Published on the 22/05/2012 | Written by Jonathan Cotton
Jonathan Cotton unravels the seemingly far-fetched but very real story of Dotcom, and asks if he has killed the cloud…[View as PDF]
As far as New Zealand law enforcement goes, it was pretty much as dramatic as it is possible to be.
Black helicopters overhead, SWAT-style armed police kicking in the door of a notorious international racketeer’s lavish mansion. The TV news that night told the story of what the mansion – that previously few knew existed – contained. Among the goods seized: 18 luxury cars (with vanity plates reading GUILTY, HACKER, MAFIA, and GOD), 25 credit cards, millions in artwork and electronics and more.
The accused, Kim Dotcom, born Kim Schmitz, became an overnight celebrity and a poster-boy for conspicuous consumption.
Standing at six foot six inches and weighing over 130 kilos, Dotcom had been living large in every sense of the term. His appetite for life soon became apparent, as photos emerged showing Dotcom enjoying luxury yachts, tropical locations, beautiful women and wild parties.
The raid in Auckland followed the FBI’s shutdown of Dotcom’s extremely popular file transfer site Megaupload.com just a day earlier. Some commentators derided the shutdown as unfair and premature, however, as with the controversial ACTA* negotiations and the recent attempts by US legislators to push through the deeply unpopular SOPA* and PIPA* bills, the news that Megaupload had been squashed by the copyright-grievance juggernaut was seen as, essentially, business as usual.
And then the charges were announced. Copyright infringement, no surprise there.
But money laundering? Racketeering? Criminal conspiracy? This was certainly not your run of the mill cease-and-desist.
At the time of writing, Dotcom has been released after spending more than a month in jail and the US has filed extradition papers with New Zealand. US$4.3 million worth of home and other assets have been seized. The data from the Megaupload servers, including all legitimate as well as infringing content, has been seized and the defence has thus far been refused access to a copy of it. At this stage it looks highly unlikely that users – paid subscribers and free users, legitimate and illegitimate, private and business – will ever see their information again.
As US copyright holders assert their will over the internet, the cloud and around the world, where does that leave the rest of us? Just who owns the data that we store remotely? And what does the destruction of a file transfer service mean for the future of offsite hosting? Has Kim Dotcom killed the cloud?
The charges against Dotcom and his associates, Finn Batato, Mathias Ortmann and Bram van der Kolk, make for startling reading. Conspiracy to commit racketeering, conspiracy to commit copyright infringement, conspiracy to commit money laundering, and numerous accusations of copyright infringement by distribution, aiding and abetting criminal copyright infringement, criminal copyright infringement by electronic means are all included, with further charges of criminal copyright infringement and wire fraud having been recently added to the list.
It sounds like the crime of the century, but is it?
By all accounts Dotcom is a shady character, to put it mildly.
Dotcom, then named Kim Schmitz, first came to the attention of authorities in 1994, after his claims of hacking PBX systems in the US led to his arrest on charges of stealing and selling credit cards numbers, all the while working as a security consultant for German banks.
In 1998, Shultz was once again in front of a judge, on charges of computer hacking and handling stolen goods, a charge which resulted in two years probation, then in 2000 he was involved in a ‘pump and dump’ scandal, purchasing €375,000 worth of shares in the failing company LetsBuyIt.com, then announcing he intended to invest €50 million into the company. The announcement caused the share price to spike 300 per cent at which point he sold his shares for €1.568 million.
In 2002, Shultz was arrested in Bangkok and deported to Germany to face charges of insider trading. He received one year and eighteen months probation, then another two years probation after he pled guilty to embezzlement in 2003.
In March 2005, Shultz, now named Kim Dotcom, founded the Hong Kong-based one-click hosting service Megaupload. The business was immediately popular, generating daily web traffic of over 50 million visitors a day, 180,000,000 registered users, and earning $US175 million yearly, and with some estimations stating that Megaupload alone was responsible for 4 per cent of the world’s web traffic.
While wildly successful, the site was politically controversial, being blocked in several countries due to the presence of pornographic and copyrighted material.
Seeking New Zealand residency in 2010, Dotcom initially failed the NZ government’s ‘good character’ test, presumably due to his criminal convictions for computer fraud and stock-price manipulation, and other charges relating to the purchase of shares on the Hong Kong Stock Exchange. Undeterred however, Dotcom engaged with New Zealand authorities, promising a $600,000 fireworks display in Auckland and purchasing $8 million in New Zealand government bonds in return for fast-tracked citizenship.
Skip forward to December 2011, when a bizarre music video entitled ‘I Use Megaupload’, featuring A-list celebrities Puff Daddy, Kanye West, Alicia Keys, Mary J. Blige, Macy Grey and Kim Kardashian singing the praises of the site is uploaded to YouTube.
