Megaupload Takedown Questioned By Users, Lawyers

10 Companies Driving Mobile Security

Did U.S. authorities overstep their jurisdiction when they pulled the plug on cyberlocker service Megaupload last week?

To make its case that the file-sharing site needed to be shuttered, the Justice Department Thursday seized Megaupload's servers and released a 72-page indictment accusing seven Megaupload executives of racketeering, money laundering, and copyright violations, which allowed them to amass $175 million in "criminal proceeds" since the company was founded in 2005.

Legally speaking, the feds were able to execute their takedown of Megaupload in part because the company, which is based in Hong Kong, hosted many of its servers in Virginia and Washington, D.C..

But the founder of Megaupload, Kim Dotcom (aka Kim Tim Jim Vestor, aka Kim Schmitz), has denied all of the charges leveled against him. Dotcom appeared Monday in a New Zealand courtroom, together with three other Megaupload executives who'd been apprehended in that country at the request of U.S. authorities. All four men have requested bail, but police have labeled Dotcom a flight risk, saying he might have access to secret bank accounts abroad. Accordingly, the presiding judge said he'll review the matter and issue a ruling by Wednesday, according to media reports, which will likely apply to all four men. Parole questions aside, experts estimate that extradition proceedings, if initiated by the United States, could take up to a year.

[ Read about how hacktivist group Anonymous retaliated for the DOJ's takedown of Megaupload. Anonymous Retaliates For Megaupload Raids: 10 Key Facts. ]

Currently, Megaupload's servers remain offline, and browsing to the site resolves to a graphic announcing that "this domain name associated with the website Megaupload.com has been seized pursuant to an order issued by a U.S. District Court." The statement provides no indication of when any of the data stored by the site might be restored, if ever.

In response to the FBI's crackdown on Megaupload, file-sharing site Filesonic immediately disabled link sharing for uploaded content. According to a notice posted on the site: "All sharing functionality on FileSonic is now disabled. Our service can only be used to upload and retrieve files that you have uploaded personally."

But users' inability to access content that they'd legally stored on Megaupload has been leading to a populist backlash against the takedown. Academic Steve Su, for example, told The Sydney Morning Herald in Australia that the FBI's mass takedown had inappropriately blocked legitimate content that he'd uploaded for sharing with his students.

"It's like confiscating everyone's mobile phone because terrorists used them," he said. "I don't think it's correct to penalize the technology because, based on that logic, shouldn't the Internet be taken down, as this is how people infringe copyright?"

Meanwhile, veteran Spanish privacy attorney Carlos Snchez Almeida, who's based in Barcelona, said the takedown may have violated people's privacy rights under Spanish law. Accordingly, he's threatened to file suit over the Megaupload takedown. On his Jaque Perpetuo blog, Almeida wrote Friday that "Spanish citizens who had accounts in Megaupload should collect as much information about the files that they had hosted, for the purposes of a possible claim" against the U.S. government. In particular, the U.S. government's actions may conflict with Spanish data-access and privacy laws, especially if U.S. authorities begin accessing data that was stored by Megaupload.

Interestingly, the majority of Megaupload's user traffic came from outside the United States, based on statistics from traffic measurement company Alexa. The greatest share of user traffic came from France (10%), followed by Brazil (8.8%), the United States (7.3%), and Spain (7.2%), reported The Daily Caller.

The Justice Department's tactics, including accusing a file-sharing website of racketeering, money laundering, in addition to copyright violations, has some U.S. legal experts asking whether the case would stand up in court. "These actions, more suitable to the type of steps that the government takes against an organized-crime enterprise dedicated to murder, theft, and racketeering, are astonishing," said Jeff Ifrah, an attorney who co-chairs the American Bar Association's criminal justice section and committee on white collar crime, via phone.

"The government seems to have ignored the fact that other popular content-sharing sites have successfully defended themselves in civil cases by using the safe harbor provisions of the Digital Millennium Copyright Act, which provide immunity to a site that promptly takes down infringing content," he said.

To make the Justice Department's case, prosecutors must prove that safe harbor rules didn't apply to Megaupload. Accordingly, the indictment accused Megaupload executives of failing to remove copyrighted material from their site, even after copyright holders had requested it be removed. But Ifrah said it's not clear whether Megaupload's failure to remove certain pieces of content reached the level of criminal intent. Perhaps, instead, the company didn't receive some takedown notices, or disagreed with certain requests.

Furthermore, the government's racketeering charge--typically only used for mob cases involving drugs or gambling--suggests to Ifrah that prosecutors are overreaching. "The allegations here are very similar to the allegations that were made in the YouTube case," in which Viacom accused the video-sharing site of hosting almost 160,000 unauthorized pieces of content, he said. "Certainly no one accused YouTube of having mob-like activities."

The right forensic tools in the right hands are just a start. The new Digital Detectives issue of Dark Reading shows you how to better apply the lessons they teach. (Free registration required.)