Hide Techdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

No, Kim Dotcom's New Mega Service Does Not 'Dismantle Copyright Forever'

from the a-step-forward dept

There’s been lots of anticipation about Kim Dotcom’s new “Mega” service. We’ve mostly held off commenting despite all the speculation and rumors, because, well, they were all speculation and rumors, and Dotcom has a history of hyping things way up. However, Gizmodo apparently got a sneak peak at the service, which is set to launch tomorrow, and has revealed the basic details, claiming that “this service could dismantle copyright forever.” That statement is ridiculous and pure bluster, not at all supported by the service.

From the description, the service does look nice and potentially useful. It’s really just a cloud storage system, not an online Dropbox or Box.net or Google Drive. It has a nicely designed file manager feature. The real “difference” is just that Mega has client-side encryption built in. So, basically, you encrypt anything you put into the Mega storage system before you upload it, and thus even Mega doesn’t know what’s there (mostly) and can’t decrypt it. You could hack together something like this with other services, if you just encrypted stuff yourself before uploading it to other cloud drives. By building it in, however, Mega is clearly adding a significant level of convenience.

All in all, it does look like a pretty nice service, and one that may be worth checking out if you use cloud storage regularly. That said, the claims of destroying copyright seem overblown. If the claim that a file can be shared “with a single right-click” is accurate, then once that link is used, it would be simple for anyone with access to Mega’s log files — including Mega and, potentially, government agents — to decrypt the file and see what’s in it. If that claim is an exaggeration, and a key needs to also be shared separately, then it’s no different than how encrypted data is shared already. And copyright still exists.

There may be some more details to come out once the product is officially launched tomorrow, but if the service is to be used for sharing, as implied, then there has to be a decryption process somewhere. The Gizmodo piece is as bit unclear, but it sounds like this likely involves two Mega users having their local clients talk to each other somehow to share the decrypt code. But, obviously, a government or Mega itself could potentially also be that local client on the other end. Basically, once you’re sharing, the “encryption” issue is still handy, but not a huge deal. And the user may be very liable for infringement.

In the end, it sounds like there are some nice features, and some additional protections from liability for Mega specifically, but I don’t see how this “dismantles copyright” even temporarily, let alone forever. Also, given the way the government likes to interpret things, you can bet that if it wanted to, it will make the case that this use of encryption is a form of “inducement” for infringement as well.

All in all, it looks like an interesting product, though hardly revolutionary.

Filed Under: , , , , , ,
Companies: mega

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “No, Kim Dotcom's New Mega Service Does Not 'Dismantle Copyright Forever'”

Subscribe: RSS Leave a comment
Anonymous Coward says:

no chance that the Gismodo reporter was ‘incentivised’ to report what the service would do to copyright, just to gee law enforcement and congress into believing that the entertainment industries claims about mega were right all along then? you dont think there may have been a good portion of bullshit included in the report, just to spice it up a bit?

Lowestofthekeys (profile) says:

I looked at his logic on how the encryption key works with sharing, and frankly, the way Dotcom has this system setup is no different than how you’re able to download music through a magent torrent, or files from Google drive.

However, I am wondering if Mega will make the encryption key for the file/folder random with each share. For example, if you wanted to share a file with 5 of your friend, you would have to generate and send them 5 different keys.

If that’s the case, then I don’t see people choosing Mega as a way to share to millions of people.

Franklin G Ryzzo (profile) says:

Re: Re:

I believe the main purpose of the encryption is to provide Mega with plausible deniabilty in being able to say beyond a shadow of a doubt that they were unaware of whatever the stored content contains. Encryption for the user is just a secondary benefit. My understanding from the Ars review is that the encryption key can be generated within or separately from the download link, but it didn’t mention if you can generate user specific decryption keys.

Lowestofthekeys (profile) says:

Re: Re: Re:

I remember reading about how it would help keep them from getting into legal hot water again (I’m sure the DOJ would find some kind of excuse, nevertheless) and how it would be generated locally, but I wonder if he considered other measures to limiting the ability to share on a massive scale.

I guess we will find out in the next week or so.

anonymouse says:

Re: C'mon Kim

I think Dotcom jumped the gun here just a little, he is about to get a lot of money from the DOJ, I suspect, and would be protected from them making any further false allegations without 100% proof, which is what is suspect a judge will say when they apply for a search or seizure warrant.Nobody is going to take him down though, I am sure he will not let that happen again.

