A Few Notes By A Federal Criminal Practitioner On The Megaupload Indictment

Print This Post

You may also like...

45 Responses

  1. Hasdrubal says:

    How does this relate to Napster? Did Megaupload not remove infringing content when informed of it? Or am I misremembering what services Megaupload provided?

  2. Extra points for mentioning Runequest! :)

  3. Matt says:

    Ken:

    The way i read the 9th circuit rulings on the DMCA as Registered Agent + Complying with Takedown = Safe Harbor admititly my reading of the law is suspect as i swiched from prelaw to Computer Science three weeks into my first semester. But if mega gets safe harbor does that mean the criminal copyright infringement gets knocked out, and hence the conspiracy charges go out the window as well

  4. Matt says:

    "If there is interest I will go into the elements in depth."

    Do you really even have to ask?

    Yes, there is interest.

    Duh.

    :)

  5. TheOtherMatt says:

    Also pet peeve MV is a foreign corporation engaging in commerce on foreign soil. So where did the US get jurisdiction, at Wal-Mart?

  6. Ken says:

    @Matt:

    The way i read the 9th circuit rulings on the DMCA as Registered Agent + Complying with Takedown = Safe Harbor admititly my reading of the law is suspect as i swiched from prelaw to Computer Science three weeks into my first semester. But if mega gets safe harbor does that mean the criminal copyright infringement gets knocked out, and hence the conspiracy charges go out the window as well.

    I haven't done case research on it, but I read it differently. It appears to me that the DMCA safe harbor provisions provide limitations on civil liability for infringement. They don't limit criminal liability and don't re-define what infringement is in the first instance.

  7. Ken says:

    @Matt:

    To be a little more specific, Matt, the safe harbor provisions of the DMCA under 17 U.S.C. section 512(a), provides:

    (a) Transitory Digital Network Communications. — A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the provider's transmitting, routing, or providing connections for, material through a system or network controlled or operated by or for the service provider, or by reason of the intermediate and transient storage of that material in the course of such transmitting, routing, or providing connections, if —

    Nothing in there purports to redefine what infringement is, or to limit criminal liability. The other subsections are similar.

  8. David says:

    Did Megaupload not remove infringing content when informed of it? Or am I misremembering what services Megaupload provided?

    Megaupload used a “deduplication” system to save bandwidth and server space. If I were to upload a PDF of Ken's memoirs, and nobody else has ever uploaded that exact file to Megaupload before, then the site grabs the file from my computer, copies it to the Megaupload servers, and gives me a URL that I (or anybody else I care to send it to) can use to re-download the file at will.

    But if a second person (let's call him “Patrick”) also decides to upload that same PDF, Megaupload will scan it, realize that it already has that file, and won't bother making a second copy of it. Instead, it will just generate a new URL that points to the PDF that was already sitting there.

    Here's the rub. If Ken notices that I'm pirating his magnum opus and sends a takedown notice to Megaupload, they would, without protest, disable my download link, preventing me or any of my friends from getting the PDF I uploaded. But the key is that they're only killing my download link. Unless Ken sent a separate takedown notice for Patrick's link, they won't touch that one. So people can still download the exact same PDF from the exact same servers So the pirated file is still there, and people are still downloading it, even after the “takedown.”

  9. strech says:

    While the indictment does give good basis for the actions taken, it also gives me the feeling that they really wanted to call something the "Mega Conspiracy" so they could say they took down the "Mega Conspiracy", which they use 150 times in the document.

    How does this relate to Napster? Did Megaupload not remove infringing content when informed of it? Or am I misremembering what services Megaupload provided?

    According to the indictment, the people running it
    a) Posted pirated content themselves;
    b) Did not remove all the links to a piece pirated content when they got a takedown notice. (When something already there got uploaded, they only kept 1 copy on the server but now had 2(+) links to it. When they got a DMCA takedown for one of the links, they only removed that link and not the content);
    c) Attempted to leech the entirety of youtube and copy it onto their service;
    d) Repeatedly used their own service to watch copyrighted material;
    e) Gave money to users who they knew were posting pirated material –

    100 USD [USERNAME DELETED] 10+ Full popular DVD rips (split files), a few small porn movies, some software with keygenerators (warez)

    There are a number of other minor things in there.

  10. Hasdrubal says:

    Thanks, that makes more sense now.

  11. bkd69 says:

    Actually, I see the Megaupload bust as the cherry on top of a SOPA/PIPA protest sundae.

