A MEGA Scandal

October 31st, 2013 by Dylan Leave a reply »

A curious accusation was leveled at Kim Dotcom’s cloud storage business, MEGA, recently.

The basic accusation – that MEGA was hosting illegal content – wasn’t especially new or exciting, but in this case the specific content managed to attract a very high degree of attention.

We’re a small country so if there’s one thing our media like it’s to celebrate it’s kiwi success abroad. In this case New Zealand author Eleanor Catton won the prestigious Man Booker Prize. Overnight a young author became a celebrity, which is quite the achievement really.

There are other things the NZ media is fond of too. Scandal and outrage are very popular. And anything involving Kim Dotcom is also a winner in the eyes of journalists around the country.

So it should come as no surprise that a story involving the piracy of Catton’s award winning novel, The Luminaries, on Dotcom’s MEGA service was carried far and wide by New Zealand media. Amazingly it seems that almost every single story about the case only carried comment from the Publisher’s Association and the book’s publisher – no effort was made to get comment from MEGA or it’s CEO Vikram Kumar.

The Story

The story’s genesis is surprisingly easy to track. It began on Thursday the 24th of October when Cameron Slater posted screenshots on his Whale Oil blog of two copies of the book being hosted on MEGA. The sarcastically titled post, Kim Dotcom assists in solving the Booker Prize novel distribution problems, alleges that, after “a bit of poking around the Internet,” he was able to find links to the novel hosted on MEGA. To prove the point he posted screenshots of the download screens for each file on the Mega site. No screenshots of the links actually being shared or indexed online were offered.

On Friday a press release was issued by Pead PR on behalf of the Publisher’s Association. Headlined Award wining author ripped off by Kiwi company,” it suggests it’s appalling to see a New Zealand company “giving away” the novel and quotes Publisher’s Association president Sam Elworthy saying “MEGA should do more to ensure this kind of thing does not occur.”

From that point on the story was picked up and carried without question by virtually every news outlet in the country. None were interested in the technicalities or legalities of  MEGA’a service, but seemed to accept the accusations that the company itself was somehow directly responsible. TV3’s The Nation even spent five minutes on the story with Elworthy as the only guest. In that time he managed to label MEGA a “pirate site” and suggest, directly and indirectly, that MEGA were some how directly culpable.

The Files

And what of the pirate files themselves? The story gets even more interesting there – MEGA’s CEO Vikram Kumar saw references to the story when it first appeared on Whale Oil and, by looking at the URL visible in the screenshots, was able to identify the files in question. MEGA then, proactively, took those two files offline. At no stage, says Kumar, have MEGA actually received a formal notice about the files in question.

MEGA’s immediate actions are noteworthy in themselves and show an obviously willingness to act on information they receive, but the story gets more interesting. From looking at the log files Kumar says that the files in question were uploaded, to a brand new account, and then subsequently downloaded only once… They were downloaded by the same IP address that uploaded them.

Cameron Slater insists he downloaded the file (to verify it). MEGA says the only person who downloaded it was the same person (or IP address, at least) that uploaded it. What conclusion are we to draw?

The Alternatives

But even ignoring all that drama – what should MEGA be doing? Apparently their current process of responding to takedown requests from content owners isn’t sufficient, so what would be preferable? Sam Elworthy was asked on Twitter and (sarcastically?) suggested they should “acknowledge they are pirates of South Seas and shut down”

The technology of MEGA means that the files are encrypted with a key known only to the user (for this reason it’s actually not possible to reset a lost MEGA password) – from Mega’s perspective every file is a meaningless collection of binary data. Not even the file’s name is visible without a valid decryption key. This is the core of MEGA’s offering – they call themselves “the privacy company”

But even without that technical hurdle there is no way that MEGA could practically police copyright infringement proactively. For a start they see something like three million file uploads a day. Beyond the sheer scale there is also the complexity of legalities around copyright. There are many permitted uses and different people have, arguably, different legal justifications to have copies of various things. Even if MEGA could see the content of a file they’d then somehow have to determine what the copyright status of that file was (and in which legal jurisdiction) and whether the uploader of that file was, in some way, infringing on the rights of the publisher or author.

That’s a complicated enough task for actual lawyers with real information, but somehow the staff of a cloud storage company should be expected to do it?

The matter is further complicated by the fact that, no matter how many times the media say otherwise, MEGA isn’t a “file sharing service” – BitTorrent is a file sharing service – it’s only purpose is to share files. MEGA is a cloud storage service and, just like Dropbox, Skydrive and Google Drive, files stored there can be shared to specific users or with a public link. The simple existence of a file on the service doesn’t imply an infringement. A given user may have legal right to store a file on the service for their personal use, or even to share with others.

For example, I could purchase the latest Louis CK standup special from his website, download it and then upload a copy to my MEGA account as a backup or to access from another device. So long as I’m not sharing that download link with others I am not infringing. But could MEGA know that?

There are also content creators, even record companies, who use services like MEGA to share copies of their work for reviewers or even just a freebies for fans. Could MEGA tell the difference between them and a pirate?

These are among the reasons that a takedown-on-notice approach is the only workable solution. Copyright owners are the only people suitably qualified to make judgments on these issues (and even then they make a LOT of mistakes) and the only one with a real legal authority to take action.

Could MEGA do more? Technically they could probably take down some files they see linked from certain places, basically using an educated guess, but would they risk taking down legitimate files?


I’ve written about MEGA and Piracy before – MEGA is not Megaupload, they seem to have no obvious way to profit from piracy so no motivation to encourage or overlook such activity.

We spoke, at length, to Vikram Kumar about the issue and other related things on episode 4.32 of the Discourse podcast.