A verdict against Megaupload in the U.S. would mean other cloud storage providers can be held criminally liable for illegal content stored by customers on their networks, an attorney representing the shuttered file-sharing site said on Tuesday.
Prosecutors in the U.S. have accused Megaupload and seven people associated with the company, including founder Kim Dotcom, of copyright infringement, aiding and abetting copyright infringement, wire fraud and money laundering. The U.S. has started proceedings to extradite them from New Zealand to the U.S., where they hope to put the company on trial.
It would be the first time a provider of cloud storage services had been charged with criminal copyright infringement in the U.S., said attorney Ira P. Rothken, who will represent Megaupload if the case comes to trial.
The cases against the music file-sharing services Grokster and Napster were both civil cases, meaning they were brought by aggrieved parties, such as the record companies, as opposed to the state. Civil cases generally require a lower burden of proof, making them easier to prove.
The Grokster case went to the U.S. Supreme Court, which in 2005 found the company liable for "inducing" copyright infringement by its end users, or secondary liability for copyright infringement.
There is no statute for secondary infringement in criminal law, however. In a criminal case, prosecutors will have to prove primary copyright infringement, meaning the defendants knew what they were doing and willfully infringed, Rothken said.
He described the indictment against Megaupload as "breathtaking." It doesn't name specific works that were allegedly infringed, or name any individuals responsible for sharing those works. Instead, the indictment holds Megaupload and its operators responsible for the conduct of its users.
That position is incompatible with how cloud services work, Rothken contended. Privacy laws in the U.S. prevent cloud storage providers from looking at the content its users have stored, he said.
"As a practical matter, anything that is needed for a cloud storage provider to make an assessment of what is infringing or what is not is essentially off-limits for them to look at," he said.
Megaupload hasn't filed its response to the charges indicating how it will defend itself. Julie Samuels, a staff attorney with the Electronic Frontier Foundation, said Rothken is likely to cite the safe harbor provisions of the Digital Millennium Copyright Act, which protect ISPs against liability for what users do on their networks. It's not clear yet if that protection extends to storage service providers, however.
Rothken contends that Megaupload had a robust program to take down infringing content in compliance with the DMCA. It means that Megaupload would not meet the "willful" requirement to prove criminal copyright infringement, he said.
Rothken criticized the way in which the U.S. shut down Megaupload's domain, abruptly cutting off users from data that may have been legally theirs. He has been negotiating with the government to free up funds from Megaupload's frozen bank accounts, which could then be used to pay Megaupload's hosting provider in order to preserve the data.
The U.S. government rejected a deal he reached with Carpathia Hosting, which holds the data, to obtain the physical servers and pay the hosting company around $1 million after the case is adjudicated, Rothken said.
Rothken said he plans to file a brief with the court in a few days asking for the data to be preserved. Other parties have already filed briefs: the Electronic Frontier Foundation, which supports preserving the data for non-infringing Megaupload users, and the Motion Picture Association of America, which expressed fears that if Megaupload controls the data, pirated content may circulate once again.
Rothken plans to argue that under U.S. law, only Megaupload is entitled to control the data. "We believe under the Electronic Communications Privacy Act that data is Megaupload's to handle for the benefit of consumers," he said.
Send news tips and comments to firstname.lastname@example.org