    I think the train of thought of an outsider, ie, someone learning about it because of the blackout like so:

    1. Wait, why's Wikipedia down?
    2. These laws do what?!?
    3. Why am I only hearing about this now?
    4. Wait, they can do all that without passing those laws?

    The interesting question in the case is whether takedown requires file removal or URL removal. If were defending, I'd argue that each URL is tied to an individual user, who may or may not have distribution rights, which the plaintiffs are in a far better position to determine than the defendant, and the existence of the file is incidental. Though case law may have more to say on that than I know, because, after all, IANAL.

    Of course, they're robably hung on the direct infringement claims, if substantiated.

  12. Ken says:

    The interesting question in the case is whether takedown requires file removal or URL removal. If were defending, I'd argue that each URL is tied to an individual user, who may or may not have distribution rights, which the plaintiffs are in a far better position to determine than the defendant, and the existence of the file is incidental. Though case law may have more to say on that than I know, because, after all, IANAL.

    Sure, but bear in mind again that you are talking about takedown provisions that apply to civil liability, not criminal liability.

  13. Myk says:

    As a New Zealander, I was astonished that we had to learn of the arrests/indictment from BBC – no mention of it on the NZ news until several hours after the fact.

    That aside, the tinfoil hats here are drawing connections to the recently enacted 'skynet' legislation (which provides for termination, after three notices, of internet connections for repeat copyright infringers). Much discussion here revolves around the apparent requirement for both countries (USA & NZ) to have penalties of 12+ months imprisonment before extradition is a possibility.

    IANAL, but as the servers were apparently based in the USA, and given that no laws that I know of in NZ provide for such sentences, maybe Ken could shed some light on the basis for the extradition?

  14. TheOtherMatt says:

    But to limit civil liability without criminal protections would open the door for an asshat prosecutor to repeat the viacom v youtube suit with criminal charges… Oh wait… I say The Internet should form it's own political party . Imagine Jimbo Wales 2016

  15. Ken says:

    But to limit civil liability without criminal protections would open the door for an asshat prosecutor to repeat the viacom v youtube suit with criminal charges…

    A federal case like this one requires a gigantic investment of limited prosecutorial resources. Mass duplication isn't likely.

    I say The Internet should form it's own political party . Imagine Jimbo Wales 2016

    Will he make LEEEEROY JENKINS his running mate?

  16. Roger Smart says:

    Yes please, more details. This case should be very interesting to follow considering who Megaupload retained as their attorney.

  17. Jay says:

    @The Other Matt I think the most damning part of the indictment in terms of jurisdiction is that payments were made to US citizens for posting pirated materials holding a US copyright – not to in any way condone the drug war, but if say a Mexican drug cartel kingpin paid a US citizen to murder a competitor in the US, I think it a fair case could be made for extradition for US prosecution (please correct me if I'm wrong).

    That being said, copyright laws in the US and abroad are in dire need of reform, and this indictment *could* have a significant freezing effect on that reform. Let's say a country with a US extradition policy wanted to redefine their concept of fair use or safe harbor, that won't accomplish much if the Feds can come in and demand extradition based on their own copyright laws. I doubt it would happen without any regularity (Mega was obviously targeted both for their scope and their *alleged* disregard for any notion of IP – by *allegedly* uploading copyrighted materials themselves and *allegedly* making cash payments for uploaders with knowledge of infringement).

    Although the freezing element causes room for concern, this indictment is much less terrifying then SOPA, as its scope appears limited to members who has some sort of *alleged* significant involvement with the conspiracy. If Carpathia and Cogent for example had ended up as defendants, this would have been real cause for concern.

  18. Jay says:

    Please excuse my typos / fat fingers.

  19. Scott Jacobs says:

    the Fourth Circuit, in its wisdom

    OK, be honest with me…

    You were rolling your eyes when you typed that…

  20. Steve Wells says:

    I have never before heard a prosecutor (whether ex or current) admit to thinking about reverse cowgirl while being yelled at by the judge. Of course, as a defense lawyer, I think that judges don't yell at prosecutors very much. My own thoughts during judicial dressing downs are usually along the lines of "This is so much bullshit. Why am I not fishing?" I imagine that next time, I'll think about reverse cowgirl.

    I by and large agree with your assessment of including overt acts in an indictment. One exception that helps me is money-laundering cases. Most of the time the discovery is merely copies of thousands of pages of bank records with only about 5 pages of DEA 6s or FBI 302s. Having overt acts in the indictment can help pinpoint particular transactions or dates to examine. Generally, though, overt acts are included with salacious detail rather than what is required by the rules.

