eyes.

Does seeing the thing with their own eyes refer to Mega’s apparent offer to allow movie studios direct access to its servers to remove infringing material, or would the industry only be satisfied with the discovery process of litigation? Because if it’s the latter, Mega (or any number of less flamboyantly-run cloud storage services) can find itself on the receiving end of a lawsuit regardless of its design—plaintiffs could make bold claims in their complaint and then engage in a fishing expedition during discovery. This has certainly happened before. Or, if you can convince the authorities that secondary copyright liability is something they should bring as a criminal case, you can get taxpayers to foot the cost of discovery for you.

The costs of litigation, and discovery in particular, can be wielded as a weapons in themselves when legal budgets are unbalanced, either simply because one party has more funds than the other, or when one party has more funds available. The past several years are littered with companies that folded after they spent all of their money defending against shaky or even failed lawsuits.

For sufficiently small companies and sufficiently expensive litigations, this is a little like trying to diagnose a pet’s illness by dissecting it. Sure, you discover the eventual truth of the matter, but in the end, the point is moot. If industry litigation teams are going to investigate every new information transfer and storage service through litigation, only the most lawyered-up services will survive.

Duplicate Data Prevents Infringement

The article also mentions a facet of the proposed Mega, the fact that it won’t include data de-duplication:

One of the more unique wrinkles of the new service may come from Mega’s decision not to deploy so-called de-duplication on its servers, meaning that if a user decides to upload the same copyright-infringing file 100 times, it would result in 100 different files and 100 distinct decryption keys. Removing them would require 100 takedown notices of the type typically sent by rights holders like movie studios and record companies.

The lack of de-duplication, however, is actually a feature that can stave off findings of infringement. When Cablevision rolled out its remote DVR service, it notably went the massively inefficient route of having a separate cloud drive for each of its subscribers. If 3,000 people recorded the same episode of Top Chef, Cablevision would have had 3,000 copies of pretty much the exact same file. This is the sort of thing that can drive engineers insane in its deliberate inefficiency, but it served Cablevision well because it illustrated very clearly that each transmission of each recorded show was a private performance, not a public one. After all, copyright holders only have the right to prevent public performances of their works. They don’t have the right to prevent people just watching shows in their own homes—which is exactly what a private performance is.

By avoiding de-duplication, Mega might be trying to avoid liability in a similar way. While, from an engineering standpoint, there’s very little difference between transferring a set of bits to two users from the same parts of a hard drive or transferring identical bits to two users from two parts, the former might look more to a court like the server is the one doing the distribution, rather than the individual users. The same sort of issue keeps cropping up in other cloud storage cases, dating back at least to UMG v. Mp3.com. Based on that history, it seems more likely that, by avoiding de-duplication, Mega isn’t so much trying to make the takedown process harder as it is trying to keep itself in the legal clear in the first place.

Obviously, Mega has yet to roll out, and for all I know, it may just be a well-publicized pipe dream for Kim Dotcom and his partner Mathias Ortmann. But the questions that surround the structure and litigation tactics that will accompany encrypted cloud storage services—services that will certainly be in demand—will be the same no matter who rolls them out.