No, Kim Dotcom's New Mega Service Does Not 'Dismantle Copyright Forever'

from the a-step-forward dept

There's been lots of anticipation about Kim Dotcom's new "Mega" service. We've mostly held off commenting despite all the speculation and rumors, because, well, they were all speculation and rumors, and Dotcom has a history of hyping things way up. However, Gizmodo apparently got a sneak peak at the service, which is set to launch tomorrow, and has revealed the basic details, claiming that "this service could dismantle copyright forever." That statement is ridiculous and pure bluster, not at all supported by the service.

From the description, the service does look nice and potentially useful. It's really just a cloud storage system, not an online Dropbox or Box.net or Google Drive. It has a nicely designed file manager feature. The real "difference" is just that Mega has client-side encryption built in. So, basically, you encrypt anything you put into the Mega storage system before you upload it, and thus even Mega doesn't know what's there (mostly) and can't decrypt it. You could hack together something like this with other services, if you just encrypted stuff yourself before uploading it to other cloud drives. By building it in, however, Mega is clearly adding a significant level of convenience.

All in all, it does look like a pretty nice service, and one that may be worth checking out if you use cloud storage regularly. That said, the claims of destroying copyright seem overblown. If the claim that a file can be shared "with a single right-click" is accurate, then once that link is used, it would be simple for anyone with access to Mega's log files -- including Mega and, potentially, government agents -- to decrypt the file and see what's in it. If that claim is an exaggeration, and a key needs to also be shared separately, then it's no different than how encrypted data is shared already. And copyright still exists.

There may be some more details to come out once the product is officially launched tomorrow, but if the service is to be used for sharing, as implied, then there has to be a decryption process somewhere. The Gizmodo piece is as bit unclear, but it sounds like this likely involves two Mega users having their local clients talk to each other somehow to share the decrypt code. But, obviously, a government or Mega itself could potentially also be that local client on the other end. Basically, once you're sharing, the "encryption" issue is still handy, but not a huge deal. And the user may be very liable for infringement.

In the end, it sounds like there are some nice features, and some additional protections from liability for Mega specifically, but I don't see how this "dismantles copyright" even temporarily, let alone forever. Also, given the way the government likes to interpret things, you can bet that if it wanted to, it will make the case that this use of encryption is a form of "inducement" for infringement as well.

All in all, it looks like an interesting product, though hardly revolutionary.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Jan 18th, 2013 @ 2:08pm

    Stop being a killjoy :(

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 18th, 2013 @ 2:09pm

    no chance that the Gismodo reporter was 'incentivised' to report what the service would do to copyright, just to gee law enforcement and congress into believing that the entertainment industries claims about mega were right all along then? you dont think there may have been a good portion of bullshit included in the report, just to spice it up a bit?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Andrew Norton (profile), Jan 18th, 2013 @ 2:11pm

    I've been playing with it for a bit, seems ok, not great.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Lowestofthekeys (profile), Jan 18th, 2013 @ 2:18pm

    I looked at his logic on how the encryption key works with sharing, and frankly, the way Dotcom has this system setup is no different than how you're able to download music through a magent torrent, or files from Google drive.

    However, I am wondering if Mega will make the encryption key for the file/folder random with each share. For example, if you wanted to share a file with 5 of your friend, you would have to generate and send them 5 different keys.

    If that's the case, then I don't see people choosing Mega as a way to share to millions of people.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 18th, 2013 @ 2:46pm

      Re:

      The file is encrypted on the user machine before upload, so the same key can be used by all those you want to share the file, just send them the key, or even publish it with the link.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Franklin G Ryzzo (profile), Jan 18th, 2013 @ 2:55pm

      Re:

      I believe the main purpose of the encryption is to provide Mega with plausible deniabilty in being able to say beyond a shadow of a doubt that they were unaware of whatever the stored content contains. Encryption for the user is just a secondary benefit. My understanding from the Ars review is that the encryption key can be generated within or separately from the download link, but it didn't mention if you can generate user specific decryption keys.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Lowestofthekeys (profile), Jan 18th, 2013 @ 3:44pm

        Re: Re:

        I remember reading about how it would help keep them from getting into legal hot water again (I'm sure the DOJ would find some kind of excuse, nevertheless) and how it would be generated locally, but I wonder if he considered other measures to limiting the ability to share on a massive scale.

