Archive for January, 2012

A Mega Conspiracy

January 26th, 2012

The recent FBI takedown of MegaUpload.com and arrest in NZ of four of it’s senior staff, including Kim Dotcom, has been very interesting and there are a few things that I find myelf thinking and saying over and over again, so I’ll try and elaborate them here…

A Pirate Empire
It can’t be denied that MegaUpload was the source of a lot of copyright infringing content. Although despite being aware of MegaUpload for a few years this was something I only discovered recently, even though I tend to believe I have a pretty good handle on these underground internet things, or something.

I have used MegaUpload in the past for various legitimate purposes. I’ve put files there for others to fetch, and I’ve collected files that others wanted to share with me, all legitimate.

The fact that infringing content existed on the site is hardly evidence of wrong doing on the part of MegaUpload. They can’t actively control what people upload or who they share links with. They had also implemented systems to allow verified rights-holders (movie studios, record companies etc) to unilaterally have content removed. In fact Watner Entertainment, according to the Indictment, had the number of links they could remove raised from 2,500 to 5,000 per day.

At this point what MegaUpload does is not a whole lot different to what YouTube has done for years. Except that YouTube hosts the content and indexes it, making almost all content available to everyone with a simple search.

The Indictment lists email exchanges where MU staff shared links to pirate content as evidence that they were aware that the service was being used for that purpose and complicit in it. I find it very hard to believe that Google/YouTube staff don’t share amusing links to unlicensed content with one another.

Multiple Links
A point that is made in the indictment and repeated in many other places is the fact that MegaUpload was not complying with the DMCA as it was allowing multiple links to the same file to remain even when one or more links to that file had been subject of a takedown notice.

This is based on the concept of de-duplication. In a storage system like the one MU was operating it’s possible that many people may upload identical content – rather than storing every single copy of that content as a separate file you simply point multiple copies of that file to the same physical data. In the indictment the FBI argues therefore that when notified of one infringing link MegaUpload should also have removed all other links to that same content.

However every single one of those links has been uploaded by a separate user. While in theory it is technically illegal for me to have a copy of The Big Bang Theory that’s been ripped from TV, it is not a DMCA violation for me to have that on my computer or to upload it to a cloud storage system. It only becomes a DMCA issue when I share that content with someone else. Also some people might have a legitimate claim to that content – MegaUpload was widely used by people in the film, television and recording industries including high-profile musicians. If the FBI’s suggestion were followed then it’s entirely possible that in removing a notified and infringing file they also remove a legitimate and approved copy of the same file that had been uploaded by another user.

In the same way when YouTube is made aware of a DMCA violation they only remove the specific video in question not necessarily all other copies of the same content (which YouTube’s fairly advanced content analysis could probably identify quite easily).

The FBI goes on the say that MegaUpload has used the checksum before to remove ALL links to notified child pornography and terrorism related materials. This is different – those things are specifically illegal, no one has a legitimate right to be storing or redistributing that material.

“The Mega Conspiracy”
Early in their indictment the FBI term the participants in MegaUpload and it’s related sites collectively the “Mega Conspiracy” – the quotes are even in the document. It’s a term defined by the FBI for the participants, it is not a name they called themselves.

However this name, The Mega Conspiracy, has then been used by media, and even a New Zealand judge, in a way that could easily imply it was a name the accused gave themselves which certainly lends weight to the idea they they knew they were a criminal conspiracy. This seems unfairly prejudicial to me.

Flight Risk
I’m no judge but the decision to refuse bail to Kim Dotcom while awaiting an extradition hearing seems unfair. It entirely hinges on two things… The first is the unsurprising revelation, thanks to special testimony and a report from NZ Customs at the request of the FBI, that it’s pretty easy to get out of New Zealand, and that it’s possible to buy false documents. The second is that Kim Dotcom has “criminal connections” he could use to source these false documents.

This applies to anyone in this country. Anyone wiht a bit of money and sufficent determination could obtain false documents and escape the country by boat or small plane. There appears to be nothing more than the FBI’s imagined scenario to suggest that such an escape is likely.

On the other hand Dotcom has a wife, three children under five, two step-children in school here and twins due in a few months. Going on the run is hardly a simple thing to do, unless he plans to leave them all behind. Also he’s a show off, he likes to be noticed, hardly the sort to go underground for a while, and he seems to believe he has a strong case to defend.

The Bigger Issue
This all comes down to the content industry’s war on piracy, which is, in part, a war on new technology. As has been pointed out in many places these industries have a terrible history when it comes to fear of new technology. The recording industry declared that home taping would kill them, the movie industry said the video tapes were the end of the world, the recording industry sued Napster into the ground before finding an entirely new (and huge) market in online sales.

Piracy of content for most people probably has little to do with wanting something for nothing, and a lot to do with wanting things swiftly and in a convienent way. As the sucess of iTunes and similar stores for music has demonstrated, people will pay a reasonable price for content that appeals to them in a way that works for their needs.

While the movie industry insists on treating its paying customers like criminals with unskippable piracy warnings on DVDs and DRM systems that can render legitimately purchased films unusable people will instead go for alternatives, legal or otherwise, to get what they want.

