Risk
1/31/2012
12:18 PM
50%
50%

Megaupload Users Get Reprieve, But Legal Questions Remain

Hosting providers agree to hold data files for two weeks while cyberlocker company's lawyers negotiate with the U.S. government.

Good news for Megaupload users: Your data just got a two-week reprieve from being deleted.

Friday, U.S. district attorney Neil MacBride had written to Megaupload's lawyers, informing them that federal investigators had finished reviewing Megaupload data, and that it could be deleted from servers just one week later. "It is our understanding that the hosting companies may begin deleting the contents of the servers beginning as early as February 2, 2012," wrote MacBride.

In the United States, Megaupload leases servers from two hosting providers: Carpathia Hosting and Cogent Communications. Since the Justice Department froze Megaupload's assets, however, the file-sharing site could no longer pay its leasing bills.

But Ira Rothken, Megaupload's U.S. attorney, said the two hosting providers have since agreed that they won't delete the Megaupload data they're storing, for at least two more weeks. "The hosting companies have been gracious enough to provide additional time so we can work out some kind of arrangement with the government," Rothken said, according to news reports. The negotiations are meant to free up funds to pay the hosting providers to recover some data, which he said may also aid Megaupload's defense.

[ Proposed U.S. anti-piracy legislation has been widely criticized for trampling Internet privacy, but are EU Data Rules Worse Than SOPA? ]

The data reprieve means that Megaupload users who used the cyberlocker service to store files may one day regain access to them. The servers have remained offline since being taken down earlier this month by the FBI, after a Justice Department indictment--unsealed in federal court--accused seven Megaupload executives of racketeering, money laundering, and copyright violations, and of using their file-sharing site to amass $175 million in "criminal proceeds."

That takedown quickly sparked a reaction from some other file-sharing sites. For starters, 4shared, FileJungle, FilePost, Fileserve, UploadStation, VideoBB, and VideoZer began deleting accounts, disabling sharing, or canceling affiliate programs that rewarded people for uploading popular content. Similarly, FileSonic--which has seen a billion page views per month--disabled sharing and canceled its affiliate program. But other file-sharing sites, such as MediaFire and RapidShare, have said they have nothing to fear over their cyberlocker business practices.

Given that variation in reaction, what legal lessons might be drawn from the Megaupload takedown? So far, that's not entirely clear. While the company's founder, Kim Dotcom, remains in prison in New Zealand at the request of the FBI, he's denied all of the charges leveled against Megaupload, and said he plans to mount a vigorous defense.

Furthermore, the Justice Department has faced criticism over the takedown for not distinguishing between material stored on Megaupload's servers that may have infringed U.S. copyright laws, and non-copyrighted material that was legitimately stored there by users, some of whom had purchased a premium subscription from Megaupload. Lawyers in other countries have also accused the Justice Department and FBI of overstepping their authority by taking Megaupload offline not just in the United States, but worldwide.

In addition, the indictment itself has been criticized for being founded on a criminal complaint. Past cases involving alleged copyright infringement--for example, involving YouTube--weren't treated as criminal matters, but rather civil ones, said Jeff Ifrah, an attorney who co-chairs the American Bar Association's criminal justice section and committee on white collar crime, speaking recently by phone.

The bigger lesson, Ifrah said, may be simply that the Obama administration is attempting to satisfy demands from music and movie trade associations that it do something about piracy. "We have an administration that's very captive to that industry," he said. "It wouldn't surprise me if they were the ones propelling the Eastern District action in this case. That's the only reason you get a prosecutor who wants to ignore the fine line between civil and criminal in this case."

IT's spending as much as ever on disaster recovery, despite advances in virtualization and cloud techniques. It's time to break free. Download our Disaster Recovery Disaster supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: yup
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7441
Published: 2015-05-29
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CVE-2014-9727
Published: 2015-05-29
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

CVE-2015-0200
Published: 2015-05-29
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.

CVE-2015-0751
Published: 2015-05-29
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

CVE-2015-0752
Published: 2015-05-29
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?