        I guess we will find out in the next week or so.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Zos (profile), Jan 18th, 2013 @ 4:02pm

          Re: Re: Re:

          i seriously doubt that was a consideration, i'd kind of assumed the effort was a giant middle finger to the DOJ, with the secondary benefit of user friendly built in crypto.

           

          reply to this | link to this | view in chronology ]

      •  
        icon
        The Groove Tiger (profile), Jan 20th, 2013 @ 1:18pm

        Re: Re:

        Yeah, I think the idea is that even if the key is shared publicly, it could be Mega's policy that they never ever look at keys on the net. So even if I put a link in my website and the key alongside it, Mega wouldn't have looked for it so they can say that they just don't know it.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    weneedhelp (profile), Jan 18th, 2013 @ 2:35pm

    C'mon Kim

    How long until Mega-Tron gets the Mega DOJ to shut down this new Mega service with Mega-lawers?


    About a week.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      anonymouse, Jan 18th, 2013 @ 4:08pm

      Re: C'mon Kim

      I think Dotcom jumped the gun here just a little, he is about to get a lot of money from the DOJ, I suspect, and would be protected from them making any further false allegations without 100% proof, which is what is suspect a judge will say when they apply for a search or seizure warrant.Nobody is going to take him down though, I am sure he will not let that happen again.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Ninja (profile), Jan 21st, 2013 @ 2:25am

        Re: Re: C'mon Kim

        How do you suggest he make money to live and pay for the expenses of the lawsuits then? Work at the grocery store in the next corner? He did what the law mandates and got prosecuted for that. He's just adding further layers to be completely exempt from any of the current accusations.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Renan Decarlo, Jan 18th, 2013 @ 2:52pm

    The problem with the copyright infringement on the old Megaupload was that they were "aware" of what users were uploading. With the new Mega, the file is encrypted before the upload, so they don't know what is being sent.

    The file can only be opened if you have the key, which can only be provided by the uploader of the file.
    The decryption proccess must be done on your computer.

    Mega will not have access to that key nor it'll store it somewhere. As it's done locally, the key might be stored somewhere in the uploader machine.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      akp (profile), Jan 18th, 2013 @ 3:31pm

      Re:

      With the rank technical incompetence of most prosecutors and members of law enforcement, I doubt they'll realize the distinction. They'll couch their accusations in terms of Mega now "circumventing" copy protections or some such drivel.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        alanbleiweiss (profile), Jan 18th, 2013 @ 8:36pm

        Re: Re:

        this is why I need to read TechDirt 24x7. As soon as I read the article just now, I thought "yep - Carmen Ortiz will be given the case, and her "career thugs" will just slap a "clear attempt to circumvent copy protection" in there....

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Tyler, Jan 19th, 2013 @ 4:10am

      Re:

      That can't be true, they would have to store it somewhere, i mean what if you lose it and have no way to access the machine you uploaded it from?

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Jan 21st, 2013 @ 2:52am

      Re:

      Being generally aware that your service may be being used to infringe a law does not make you liable. ISPs are aware their networks are used for illegal stuff, postal services are aware, road operators are aware... None were prosecuted.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Zakida Paul (profile), Jan 18th, 2013 @ 2:52pm

    If it does dismantle copyright forever I will eat my own testicles.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 18th, 2013 @ 2:53pm

    Nodes?

    Well the system is supposed to be decentralized too and there was talk of allowing people to sign up and become nodes. They would sign up and allow their computer to act as a node and files would be stored on there from other users. This way if the main site gets shut down everyone can still access their data.

