by Mike Masnick
Fri, Aug 26th 2016 10:49am
by Mike Masnick
Fri, Aug 12th 2016 10:46am
from the this-is-pretty-fucked-up dept
Just the whole process of civil asset forfeiture is troublesome enough. As we've detailed over and over again, it's basically a system whereby law enforcement gets to steal money and other stuff (cars are popular) from people, simply by claiming that they were used in a criminal endeavor. Since the lawsuit is against the stuff, if people want it back, they have to go and make a claim on it, and it's a fairly convoluted process. In this case, things were even more ridiculous, because the government argued that because Dotcom was resisting extradition from New Zealand, he could be declared "a fugitive" and the judge overseeing the case (the same one overseeing his criminal case, Judge Liam O'Grady) agreed. That effectively meant that Dotcom had no legal right to protest the government simply taking and keeping all of his assets -- and they moved forward and did exactly that.
It is difficult to see how this can be legitimately described as anything but theft by the US government. It got someone locked up in New Zealand, based on questionable legal theories, and while he was (quite reasonably) fighting extradition to the US (a place he's never visited and where he has no business ties), it initiated a separate legal process to keep all his money, no matter what happens in his extradition fight and criminal trial. On top of that, it effectively barred him from making an official claim on that money by having him declared a fugitive for exercising his legal due process rights to fight extradition. So while he exercises his legal due process rights in New Zealand, he's blocked from doing so in the US. And all of his money goes to the US government.
As we said after O'Grady's ruling came out, even if you think that Dotcom is guilty of a criminal copyright conspiracy, and even if you think he should be extradited, tried and locked up this should concern you. Let him go through the full legal process, with all that due process entails, and then determine what should happen to his assets. To take them before that's happened, through this questionable side process is immensely problematic.
And that's why Dotcom appealed, and many others -- including a bunch of criminal defense lawyers -- stepped in to argue this was crazy. Unfortunately, earlier today, the 4th Circuit Appeals Court upheld O'Grady's ruling and rubber stamped the DOJ's legalized theft of Dotcom's assets. You should read the 61 page opinion (which was a 2 to 1 decision, with an interesting dissent), but we'll hit on some of the low points here.
There were a number of different arguments raised -- with a big one not just being the basic due process question, but a jurisdiction question. Dotcom's assets are not in the US. His work was not in the US. So why does the US get to seize the money. The majority opinion basically says "because that's what Congress wanted -- it created this law to let the US government seize overseas assets." The opinion admits that there's a bit of a circuit split on this, but goes for it anyway.
When the amendments were introduced in the Money Laundering Improvements Act, Senator D’Amato included an explanatory statement indicating that subsection (b) was intended to provide the federal district courts with jurisdiction over foreign property:This is the point that the dissent disagrees on, and argues that the forfeiture should be blocked on jurisdictional questions alone. The key, according to Judge Henry Floyd, is that court decisions must be binding on parties, and not advisory. But that doesn't work when you're talking about an opinion concerning assets overseas, which will still then depend on the local government where those assets live to abide by the ruling.Subsection (b)(2) addresses a problem that arises whenever property subject to forfeiture under the laws of the United States is located in a foreign country. As mentioned, under current law, it is probably no longer necessary to base in rem jurisdiction on the location of the property if there have been sufficient contacts with the district in which the suit is filed. See United States v. $10,000 in U.S. Currency[, 860 F.2d 1511 (9th Cir. 1988)]. No statute, however, says this, and the issue has to be repeatedly litigated whenever a foreign government is willing to give effect to a forfeiture order issued by a United States court and turn over seized property to the United States if only the United States is able to obtain such an order.
Subsection (b)(2) resolves this problem by providing for jurisdiction over such property in the United States District Court for the District of Columbia, in the district court for the district in which any of the acts giving rise to the forfeiture occurred, or in any other district where venue would be appropriate under a venue-for-forfeiture statute.
The majority side-steps this concern by cabining it to the separation of powers context. One of the basic tenets of what constitutes a “case or controversy” cannot be elided so. The defendant in this action--the res--is outside of the United States and beyond the control of the district court. Absent control, no order of the district court can be binding on the res because the fate of the res is ultimately not in the hands of the district court. Instead, the res in this case is subject to the control of the courts of New Zealand and Hong Kong. The district court’s forfeiture order therefore merely advises the courts of a foreign sovereign that (in the district court’s view under the laws of the United States) the United States should have title to the res. Those courts, of course, with control of the res and with the authority vested in them by their own sovereigns, remain free to revise, overturn, or refuse recognition to the judgment of the district court.As Judge Floyd notes, this makes the opinion nothing more than an advisory opinion, which is prohibited by Article III of the Constitution (concerning the powers of the judiciary).
Back to the majority opinion, the court rejects the argument that this process to steal Dotcom's money without letting him defend himself violates the Due Process Clause of the Fifth Amendment. First, the court says that because some of Megaupload's servers were based in Virginia, the jurisdiction is fine. Then, the court accepts the lower court's decision that Dotcom can be called a "fugitive" even as he's both in contact with the court and going through a perfectly legal process around extradition in New Zealand. Somewhat incredibly, the court decides that because he's resisting extradition, that's the same thing as being a fugitive hiding out. That... should be troubling for a whole variety of reasons. Basically, the court says that due process means that Dotcom has the right to be heard protesting the forfeiture, but that the only way to do that is to stop fighting extradition. It gets down in the weeds parsing the law in determining what the right standard is for determining if fighting extradition counts as being a fugitive, and decides that this was Congress' intent with the law -- that so long as the person is avoiding court, even if for reasons relating to the legality of extradition, they can still be declared a fugitive.
