jump to navigation

Mega’s Aggressive Takedown Policy? February 1, 2013

Posted by Bill Rosenblatt in Law, New Zealand, Services.
add a comment

Here is an interesting addendum to last week’s story about Mega, the new file storage service from Kim Dotcom of MegaUpload fame.

Recall that Mega encrypts files that users store on its servers, with keys that only the users know… unless they publish URLs that contain the keys, like this one.  This means that Mega can’t know whether or not files on its servers are infringing, unless a user publishes a URL like that.

As TorrentFreak has found, Mega is crawling the web in search of public URLs that contain Mega encryption keys.  When it finds one, it proactively removes the content from its server — at least if the file in question contains audio or video content — and it sends the user who uploaded the file a message saying that it has taken down the file due to receipt of a takedown notice from the copyright owner.

It’s impossible to say for sure whether this is a blanket policy, and of course Mega’s web-crawling technology probably doesn’t work perfectly.  But if this is Mega’s policy, then Mega is being at least as aggressive as RapidShare in going after public links to infringing content.  RapidShare finds public links to files on its service and, apparently, examines them with content identification technology to see if they are infringing.  According to TorrentFreak’s findings, Mega does no analysis; it uses no fingerprinting or other content identification technology; it just takes the content down.  It has taken down unambiguously legal content.  (My file wasn’t taken down, because it’s just a PDF of a presentation that I created, and/or because it’s only on this blog and not on a known P2P index site.)

Mega could be doing this in order to conform to the terms of Kim Dotcom’s arrest.  Whatever the reason, it helps make sure that pirated material on Mega can only be shared by sending encryption keys through means such as email… or perhaps URLs  that are publicly available but are themselves encrypted.  And if you truly want to share audio or video material to which you have the rights, then Mega wasn’t going to be the best place for you anyway.

A commenter on TechDirt put it best: “So we’re still allowed to share the stuff, but just not on linking sites? Seems fair enough to me. Probably for the best too, since some dumbasses clearly don’t know how to hide their copyrighted material properly.”

Kim Dotcom Embraces DRM January 22, 2013

Posted by Bill Rosenblatt in DRM, New Zealand, Services.
add a comment

Kim Dotcom launched a new cloud file storage service, the New Zealand-based Mega, last weekend on the one-year anniversary of the shutdown of his previous site, the notorious MegaUpload.  (The massive initial interest in the site* prevented me from trying out the new service until today.)

Mega encrypts users’ files, using what looks like a content key (using AES-128) protected by 2048-bit RSA asymmetric-key encryption.  It derives the latter keys from users’ passwords and other pseudo-random data.  Downloading a file from a Mega account requires knowing either the password that was used to generate the RSA key (i.e., logging in to the account used to upload the file) or the key itself.

Hmm.  Content encrypted with symmetric keys that in turn are protected by asymmetric keys… sounds quite a bit like DRM, doesn’t it?

Well, not quite.  While DRM systems assume that file owners won’t want to publish keys used to encrypt the files, Mega not only allows but enables you to publish your files’ keys.  Mega lets you retrieve the key for a given file in the form of a URL; just right-click on the file you want and select “Get link.”   (Here‘s a sample.)  You can put the resulting URL into a blog post, tweet, email message, or website featuring banner ads for porn and mail-order brides.

(And of course, unlike DRM systems, once you obtain a key and download a file, it’s yours in unencrypted form to do with as you please.  The encryption isn’t integrated into a secure player app.)

Yet in practical terms, Mega is really no different from file-storage services that let users publish URLs to files they store — examples of which include RapidShare, 4Shared, and any of dozens of file transfer services (YouSendIt, WhaleMail, DropSend, Pando, SendUIt, etc.).

Mega touts its use of encryption as a privacy benefit.  What it really offers is privacy from the kinds of piracy monitoring services that media companies use to generate takedown notices — an application of encryption that hardcore pirates have used and that Kim Dotcom purports to “take … out to the mainstream.”  It will be impossible to use content identification technologies, such as fingerprinting, to detect the presence of copyrighted materials on Mega’s servers.  RapidShare, for example, analyzes third-party links to files on its site for potential infringements; Mega can’t do any such thing, by design.

