A Few Notes By A Federal Criminal Practitioner On The Megaupload Indictment

Law

So, the feds — more specifically, the U.S. Attorney for the Eastern District of Virginia, assisted by attorneys from the Department of Justice — have secured an indictment of many individual and entity defendants associated with the site Megaupload. The indictment is all over the internet, including here.

A few comments from the perspective of someone who used to indict people for the feds for a living, and now defends people indicted by the feds for a living:

1. The notion that the feds scheduled this as a response to the SOPA/PIPA blackout day is highly unlikely. The grand jury returned the indictment weeks ago and the feds obtained an order sealing it until they arranged the arrests and searches. A multi-country takedown like this is a logistical nightmare involving hundreds of agents and dozens of court filings; it's not something that can be moved on a dime, and appearances aside, I'd rate it as very highly unlikely that it was timed as some sort of response to anti-SOPA protests.

2. Please, for God's sake, so the heads of federal criminal practitioners don't explode, remember that there is little relationship between the maximum sentence that the media (and the prosecutors) announce and the actual probable sentence. The two might coincide, but it's rare. Federal sentences are strongly influenced (but no longer strictly determined) by the arcane United States Sentencing Guidelines. To approximate the experience of calculating a recommended sentence under the Guidelines, attempt to complete a multinational corporation's tax return whilst guiding an overcaffinated min-maxing twelve-year-old through rolling up a Runequest character.

3. The charges are as follows:
a. Conspiracy to commit racketeering under 18 U.S.C. § 1962(d), commonly known as RICO.
b. Conspiracy under the generic federal conspiracy statute, 18 U.S.C. § 371, to commit criminal copyright infringement in violation of 17 U.S.C. § 506(a)(1)(A) and 18 U.S.C. § 2319(d)(2).
c. Conspiracy to commit money laundering in violation of 18 U.S.C. § 1956(h).
d. Criminal copyright infringement in violation of 17 U.S.C. § 506(a)(1)(A) and 18 U.S.C. § 2319(d)(2) and aiding and abetting the same under 18 U.S.C. § 2. These are charged in two separate counts to address the feds' two separate theories of how the defendants violated the relevant statutes.

4. All of those statutes have well-established elements — that is, the building blocks that the feds must prove beyond a reasonable doubt to establish the defendants' guilt. If there is interest I will go into the elements in depth. For now let me focus on one — the plain-vanilla federal conspiracy statute, 18 U.S.C. § 371. Under the Ninth Circuit's model jury instruction (which I link because the Fourth Circuit, in its wisdom, has elected not to publish model jury instructions) describes the elements like this:

The defendant is charged in [Count _______ of] the indictment with conspiring to _______ in violation of Section _______ of Title ___ of the United States Code. In order for the defendant to be found guilty of that charge, the government must prove each of the following elements beyond a reasonable doubt:

First, beginning on or about [date], and ending on or about [date], there was an agreement between two or more persons to commit at least one crime as charged in the indictment; [and]

Second, the defendant became a member of the conspiracy knowing of at least one of its objects and intending to help accomplish it [and;]

Third, one of the members of the conspiracy performed at least one overt act for the purpose of carrying out the conspiracy, with all of you agreeing on a particular overt act that you find was committed.

I shall discuss with you briefly the law relating to each of these elements.

A conspiracy is a kind of criminal partnership—an agreement of two or more persons to commit one or more crimes. The crime of conspiracy is the agreement to do something unlawful; it does not matter whether the crime agreed upon was committed.

For a conspiracy to have existed, it is not necessary that the conspirators made a formal agreement or that they agreed on every detail of the conspiracy. It is not enough, however, that they simply met, discussed matters of common interest, acted in similar ways, or perhaps helped one another. You must find that there was a plan to commit at least one of the crimes alleged in the indictment as an object of the conspiracy with all of you agreeing as to the particular crime which the conspirators agreed to commit.

One becomes a member of a conspiracy by willfully participating in the unlawful plan with the intent to advance or further some object or purpose of the conspiracy, even though the person does not have full knowledge of all the details of the conspiracy. Furthermore, one who willfully joins an existing conspiracy is as responsible for it as the originators. On the other hand, one who has no knowledge of a conspiracy, but happens to act in a way which furthers some object or purpose of the conspiracy, does not thereby become a conspirator. Similarly, a person does not become a conspirator merely by associating with one or more persons who are conspirators, nor merely by knowing that a conspiracy exists.

