Among other things, the Government argued that, even if the individuals are never extradited to the United States, the Government can simply ignore Rule 4’s requirement that the summons be mailed to Megaupload’s “last known address within the district or to its principal place of business elsewhere in the United States” and instead mail it to an alternate destination. (See Dkt. 159 at 3-4 (suggesting that the Government could mail the summons to the Commonwealth of Virginia’s State Corporation Commission; or to the warehouse of third party vendor Carpathia Hosting; or to other third parties).) Previously, the Government had even suggested that Rule 4’s mailing requirement is merely hortatory, and that “[s]ervice of process in the corporate context . . . is complete upon delivering the summons to an officer or agent” of the corporation. (Dkt. 117 at 9-10.)

The Government’s letter is directly relevant to the Court’s consideration of Megaupload’s pending motion to dismiss without prejudice, as it contradicts the Government’s repeated contention that it can validly serve Megaupload—a wholly foreign entity that has never had an office in the United States—without regard for Rule 4’s mailing requirement. To the contrary, the Government explicitly acknowledges in the letter that it has a “duty” under the current Rule to mail a copy of the summons to a corporate defendant’s last known address within the district or to its principal place of business elsewhere in the United States. (See Exhibit 1 at 2.) Moreover, by seeking to have the mailing requirement eliminated, the Government implicitly admits it cannot validly serve Megaupload consistent with Rule 4 as currently written. Finally, contrary to the Government’s contentions before this Court that Rule 4’s existing provisions are mere accidents of drafting, the Government is acknowledging to the Advisory Committee that they are in fact well considered products of “the environment that influenced the original drafters of the Federal Rules of Criminal Procedure,” albeit an environment that the Government believes “no longer exists,” given what it calls the “new reality” of “federal criminal practice.” (Id. at 2- 3.) To the extent that the Government would urge this Court to work the same substantive modification of Rule 4 that it is urging upon the Advisory Committee, this Court should be forthrightly advised in the premises as to the nature of the Government’s request and the reasoning behind it.

The Government’s letter to the Advisory Committee thus confirms what Megaupload has argued all along—that the Government indicted Megaupload, branded it a criminal, froze every penny of its assets, took its servers offline, and inflicted a corporate death penalty, notwithstanding the fact that the Government had no prospect of serving the company in accordance with current law, yet to be amended. Megaupload should not be made to bear the burdens of criminal limbo while the Government seeks to rewrite the Federal Rules to suit its purposes.

Sec.A17.031. SUBSTITUTED SERVICE THROUGH SOCIAL MEDIA WEBSITE. (a) If substituted service of citation is authorized under the Texas Rules of Civil Procedure, the court may prescribe as a method of service under those rules an electronic communication sent to the defendant through a social media website if the court finds that:

(1) the defendant maintains a social media page on that website;

(2) the profile on the social media page is the profile of the defendant;

(3) the defendant regularly accesses the social media page account; and

(4) the defendant could reasonably be expected to receive actual notice if the electronic communication were sent to the defendant’s account.

The court shall enter a declaration declaring that:

1. Plaintiff’s domain name “charles-carreon.com,” plaintiff’s use of the domain name, and plaintiff’s current manner of using his web site, do not violate defendant’s rights;

2. Plaintiff’s use of the domain name “charles-carreon.com,” in its current manner of use, is fair use and protected under the First Amendment, and does not infringe on defendant’s mark;

3. Defendant is not entitled to an injunction against plaintiff using the domain name “charles-carreon.com” or operating the Web site located at the URL “www.charles-carreon.com;” and

4. Plaintiff shall take a total money judgment inclusive of costs in the amount of $725, being the sum of the filing fee and service costs claimed.

Defendant’s opposition is accompanied by an affidavit in which he apologizes to the Court for imposing the need for proceedings connected with service by refusing to waive service. At the same time apologetic and defiant (such as where he declines to concede that plaintiff actually and properly sought waiver of service), Mr. Carreon suggests that he has suffered enough, that he has been vilified on the Internet and subjected to “a brutal onslaught,” and that the pursuit of this litigation reflect “exaggerated dedication.” This affidavit does not provide any valid basis for denying plaintiff’s claim for attorney fees.