The claimants’ argument that they have legitimate reasons to remain where they are, such as jobs, businesses, and families does not disprove that avoiding prosecution is the reason they refuse to come to the United States.I imagine that Dotcom's lawyers will now try to fight this as well -- seeking either an en banc rehearing or petition the Supreme Court to hear the case. Both are pretty risky, with a fairly high probability of being rejected. And, of course, as the dissent pointed out, there's still one other hurdle for the DOJ: the assets are held in Hong Kong and New Zealand, and they now need to convince authorities in those two places to hand over the money. And, as of right now, it's not clear if they'll actually let it happen.
Again, no matter what you think of Dotcom's actual criminal case, this result should be concerning to you. The use and abuse of civil asset forfeiture is the real issue here -- not the copyright questions. The ability of the US government to simply take millions of dollars based on accusations and without a guilty verdict in a trial should be tremendously worrying. If a full trial happened and he was found guilty, then there's a reasonable argument that, as a result of that, the money can be forfeited. But it's extremely problematic that the money can be forfeited in these circumstances, before the rest of the legal process has occurred. Under this ruling, even if Dotcom came to the US and was found not guilty, the US government would still keep all his stuff. Can anyone explain how that would be a fair and just result?
by Mike Masnick
Wed, Dec 23rd 2015 7:39pm
from the this-is-disappointing dept
It would take too long to go point by point through the whole thing, but I did want to highlight a few points that I found concerning. The key issue in the extradition fight is whether or not copyright infringement is an extraditable offense. Under the treaty between the US and New Zealand, it is not considered an extraditable offense, which is why a variety of other "conspiracy" charges are piled on in the complaint against Dotcom. Yet, Judge Dawson basically tosses much of that out, arguing that "conspiracy to defraud" is an extraditable offense, and copyright infringement can be a conspiracy to defraud. As Dotcom's lawyers noted yesterday, this would basically write out the fact that copyright is not an extraditable offense.
However, almost all of this "conspiracy to defraud," as well as the other issues that the court finds extraditable (such as "money laundering") are all based on the claims of the DOJ, many of which were presented ridiculously out of context by the DOJ in the original indictment, but which Judge Dawson takes as perfectly accurate, without considering alternative explanations. For example, there's the question of whether or not Megaupload had its own search engine. As we noted in the original indictment, this is particularly ridiculous. A key reason why the original Napster got shut down was because it had a search engine, which the court used to argue that it was more involved in the infringement. Thus, there's a strong argument for why a site should not have a search engine, in order to make it harder to find infringing materials. Yet, the DOJ argued that this was part of the "conspiracy" and that it showed that Megaupload was trying to hide the infringing activities from law enforcement. Damned if you do, damned if you don't. But Judge Dawson flat out accepted the DOJ's argument. Judge Dawson quotes a Skype discussion between two of Dotcom's colleagues, Mathias Ortmann and Bram Van Der Kolk, in which Ortmann notes that "searchability is dangerous and will kill us." And the judge concludes:
There was so much infringing content on the sites that its presence had to be disguised and made non-searchable. Traffic flowed to this content through third party sites.That's one interpretation. A more plausible explanation could be that these guys didn't want to make their site easy to use for infringement and thus didn't make the material searchable. Instead, that's used against them.
Elsewhere, the judge uses a discussion between Kim Dotcom and Ortmann about how to make sure the service is "invulnerable" to legal challenges as proof that they "appreciated that Mega operated unlawfully and was at risk of being shut down by a court." Of course, a perfectly reasonable alternative explanation is that their discussion was on how to make sure they were not unlawful and not at risk of being shut down by a court. There are plenty of business discussions that tons of businesses could have like this that, devoid of context, could be presented in this misleading way. Any time any two executives from a business were to discuss specifics of making sure their business is legal could then be misrepresented as evidence that they "knew it operated unlawfully and was at risk of being shut down by a court."
There are lots of other examples of this, including conversations between basically all of the defendants discussing (and sometimes joking about) the possibility of lawsuits (most of which they assume would be civil lawsuits). But just because you think you might get sued is hardly evidence of a conspiracy or belief that what you're doing is illegal. I've had many discussions with our lawyers about doing things to protect ourselves from getting sued. That doesn't mean I believe I'm operating illegally. It means I understand the legal environment we operate in, where lawsuits happen frequently, and I'd like to minimize the risk. But in this case, every hint of Megaupload doing the same is treated as an admission of knowingly breaking the law. It's true that there are some conversations that do seem to go beyond this point, such as when Ortmann and Van Der Kolk complain that the business can't be sold because it's not "legit" -- so it's reasonable to argue that those are enough. But, so many of the conversations seem to be spun so far beyond reality that it makes the evidence appear a lot stronger than it really is.
Some of the evidence is just outright ridiculous. At one point, Ortmann sends Dotcom a link to an agenda for an "IP Crime Conference" that was hosted in the same building that was officially Megaupload's headquarters (a Hong Kong hotel) with the tagline "in the lion's den." The judge concludes that from this you can infer "Mega's business was copyright piracy." Huh? How is that a reasonable inference?
Now, I know that some folks are already banging angrily below in the comments about this, pointing out that of course Megaupload was used for infringement, and all of this is just hand-waving to ignore that fact. But that's not what I'm doing here at all. Yes, it's quite clear that Megaupload was widely used for infringement. But that alone is not a criminal offense. When the VCR was first introduced, it was widely used for infringement. When the mp3 player was first introduced, it was widely used for infringement. When the DVR was first introduced. Tape players. Photocopiers. Radio. But that alone does not constitute a criminal offense. Yet, here the judge seems to think that any weak inference that the execs at Megaupload knew that their service was used for infringement implicates them in a criminal conspiracy.
That seems incredibly problematic.
Similarly, as the DOJ did in its indictment, the Judge focuses a lot on the "incentive" program that Megaupload put in place, whereby users who post files that get a lot of downloads could profit from those downloads. The claim by the DOJ, and totally accepted by Judge Dawson, is that this is proof that they were encouraging infringement. But, again, such a program could just as easily be useful for non-infringing purposes as well. If you were a singer and wanted to give away your music for free, but still profit from it, you could see how this could be a compelling business model. In fact, some major recording artists, such as Busta Rhymes, were excited about using Megaupload in just this manner. Yes, obviously some would use this to post infringing files, but again the fact that some users could misuse the service does not mean the company's execs are criminals.