An overt act does not itself have to be unlawful. A lawful act may be an element of a conspiracy if it was done for the purpose of carrying out the conspiracy. The government is not required to prove that the defendant personally did one of the overt acts.

So: as you can see, the federal conspiracy statute is very broad, requiring that the charged individual himself or herself do little more than join an unlawful agreement.

5. The "overt act" requirement is a favorite of the feds, and the cause of much mischief. Note that the Megaupload indictment is 72 pages long. Much of that is taken up by a recitation of "overt acts" in furtherance of the conspiracy. The feds traditionally use the overt act requirement as an excuse to frame their indictments as recitations of the evidence in support of their case, detailing what happened and what evidence they have in gratuitous detail. Note, for example, the multiple quotations of seemingly incriminating emails in this indictment, recited on the pretext that sending the email was an overt act. Why do this? Well, it makes for good press. It's an avenue for providing many factual details to reporters without running afoul of such modest limits on press communications as the courts and DoJ rules impose. Moreover, many courts will read the entire indictment to a jury at the start of the case — it's like a free extra opening statement. Some courts will even let jurors take the indictment into the jury room with them.

Some judges see through this and don't care for it. The late William Matthew Byrne once yelled at me for the better part of half an hour on this subject, upset that my office had listed overt acts in a drug conspiracy indictment. He was particularly annoyed because the drug conspiracy statute didn't even require an overt act showing at the time. He saw it as a transparent ploy to influence press and jurors, and believed that it violated Federal Rule of Criminal Procedure 7(c)(1), which calls for a "plain, concise, and definite written statement of the essential facts constituting the offense charged," not the prosecutor's LiveJournal page. I viewed the experience as (1) an occasion for development of my moral character, and (2) an occasion for learning to stand there while a federal judge, red-faced, shouts at you whilst you nod and take it and think about pending in limine motions and the Heiligenstadt Testament and reverse cowgirl and the merits of dual-classing (your dwell-upon subjects during judicial tirades may vary).

6. The New Zealand extradition treaty looks fun; it will be interesting to see how it pays out.

More to follow next week.

Last 5 posts by Ken White

45 Comments

40 Comments

  1. Hasdrubal  •  Jan 20, 2012 @10:30 am

    How does this relate to Napster? Did Megaupload not remove infringing content when informed of it? Or am I misremembering what services Megaupload provided?

  2. W. Ian Blanton  •  Jan 20, 2012 @10:32 am

    Extra points for mentioning Runequest! :)

  3. Matt  •  Jan 20, 2012 @10:59 am

    Ken:

    The way i read the 9th circuit rulings on the DMCA as Registered Agent + Complying with Takedown = Safe Harbor admititly my reading of the law is suspect as i swiched from prelaw to Computer Science three weeks into my first semester. But if mega gets safe harbor does that mean the criminal copyright infringement gets knocked out, and hence the conspiracy charges go out the window as well

  4. Matt  •  Jan 20, 2012 @11:02 am

    "If there is interest I will go into the elements in depth."

    Do you really even have to ask?

    Yes, there is interest.

    Duh.

    :)

  5. TheOtherMatt  •  Jan 20, 2012 @11:09 am

    Also pet peeve MV is a foreign corporation engaging in commerce on foreign soil. So where did the US get jurisdiction, at Wal-Mart?

  6. Ken  •  Jan 20, 2012 @11:13 am

    @Matt:

    The way i read the 9th circuit rulings on the DMCA as Registered Agent + Complying with Takedown = Safe Harbor admititly my reading of the law is suspect as i swiched from prelaw to Computer Science three weeks into my first semester. But if mega gets safe harbor does that mean the criminal copyright infringement gets knocked out, and hence the conspiracy charges go out the window as well.

    I haven't done case research on it, but I read it differently. It appears to me that the DMCA safe harbor provisions provide limitations on civil liability for infringement. They don't limit criminal liability and don't re-define what infringement is in the first instance.