    If they do go that route and lets say someone uploads an infringing file. Could the MAFIAA would go after that person who's computer it happened to be hosted on as well?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Franklin G Ryzzo (profile), Jan 18th, 2013 @ 3:00pm

      Re: Nodes?

      With the local encryption done by the original uploader prior to sharing the file, and node volunteer should have a fully legitimate defense that they could not have known the content of the stored files. What I'm wondering about is how DMCA takedowns will be handled (if Mega will be honoring them going forward). Will takedowns be done centrally through MEGA or will they be passed on to the node volunteer? And if they are passed on, what is the node volunteers liability for failure to act?

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        akp (profile), Jan 18th, 2013 @ 3:33pm

        Re: Re: Nodes?

        How can they do DMCA takedowns if they don't know what's in a given file?

        Can I court a takedown if I call my vacation video "Prometheus"? Maybe we'll go back to the warez days of calling everything "Potosh00p"

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          alanbleiweiss (profile), Jan 18th, 2013 @ 8:39pm

          Re: Re: Re: Nodes?

          warez? whats warez? Never heard of it. #Innocent #NeverUsedWarez #ExceptWhenICouldntAffordAProgram #WhichMeansPiracyDoesntReduceRevenue #ButYouNeverHeardThatFromMe

           

          reply to this | link to this | view in chronology ]

      •  
        icon
        G Thompson (profile), Jan 18th, 2013 @ 3:46pm

        Re: Re: Nodes?

        Firstly the DMCA is only a quasi-legal notice that absolves providers of liability if and only if they are taken to court by the content holders. If a provider fails to act then there is no liability other than they do not get to affirmatively have a defence under 230. Though this doesn't mean they cannot bring it up in court after the fact.

        As for mega, no idea if they will honour DMCA requests... there is no legal reason why they should and based on previous action against them there is really no ethical reason why they should either.

        The node volunteers liability is up in the air, though firstly Mega needs to state whom the node is (if it can be discovered) and they would require a court order in the jurisdiction thy are within (Mega's jurisdiction not the nodes) and then the Node, again if it's possible to even know the nodes identifiable information (they could just not have logs.. its not illegal to not keep them) has the ability to challenge any orders to find out a postal address and contact name (which is also required for a valid notice under the DMCA). See the problem?

        Also the DMCA is ONLY valid really if the node is within the USA or its territories anywhere else the DMCA is basically toilet paper and personally I suggest it should be used as such (though the ink might stain)

        This could become a more thorny issue and major nail in the coffin then what Bittorrent was. In fact I'm reminded of Napster in that the content owners took Napster to court, destroyed Napster and annoyed millions of people worldwide. Therefore new protocol and services were designed and implemented that did exactly the same as what Napster did but in a decentralised way.

        Sometimes when you try to destroy something, what takes it place is worse or better than what you destroyed... It is all dependent on your viewpoint.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Franklin G Ryzzo (profile), Jan 18th, 2013 @ 5:31pm

          Re: Re: Re: Nodes?

          I completely agree that innovation always outpaces legislation. The internet community truly is a hydra.

          I also agree that it would really surprise me if Mega honors the DMCA anymore after what the DOJ has done to them.

          I suppose we'll have to wait and see how it's all setup, but I'll be really interested to see how the node volunteer program works. My guess is that there will be many Americans that may want to support Mega, and I would have to assume that the DOJ/MAFIAA will be be attempting to take action against them no matter what laws they have to stretch or skirt around after the total failure their case against Dotcom has become.

          I'd assume that if nothing is ever passed on to the node volunteers directly (by this I mean notification of infringement) then the encryption gives them complete deniability of any knowledge of infringement. You also raise an interesting point about the potential, or lack there of, for obtaining records on node volunteers. I'd also be interested to see if the program works anonymously or through a VPN service... I guess we'll find out soon enough.

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          That Anonymous Coward (profile), Jan 18th, 2013 @ 8:26pm

          Re: Re: Re: Nodes?