For example, the court uses the fact that Ortmann and Van Der Kolk messaged each other about how uploaded files in the program are "not yet" being "audited for copyright violation" as evidence that the program was designed to drive infringement. But there is no requirement under the law to proactively monitor the content for infringement. Later the judge uses the fact that the incentive program was purposely designed to "attract new users" and to reward "huge uploaders" as evidence that "this was not cyberlocker activity but mass distribution of illicit content." Again, this presumes that the only possible use for a cyberlocker is to store personal data, and not to use it to distribute and share files (many of which may be perfectly legitimate).
Again, some of the other statements may cross the line -- including discussions about specific users where the defendants appear to recognize that certain files are infringing. There are also discussions about whether to cut off incentive payments in cases where they know a user is uploading infringing material (where they don't cut off those payments). Those may be the most damning. But, again, straight up copyright infringement isn't supposed to be an indictable offense. And it's all this other stuff that the judge uses to argue some wider "conspiracy to defraud."
Also, as has been pointed out time and time again, there is no such thing as "secondary" criminal copyright infringement. That is, it's not a criminal offense if your tool is used by someone else to infringe. But all that basically gets ignored.
There's a lot more in there, and it's worth reading through and looking at all of the arguments and evidence. I can see why the judge ruled the way he did. And much of it is similar to the arguments in the original indictment. And, again, there may actually be enough in there for the extradition to go forward, but so much of it seems bound up in taking statements out of context that it seems pretty sketchy. If those kinds of arguments were dropped, and the ruling focused just on the clear evidence of some sort of plan to "defraud" it would seem like a much stronger argument. The fact that piece of evidence after piece of evidence just seems so... weak, raises serious questions about the whole decision.
by Mike Masnick
Tue, Dec 22nd 2015 6:00pm
from the and-on-it-goes dept
by Mike Masnick
Wed, Sep 16th 2015 11:00am
from the taking-it-up-a-notch dept
It is my opinion that the Superseding Indictment and Record of the Case filed by the DOJ do not meet the requirements necessary to support a prima facie case that would be recognized by United States federal law and subject to the US-NZ Extradition Treaty. An attempt has been made to extract facts from multiple sources and over a wide span of time, to organize a large number of otherwise disconnected facts by using systematic phraseology and to juxtapose phrases in order to create an impression of coherence and substance. However, the attempt fails to reach its goals and any impression of coherence or substance dissolves under examination. Insofar as they are alleged in the Superceding Indictment and the ROC, respondents’ actions were not prohibited by criminal statutes of the United States. Filings of the DOJ attempt to create a false impression of criminal guilt and are not reliable.Lessig's detailed analysis covers many of the same issues I raised just days after the raid on Dotcom's mansion and his arrest. Basically, it appears that the DOJ is trying to make up a form of criminal copyright infringement that is based on "well, Hollywood really dislikes him." A key issue, as we've discussed in the past, is that there is no such thing as secondary criminal copyright infringement. The Supreme Court, in the Grokster case, created a concept known as inducement for civil copyright infringement, but criminal copyright infringement cannot be expanded by the courts -- only by congress. Yet, the DOJ is trying to pretend that there is such a thing as secondary criminal infringement, despite it not being in the law.
... criminal copyright liability cannot be broadened by invoking civil concepts of secondary copyright infringement directly or under the guise of the general aiding and abetting statute, 18 U.S.C. § 2. See Sup. Ind. Counts Four, Five, Six, Seven, and Eight. The United States legislature previously removed “aiding and abetting” from the copyright act, evincing an intent to eliminate that form of liabilityHe further notes that the indictment and DOJ arguments repeatedly refer to the DMCA, but the DMCA is only for civil copyright infringement, not for criminal:
The DMCA is only a defense in the civil context because only civil indirect or secondary liability is possible under the common law. Common law liability principles cannot be extended to criminal liability, which must be specifically proscribed by statute. See Dowling v. United States, 473 U.S. 207, 213-214 (1985). Because there cannot be common law crimes under United States law, the DMCA further emphasizes that criminal indirect liability for copyright infringement does not exist by statute.And thus, Megaupload's "failures" to follow the DMCA cannot be the basis of criminal charges:
... allegations of defendant’s failure to maintain a DMCA policy or defects in a defendant’s DMCA procedures cannot be the basis of criminal copyright charges....And, of course, he points out that under the Sony Betamax case that confirmed VCRs were legal in the US, the standard the Supreme Court set up was if a technology had "substantial non-infringing uses," which Megaupload clearly had.
Lessig also points out something that should be pretty obvious, but is often forgotten: the US Copyright Act does not apply outside the US.
An important limitation on enforcement powers of the DOJ is the principle that the United State Copyright Act has no application outside of the territorial bounds of the US, and therefore there is neither civil nor criminal liability under United States law for acts of infringement taking place outside of US borders.And, yes, the DOJ points out that Megaupload had servers in the US, but as Lessig points out that's not enough under US law:
The Superseding Indictment does discuss the existence of Megaupload servers in the United States.... But the mere presence of data servers in Virginia does not establish that direct infringement took place there. See, e.g., CoStar Group, Inc. v. LoopNet, Inc., 373 F.3d 544, 549-50 (4th Cir. 2004) (holding that direct infringement under the civil standard requires more than “mere ownership of a machine used by others to make illegal copies” and that there “must be actual infringing conduct[.]”); Cartoon Network LP, LLLP v. CSC Holdings, Inc., 536 F.3d 121, 131-32 (2d Cir. 2008) (direct civil infringement requires “volitional conduct,” not mere ownership of device used by others to infringe).That seems like a pretty big flaw in the DOJ's case.