  7. Ken  •  Jan 20, 2012 @11:33 am

    @Matt:

    To be a little more specific, Matt, the safe harbor provisions of the DMCA under 17 U.S.C. section 512(a), provides:

    (a) Transitory Digital Network Communications. — A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the provider's transmitting, routing, or providing connections for, material through a system or network controlled or operated by or for the service provider, or by reason of the intermediate and transient storage of that material in the course of such transmitting, routing, or providing connections, if —

    Nothing in there purports to redefine what infringement is, or to limit criminal liability. The other subsections are similar.

  8. David  •  Jan 20, 2012 @11:55 am

    Did Megaupload not remove infringing content when informed of it? Or am I misremembering what services Megaupload provided?

    Megaupload used a “deduplication” system to save bandwidth and server space. If I were to upload a PDF of Ken's memoirs, and nobody else has ever uploaded that exact file to Megaupload before, then the site grabs the file from my computer, copies it to the Megaupload servers, and gives me a URL that I (or anybody else I care to send it to) can use to re-download the file at will.

    But if a second person (let's call him “Patrick”) also decides to upload that same PDF, Megaupload will scan it, realize that it already has that file, and won't bother making a second copy of it. Instead, it will just generate a new URL that points to the PDF that was already sitting there.

    Here's the rub. If Ken notices that I'm pirating his magnum opus and sends a takedown notice to Megaupload, they would, without protest, disable my download link, preventing me or any of my friends from getting the PDF I uploaded. But the key is that they're only killing my download link. Unless Ken sent a separate takedown notice for Patrick's link, they won't touch that one. So people can still download the exact same PDF from the exact same servers So the pirated file is still there, and people are still downloading it, even after the “takedown.”

  9. strech  •  Jan 20, 2012 @12:08 pm

    While the indictment does give good basis for the actions taken, it also gives me the feeling that they really wanted to call something the "Mega Conspiracy" so they could say they took down the "Mega Conspiracy", which they use 150 times in the document.

    How does this relate to Napster? Did Megaupload not remove infringing content when informed of it? Or am I misremembering what services Megaupload provided?

    According to the indictment, the people running it
    a) Posted pirated content themselves;
    b) Did not remove all the links to a piece pirated content when they got a takedown notice. (When something already there got uploaded, they only kept 1 copy on the server but now had 2(+) links to it. When they got a DMCA takedown for one of the links, they only removed that link and not the content);
    c) Attempted to leech the entirety of youtube and copy it onto their service;
    d) Repeatedly used their own service to watch copyrighted material;
    e) Gave money to users who they knew were posting pirated material -

    100 USD [USERNAME DELETED] 10+ Full popular DVD rips (split files), a few small porn movies, some software with keygenerators (warez)

    There are a number of other minor things in there.

  10. Hasdrubal  •  Jan 20, 2012 @1:11 pm

    Thanks, that makes more sense now.

  11. bkd69  •  Jan 20, 2012 @1:14 pm

    Actually, I see the Megaupload bust as the cherry on top of a SOPA/PIPA protest sundae.

    I think the train of thought of an outsider, ie, someone learning about it because of the blackout like so:

    1. Wait, why's Wikipedia down?
    2. These laws do what?!?
    3. Why am I only hearing about this now?
    4. Wait, they can do all that without passing those laws?

    The interesting question in the case is whether takedown requires file removal or URL removal. If were defending, I'd argue that each URL is tied to an individual user, who may or may not have distribution rights, which the plaintiffs are in a far better position to determine than the defendant, and the existence of the file is incidental. Though case law may have more to say on that than I know, because, after all, IANAL.

    Of course, they're robably hung on the direct infringement claims, if substantiated.

  12. Ken  •  Jan 20, 2012 @1:21 pm

    The interesting question in the case is whether takedown requires file removal or URL removal. If were defending, I'd argue that each URL is tied to an individual user, who may or may not have distribution rights, which the plaintiffs are in a far better position to determine than the defendant, and the existence of the file is incidental. Though case law may have more to say on that than I know, because, after all, IANAL.

    Sure, but bear in mind again that you are talking about takedown provisions that apply to civil liability, not criminal liability.