          Mega used to honor DMCA takedowns.
          Mega gave the cartels extra super duper access beyond legal requirements.
          Mega still got screwed.

          I would suspect that the DMCA response's from Mega will be offshored to TPB. I mean those guys need to earn some money to pay of the insane demands... and the extra smiles all around.

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 18th, 2013 @ 3:22pm

    encryption is the peoples DRM

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      alanbleiweiss (profile), Jan 18th, 2013 @ 8:41pm

      Re:

      ah that's another tactic DOJ could use. Bring in Homeland Insecurity and claim MEGA is supporting terrorists by allowing the encryption prior to upload....

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    New Mexico Mark, Jan 18th, 2013 @ 3:53pm

    Sounds like

    what SpiderOak has been doing for years, but their model is simply charging storage for more than the amount they give away. It will be interesting to see how MEGA monetizes this without access to the contents.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 18th, 2013 @ 5:42pm

    There was some past notes in the news put out, that the copyright holders could access files to remove those deemed infringing but they would be required to sign a statement before getting access about holding Mega blameless for what might be on their servers. This was in particularly aimed at the way the takedown was done with DOJ/ICE previously.

    About the only way that copyright holders will be able to identify files is to be on those file sharing sites to obtain the description, the link, and the encryption key for verification. This is going to mean a lot more eyes and butts occupying computer seats to check. None of the copyright holders are going to wanna do this as it's an increase in people/hours to do so. They are looking at ways to get someone else to pay for removing infringing files.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    FreeCultureForFreePeople, Jan 18th, 2013 @ 6:00pm

    http://www.techdirt.com/articles/20121127/13221421157/german-court-holds-internet-user-responsible-p assing-unknown-encrypted-file.shtml

    A German court recently held a Retroshare user responsible of passing on an encrypted file. Retroshare is an invites-based filesharing network and using its own client software. His computer was only a pass-through between sender and receiver and the encryption made it impossible for him to know the contents of that file. Didn't impress the court, though, and I wonder - could the same twisted 'logic' be applied to Kim's new service, too? I hope not...

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Mr. Applegate, Jan 18th, 2013 @ 6:32pm

      Re:

      " I wonder - could the same twisted 'logic' be applied to Kim's new service, too?"

      Certainly, if your encrypting data (or passing it) then you obviously have something to hide. We will even let you choose your fate, you can be prosecuted as a terrorist or a be prosecuted as a pirate, either way your going to prison for a very long time.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 18th, 2013 @ 6:37pm

        Re: Re:

        And the moon is made of green cheese too didn't you know.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Mr. Applegate, Jan 18th, 2013 @ 6:54pm

          Re: Re: Re:

          There was a time when when you had to be found guilty of something in a court of law to be punished. That is no longer true. Now it is enough that you are accused a few times.

          I suppose Aaron Swartz wasn't disproportionately prosecuted either.

           

          reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 19th, 2013 @ 10:54am

        Re: Re:

        Really, are you a lawyer? Care to explain how this would work if the system was truly fair and impartial? Of course not, save your FUD.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      G Thompson (profile), Jan 18th, 2013 @ 10:57pm

      Re:

      This amuses me especially if you know anything about the transmission of ANY sort of data into packets or even to go fro Digital to Analogue (or vise versa) then you would understand that that too is a form of encryption and decryption.

      Unless you actually place a sniffing program in place to analyse the packets being sent by a network then you have no freakin idea what is being sent around the world via the routers the government or other ISP's in Germany own either. In fact this just proves that the German govt (if they own any form of telecommunication device be it copper cables, satellites, etc etc) should also be charged under this courts fallacious and lets put it bluntly STUPID logic. They haven't just created a sort of legal fiction they have fed it LSD and sent it into orbit.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Mr. Applegate, Jan 18th, 2013 @ 6:21pm

    Enter, Encrypted Cloud Storage Tax.

    Enter need for more super computers (to crack encryption)

    Enter new laws banning encryption without back door key.