The Superseding Indictment never states that any specific user, much less any of the criminal defendants, chose to upload or download any specific infringing work from within the United States.
Perhaps an even bigger flaw? The lack of any showing that any of the defendants engaged in all of the required elements for criminal copyright infringement:
the DOJ fails to show direct criminal copyright infringement on the part of Megaupload personnel or on the part of Megaupload cloud storage users. The allegations in the Superseding Indictment and the Record of the Case do not match up to all of the elements of offenses. Importantly, there is no showing that any specific Megaupload representative or third-party user had the requisite mens rea to willfully violate copyright law. There is an even more fatal failure to show that Megaupload personnel agreed with a third party user to commit such violations. An agreement requires communications between defendants and the user, not just discussions among Megaupload personnel and a general “environment of infringement.” Attempts to juxtapose pieces of allegations do not succeed in making even a single whole, unified criminal charge.As Lessig details, criminal copyright infringement requires willful infringement for the purpose of commercial advantage or private financial gain. The complaint does not do a very good job of showing the "willful" part. Just showing that the company was slow to take down content is not enough. In fact, Lessig points out, charges of criminal copyright infringement need to list out the actual works infringed and then show all the other necessary elements:
proof of charges of both Criminal Copyright Infringement and also Conspiracy to commit such crimes must identify specific copyrighted works on a work by work, link by link basis, and describe the who, what, when, where, why, and how to meet all the elements for each such instance and to examine fair use, amongst other things. The “willfulness” requirement means that a person must have had the specific intent to commit copyright infringement as to each individual work.And yet, the Dotcom indictment fails to do basically all of that.
As for the attempt to get around the fact that there is no secondary infringement in criminal law by saying, "oh, well, it's just aiding and abetting," that doesn't fly either. Yes, users may have willfully infringed, but the evidence is lacking that the Megaupload team did the same, and just "aiding and abetting" doesn't work:
Aiding and abetting requires a showing of “double wilfulness,” which is lacking in the Superceding Indictment and ROC. A vague charge of “making available” a copyrighted work under a theory of “Aiding and Abetting Criminal Copyright Infringement,” is insufficient. In my opinion the government has failed to allege sufficient facts that the Megaupload defendants shared in any alleged infringer’s criminal willful intent. Gestalt allegations that the Megaupload cloud storage system brought about the arrangment that made the vague criminal acts of the alleged infringers possible is insufficient “willfulness” as a matter of law. As discussed above, Megaupload did not exercise volitional control over user uploads, link sharing, and downloads.Basically, he's calling out the fact that the DOJ is picking and choosing different actions by completely different actors and trying to tie them all together to create all the elements for criminal copyright infringement. But you can't do that.
The Supreme Court of the United States has stated that the aiding and abetting statute converts an accomplice into a principal, but that aiding and abetting is neither a separate crime nor is it relevant to the distinct crime of conspiracy. See Pereira v. United States, 347 U.S. 1, 11 (1954) (“Aiding, abetting, and counseling are not terms which presuppose the existence of an agreement. Those terms . . . mak[e] the defendant a principal when he consciously shares in a criminal act, regardless of the existence of a conspiracy.”) (emphasis added). Therefore, allegations that defendants aided or abetted a crime of copyright infringement do not amount to an extraditable offense. The crime, if it exists, must be specifically shown.A similar argument dooms all the "conspiracy" charges. End users may have willfully infringed, but that doesn't create a "conspiracy" between them and the Megaupload team.
United States v. Hickman, 626 F.3d 756 (4th Cir. 2010), a decision by the Fourth Circuit Court of Appeals is particularly instructive. In that case, the court was asked to decide if a store that sold thousands of glass vials was engaged in a conspiracy to distribute heroin, since it was well known that such glass vials were used primarily to package heroin for sale. Id. at 767-73. The Fourth Circuit explained that merely selling the vials was not sufficient to demonstrate the crime of conspiracy without something more. Id. The court would have required that the defendant possess explicit knowledge of specific plans to distribute heroin in order to be convicted of conspiracy. Id. This is consistent with other Fourth Circuit decisions which generally require a "showing that the defendant knew the conspiracy's purpose and took some action indicating his participation." Chorman, 910 F.2d at 109.Lessig notes that while the record in the case shows lots of communication between Megaupload staff, it shows none between the staff and the users of the site who are actually doing the infringing. That's a pretty weak conspiracy.
As mentioned above, a member of the conspiracy must undertake some "overt act" which furthers the underlying offense of the conspiracy. Chorman, 910 F.2d at 109. Thus, in order to properly state a claim for conspiracy to commit felony copyright infringement, there must be an agreement between two individuals to commit that crime, and then one of the individuals, who is a party to the agreement, must commit an act in furtherance of that crime.
As discussed above, infringing acts are alleged to have been committed by unnamed Megaupload users. A crime of conspiracy requires an agreement with criminal infringers. No such agreement is shown.
there is no allegation of direct communication with the user, and no reason to believe that the Megaupload employees entered into a relationship with the user beyond a series of retail transactions regarding cloud storage space on the Megaupload leased servers.Lessig also rips apart the arguments for wire fraud, noting that they all seem to be based on the idea that Megaupload didn't abide by the DMCA (again a US law).
Alleged frauds revolve around Megaupload’s practices under the DMCA and around an “Abuse Tool” Megaupload provided to copyright owners or agents who wanted to deliver to Megaupload DMCA notices of infringing materials on the Megaupload site and automatically disable access to such materials. It is alleged that Megaupload made misrepresentations in connection with the Abuse Tool, promising to delete access to referenced materials while only deleting the referenced URLs and without deleting all other URLs in the database that pointed to such materials. It is further alleged that the Abuse Tool did not operate as represented, that deletions were delayed and that the site promised to terminate repeat infringers but failed to do so....Furthermore, Lessig notes that for there to be wire fraud, US law requires a scheme to defraud users and then the use of mail or wire in furtherance of that scheme. Yet the indictment is lacking in defrauded parties.
