They’ve been indicted by the U.S. government for conspiracy and briefly thrown in jail, but Kim Dotcom and his partners in the digital storage locker Megaupload have no intention of quitting the online marketplace.
Instead the co-defendants plan to introduce a much-anticipated new technology later this year that will allow users to once again upload, store, and share large data files, albeit by different rules. They revealed details of the new service exclusively to Wired.
They call it Mega and describe it as a unique tool that will solve the liability problems faced by cloud storage services, enhance the privacy rights of internet users, and provide themselves with a simple new business. Meanwhile, critics fear that Mega is simply a revamped version of Megaupload, cleverly designed to skirt the old business’s legal issues without addressing the concerns of Internet piracy.
(Dotcom and three of his partners remain in New Zealand, where they were arrested in January 2012. They face extradition to the U.S. on charges of “engaging in a racketeering conspiracy, conspiring to commit copyright infringement, conspiring to commit money laundering, and two substantive counts of criminal copyright infringement,” according to the Department of Justice.)
What Mega and Megaupload do have in common is that they are both one-click, subscriber-based cloud platforms that allow customers to upload, store, access, and share large files. Dotcom, and his Mega partner Mathias Ortmann say the difference is that now those files will first be one-click-encrypted right in a client’s browser, using the so-called Advanced Encryption Standard algorithm. The user is then provided with a second unique key for that file’s decryption.
It will be up to users, and third-party app developers, to control access to any given uploaded file, be it a song, movie, videogame, book, or simple text document. Internet libertarians will surely embrace this new capability.
And because the decryption key is not stored with Mega, the company would have no means to view the uploaded file on its server. It would, Ortmann explains, be impossible for Mega to know, or be responsible for, its users’ uploaded content — a state of affairs engineered to create an ironclad “safe harbor” from liability for Mega, and added piece of mind for the user.
“If servers are lost, if the government comes into a data center and rapes it, if someone hacks the server or steals it, it would give him nothing,” Dotcom explains. “Whatever is uploaded to the site, it is going to be remain closed and private without the key.”
Dotcom’s belief is that even the broad interpretation of internet law that brought down Megaupload would be insufficient to thwart the new Mega, because what users share, how they share it, and how many people they share it with will be their responsibility and under their control, not Mega’s.
Dotcom says that according to his legal experts, the only way to stop such a service from existing is to make encryption itself illegal. “And according to the U.N. Charter for Human Rights, privacy is a basic human right,” Dotcom explains. “You have the right to protect your private information and communication against spying.”
Dotcom says that the new Mega will be an attractive product for anyone concerned about the state of online security. And to address the concerns about data loss of the sort that affected Megaupload customers whose files were seized by the FBI, Mega will store all data on two sets of redundant servers, located in two different countries.
“So, even if one country decides to go completely berserk from a legal perspective and freeze all servers, for example — which we don’t expect, because we’ve fully complied with all the laws of the countries we place servers in — or if a natural disaster happens, there’s still another location where all the files are available,” Ortmann says. “This way, it’s impossible to be subjected to the kind of abuse that we’ve had in the U.S.”
Ultimately, Dotcom envisions a network hosted by thousands of different entities with thousands of different servers, in countries all over the world.
“We’re creating a system where any host in the world — from the $2,000 garage operation to the largest online host — can connect their own servers to this network,” Dotcom says. “We can work with anybody, because the hosts themselves cannot see what’s on the servers.”
One of the more unique wrinkles of the new service may come from Mega’s decision not to deploy so-called de-duplication on its servers, meaning that if a user decides to upload the same copyright-infringing file 100 times, it would result in 100 different files and 100 distinct decryption keys. Removing them would require 100 takedown notices of the type typically sent by rights holders like movie studios and record companies.
While Mega is adamant that this is not the point of their technology, others fear the service may atomize the piracy problem, turning internet policing into an even more elaborate game of Wack-a-Mole. “As we learned from the first iteration of Megaupload, how it describes itself and how it really operates can be two very distinct things,” says one industry spokesman who asked not to be named. “We’d rather not wade in here until we can see the thing with our own eyes.”
Julie Samuels, a staff attorney with the Electronic Freedom Foundation, says that while the new Mega may present an interesting development for internet users, it doesn’t answer the issues raised by the unique and, by her lights, questionable interpretation of Internet law used in the case against Megaupload. “It’s likely to change the cat-and-mouse game that goes on in terms of this issue on the Internet,” Samuels says. “But it’s still a cat-and-mouse game.”
Samuels says that the technology may affect how easy or difficult it is for rights holders or law enforcement to determine exactly what kind of files are being shared. “But there are still some fundamental questions that need to be answered. At this point, it’s not technology but the courts which need to address them.”
Dotcom insists that Mega is not “a giant middle finger to Hollywood and the DoJ,” or a relaunch of Megaupload. And Ortmann points out that if users choose to violate copyright with the new technology, there are already rules in place to address it. “If the copyright holder finds publicly posted links and decryption keys and verifies that the file is an infringement of their copyright, they can send a DMCA takedown notice to have that file removed, just like before,” he says.
As with Megaupload, Ortmann says, Mega will also grant direct access to their servers for entities such as film studios, allowing them to remove copyright-infringing material themselves. “But this time, if they want to use that tool, they’ll have to accept, prior to getting access, that they’re not going to sue us or hold us accountable for the actions of our users,” Dotcom says.
In any event, the Mega team believes that a government takedown of their new service is extremely improbable. “Unless our legal team tells us that the DoJ is likely to go berserk again,” Ortmann explains. “But in my view, they can’t pull off this stunt a second time.”