    Enter spyware and hacking attempts aimed directly at computers who use Kim Dotcom's New Mega Service and takes the keys right off the end users machine.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 18th, 2013 @ 8:23pm

    At the end of the day, if it becomes popular it might indeed lead to "encryption for the masses" as they say, because I've been wanting for a while for Google and others to offer encryption in the browser for their services.

    If you want to "share" with the masses, then yes it won't make you safe. But if you keep it between a few friends, then at least you cut out the middlemen like Google or Microsoft from knowing what you have in there.

    I'd say that would be a pretty significant progress for cloud services, if Mega managed to popularize this.

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    Niceguy, Jan 18th, 2013 @ 8:35pm

    New mega site

    Providing encryption to users is just another way this CRIMINAL KROUT (Kim Dotcom) can continue his dishonest file sharing behaviour.

    Shame on Prime Minister John Key & Councillor John Banks for allowing this known convicted criminal to be fast tracked for NZ citizenship. Money sure does talk… I hope that kiwis remember this when it comes to the next general election.

    However, they could redeem themselves by revoking his citizenship and handing him over to the FBI… A holiday in gitmo for him and his cronies would be justification indeed.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      alanbleiweiss (profile), Jan 18th, 2013 @ 8:46pm

      Re: New mega site

      "CRIMINAL KROUT"? "gitmo"? wow. You're both a racist and a stooge/lackey for government or the 20th century corporate machine - its so transparent it causes me to spit up my soup as I'm reading...

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      JMT (profile), Jan 19th, 2013 @ 1:24am

      Re: New mega site

      If you're going to resort to immature name-calling, at least spell them right so you avoid looking like an ignorant ass.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    art guerrilla (profile), Jan 19th, 2013 @ 5:00am

    yeah, i'm done with Empire, i'm rooting for the 'bad guys', now...

    go kim go ! ! !

    stick your pudgy fingers in the eye of sauron, just look out when the nazgul take flight...

    i don't know that i even have any use for this service, but i'm going to look into it JUST TO FUCK WITH THE MAN...

    screw Empire, i'm done being associated with a monstrous system built to enrich the powerful...

    Empire must fall, BY ANY MEANS NECESSARY...

    art guerrilla
    aka ann archy
    eof

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      art guerrilla (profile), Jan 21st, 2013 @ 11:45am

      Re: yeah, i'm done with Empire, i'm rooting for the 'bad guys', now...

      (talking to myself and feeling fine...)

      had to try about 4-5 times over 16-18 hours to finally log on and set up an account...
      did so...

      one small 'fuck you' from me, one giant FOAD for the MAFIAA!

      oh, everybody, here is my password: **********
      have at it !

      art guerrilla
      aka ann archy
      eof

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Jan 21st, 2013 @ 3:06am

    That's AWESOME. Back from the ashes and in the face of the MAFIAA and the corruption of DOJ!

    Let us see how things develop. So far the pricing is plain sexy.

    Funny thin, the MAFIAA got me cheering on this guy that would gone past largely unknown/unimportant to me had they not tried to bring him down at all costs. Epic fail for them ;)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    lolzzzzz, Jan 21st, 2013 @ 1:23pm

    and it still doesnt work

    ya so big deal
    nice data mining operation

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 24th, 2013 @ 4:10pm

    Article correction: The key probably cannot be recovered from the logs

    From the screenshot in the Gizmodo article, the request is passing the key as a hashtag reference (in-page link). This does not get transported in the HTTP requests, but is accessible to Javascript on the client side.

    Assuming the Javascript they serve up to clients isn't actively backdoored to push the key back to the server through a separate request, they don't get the key from the download requests. The key in the screenshot is a bit short, though - it's 8 characters of upper+lower case, which is less than 46 bits of data. A real URL from a screen capture at YouTube looks like it has a more realistic length, though: http://youtu.be/-jOHfnNclF0?t=1m6s

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 27th, 2013 @ 8:54pm

    This is really nice. Thanks for your information
    Dot net training in chennai

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This