Artists, too, are starting to see a new business model online where they can sell directly to their fans and not have to give up the majority of their earnings (as well as the intellectual property rights) to middle men. This threatens an industry that’s built entirely on profiting from the labour and art of others.

The market WILL change – for some people it already has. Eventually the industry will have to adapt to meet these demands, it is not a challenge that can be nullified with legislation or legal action.

I’ve written in more detail previously about the idea of Better Than Free and the larger challenge face by the television industry in adapting to an audience that has global connections and doesn’t want to wait.

TekTonic Deleted My VPS

January 6th, 2012

Until recently I had a VPS (Virtual Private Server) with TekTonic.net – it was the continuation of a server that I’d originally set up in 1998. It mainly hosted my own websites, also provided DNS for my domain name and others, and provided some email services (including running the NZLUG mailing list).

I say “until recently” because TekTonic deleted my VPS (and by extension everything that was on it) on the 29th of December 2011. 

So here are a few admissions up front:

  • I hadn’t paid the bill. An invoice had been generated for me on the 9th of December
  • I also hadn’t been good with backups. The VPS was on a secure server with RAID storage, I wasn’t really too worried about data loss. Also I knew that TekTonic took incremental backups of VPS images. My mistake.
  • The email address I use with TekTonic isn’t one I use for much else. This was so it wasn’t reliant in any way of any service provided by the VPS. I didn’t check it often enough.

Basically I thought I’d paid the bill into January (knowing that I might be busy or away when the December one became due). I was wrong. I didn’t pay two months in November, only one.

So an invoice was issued on the 9th of December (or mabe the 8th, international date line and all). It was apparently due within 7 days (the 16th) and then another 7 days “grace period” is apparently given (the 23rd). Although in my experience of a late payment in the past the server is deactivated on the 18th, 9 days after invoice.

Outstanding balances are due within 7 days, after which your subscription will be considered Graced for 7 days and then will be suspended.

– TekTonic invoice email on 9th of December

On the 19th of December (10 days after the invoice was sent to me) the service was suspended as my grace period had apparently expired. I believe that the server would have been shutdown then – I really can’t understand how I didn’t notice the server was down between December 19th and January 6th, but I didn’t.

Services will remain suspended for 3 days and then will be considered Expired.
Expired subscriptions are automatically put into our Termination Queue and are in immediate risk of being irreversibly terminated.

– TekTonic email on 19th of December

On the 29th of December (20 days after invoice was issued, 10 days after service was suspended) the subscription (ie. my VPS – my webserver) was deleted. I received a one-line email informing me of that.

Your subscription wibble.net has been deleted.

– TekTonic email on 29th of December

Today (the 6th of January) I became aware of the fact my server had been deleted. At first I’d assumed that it was off for some reason (that had happened a few times in the past) and logged into the control panel to restart it. When I couldn’t see the controls for it, I checked the invoices and found none overdue (the December one had been deleted from my account). I then logged into the email account and found these emails – in reverse order of course.

I immediately contacted TekTonic via their Live web chat service (actually pretty handy, has been very good and resolving issues in the past). 

The support operator I spoke to, Sam, told me that the deletion was indeed unrecoverable. I expressed my frustration a number of times (politely, I realise it wasn’t his doing, and was largely my fault). Sam told me that I should have pre-paid (I thought I had) and that I could auto pay (had failed with my credit card in the past for some reason) – all of which was useless given that the server was gone.

So now here I am. Unsure of what backups exist (they were made by someone else, still on holiday in Internetless Hills, New Zealand) and with no clear path forward to restarting. I’m assuming that all my website is gone, any files I had stored on the server are gone as are all user records and anything of substance to help me rebuild what has been lost.

I am absolutely astonished that TekTonic would think it an acceptable business practice to completely destroy a customer’s data in such a short space of time, especially at a time when it’s quite likely that people are harder than usual to contact. I have reviewed their online terms and conditions and can’t find any reference to this process, or warning about it.

Other providers I’ve looked at outline processes in their terms, and also specify costs for recovery after the fact – something that TekTonic claims they simply can’t do.

So now, instead of me accepting my mistake, possibly paying a recovery fee and continuing my service with TekTonic I am forced to start again, and will obviously not be going back to TekTonic for my future hosting. How much would it cost TekTonic to store the VPS data for a little longer? Practically nothing – the plan I was on allowed for 60GB of disk, I wasn’t using it all. So simply storing a 40GB disk image is all that would be required. No other resources are tied up by an inactive VPS. 

Clarifications:

The invoice that wasn’t paid was for the period of December 9th to January 9th (although I suspect they really mean 8th). I was not paying in arrears. With the grace period considered I received about 9 days of “free” service – my plan was $28/mth so that’s about $8 of service that I received without paying for.

I am not complaining about the process in general. I accept that I didn’t pay the bill, and that service could have reasonably been terminated as a result. What I am upset (and surprised) by is that there is no way back from this action. Had they had a backup copy of my image they could have reinstated it, I’d have paid for the overdue invoice, quite possibly paid a service fee and continued paying money everymonth as I have for the last four and a half years. There are many circumstances where a mistake like this could happen, making the process so fatal just seems silly.