As mentioned above, the DMCA serves to explicitly limit the copyright liability of Internet service providers and to provide a “safe harbor” from copyright claims.... If an online service provider like Megaupload is noncompliant the result is loss of the civil safe harbor defense not a criminal fraud.
It is alleged that Megaupload received “advertising revenue as a result of the continued availability of files,” while never stating that the copyright holders themselves made any pay outs.... Thus, there is no allegation that the advertisers were ever lied to, deceived or misled; in other words, the party deceived and the party that lost property were two completely different individuals.And all of that dooms the wire fraud claims:
It is also alleged that Megaupload received money from users who purchased premium subscriptions.... However, as with the advertisers, there is no indication that the users were deceived or misled in any way.
Moreover, the DOJ must look at the monies actually received when charging the crime of wire fraud, and cannot look to any “intangible right” that may belong to the copyright holder. United States courts have explained that intangible rights cannot form the basis of a wire fraud charge. See United States v. Hilling, 891 F.2d 205, 208 (9th Cir. 1988) (reversing a mail fraud conviction based on intangible rights). Nor is a “license” a recognized property right. See United States v. Schwartz, 924 F.2d 410, 418 (2d Cir. 1991) (overturning wire fraud conviction because “[t]he  licenses given appellants were merely the expression of its regulatory imprimatur, and they had no other effect as ‘property’”).
In sum, the DOJ only alleges that one party was deceived: the copyright holders.... However, that party cannot lay a claim to a recognized property right that Megaupload is alleged to have taken; at best the rights claimed would be the right to license their works, or similar intangible rights which cannot form the basis of a wire fraud conviction.Lessig also attacks the idea that Megaupload even violated the DMCA in the first place. As he notes, the law says a service provider needs to "reasonably implement" a DMCA policy, but leaves the interpretation of "reasonably implements" up to the courts. And the standard interpretation, from the Perfect 10 v. ccBill case is that it's reasonably implemented "if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications." And Megaupload had all of that.
Another defect in the DOJ approach is that it is contrary to the DMCA. The Fourth Circuit has repeatedly upheld the principal of statutory interpretation which holds that courts “must give effect to every provision and word in a statute and avoid any interpretation that may render statutory terms meaningless[.]” Scott v. United States, 328 F.3d 132, 139 (4th Cir. 2003). Here, in order to give proper effect to the DMCA, the wire fraud statute cannot be interpreted to criminalize Megaupload’s conduct.
The DOJ, instead, is rather incredibly arguing that because Megaupload did not immediately delete 100% of infringing files, it violated the DMCA and thus is guilty of criminal copyright infringement. That's stretching the laws way past breaking points in multiple directions.
The DOJ does not allege that Megaupload had no policy at all, nor does the DOJ allege that Megaupload “actively prevent[ed] copyright owners from collecting information[.]” Instead, the DOJ charges a much lower standard: that Megaupload failed to terminate 100% of all repeat infringers, ... and moreover, that this failure, in the face of Megaupload’s stated policy, was a misrepresentation sufficient to sustain a charge of wire fraud....Lessig also points out that the DOJ is just wrong on its argument that after receiving a notice on a file, Megaupload must delete all versions of that file. That's not what the law says at all.
The purpose of the DMCA is to prevent liability where a defendant has stated a policy and reasonably implemented it—not where a defendant has failed to terminate each and every repeat infringer. Indeed, the statute recognizes that service providers are not required to terminate all repeat infringers in order to comply with the DMCA (17 U.S.C. § 512(I)(1)(A)) or to remove their posted content. See e.g. Perfect 10, Inc. v. Giganews, Inc., 2014 WL 8628034, at *9 (C.D. Cal. Nov. 14, 2014) (“Giganews had no obligation to indiscriminately remove every post a repeat infringer ever posted and Perfect 10 may not shift its burden of policing copyright infringement to Giganews in the guise of a claim for direct infringement.”).
Were the DOJ able to simply charge defendants with a separate crime (in this case wire fraud) then the liability safe harbor becomes meaningless, and Scott v. United States is thus violated. As a result, it is improper to interpret the wire fraud statute as criminalizing Megaupload’s actions, and the proper interpretation is to give effect to the DMCA’s stated safe harbor provisions.
The DOJ appears to be asserting that an online operator who receives copyright take down notices identifying one URL must search for and delete all duplicate files in the system or be subject to a copyright or fraud claim. In my opinion the DOJ’s theory of copyright or fraud liability is erroneous.As he notes, the US courts -- particularly in the Lenz case -- have said that takedowns require looking at fair use. And if the DOJ's theory was accurate, that would be wiped out, because notices would be sent for files without any idea if they were fair use or not.
Megaupload reduced operating loads by “deduplication,” namely maintaining only a single copy of a file in its database and generating multiple pointers to such file. Each pointer identified an uploader of the common file. It is possible for one uploader to have a right to fair use of a copy of a file, e.g., a purchaser uploading a backup or an educational organization offering critical commentary, while other uploaders might have no such fair use right. It is contrary to the purpose of the DMCA that a fair use right would be violated though a take-down notice directed at another person’s wrongful use. If such a violation were to occur, the provider of the take-notice would be subject to liability under the DMCA (17 U.S.C. § 512(f)).
Such an approach can lead to mass DMCA 512(f) misrepresentation claims against the DMCA noticing parties.
There's a lot more in the document, but it basically picks apart the entire DOJ indictment, and points out that they're making up new criminal theories that they're not allowed to, and misrepresenting other claims at the same time. Thus, not only is it not clear that Dotcom did anything deserving of extradition, it's not even clear that he broke any laws at all.