It may well be that, in retrospect, defendant Carreon regrets his conduct; certainly the private email he cites in his affidavit was beyond the pale. Still, it is understandable that his own conduct provoked some public criticism. First, he sent a demand letter to Matthew Inman on behalf of a client claiming defamation, even though the client had no valid grounds to complain. Then, when Inman made fun of Mr. Carreon by starting a fund-raising campaign to raise the demanded amount as a donation to charity—and after that fundraising effort went viral—Mr. Carreon brought a frivolous lawsuit against Inman, against the ISP that hosted the fund-raising campaign, and against the American Cancer Society and National Wildlife Federation, the charities to whom Inman had promised to send the public’s donations. This is the conduct that prompted the outpouring of negative commentary to which defendant’s affidavit vaguely refer. And when plaintiff Recouvreur started an anonymous, satirical web site to comment about the controversy, Mr. Carreon threatened to sue both plaintiff and the company through which plaintiff had registered his domain name.

Although Public Citizen agreed to take this case because the litigation that Mr. Carreon was threatening related to several legal issues in which Public Citizen is interested, it hoped to avoid the need for litigation. Having supported Mr. Carreon’s position in a recent case with an amicus brief, it hoped to avoid the need to litigate by reasoning with Mr. Carreon privately. Before any papers were filed, Mr. Levy telephoned Mr. Carreon to discuss the legal issues, calling his attention to the legal reasons why Mr. Carreon’s claims could not possibly succeed, and then followed up the phone call with an enumeration of cases. It was in response to this effort to avoid litigation that Mr. Carreon responded with the strong threat to litigate, to string out litigation, to seek high levels of monetary relief, to delay filing suit for years, in the hope that Public Citizen would no longer be interested in representing Mr. Recouvreur by then, and to file in a jurisdiction that had not yet adopted the legal principles followed in the Ninth Circuit. In light of the fact that Mr. Carreon had already filed his frivolous suit against Inman, which was still pending (it was dismissed shortly after this action was filed, but not before forcing those defendants to incur substantial attorney fees), plaintiff and his counsel took Mr. Carreon’s threats seriously, and accordingly filed this action for a declaratory judgment of non-infringement. Mr. Carreon’s evasion of service, and his refusal to pay the expenses of service until this motion was filed, were simply a continuation of the pattern of abusing judicial process that created the need for this litigation in the first place.

As an officer of the Court, Mr. Carreon should have known better when he began his course of abusive conduct. Although Mr. Carreon now expresses regret that he chose not to execute a waiver of service, nor to “expose [him]self to service,” nor to pay the service expenses when requested, and that this pattern of conduct subjected the Court to motion proceedings in connection with plaintiff’s service efforts, such apologies do not excuse the extra work that his conduct needlessly imposed on plaintiff and his counsel. Plaintiff’s counsel tried to avoid the need to effect service, not only mailing waiver of service forms but also expressly informing Mr. Carreon, by email, that a waiver of service form was coming in the mail.... Counsel also tried to avoid the need to file this motion, by calling Mr. Carreon to meet and confer and discussing with Mr. Carreon the law that requires payment of service expenses. Mr. Carreon refused, first making spurious arguments,... and then resorting to bluster, this time threatening to sue plaintiff’s counsel for not acquiescing in his demands.

[Judge O'Grady] noted that the "plain language" of the law required sending notice to the company's address in the United States. "You don't have a location in the United States to mail it to," he said. "It's never had an address" in the United States.

Not only that, but the government believes it can continue to freeze Megaupload's assets and paralyze its operations even if the judge grants the motion to dismiss. That's because in the government's view, the assets are the proceeds of criminal activity and the prosecution against founder Kim Dotcom will still be pending. The fact that the assets are in the name of Megaupload rather than its founder is of no consequence, the government claimed.

The Government bears the burden of proving that it has validly served Megaupload within the letter of the Rule... and effectively concedes it cannot carry it. So the Government instead urges this Court to rewrite the Rule. It specifically puts forth three alternative arguments that no federal court has ever accepted, as far as we are aware, and for which it cites not a single relevant precedent.

First, the Government argues that, because Megaupload is aware of these proceedings and purportedly had “minimum contacts” with the United States, the Rule has no application. By this argument, the entire Rule can be disregarded wherever the Government deems it unnecessary or perhaps unduly burdensome. Second, the Government contends that, even if it must otherwise conform to the Rule, it may disregard the latter portion of the corporate-service requirement and decline to mail the summons to Megaupload. With this argument, the Government would read out of existence the express mailing requirement of Rule 4(c)(3)(C). Finally, the Government argues that, to the extent it must nod at Rule 4’s mailing requirement, it may ignore the Rule’s express prescription and simply send the summons to an address of its choosing. Here, the Government goes so far as to claim it can deliver the summons to Megaupload’s address in Hong Kong, even though that approach would essentially strike Rule 4(c)(3)(C)’s requirement that the summons be mailed to the company’s “last known address within the district or to its principal place of business elsewhere in the United States.”

