Why Mega is Not a Copyright Killer

Mega LogoOver the weekend, Kim Dotcom, the embattled founder of Megaupload, launched his new cloud storage service, Mega, amid fanfare and dancing girls. Though Mega has suffered serious technical issues due to the massive interest, it has still attracted over 1 million users in just a few days.

The launch, which was timed with the raid on Dotcom’s house and company last year, had been widely expected and led to at least a few sensationalist headlines, including one on Gizmodo that said the service “Could dismantle copyright forever.”

TechDirt wrote a different take on the service, calling Mega “interesting” but “hardrly revolutionary”.

So is the sky falling for copyright holders? Will Mega be the end of copyright as we know it? No. If Mega had been created by any one other than Kim Dotcom and for any other purpose than following up Megaupload, the service would not have received nearly this much attention.

Even if we ignore that copyright is a law and Mega, as a service, does nothing to change the law, Mega is not a copyright killer and, truth be told, isn’t likely the biggest threat to copyright holders right now. In fact, it’s way behind the original Megaupload in that regard.

Mega History

On January 19, 2012 officials in both the US and New Zealand moved on Megaupload. The joint action ended up with the closure of the site, the seizure of many of its servers and, most famously, the arrest of its founder Kim Dotcom.

The effects of the raid on the cyberlocker industry were swift and drastic. Many file locker and storage sites either shut down completely, disabled 3rd party sharing, abandoned affiliate programs or engaged in massive banning or deletion actions.

However, as the legal case against Megaupload (the company) moved forward in the US and against Kim Dotcom (personally) in New Zealand, Dotcom himself began to promise a new version of Megaupload, one that could not be shut down.

As time went on, details began to emerge, either through rumors or announcements from Dotcom, and it became clear that the new service, named Mega, would not be another cyberlocker service, but a cloud storage service with a heavy emphasis on encryption and security.

On January 19, 2013, one year after the initial raids, Dotcom launched the new Mega service and many are still trying to decide what exactly the service is and how it fits into the piracy picture.

The answer isn’t clear yet, largely because the service still is not online fully and users are experiencing a lot of technical issues. However, we can make some educated guesses based on what Mega is and how other services have faired.

What Mega Really Is

Mega ManagerMega, at its most fundamental level, is a cloud storage service, not unlike Dropbox or Google Drive. However, it distinguishes itself in three key ways.

  1. Client-Side Encryption: Most cloud storage services provide server-side encryption, meaning un encrypted files are uploaded and encrypted on the server. Mega encrypts the files before upload, so even Mega doesn’t know what’s on the server.
  2. Large Capacity: The free account on Mega provides 50 GB of storage, compared to just 2 GB on Dropbox and 5 GB on Google Drive.
  3. The Brand: Megaupload’s seizure and Kim Dotcom’s resilience despite his legal problems (he faces a deportation hearing in March) is synonymous with copyright infringement.

The fear is that users will take advantage of the encryption to share files with impunity and that Mega will become an unstoppable haven for file sharing and piracy. However, though Mega’s encryption will provide at least some protection to its users, it’s mostly there for Kim Dotcom. This is because neither Mega, Kim Dotcom nor any other employees can possibly know what is on their servers, giving them a layer of legal protection that didn’t exist with Megaupload.

The technology itself has existed and been used before. For example, people have long uploaded encrypted files to cloud services like Dropbox for extra protection and services like Jungle Disk made use of this idea of encryption before upload for personal backup.

The biggest advancement that Mega makes isn’t that it built a Web-based cloud storage service, but the ease-of-use and integration of client-side encryption built into that service. While this is interesting, it is not particularly revolutionary from a technology or a copyright standpoint.

Why Mega Won’t Dismantle Copyright

The truth is that, for all of the anxiety over Mega, it’s actually a step backwards for piracy from a traditional cyberlocker.

IF one wants to use Mega to widely distribute a file, the people you’re sharing the file with need both the link for the file and the key to decrypt it. Already, that’s an extra step for both the uploader and the downloader.

If you make the link and the key publicly available, the file is just as exposed as if it were posted on an unencrypted cyberlocker and just as vulnerable to a takedown (Mega has a DMCA-like policy in place).

The problem is that this style of encryption is great for point-to-point file transfers. If you want to send a single file to a client or to a friend, all you have to do is securely give them the key and then provide them the link. However, this style of encryption is a major headache for sharing to a mass audience and easier/better tools are available for that end.