Of course... whether or not the New Zealand court pays attention to any of this, remains to be seen -- but it is a strong argument from a well respected and knowledgeable source.
by Mike Masnick
Fri, Mar 27th 2015 10:36am
from the the-fun-of-asset-forfeiture dept
As we discussed last time, the story of the raid on Kim Dotcom's rented home in New Zealand, the seizure of all of his cars, money, bank accounts, computers, servers, etc. is well known. That was part of a case for which Kim Dotcom was indicted (under what appears to be questionable legal reasoning -- but that's a separate issue). As has been widely reported, that case is still on hold while Dotcom fights extradition from New Zealand. The extradition fight will finally go to a New Zealand court later this summer. Once that's done, if Dotcom loses, he'll be sent to the US, where he'll face a criminal trial based on the indictment.
But this is actually separate from all of that. You see, when the US government grabbed or froze all of Dotcom's assets, they did so using an asset seizure procedure. Asset seizure is allowed in such cases, but the government then has to give that property back. What the government really wanted to do is keep all of Dotcom's tens of millions of dollars worth of assets -- and in order to do that it has to go through a separate process, known as civil asset forfeiture. It's technically a civil (not criminal) case, but (and here's the part that people find most confusing), it's not actually filed against Kim Dotcom at all, but rather against his stuff that the government already seized. Yes, it's technically an entirely separate lawsuit, that was only filed last summer (two and a half years after the government seized all of his stuff and shut down his company), entitled United States Of America v. All Assets Listed In Attachment A, And All Interest, Benefits, And Assets Traceable Thereto. And, as we noted last time, Attachment A is basically all of Kim Dotcom's stuff.
This whole process is known as an "in rem" proceeding -- meaning a lawsuit "against a thing" rather than against a person. And the "case" basically says all this stuff should be "forfeited" to the US government because it's the proceeds of some criminal activity. You would think that in order for such civil asset forfeiture to go forward, you'd then have to show something like a criminal conviction proving that the assets in question were, in fact, tied to criminal activity. You'd be wrong -- as is clear from what happened in this very case. Once the Justice Department effectively filed a lawsuit against "all of Kim Dotcom's money and stuff," Dotcom did what you're supposed to do in that situation and filed a challenge to such a ridiculous situation. And here the DOJ used the fact that Dotcom was fighting extradition to argue that he was a "fugitive." Judge O'Grady agreed with that last month, and that resulted in the decision earlier this week to then declare a "default judgment" in favor of the DOJ, and giving the US government all of Kim Dotcom's stuff.
A "default judgment?" As you know if you regularly read Techdirt, that's usually what happens when a defendant simply ignores a court case filed against him. As the court notes in this ruling, for that to happen in a civil asset forfeiture case, it means no one tried to block the claim:
Federal Rule of Civil Procedure 55 permits the court to grant a motion for default judgment when the well-pled allegations of the complaint establish plaintiff's entitlement to relief, and where a defendant has failed to plead or defend as provided by the rules.... In the civil forfeiture context, default judgment is permitted where no potential claimant has filed a response to the complaint...But, wait, you say: Kim Dotcom did file a complaint about the asset forfeiture, so how could a default judgment happen here? That's where the whole "fugitive" bit comes in. Because Dotcom won't come to the US, he's been deemed a fugitive, and thus the Judge simply hands over all of his stuff to the US government. And thus, without any sort of criminal conviction at all, the US gets to steal millions of dollars from Dotcom.
A defendant in default, and a claimant who fails to assert a claim in rem, is deemed to have admitted all of the plaintiff's well-pled allegations of fact, which then form the basis for the judgment in the plaintiff's favor.
If that sounds insane, you're absolutely right. And, again, it is entirely possible that when all of this is over, Kim Dotcom will be found guilty of "criminal conspiracy." If that's the case, then at that point it's reasonable to discuss whether the government should get to keep all of his stuff. But it seems an absolute travesty of concepts like due process for the government to be able to take all of his money and stuff based on purely procedural reasons having to do with a separate criminal case that hasn't even been tried yet.
The process isn't over yet. Dotcom can still appeal this ruling, though the real problem is with the civil asset forfeiture process, rather than how it was applied in this particular case. Dotcom also has other options for the assets that are in New Zealand and Hong Kong, in using the local courts in those places to try to block the transfer of those assets to the US government. Not knowing enough about the law in either place, it's difficult to say what the chances of success of such a strategy would be. Either way, this seems like a classic case demonstrating how the civil asset forfeiture process appears to be little more than legalized theft by the US government.
by Mike Masnick
Fri, Feb 27th 2015 7:39pm
from the um. dept
Back in November, the DOJ argued that it should get to keep all of Kim Dotcom's money and stuff because he's a "fugitive", which is a bizarre and ridiculous way to portray Kim Dotcom, who has been going through a long and protracted legal process over his potential extradition from New Zealand (though he's offered to come to the US willingly if the government lets him mount a real defense by releasing his money). Dotcom's lawyers told the court that it's ridiculous to call him a fugitive, but it appears that Judge Liam O'Grady didn't buy it.
In a ruling [pdf] that was just posted a little while ago, O'Grady sided with the government, and gave the DOJ all of Dotcom's things. You can read the full reasoning here and it seems to take on some troubling logic. Dotcom's lawyers pointed out, as many of us have, that there is no secondary copyright infringement under criminal law, but the judge insists that there's enough to show "conspiracy to commit copyright infringement." But the reasoning here is bizarre. Part of it is the fact that Megaupload did remove links to infringing content from its top 100 downloads list. To me, that seems like evidence of the company being a good actor in the space, and not trying to serve up more infringing downloads. To Judge O'Grady and the DOJ, it's somehow evidence of a conspiracy. No joke.