  13. Myk  •  Jan 20, 2012 @2:08 pm

    As a New Zealander, I was astonished that we had to learn of the arrests/indictment from BBC – no mention of it on the NZ news until several hours after the fact.

    That aside, the tinfoil hats here are drawing connections to the recently enacted 'skynet' legislation (which provides for termination, after three notices, of internet connections for repeat copyright infringers). Much discussion here revolves around the apparent requirement for both countries (USA & NZ) to have penalties of 12+ months imprisonment before extradition is a possibility.

    IANAL, but as the servers were apparently based in the USA, and given that no laws that I know of in NZ provide for such sentences, maybe Ken could shed some light on the basis for the extradition?

  14. TheOtherMatt  •  Jan 20, 2012 @2:22 pm

    But to limit civil liability without criminal protections would open the door for an asshat prosecutor to repeat the viacom v youtube suit with criminal charges… Oh wait… I say The Internet should form it's own political party . Imagine Jimbo Wales 2016

  15. Ken  •  Jan 20, 2012 @2:29 pm

    But to limit civil liability without criminal protections would open the door for an asshat prosecutor to repeat the viacom v youtube suit with criminal charges…

    A federal case like this one requires a gigantic investment of limited prosecutorial resources. Mass duplication isn't likely.

    I say The Internet should form it's own political party . Imagine Jimbo Wales 2016

    Will he make LEEEEROY JENKINS his running mate?

  16. Roger Smart  •  Jan 20, 2012 @3:39 pm

    Yes please, more details. This case should be very interesting to follow considering who Megaupload retained as their attorney.

  17. Jay  •  Jan 20, 2012 @3:41 pm

    @The Other Matt I think the most damning part of the indictment in terms of jurisdiction is that payments were made to US citizens for posting pirated materials holding a US copyright – not to in any way condone the drug war, but if say a Mexican drug cartel kingpin paid a US citizen to murder a competitor in the US, I think it a fair case could be made for extradition for US prosecution (please correct me if I'm wrong).

    That being said, copyright laws in the US and abroad are in dire need of reform, and this indictment *could* have a significant freezing effect on that reform. Let's say a country with a US extradition policy wanted to redefine their concept of fair use or safe harbor, that won't accomplish much if the Feds can come in and demand extradition based on their own copyright laws. I doubt it would happen without any regularity (Mega was obviously targeted both for their scope and their *alleged* disregard for any notion of IP – by *allegedly* uploading copyrighted materials themselves and *allegedly* making cash payments for uploaders with knowledge of infringement).

    Although the freezing element causes room for concern, this indictment is much less terrifying then SOPA, as its scope appears limited to members who has some sort of *alleged* significant involvement with the conspiracy. If Carpathia and Cogent for example had ended up as defendants, this would have been real cause for concern.

  18. Jay  •  Jan 20, 2012 @3:43 pm

    Please excuse my typos / fat fingers.

  19. Scott Jacobs  •  Jan 20, 2012 @4:17 pm

    the Fourth Circuit, in its wisdom

    OK, be honest with me…

    You were rolling your eyes when you typed that…

  20. Steve Wells  •  Jan 20, 2012 @4:41 pm

    I have never before heard a prosecutor (whether ex or current) admit to thinking about reverse cowgirl while being yelled at by the judge. Of course, as a defense lawyer, I think that judges don't yell at prosecutors very much. My own thoughts during judicial dressing downs are usually along the lines of "This is so much bullshit. Why am I not fishing?" I imagine that next time, I'll think about reverse cowgirl.

    I by and large agree with your assessment of including overt acts in an indictment. One exception that helps me is money-laundering cases. Most of the time the discovery is merely copies of thousands of pages of bank records with only about 5 pages of DEA 6s or FBI 302s. Having overt acts in the indictment can help pinpoint particular transactions or dates to examine. Generally, though, overt acts are included with salacious detail rather than what is required by the rules.

  21. David Schwartz  •  Jan 20, 2012 @7:15 pm

    "If Ken notices that I'm pirating his magnum opus and sends a takedown notice to Megaupload, they would, without protest, disable my download link, preventing me or any of my friends from getting the PDF I uploaded. But the key is that they're only killing my download link. Unless Ken sent a separate takedown notice for Patrick's link, they won't touch that one. So people can still download the exact same PDF from the exact same servers So the pirated file is still there, and people are still downloading it, even after the “takedown.”"