Mega’s use of encryption also plays into the question of whether it could ever be held secondarily liable for its users’ infringements under laws such as DMCA 512 in the United States.  The Beltway tech policy writer Paul Sweeting wrote an astute analysis of Mega’s chances against the DMCA over the weekend.

Is Kim Dotcom simply thumbing his nose at Big Media again?  Or is he seriously trying to make Mega a competitor to legitimate, prosaic file storage services such as DropBox?  The track records of services known for piracy trying to go “legit” are not encouraging — just ask Bram Cohen (BitTorrent Entertainment Network) or Global Gaming Factory (purchasers of The Pirate Bay’s assets).  Still, this is one to watch as the year unfolds.

*Or, just possibly, server meltdowns faked to generate mountains of credulous hype?

IFPI Claims Success of Progressive Reponse in Curbing Infringement January 30, 2012

Posted by Bill Rosenblatt in Europe, Law, New Zealand.

The International Federation for the Phonographic Industry (IFPI), the global umbrella of national music trade associations like the RIAA in the United States, published its annual Digital Music Report last week.  Among the most interesting findings is results of studies of the effects of the progressive response law enacted in France in 2009.

The French Creation and Internet Law, which is referred to as “Hadopi” after the agency it created (Haute Autorité pour la Diffusion des Oeuvres et la Protection des droits sur l’Internet), is one of a handful of so-called progressive response regimes, in which ISPs in a given country are obliged to respond to complaints about file-sharing by issuing a series of increasingly stern warnings and then potentially suspending their Internet accounts or fining them.

IFPI worked with Nielsen to measure Hadopi’s effects on file-sharing in France, and found that the effect was to decrease file-sharing by 26% over the year after Hadopi’s October 2010 implementation, although the numbers have been creeping back up a bit since October 2011.  IFPI’s report also published the results of a separate academic study by economists at Carnegie-Mellon University and Wellesley College that claims a net increase of 22.5-25% in paid iTunes music downloads from before to after Hadopi was implemented.

The IFPI report also cites studies that show that warning messages have an effect: a May 2011 study found that 50% of people who either received a Hadopi notice or knew someone who got one stopped their illegal file-sharing.  The same measurement for South Korea, another country with progressive response in place, was 70%.

Critics of progressive response reply that P2P file-sharing has been decreasing anyway, that file-sharing is “yesterday’s problem” as copyright infringement moves from file-sharing networks to torrent sites, cyberlockers, and other places.  It’s hard to argue that the reduction of 26% in French file-sharing means “piracy has decreased by 26%” (and in fact IFPI isn’t arguing that at all).  Yet the graph in the IFPI report clearly indicates a drop in file-sharing activity that coincides with the deployment of Hadopi.

It’s worth bearing in mind that the vast majority of Hadopi activity is warnings, which fall under the heading of “education” instead of “technical protection measures,” because the warnings don’t actually prevent users from doing anything that they could do before.

At the same time, there is one sour note in the IFPI report: in a discussion of the graduated response system in New Zealand (which accompanied a decrease in P2P usage of 16%), rights holders complain that “the high cost of notifications to ISPs … could prevent the graduated response system being used over the long term to optimum effect.”  In other words, it’s not enough to have a government-mandated requirement for ISPs to act on complaints of file-sharing; copyright owners also don’t want to have to pay to generate the complaints.  I don’t know what they call this in New Zealand, but in France, Marie Antoinette might have called it “Qu’ils ont de la brioche et la manger aussi.”*

P.S. The IFPI Digital Music Report also contains the very exciting statistic that the total of paying users of music subscription services has shot up 65% over the past year to an estimated 13 million plus.  That number blows by the 10 million that I thought would be reached by next September.

*”Let them have their cake and eat it too.”


Get every new post delivered to your Inbox.

Join 710 other followers