The government has alleged that the conspirators knew that these files were infringing copyrights, as evidenced by their exclusion of infringing files from the "Top 100" list. The "Top 100" list purported to list the most frequently downloaded files on Megaupload.... According to the government, an accurate list would have consisted almost entirely of infringing content, so the claimants "carefully curated" the list to make the site look more legitimate.... Additionally, the claimants regularly told copyright holders, including many U.S.-based organizations, that they would remove infringing content, when in actuality they only removed particular links to the files.... The actual infringing files remained on the Mega-controlled servers and could be accessed from other links.As for that latter part, there are tons of perfectly legitimate reasons to only remove the links and not the underlying files. If Megaupload was doing deduping, then some version of the same file could be perfectly legitimate. Let's take an example: say that you and I have an MP3 of a Katy Perry song. I upload it to Megaupload to keep as a backup. You upload it to distribute to the world. Megaupload dedupes it, and just has the file stored one time. Your link could be potentially infringing if you distribute unauthorized copies, whereas my copy may be a legitimate personal backup. Given that, Megaupload should only delete the links that are called out as infringing, rather than the underlying files, which -- depending on their use -- may or may not be infringing. But the court just takes the DOJ's version and says "good enough for me."
The court also has no problem with the fact that most of the assets aren't in the US, noting that since some of the "conspiracy" took place in the US, that's good enough. It more or less brushes off the concerns raised by Dotcom and the other defendants that this appears to violate existing treaties between New Zealand and the US -- basically saying that because Dotcom refuses to come to the US, it's not "punitive." Huh? On top of that, the judge says that taking all of Dotcom's assets shouldn't interfere with the legal process in New Zealand, because the New Zealand courts could (yeah right) reject the DOJ's request after this ruling to hand over Dotcom's assets.
Then we get to the whole "fugitive" bit. Judge O'Grady notes that the statute does allow him to call anyone who "declines to enter" the United States a fugitive, and argues that Dotcom fits that description. Furthermore, he actually argues that Dotcom's offer to the DOJ to come willingly to the US if the money is freed for his defense actually works against Dotcom, and gives weight to the fugitive claim:
As demonstrated, Dotcom need not have previously visited the United States in order to meet the prerequisites of § 2466. The statute is satisfied where the government shows that the claimant is on notice of the criminal charges against him and refuses to "enter or reenter" the country with the intent to avoid criminal prosecution. Because the court assesses intent under the totality of the circumstances, it is certainly relevant that Dotcom has never been to the United States and that he has lived in New Zealand since 2011, where he resides with his family. This tends to show that he has other reasons for remaining in New Zealand besides avoiding criminal prosecution. However, the existence of other motivations does not preclude a finding that he also has a specific intent to avoid criminal prosecution. Dotcom's statements, made publicly and conveyed by his attorneys to the government, indicate that he is only willing to face prosecution in this country on his own terms. See Technodyne, 753 F.3d at 386 (2d Cir. 2014) ("The district court was easily entitled to view those [requests for bail], evincing the [claimants'] desire to face prosecution only on their own terms, as a hallmark indicator that at least one reason the [claimants] declined to return in the absence of an opportunity for bail was to avoid prosecution"). Dotcom has indicated through his statements that he wishes to defend against the government's criminal charges and litigate his rights in the forfeiture action. If it is truly his intent to do so, then he may submit to the jurisdiction of the United States.In short, damned if you do, damned if you don't. This is the justice system, ladies and gentlemen. The DOJ gets to seize and keep all your money, and merely asking for access to it to fight to show your innocence is used as a reason to allow the DOJ to keep it. So he comes to the US and has to fight criminal charges without his own money, or he stays in New Zealand and the government uses it as an excuse to keep all the money. How is any of this even remotely fair? Where is the "due process" in totally handicapping Dotcom from presenting a defense?
Again, it is entirely possible that Dotcom and the others broke the law -- though the case certainly does look pretty weak to me. But what's really astounding is how far the DOJ appears to want to go to make it absolutely impossible for Dotcom to present a full defense of his case.
by Mike Masnick
Fri, Feb 27th 2015 1:37pm
from the doesn't-paypal-like-encryption? dept
Visa and MasterCard then pressured PayPal to cease providing payment services to MEGA.That last line is particularly bizarre, given that if anyone recognizes the value of encryption it should be a freaking payments company. And, of course, Paypal can't know what's stored on any of those other platforms, so why is it being pressured to cut off Mega?
MEGA provided extensive statistics and other evidence showing that MEGA's business is legitimate and legally compliant. After discussions that appeared to satisfy PayPal’s queries, MEGA authorised PayPal to share that material with Visa and MasterCard. Eventually PayPal made a non-negotiable decision to immediately terminate services to MEGA. PayPal has apologised for this situation and confirmed that MEGA management are upstanding and acting in good faith. PayPal acknowledged that the business is legitimate, but advised that a key concern was that MEGA has a unique model with its end-to-end encryption which leads to “unknowability of what is on the platform”.
MEGA has demonstrated that it is as compliant with its legal obligations as USA cloud storage services operated by Google, Microsoft, Apple, Dropbox, Box, Spideroak etc, but PayPal has advised that MEGA's "unique encryption model" presents an insurmountable difficulty.
Mega's theory -- which is mostly reasonable -- is that because Mega was mistakenly listed in a report released by the "Digital Citizens Alliance" that insisted Mega was a rogue cyberlocker storing infringing content, that payment companies were told to cut it off. If true, this is problematic on multiple levels. The methodology of the report was absolutely ridiculous. Because most Mega files are stored privately (like any Dropbox or Box or Google Drive account), the researchers at NetNames have no idea what's actually being stored there or if it's being done perfectly legitimately. Instead, they found a few links to infringing works, and then extrapolated. That's just bad research practices.
Furthermore, the Digital Citizens Alliance is hardly an unbiased third party. It's an MPAA front group that was the key force in the MPAA's (now revealed) secret plan to have states attorneys general attack Google. Think the MPAA has reasons to try to go after any potential revenue source for Kim Dotcom? Remember, taking down Megaupload and winning in court against Dotcom was a key focus of the company since 2010 or so, and Dotcom recently noted that he's out of money and pleading with the court to release some of the funds seized by the government to continue to fight his case. The lawyers who represented him all along quit late last year when he ran out of money. It seems like the MPAA might have ulterior motives in naming Mega to that list, don't you think?