But even if mass file sharing does take off through Mega, all of the plans have bandwidth limits. 1TB of transfer may seem like a great deal, a DVD typically holds around 700 MB of data. One DVD could only be downloaded a little over 1,400 times in a month before all of the bandwidth would be used up on a “Pro 1″ account.

While approximately 1,400+ downloads sounds like a lot, that’s only if it’s the only thing being downloaded on the account and, it’s important to remember, the top torrents on The Pirate Bay are typically downloaded tens of thousands of times per day. So even the Pro 3 count, which would up the number to 12,000 downloads with 8 TB of bandwidth doesn’t come close to matching what current Bittorrent trackers can do for mass piracy.

In short, where Megaupload provided incentives and tools that encouraged users to upload (often illegal) files for mass download, Mega does not and in fact has a structure and service that puts barriers up against mass downloading of files, legal or otherwise.

Mega is simply aimed at a different purpose.

Bottom Line

None of this is to say that piracy won’t take place or be a problem on Mega, it most certainly will. But it’s not going to be the death knell to copyright as we know it. Though there’s a lot of enthusiasm about the service right now, technical problems have hampered its use so far and concerns are already surfacing about its security, both in terms of its encryption and its passwords. If Mega is to grow and build upon this, it’s going to have to find a way to fix its issues and create a service that pople will want to use.

In the end though, the rebirth of Mega not only shows the resiliency of Kim Dotcom but also how he and his service have been changed by the ordeal. Mega is NOT Megaupload 2. It is a very different service with a different audience and a different intent.

The real challenge Mega will likely face is its reputation. Will Mega be able to create and grow what they hope is a legitimate cloud storage business given their reputation and record? Will people trust Kim Dotcom with the data enough to use his new service and what might happen to it if the legal case does go badly?

Copyright holders distrust the brand. Legitimate users, especially those who lost files in the closure of Megaupload, distrust the reliability. Finally, the people who are drawn to it for the purpose of piracy are likely to be disappointed by the service itself.

Mega clearly faces some big challenges moving forward, even as it teases future plans.

3 comments
Keith Spiker
Keith Spiker

You said that "the people you’re sharing the file with need both the link for the file and the key to decrypt it." This is true. But the next sentence is not necessarily true: "Already, that’s an extra step for both the uploader and the downloader."

You can embed the key in the link - and you can do it in such a way that the server never sees it. Instead, the key is extracted by the browser before sending the URL to the server. The browser can then use the key to decrypt the received content. Thus, Mega could allow links to encrypted content to be shared in one step. If Mega doesn't do it this way (I don't have an account yet, I don't know), it is not because they can't do it but because they have chosen not to.

Handling the key this way is a clever use of the fragment identifier in a URL. Here is an example of a fragment identifier ("#"):

http://en.wikipedia.org/wiki/Fragment_identifier#Basics

Everything after the "#" is the fragment. In the above example, the fragment "Basics" is not passed to Wikipedia, but your browser uses it to navigate in the page. One website that uses the fragment identifier for client-side decryption is AnonPaste.me. Here is a link to a page that will be decrpyted in your browser with the key that follows the fragment identifier (but the key will not be passed to the server):

http://www.anonpaste.me/anonpaste2/index.php?74bb00ca1b9c6fa1#6vJsJ8VTvLcHxrqblRbK2A87AwGraHkXag4j9yxurr0=

This URL fragment identifier was specifically mentioned by the inventor of the World Wide Web himself, T. Berners-Lee, in RFC 1738 in 1994 (search for "#"): http://tools.ietf.org/html/rfc1738 (now obsoleted)

I don't blame you for not knowing this - I only discovered recently when I was trying to solve the "extra step" problem you mention. If I didn't find this solution, I was going to introduce it myself into the standard.

I'm sorry to hear you report that Mega is causing anxiety. It is a very exciting time to be alive and there are so many opportunities to be had! If Mega causes anxiety, then you may not be aware of the technologies that are just around the corner. I would love to tell you more (seriously), but I don't have the time.

The AnonPaste link above expires in 30 days, so here is the text in case you missed it: "The MPAA and the US Government have already lost the Megaupload case, but they may not realize it yet. They will lose on legal grounds because they have stretched the law and facts too far. Even if they convict Kim Dotcom, which is unlikely, it will be a Pyrrhic victory."

As a lawyer and an engineer, this much I know.

Ronnie
Ronnie

Interesting how you leave out the fact that the government's case against Dotcom is rapidly falling apart due to the government's failure to follow procedural law and lack of evidence against the so-called criminal.

Mike
Mike

How is that relevent to the article? I found the article to be very informative.