  21. David Schwartz says:

    "If Ken notices that I'm pirating his magnum opus and sends a takedown notice to Megaupload, they would, without protest, disable my download link, preventing me or any of my friends from getting the PDF I uploaded. But the key is that they're only killing my download link. Unless Ken sent a separate takedown notice for Patrick's link, they won't touch that one. So people can still download the exact same PDF from the exact same servers So the pirated file is still there, and people are still downloading it, even after the “takedown.”"

    This argument elevates form over substance. Their deduplication is just a technical convenience to save storage space. It shouldn't change the legal effect of takedown notices or their obligation in responding to them. Otherwise, a single person misusing a work could deny others access to that work even though their accesses weren't infringing and this would be strictly a consequence of the deduplication they perform, not due to any legal requirement.

    It is the obligation of the person sending the DMCA notification to identify the infringing content and the obligation of the person receiving it is fully satisfied by preventing the identified access methods from functioning.

  22. Ken says:

    Their deduplication is just a technical convenience to save storage space. It shouldn't change the legal effect of takedown notices or their obligation in responding to them. Otherwise, a single person misusing a work could deny others access to that work even though their accesses weren't infringing and this would be strictly a consequence of the deduplication they perform, not due to any legal requirement.

    It is the obligation of the person sending the DMCA notification to identify the infringing content and the obligation of the person receiving it is fully satisfied by preventing the identified access methods from functioning.

    If this is a correct statement of the law under the DMCA, then it seems an indication that the law has not caught up with the technology. I know the argument may be "hey, all these people with download links are just hosting the ripped DVD of Avatar on Megaupload to back up their lawful copy, which is legal, whatever the MPAA says." I actually agree that backing up your DVD is, and ought to be, legal. But the notion that "hey, for all we know, all these other links to Avatar — other than the link posted on the internet that you pointed us to — are legitimate users just making a backup of their own DVD" seems to be just that — a fiction. It's a particularly problematical fiction if the feds are being truthful in saying that Megaupload was handing out cash to people who uploaded ripped DVDs that resulted in lots of downloads. That might be the law, but if it is, it seems like the law is something of an ass on that point.

    Of course, if host sites wanted to resolve this dilemma, they could say "you're not allowed to store your backup copies of copyrighted works on this site," resolving the question.

  23. Will says:

    Well I help out a small software company with keeping pirated copies off the net, I'm not under the illusion that's actually possible – more of an effort to make it a bit more inconvenient for pirates.

    One of the problems with Megaupload like sites is its easy or infringers to upload, but a PITA to track down and put in the takedown notices to get something removed. Mean while Megaupload profits by showing ads, selling premium accounts etc. I wouldn't be surprised if most of the content they hosted did infringe copyright.

    I'm not suggesting legislation like SOPA is warrented, but I'm not teary eyed seeing megaupload disappear either.

  24. piperTom says:

    The indictment included e-mails "recited on the pretext that sending the email was an overt act"?! If e-mail is a overt act, then so is talking and "overt" loses all meaning.

  25. John Burgess says:

    @piperTom: I'm pretty sure the fruit of wiretaps and room bugs is frequently used to identify 'overt acts'. So, talking can indeed be an overt act in supporting a charge of conspiracy.

  26. Cathy says:

    David's take on the DMCA seems correct, and, as plenty of recent cases (that this indictment seems completely unaware of) explain, for perfectly sound reasons that vindicate the Congressional intent behind the law.

    My question: has anyone seen the warrant? If the existence of 39 allegedly infringing files was enough to allow the issuance of one we'll need to have a good hard look at exactly what that means for the continued viability of the DMCA safe harbor.

  27. Ken says:

    Cathy, I am looking for the warrants, but I suspect they have not been unsealed.

    Is it your theory that the DMCA directly limits criminal liability (as opposed to indirectly, as in "our attempts to comply with DMCA show our lack of criminal intent")? If so, can you point out how? The plain language of the DMCA seems only to limit civil penalties for infringement.

  28. Cathy says:

    I need to look into this further, but I think what's happening is that the indictment pre-supposes that MU is not eligible for the safe harbor. Therefore it is guilty of infringement, and somehow that infringement rises to the level of criminality.

    Personally I think the underlying assumption is wrong and MU *was* in fact eligible for the safe harbor. In which case it would not liable for any infringement, criminal or otherwise.