And, this all goes back to this dangerous effort by the White House a few years ago to set up these "voluntary agreements" in which payment companies would agree to cut off service to sites that the entertainment industry declared "bad." There's no due process. There's no adjudication. There's just one industry getting to declare websites it doesn't like as "bad" and all payment companies refusing to serve it. This seems like a pretty big problem.
by Mike Masnick
Fri, Feb 13th 2015 12:33pm
from the out-of-options dept
It seems clear that Nomm agreed to some sort of deal to get the overall threat off of his back and to be done with it. It's very, very, very likely that part of the "deal" is to testify against Megaupload and all of his former colleagues. But, reading through the Justice Department's self-congratulatory pat on the back over this plea deal and the indictment against the Megaupload team, I'm still confused as to how this is a criminal charge at all. It seems like he may very well be guilty of civil copyright infringement in personal downloads that he admitted to. But the rest... I don't see how it meets the requirements of criminal copyright infringement. Here's the DOJ statement:
In court papers, Nomm agreed that the harm caused to copyright holders by the Mega Conspiracy’s criminal conduct exceeded $400 million. He further acknowledged that the group obtained at least $175 million in proceeds through their conduct. Megaupload.com had claimed that, at one time, it accounted for four percent of total Internet traffic, having more than one billion total visits, 150 million registered users and 50 million daily visitors.Of course, the statements about how much "harm" was caused, and even how much money Megaupload made are meaningless. Pretty much everyone knows that anything signed in a plea agreement doesn't mean anything. The more important question is how the rest of it is criminal copyright infringement. For it to be criminal, it has to match certain criteria, and working on a software platform that is used for others to infringe certainly does not reach that level. Nor does knowing that some movies -- uploaded by others -- with the FBI anti-piracy warning message were uploaded (that message, by the way, has basically no legal power). Finally, as for his own personal downloads, those, too, would be civil infringements, not criminal.
In a statement of facts filed with his plea agreement, Nomm admitted that he was a computer programmer who worked for the Mega Conspiracy from 2007 until his arrest in January 2012. Nomm further admitted that, through his work as a computer programmer, he was aware that copyright-infringing content was stored on the websites, including copyright protected motion pictures and television programs, some of which contained the “FBI Anti-Piracy” warning. Nomm also admitted that he personally downloaded copyright-infringing files from the Mega websites. Despite his knowledge in this regard, Nomm continued to participate in the Mega Conspiracy.
And it seems like that may be the only thing he really did wrong from the explanation. He worked for a site that some people used for infringement -- but that's true of lots of internet companies. And he personally downloaded some stuff -- which is also true of a huge number of people. How does he end up in jail for a year other than because the US government came down on him, and he had no other option?
Frankly, this is embarrassing for the DOJ. I wouldn't be putting out a press release for them. Yay, they railroaded a programmer who worked on an internet platform into a "guilty" plea and a year in jail because he helped build a cloud computing system not particularly different than many others out there? What sort of "law enforcement" is this?
by Tim Cushing
Wed, Jan 28th 2015 1:36pm
Spying On Sharing: Canada's Intelligence Agency Collecting Data And IP Addresses From Free File-Sharing Sites
from the more-sharing-going-on-than-previously-imagined dept
In the first document from Snowden's stash to detail the spying efforts of our ever-polite and apologetic neighbor to the north, it's file sharers who are under the
The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files…The CSE is keeping tabs on (at least) 102 file-sharing sites (and likely eyeing traffic on BitTorrent networks), but only three are listed in the leaked document: SendSpace, RapidShare and the now-dead MegaUpload. In a statement given to The Intercept, SendSpace said that “no organization has the ability/permission to trawl/search Sendspace for data.” Not that SendSpace's permission (or promises to its users about data security) ultimately matters.
According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA.
LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites.The documents (dated 2012) say the agency is only looking for about "2,200 documents" related to terrorists and terrorist activity. From the piles of data amassed, the agency begins its straightforward-as-a-patent-thicket sorting process…
…which at least attempts to sort out the TV episodes from the hostage videos.
The agency then uses the captured IP addresses as selectors to trace activity across the web. The slides show that it has had success linking downloads of targeted files to Facebook accounts and Google profile pages by using two intelligence tools created by outside agencies: MARINA Profile and MUTANT BROTH. NSA-developed MARINA harvests a vast amount of internet activity and GCHQ's MUTANT BROTH intercepts "billions" of ad cookies to help correlate IP addresses.
But, while the agency says it's only tracking ~2,200 files (leading to 350 "interesting" downloads per month), there's nothing in the document (other than the filtering out of unwanted files) that suggests the harvested file-sharing activity isn't stored in bulk. And, like many other spy programs, it bypasses safeguards these sites have implemented and grabs data straight from the backbone.
It's safe to say that no major file-sharing service is able to protect its users' data. Even the promise that this information will only be turned over to law enforcement/intelligence services who present the proper legal paperwork is hollow -- if unintentionally so. The document notes that the agency "sees" about 10-15 million FFUs (Free File Uploads) per day, but fails to provide any clarification as to what that word entails. If "sees" means "collects," then the agency has access to millions of non-relevant IP addresses and uploads. If "sees" means "disregards non-'interesting' uploads/downloads," then the effort is more focused than most of its counterparts' surveillance programs.
On top of that, there's nothing included here that indicates the program has usefulness beyond harvesting data for data-harvesting's sake.
It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports.When defended, the CSE will probably note that this is part of a suite of tools designed to gather as much information as possible on suspected terrorists. But it has been shown that massive amounts of data makes terrorist hunting harder, rather than easier. And while there is at least some form of targeting built into the system, there's always the potential for abuse. CSE says it won't spy on its own citizens but this statement is undercut by its vast collection effort. It can't have it both ways, especially if it's gathering data directly from backbones. It could be anybody's data, but the agency won't know whose it is until it's looked at it.