Renan Decarlo says:

The problem with the copyright infringement on the old Megaupload was that they were “aware” of what users were uploading. With the new Mega, the file is encrypted before the upload, so they don’t know what is being sent.

The file can only be opened if you have the key, which can only be provided by the uploader of the file.
The decryption proccess must be done on your computer.

Mega will not have access to that key nor it’ll store it somewhere. As it’s done locally, the key might be stored somewhere in the uploader machine.

Anonymous Coward says:


Well the system is supposed to be decentralized too and there was talk of allowing people to sign up and become nodes. They would sign up and allow their computer to act as a node and files would be stored on there from other users. This way if the main site gets shut down everyone can still access their data.

If they do go that route and lets say someone uploads an infringing file. Could the MAFIAA would go after that person who’s computer it happened to be hosted on as well?

Franklin G Ryzzo (profile) says:

Re: Nodes?

With the local encryption done by the original uploader prior to sharing the file, and node volunteer should have a fully legitimate defense that they could not have known the content of the stored files. What I’m wondering about is how DMCA takedowns will be handled (if Mega will be honoring them going forward). Will takedowns be done centrally through MEGA or will they be passed on to the node volunteer? And if they are passed on, what is the node volunteers liability for failure to act?

G Thompson (profile) says:

Re: Re: Nodes?

Firstly the DMCA is only a quasi-legal notice that absolves providers of liability if and only if they are taken to court by the content holders. If a provider fails to act then there is no liability other than they do not get to affirmatively have a defence under 230. Though this doesn’t mean they cannot bring it up in court after the fact.

As for mega, no idea if they will honour DMCA requests… there is no legal reason why they should and based on previous action against them there is really no ethical reason why they should either.

The node volunteers liability is up in the air, though firstly Mega needs to state whom the node is (if it can be discovered) and they would require a court order in the jurisdiction thy are within (Mega’s jurisdiction not the nodes) and then the Node, again if it’s possible to even know the nodes identifiable information (they could just not have logs.. its not illegal to not keep them) has the ability to challenge any orders to find out a postal address and contact name (which is also required for a valid notice under the DMCA). See the problem?

Also the DMCA is ONLY valid really if the node is within the USA or its territories anywhere else the DMCA is basically toilet paper and personally I suggest it should be used as such (though the ink might stain)

This could become a more thorny issue and major nail in the coffin then what Bittorrent was. In fact I’m reminded of Napster in that the content owners took Napster to court, destroyed Napster and annoyed millions of people worldwide. Therefore new protocol and services were designed and implemented that did exactly the same as what Napster did but in a decentralised way.

Sometimes when you try to destroy something, what takes it place is worse or better than what you destroyed… It is all dependent on your viewpoint.

Franklin G Ryzzo (profile) says:

Re: Re: Re: Nodes?

I completely agree that innovation always outpaces legislation. The internet community truly is a hydra.

I also agree that it would really surprise me if Mega honors the DMCA anymore after what the DOJ has done to them.

I suppose we’ll have to wait and see how it’s all setup, but I’ll be really interested to see how the node volunteer program works. My guess is that there will be many Americans that may want to support Mega, and I would have to assume that the DOJ/MAFIAA will be be attempting to take action against them no matter what laws they have to stretch or skirt around after the total failure their case against Dotcom has become.

I’d assume that if nothing is ever passed on to the node volunteers directly (by this I mean notification of infringement) then the encryption gives them complete deniability of any knowledge of infringement. You also raise an interesting point about the potential, or lack there of, for obtaining records on node volunteers. I’d also be interested to see if the program works anonymously or through a VPN service… I guess we’ll find out soon enough.

That Anonymous Coward (profile) says:

Re: Re: Re: Nodes?

Mega used to honor DMCA takedowns.
Mega gave the cartels extra super duper access beyond legal requirements.
Mega still got screwed.

I would suspect that the DMCA response’s from Mega will be offshored to TPB. I mean those guys need to earn some money to pay of the insane demands… and the extra smiles all around.

Anonymous Coward says:

There was some past notes in the news put out, that the copyright holders could access files to remove those deemed infringing but they would be required to sign a statement before getting access about holding Mega blameless for what might be on their servers. This was in particularly aimed at the way the takedown was done with DOJ/ICE previously.