    This argument elevates form over substance. Their deduplication is just a technical convenience to save storage space. It shouldn't change the legal effect of takedown notices or their obligation in responding to them. Otherwise, a single person misusing a work could deny others access to that work even though their accesses weren't infringing and this would be strictly a consequence of the deduplication they perform, not due to any legal requirement.

    It is the obligation of the person sending the DMCA notification to identify the infringing content and the obligation of the person receiving it is fully satisfied by preventing the identified access methods from functioning.

  22. Ken  •  Jan 20, 2012 @7:24 pm

    Their deduplication is just a technical convenience to save storage space. It shouldn't change the legal effect of takedown notices or their obligation in responding to them. Otherwise, a single person misusing a work could deny others access to that work even though their accesses weren't infringing and this would be strictly a consequence of the deduplication they perform, not due to any legal requirement.

    It is the obligation of the person sending the DMCA notification to identify the infringing content and the obligation of the person receiving it is fully satisfied by preventing the identified access methods from functioning.

    If this is a correct statement of the law under the DMCA, then it seems an indication that the law has not caught up with the technology. I know the argument may be "hey, all these people with download links are just hosting the ripped DVD of Avatar on Megaupload to back up their lawful copy, which is legal, whatever the MPAA says." I actually agree that backing up your DVD is, and ought to be, legal. But the notion that "hey, for all we know, all these other links to Avatar — other than the link posted on the internet that you pointed us to — are legitimate users just making a backup of their own DVD" seems to be just that — a fiction. It's a particularly problematical fiction if the feds are being truthful in saying that Megaupload was handing out cash to people who uploaded ripped DVDs that resulted in lots of downloads. That might be the law, but if it is, it seems like the law is something of an ass on that point.

    Of course, if host sites wanted to resolve this dilemma, they could say "you're not allowed to store your backup copies of copyrighted works on this site," resolving the question.

  23. Will  •  Jan 20, 2012 @7:36 pm

    Well I help out a small software company with keeping pirated copies off the net, I'm not under the illusion that's actually possible – more of an effort to make it a bit more inconvenient for pirates.

    One of the problems with Megaupload like sites is its easy or infringers to upload, but a PITA to track down and put in the takedown notices to get something removed. Mean while Megaupload profits by showing ads, selling premium accounts etc. I wouldn't be surprised if most of the content they hosted did infringe copyright.

    I'm not suggesting legislation like SOPA is warrented, but I'm not teary eyed seeing megaupload disappear either.

  24. piperTom  •  Jan 21, 2012 @7:21 am

    The indictment included e-mails "recited on the pretext that sending the email was an overt act"?! If e-mail is a overt act, then so is talking and "overt" loses all meaning.

  25. John Burgess  •  Jan 21, 2012 @7:36 am

    @piperTom: I'm pretty sure the fruit of wiretaps and room bugs is frequently used to identify 'overt acts'. So, talking can indeed be an overt act in supporting a charge of conspiracy.

  26. Cathy  •  Jan 21, 2012 @10:43 am

    David's take on the DMCA seems correct, and, as plenty of recent cases (that this indictment seems completely unaware of) explain, for perfectly sound reasons that vindicate the Congressional intent behind the law.

    My question: has anyone seen the warrant? If the existence of 39 allegedly infringing files was enough to allow the issuance of one we'll need to have a good hard look at exactly what that means for the continued viability of the DMCA safe harbor.

  27. Ken  •  Jan 21, 2012 @11:29 am

    Cathy, I am looking for the warrants, but I suspect they have not been unsealed.

    Is it your theory that the DMCA directly limits criminal liability (as opposed to indirectly, as in "our attempts to comply with DMCA show our lack of criminal intent")? If so, can you point out how? The plain language of the DMCA seems only to limit civil penalties for infringement.

  28. Cathy  •  Jan 21, 2012 @12:06 pm

    I need to look into this further, but I think what's happening is that the indictment pre-supposes that MU is not eligible for the safe harbor. Therefore it is guilty of infringement, and somehow that infringement rises to the level of criminality.

