Risk
1/31/2012
12:18 PM
50%
50%

Megaupload Users Get Reprieve, But Legal Questions Remain

Hosting providers agree to hold data files for two weeks while cyberlocker company's lawyers negotiate with the U.S. government.

Good news for Megaupload users: Your data just got a two-week reprieve from being deleted.

Friday, U.S. district attorney Neil MacBride had written to Megaupload's lawyers, informing them that federal investigators had finished reviewing Megaupload data, and that it could be deleted from servers just one week later. "It is our understanding that the hosting companies may begin deleting the contents of the servers beginning as early as February 2, 2012," wrote MacBride.

In the United States, Megaupload leases servers from two hosting providers: Carpathia Hosting and Cogent Communications. Since the Justice Department froze Megaupload's assets, however, the file-sharing site could no longer pay its leasing bills.

But Ira Rothken, Megaupload's U.S. attorney, said the two hosting providers have since agreed that they won't delete the Megaupload data they're storing, for at least two more weeks. "The hosting companies have been gracious enough to provide additional time so we can work out some kind of arrangement with the government," Rothken said, according to news reports. The negotiations are meant to free up funds to pay the hosting providers to recover some data, which he said may also aid Megaupload's defense.

[ Proposed U.S. anti-piracy legislation has been widely criticized for trampling Internet privacy, but are EU Data Rules Worse Than SOPA? ]

The data reprieve means that Megaupload users who used the cyberlocker service to store files may one day regain access to them. The servers have remained offline since being taken down earlier this month by the FBI, after a Justice Department indictment--unsealed in federal court--accused seven Megaupload executives of racketeering, money laundering, and copyright violations, and of using their file-sharing site to amass $175 million in "criminal proceeds."

That takedown quickly sparked a reaction from some other file-sharing sites. For starters, 4shared, FileJungle, FilePost, Fileserve, UploadStation, VideoBB, and VideoZer began deleting accounts, disabling sharing, or canceling affiliate programs that rewarded people for uploading popular content. Similarly, FileSonic--which has seen a billion page views per month--disabled sharing and canceled its affiliate program. But other file-sharing sites, such as MediaFire and RapidShare, have said they have nothing to fear over their cyberlocker business practices.

Given that variation in reaction, what legal lessons might be drawn from the Megaupload takedown? So far, that's not entirely clear. While the company's founder, Kim Dotcom, remains in prison in New Zealand at the request of the FBI, he's denied all of the charges leveled against Megaupload, and said he plans to mount a vigorous defense.

Furthermore, the Justice Department has faced criticism over the takedown for not distinguishing between material stored on Megaupload's servers that may have infringed U.S. copyright laws, and non-copyrighted material that was legitimately stored there by users, some of whom had purchased a premium subscription from Megaupload. Lawyers in other countries have also accused the Justice Department and FBI of overstepping their authority by taking Megaupload offline not just in the United States, but worldwide.

In addition, the indictment itself has been criticized for being founded on a criminal complaint. Past cases involving alleged copyright infringement--for example, involving YouTube--weren't treated as criminal matters, but rather civil ones, said Jeff Ifrah, an attorney who co-chairs the American Bar Association's criminal justice section and committee on white collar crime, speaking recently by phone.

The bigger lesson, Ifrah said, may be simply that the Obama administration is attempting to satisfy demands from music and movie trade associations that it do something about piracy. "We have an administration that's very captive to that industry," he said. "It wouldn't surprise me if they were the ones propelling the Eastern District action in this case. That's the only reason you get a prosecutor who wants to ignore the fine line between civil and criminal in this case."

IT's spending as much as ever on disaster recovery, despite advances in virtualization and cloud techniques. It's time to break free. Download our Disaster Recovery Disaster supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.