About the only way that copyright holders will be able to identify files is to be on those file sharing sites to obtain the description, the link, and the encryption key for verification. This is going to mean a lot more eyes and butts occupying computer seats to check. None of the copyright holders are going to wanna do this as it’s an increase in people/hours to do so. They are looking at ways to get someone else to pay for removing infringing files.

FreeCultureForFreePeople says:


A German court recently held a Retroshare user responsible of passing on an encrypted file. Retroshare is an invites-based filesharing network and using its own client software. His computer was only a pass-through between sender and receiver and the encryption made it impossible for him to know the contents of that file. Didn’t impress the court, though, and I wonder – could the same twisted ‘logic’ be applied to Kim’s new service, too? I hope not…

Mr. Applegate says:

Re: Re:

I wonder – could the same twisted ‘logic’ be applied to Kim’s new service, too?

Certainly, if your encrypting data (or passing it) then you obviously have something to hide. We will even let you choose your fate, you can be prosecuted as a terrorist or a be prosecuted as a pirate, either way your going to prison for a very long time.

G Thompson (profile) says:

Re: Re:

This amuses me especially if you know anything about the transmission of ANY sort of data into packets or even to go fro Digital to Analogue (or vise versa) then you would understand that that too is a form of encryption and decryption.

Unless you actually place a sniffing program in place to analyse the packets being sent by a network then you have no freakin idea what is being sent around the world via the routers the government or other ISP’s in Germany own either. In fact this just proves that the German govt (if they own any form of telecommunication device be it copper cables, satellites, etc etc) should also be charged under this courts fallacious and lets put it bluntly STUPID logic. They haven’t just created a sort of legal fiction they have fed it LSD and sent it into orbit.

Anonymous Coward says:

At the end of the day, if it becomes popular it might indeed lead to “encryption for the masses” as they say, because I’ve been wanting for a while for Google and others to offer encryption in the browser for their services.

If you want to “share” with the masses, then yes it won’t make you safe. But if you keep it between a few friends, then at least you cut out the middlemen like Google or Microsoft from knowing what you have in there.

I’d say that would be a pretty significant progress for cloud services, if Mega managed to popularize this.

Niceguy says:

New mega site

Providing encryption to users is just another way this CRIMINAL KROUT (Kim Dotcom) can continue his dishonest file sharing behaviour.

Shame on Prime Minister John Key & Councillor John Banks for allowing this known convicted criminal to be fast tracked for NZ citizenship. Money sure does talk? I hope that kiwis remember this when it comes to the next general election.

However, they could redeem themselves by revoking his citizenship and handing him over to the FBI? A holiday in gitmo for him and his cronies would be justification indeed.

art guerrilla (profile) says:

yeah, i'm done with Empire, i'm rooting for the 'bad guys', now...

go kim go ! ! !

stick your pudgy fingers in the eye of sauron, just look out when the nazgul take flight…

i don’t know that i even have any use for this service, but i’m going to look into it JUST TO FUCK WITH THE MAN…

screw Empire, i’m done being associated with a monstrous system built to enrich the powerful…

Empire must fall, BY ANY MEANS NECESSARY…

art guerrilla
aka ann archy

art guerrilla (profile) says:

Re: yeah, i'm done with Empire, i'm rooting for the 'bad guys', now...

(talking to myself and feeling fine…)

had to try about 4-5 times over 16-18 hours to finally log on and set up an account…
did so…

one small ‘fuck you’ from me, one giant FOAD for the MAFIAA!

oh, everybody, here is my password: **********
have at it !

art guerrilla
aka ann archy

Anonymous Coward says:

Article correction: The key probably cannot be recovered from the logs

From the screenshot in the Gizmodo article, the request is passing the key as a hashtag reference (in-page link). This does not get transported in the HTTP requests, but is accessible to Javascript on the client side.

Assuming the Javascript they serve up to clients isn’t actively backdoored to push the key back to the server through a separate request, they don’t get the key from the download requests. The key in the screenshot is a bit short, though – it’s 8 characters of upper+lower case, which is less than 46 bits of data. A real URL from a screen capture at YouTube looks like it has a more realistic length, though: http://youtu.be/-jOHfnNclF0?t=1m6s

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...