    Personally I think the underlying assumption is wrong and MU *was* in fact eligible for the safe harbor. In which case it would not liable for any infringement, criminal or otherwise.

    But in any case I'm thinking that has to be the way it works, because if the DMCA were only to limit civil liability, not criminal liability, it would be effectively useless.

  29. Ken  •  Jan 21, 2012 @12:12 pm

    I'm not sure, Cathy. The way I read the plain language, the DMCA limits civil liability for infringement rather than limiting the definition of infringement.

    Practically speaking the scienter requirement for criminal violations is a major barrier, not to mention the limited resource issue.

  30. Cathy  •  Jan 21, 2012 @12:19 pm

    Infringement is infringement. Either you're liable for it or you're not, either you did it or you did. The means for seeking remedy are either civil or criminal. I can't imagine the statute being interpreted so that you could be criminally liable and yet NOT civilly liable. The DMCA has the effect of defining DMCA-compliant hosting as a non-infringement. That should end the story even though it didn't explicitly say so with criminal language.

    (Caution: in desperate need of a nap, in the event this doesn't make sense. But I think the underlying theory is sound.)

  31. Ken  •  Jan 21, 2012 @12:22 pm

    It's perfectly sound as a description of what the law should be. I'm just thinking its not supported by the statutory language.

  32. Cathy  •  Jan 21, 2012 @12:31 pm

    I think you have to take chapter 5 as a whole, not just 512 or 506 on their own.

  33. David Schwartz  •  Jan 21, 2012 @2:49 pm

    The point is, the DMCA puts the obligation on the notifier to identify the infringing content. It is not the responsibility of the person receiving the notice to scour their network for every logical copy of the infringing work and remove or disable them.

    The result may seem absurd in this particular case, but only because this is an edge case. Suppose people start getting around this rule by adding a few zero bytes at the end of the work. Should someone receiving a takedown notice search for "nearly identical" copies?

    What if they use delta compression and store works be means of a table of portions of similar works and deltas? Now removing the actual data subject to a takedown notice (rather than just disabling the access method complained of) may disable completely different, but coincidentally similar, works. It may disable works that include portions of the complained of work that are used fairly in other works.

    No, the law is bang on — it is the obligation of the person issuing the notice to ensure the method complained of is infringing and the obligation of the recipient to disable the method of access they now know is infringing. If you start to require them to do other things, you either create the very liability the law was supposed to remove, create a situation where legitimate takedown notices disable works not covered, or you heavily restrict the technical means that can be used to store information.

  34. Orin Kerr  •  Jan 21, 2012 @9:53 pm

    Cathy,

    Ken is right on this: The safe-harbor is only about civil liability. Note that when it comes to civil versus criminal copyright law, there are a bunch of differences. For example, criminal copyright liability requires awareness that one is breaking the law and intent to break the law; that is not a requirement for civil copyright liability.

  35. Renee Marie Jones  •  Jan 22, 2012 @8:59 am

    Individuals in the media industry and government were testifying under oath before congress that this sort of action was not possible without new legislation at the same time they were organizing this action. Since this shows they are willing to lie in congressional testimony, why should be believe anything such liars say?

  36. joe  •  Jan 22, 2012 @10:31 am

    Was this planned to coincide with the PIPA/Sopa votes well in advance?

  37. Peter  •  Jan 22, 2012 @12:44 pm

    Press reports in New Zealand say the raid was timed for the early hours following the celebration of Mr Dotcom's birthday, when it was believed a number of the persons sought would be found still on the premises. As it turned one had already departed, but was located via simultaneous raids on several locations throughout the city.

  38. mojo  •  Jan 23, 2012 @3:19 pm

    Hey, they forgot "Conspiracy to Lurk with Intent to Gawk"…

  39. Ken  •  Jan 24, 2012 @3:14 pm

    Orin Kerr showing up to say I was right reminded me of this scene.

  40. David Schwartz  •  Jan 27, 2012 @4:12 pm

    It happened just as I said. A legitimate takedown notice for a work that included portions of another work caused the embedded work to be removed from YouTube. The takedown notice was legitimate, but YouTube expanded its scope (as the government seems to think MegaUpload should have), and legitimate works were removed.

5 Trackbacks