The question of service provider neutrality is central to every debate about internet policy. From PayPal cutting off Wikileaks to Twitter pushing back against the feds to the new Righthaven's "spineful" hosting, the responsibility of companies to neutrally protect their customers is a contentious topic.

New Scientist has an interview with Matthew Prince, the CEO of CloudFlare, a network security/performance service for websites. One of their recent high-profile customers was LulzSec, the controversial hacker group that executed a string of takedowns and data breaches last year, but whose own website proved impervious to constant hacking attempts because of CloudFlare. Prince talks about their decision to treat LulzSec the same as any other client:

Internally, we had a debate about the right thing to do. It's important to note that because of the way CloudFlare works, no hacking activity was launched from our network – it was simply a matter of publishing information. So hacking happened in other places and then when they published the information about their exploits it would pass through the CloudFlare network.

So in that sense we're more akin to network provider than a hosting provider. If we were to terminate Lulz Security as a client that wouldn't make the content go away, it wouldn't take it off the internet, it would just make it slow and more vulnerable to attacks. Our goal is to power a better internet. There are a lot of things on the internet that I personally find quite troubling and the list of those things is maybe very different from yours, but our role as a company wasn't to play internet censor.

It's good to see companies standing firm on this point. Anyone who understands the internet knows that it runs on fundamental principles of neutrality. Similarly, anyone who understands innovation online knows how vital it is that companies are able to build off the services of others without fear of discrimination. Sometimes this puts service providers in a tough spot, because the pressure placed on them can be intense—but the ones who navigate the situation without betraying their customers send a powerful message about their commitment to internet ideals.

Interestingly, Prince also explains that because of the way CloudFlare security works, the aggression from the white-hat hacker community (Update: a commenter raised the question: is this really white-hat? That's a great point, and also a separate debate, so I'll just call them 'hackers' for now) against LulzSec actually helped improve security online:

... the attacks against their website just went through the roof. We were actually able to track what those attacks were and provide better and better security over time to help everyone who was on our network.

CloudFlare's core value comes from the fact that every website that is part of our system helps contribute data in order to better protect other websites. As one website gets attacked, the knowledge about that attack is immediately shared with the rest of the websites, so that the system gets smarter and smarter over time.

Stories like this also show that while net neutrality is an important concept, regulating it is ultimately less than ideal. When permitted to function without interference, the nature of the internet already encourages and rewards neutrality, with everyone benefiting the most when nobody discriminates.

This means that we are beginning to get some real-life figures to flesh out the counter-argument that offering people new ways to listen to music online would greatly help to reduce piracy. For example, at the end of last year, Techdirt wrote about a Swedish study that supported this idea. Now we have some new market research on music streaming services in Scandinavia:

While we may think of Sweden as the home of music streaming, the proportion of Norwegians who have access to a music streaming service has increased from 37 to 56 percent in the last six months. For the first time, Norway has surpassed Sweden in this statistic - in Sweden during the same period the corresponding figure increased from 48 to 54 percent.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

• 10% off = 35% increase in sales (real dollars, not units shipped)
• 25% off = 245% increase in sales
• 50% off = 320% increase in sales
• 75% off = 1470% increase in sales

If you'll excuse me for jumping on a Techdirt hobby-horse here, this is another example of the economics of abundance at work. Security products are increasingly becoming commodities. Obviously the software ones -- anti-virus tools, software firewalls, intrusion detection systems -- have a marginal cost of zero, and even many of the hardware devices are built on commodity parts that get cheaper every month. What hasn't gotten cheaper is the expertise required to put the bewildering array of security tools together into a coherent system that's customized for a firm's particular business. Indeed, as security products have gotten more numerous and more complex, it has actually gotten harder to keep track of them all and know which security tools are the best ones to use in any given situation.

And crucially, this isn't something you can outsource to a third party. I've written before (in the context of e-voting) that encryption isn't magic pixie dust that automatically makes a system more secure. The same point applies to security more generally. Having the best firewall in the world won't do you any good if it's not configured properly, or if your network hasn't been designed with security in mind. And because every large organization has different security needs, every organization needs a slightly different security setup.

This creates a huge opening for companies who understand that customers are not looking to buy a security software product, but a suite of software that they can count on to be secure without worrying about the details. We've pointed out that this is essentially the business Red Hat is in: not selling software but selling the expertise of its employees with respect to the software. Security is a big part of that. "Security software" is an infinite good, and the market for it will get increasingly crowded in the future. On the other hand, the expertise needed to build complex software systems securely is as scarce as ever, and such expertise is one of the key ways that software companies can distinguish themselves from the competition.