    But in any case I'm thinking that has to be the way it works, because if the DMCA were only to limit civil liability, not criminal liability, it would be effectively useless.

  29. Ken says:

    I'm not sure, Cathy. The way I read the plain language, the DMCA limits civil liability for infringement rather than limiting the definition of infringement.

    Practically speaking the scienter requirement for criminal violations is a major barrier, not to mention the limited resource issue.

  30. Cathy says:

    Infringement is infringement. Either you're liable for it or you're not, either you did it or you did. The means for seeking remedy are either civil or criminal. I can't imagine the statute being interpreted so that you could be criminally liable and yet NOT civilly liable. The DMCA has the effect of defining DMCA-compliant hosting as a non-infringement. That should end the story even though it didn't explicitly say so with criminal language.

    (Caution: in desperate need of a nap, in the event this doesn't make sense. But I think the underlying theory is sound.)

  31. Ken says:

    It's perfectly sound as a description of what the law should be. I'm just thinking its not supported by the statutory language.

  32. Cathy says:

    I think you have to take chapter 5 as a whole, not just 512 or 506 on their own.

  33. David Schwartz says:

    The point is, the DMCA puts the obligation on the notifier to identify the infringing content. It is not the responsibility of the person receiving the notice to scour their network for every logical copy of the infringing work and remove or disable them.

    The result may seem absurd in this particular case, but only because this is an edge case. Suppose people start getting around this rule by adding a few zero bytes at the end of the work. Should someone receiving a takedown notice search for "nearly identical" copies?

    What if they use delta compression and store works be means of a table of portions of similar works and deltas? Now removing the actual data subject to a takedown notice (rather than just disabling the access method complained of) may disable completely different, but coincidentally similar, works. It may disable works that include portions of the complained of work that are used fairly in other works.

    No, the law is bang on — it is the obligation of the person issuing the notice to ensure the method complained of is infringing and the obligation of the recipient to disable the method of access they now know is infringing. If you start to require them to do other things, you either create the very liability the law was supposed to remove, create a situation where legitimate takedown notices disable works not covered, or you heavily restrict the technical means that can be used to store information.

  34. Orin Kerr says:

    Cathy,

    Ken is right on this: The safe-harbor is only about civil liability. Note that when it comes to civil versus criminal copyright law, there are a bunch of differences. For example, criminal copyright liability requires awareness that one is breaking the law and intent to break the law; that is not a requirement for civil copyright liability.

  35. Renee Marie Jones says:

    Individuals in the media industry and government were testifying under oath before congress that this sort of action was not possible without new legislation at the same time they were organizing this action. Since this shows they are willing to lie in congressional testimony, why should be believe anything such liars say?

  36. joe says:

    Was this planned to coincide with the PIPA/Sopa votes well in advance?

  37. Peter says:

    Press reports in New Zealand say the raid was timed for the early hours following the celebration of Mr Dotcom's birthday, when it was believed a number of the persons sought would be found still on the premises. As it turned one had already departed, but was located via simultaneous raids on several locations throughout the city.

  38. mojo says:

    Hey, they forgot "Conspiracy to Lurk with Intent to Gawk"…

  39. Ken says:

    Orin Kerr showing up to say I was right reminded me of this scene.

  40. David Schwartz says:

    It happened just as I said. A legitimate takedown notice for a work that included portions of another work caused the embedded work to be removed from YouTube. The takedown notice was legitimate, but YouTube expanded its scope (as the government seems to think MegaUpload should have), and legitimate works were removed.

  1. January 21, 2012

    […] Some reactions to Megaupload indictment [Julian Sanchez, Ken at Popehat] […]

  2. January 28, 2012

    […] news today concerning the Megaupload takedown […]

  3. February 18, 2012

    […] Megaupload last month over various conspiracy charges, the move and its timing were viewed (whether wrongly or rightly) as being connected to SOPA/PIPA, and Anonymous went after the FBI, Department of Justice and other […]

  4. February 18, 2012

    […] Megaupload last month over various conspiracy charges, the move and its timing were viewed (whether wrongly or rightly) as being connected to SOPA/PIPA, and Anonymous went after the FBI, Department of Justice and other […]

  5. February 18, 2012

    […] Megaupload last month over various conspiracy charges, the move and its timing were viewed (whether wrongly or rightly) as being connected to SOPA/PIPA, and Anonymous went after the FBI, Department of Justice and other […]