A brief skirmish between Universal Music and Megaupload followed, seeing the video taken down and then quickly reinstated on the site.
Then on January 5 ,2012, indictments are filed against Dotcom and his associates in the US, and January 20, Dotcom’s lavish Auckland mansion is raided, with Dotcom and associates Finn Batato, Mathias Ortmann and Bram van der Kolk arrested in dramatic fashion by NZ police.
What does it mean for the cloud?
Megaupload is, by any reasonable definition, a cloud service.
Given that the authorities have chosen to make an example out of Dotcom, just what does the shutdown of Megaupload, the disappearance of all users’ files and the cavalier attitude of officials towards stored content mean for the future of cloud storage?
If authorities can seize the Megaupload servers content in its entirety, because they don’t like some of the content contained there, then who exactly owns that content? And could the same thing happen to Amazon’s cloud service, or Dropbox, or Xero?
“Oh, absolutely,” says internet specialist lawyer Rick Shera. “I suspect that Mr Dotcom made himself a target by his flamboyance and his past history, and he has admitted that, so the likelihood of someone like the FBI or indeed any other authorities getting involved in a more commercially-focused or business-oriented service is a lot less, but that’s not to say that they aren’t in the same position. If someone uploads infringing material to Dropbox and shares the link with someone else, at its heart that is exactly the same service that was being provided by Megaupload.”
“There are very well-funded and very aggressive copyright owners out there who will take action in respect to single files or groups of files, against a particular service because they want to make an example of it or set a precedent for other services, and so on….There is always a risk in these services and in fact, traditionally that’s been how these sorts of cases have bubbled up. It’s not through the authorities of the state, it’s through third-parties taking action.”
So given that cloud services are now a target for litigation and criminal charges from aggrieved copyright holders, how should businesses be changing their strategies when employing cloud-based solutions?
“Ultimately, as with any cloud service where you’re not paying for it, or you’re paying a small amount, then you do take a risk that the things that you put there are not going to be available or may become subject to other jurisdictions or legal authorities,” says Shera. “Indeed the risks of availability and non-availability of critical business material are there whether you put it in the cloud or put it on your desk or whether you outsource it to a data centre.”
“There are all sorts of reasons why data may not be available when you’re hosting it in the cloud, whether it’s because there’s an electricity outage, or the system gets hacked by someone, or by virtue of legal authorities or simply because the provider doesn’t run a very good business and it goes under.
So if you’re talking about business critical information, you seriously need to take that into account. And if you are going to put your information in the cloud then you need a backup. You need a plan B that if something goes wrong you have business continuity.”
“It’s a salutary reminder to everybody that when you are effectively outsourcing either your data or your processing power, your applications or whatever you might be using the cloud for, you no longer have control over it. You take a risk in that sense.”
Vikram Kumar, chief executive at Internet NZ, says that any business using cloud services needs to expect the worst and plan accordingly.
“If you’re going to put your data in the cloud then you need to do a risk assessment prior to doing that,” he says. “If it’s a medium to high risk, using a cloud service, particularly a public cloud service, may not be the best idea, and in any case you should have data backups either locally or in another service.
“There are risks and those risks pre-existed [this case]. But if you’re looking, as a business, to take these often hard to comprehend risks, then the Megaupload case provides you with a specific example of the types of risks that are out there.”
But, says Kumar, faith in the cloud hasn’t been irretrievably shattered by Megaupload’s takedown, but perhaps the peak of expectation is beginning to level out.
“I think in the immediate aftermath, people were asking themselves a lot of questions. But we had two breakfasts that were organised by the Computer Society and I asked people to raise their hands if they were using a cloud service to transfer data, such as Dropbox or Cyberlocker. Many people raised their hand. And I asked ‘if you plan to stop using this service because of Megaupload, keep your hand up,’ and there was no hand left up.
“What you can take from this is that people had immediate concerns, because it does raise questions, but people have worked through those questions and have generally come to the conclusion that as of right now they will continue to use cloud services, so I see a short-term hiccup, rather than a long-term impact. But that may change as this case progresses through the courts in New Zealand and particularly if it goes to the US.
“But the general response that we’ve got is, as of what we know right now, it’s merely a short-term hiccup. The imperative of cloud computing, the flexibility and the cost savings – people will just get on with it and continue on their merry ways.”
So for cloud computing it seems to be a case of ‘buyer beware’. In the case of Megaupload, all files, legitimate and illegitimate have been swallowed by the legal action against Kim Dotcom and his associates. Will they ever be made available to their owners again? Who knows? And what recourse do those file owners have? Again, good luck getting a definitive answer.
Sure, Megaupload was, without question, an excellent tool for those looking to violate copyright law, but it was also much more than that. It provided all the benefits that legitimate cloud service provides: online backup, file transfers and storage, often to the very artists supposedly being served by the action against Dotcom. The US government has eliminated one conduit through which pirated records and movies pass, which is an admirable goal, but it has done so at an enormous cost to legitimate users, both private and commercial. It has undermined a fundamental assumption about the cloud environment that data held in private cloud accounts is, more-or-less, private.
It has crippled a burgeoning business and a host of as-yet undiscovered business models that the cloud environment would have facilitated, all at the behest of a dying economic interest – one that has lost its ability to control information in the modern world. Adding to the tragedy is the fact that, neither the elimination of Megaupload, nor the elimination of every other file transfer site could ever save the recording industry from itself, the same industry that was, up until recently suing individual file sharers for outrageous sums of money.
Conspiracies and the internet go together like peas and carrots. One that’s doing the rounds currently is the idea that the FBI went after Megaupload, not because of piracy issues, but because the flamboyant Dotcom had announced his intention to create ‘Megabox’, a cloud-based alternative music store that would link fans and musicians directly, and offer musicians better earnings than anything possible via a record label.
“UMG [Universal Music Group] knows that we are going to compete with them via our own music venture called Megabox.com, a site that will soon allow artists to sell their creations directly to consumers while allowing artists to keep 90 per cent of earnings,” MegaUpload founder Kim ‘Dotcom’ Schmitz told Torrentfreak in December last year.
And to add insult to injury? The service would be free.
“We have a solution called the Megakey that will allow artists to earn income from users who download music for free,” Dotcom outlined. “Yes that’s right, we will pay artists even for free downloads.
The Megakey business model has been tested with over a million users and it works.”
While there’s no evidence that Megabox would have, in fact, come to anything, it is a fact that they had already begun to accumulate legitimate companies – 7digital, Gracenote, Rovi and Amazon – as partners for the project.
What would Dotcom’s plans to marry artists, advertisers and consumers have meant for the recording industry? Could Megaupload have been taken down simply because it was innovating in an otherwise controlled industry? Could the destruction of Megaupload have been an act of industrial espionage under the pretence of justice?
Either way, users of the cloud have no choice but to acclimatise themselves to the new status quo.
Cary Sherman, Chairman and CEO of the Recording Industry Association of America says that the takedown of Megaupload sends a “powerful message” to infringers. He’s right, but it also sends a powerful message to those who would otherwise already be recognising the huge benefits that cloud technology can offer.
But if there is a silver lining in this situation, it’s that we’re already seeing cloud providers taking new steps to assuage wary users’ fears (see the story on the new Cloud Computing Code of Practice elsewhere in this issue), and a new focus put on the limits and liabilities, as well as the benefits, of cloud services. All of which is undoubtedly keeping less scrupulous cloud service providers in check, which can only be a good thing, because Kim Dotcom or not, the cloud is very much still alive.
|
THE MEGAUPLOAD TIMELINE MARCH 2005 MAY 2005 MAY 2010 JANUARY 2011 JUNE 2011 JULY 2011 DECEMBER 2011 JANUARY 5, 2012 JANUARY 19, 2012 He and three others, Finn Batato, Mathias Ortmann and Bram van der Kolk, are arrested. The operation is declared a joint effort by authorities in New Zealand, Hong Kong, the Netherlands, London, Germany and Canada, and US agencies the FBI and the U.S. Justice Department. JANUARY 20, 2012 Internet activist group Anonymous launches attacks on the websites of the U.S. Department of Justice, FBI, RIAA, MPAA, UM, among others. High-profile U.S. attorney, Robert Bennett, announces he will defend Megaupload in the case. JANUARY 22, 2012 FEBRUARY 3, 2012 FEBRUARY 22, 2012 MARCH 30, 2012 APRIL 5, 2012 |
|
*TERMS ACTA: The Anti-Counterfeiting Trade Agreement is a multi-national trade agreement between Australia, Canada, Japan, Morocco, New Zealand, Singapore, South Korea, and the United States. The negotiations have been conducted in secret with the process described as ‘policy laundering’ by critics including the Electronic Frontier Foundation. PIPA: The PROTECT IP Act is a proposed law that would have given the US government the power to block access to “rogue websites dedicated to infringing or counterfeit goods”. Widespread online protests led to the vote on the bill being postponed indefinitely. SOPA: The Stop Online Piracy Act is proposed US internet legislation similar to PIPA that would allow law enforcement to block access to websites that infringe copyright, as well as barring advertising networks and payment facilities from conducting business with infringing websites. |
