FBI Reminds Us Government Already Has MegaPower to Take Down Websites

Online activists were still busy celebrating a successful day of protest against proposed (and now shelved) Internet censorship legislation when the Justice Department pulled the popular cyberlocker site Megaupload offline Thursday, and indicted its owners on charges of criminal copyright infringement. It was a serendipitously timed demonstration of two important facts.

First, the U.S. legal system is perfectly capable of reaching criminal suspects overseas. Megaupload is incorporated in Hong Kong, and its CEO was arrested (along with three employees) in New Zealand. That’s significant because supporters of laws like the Stop Online Piracy Act (SOPA) and PROTECT-IP Act (PIPA) typically claim they’re helpless to do anything about overseas sites by more conventional means, necessitating aggressive new enforcement powers with streamlined hearings that give short shrift to due process. Now, if the people behind Megaupload are, in fact, guilty of criminal activity—and the indictment certainly looks damning—the government will have the opportunity to prove it beyond a reasonable doubt before a jury, which will also get to hear any exculpatory facts or arguments the defendants are able to offer. It can be a slow process, but it’s also how we’re supposed to do things in the United States: we don’t just issue orders branding people or sites as “rogues,” we convict them.

Second, if you’re worried about the government taking down U.S.-registered sites, which include any site in the .com and .org domains, wherever their servers might be located, then SOPA and PIPA aren’t really what you should be concerned about: the government already has that power under the PRO-IP Act of 2008. There are good reasons SOPA and PIPA attracted more attention: Instead of “seizing” domains directly at the registry, they would have imposed blocking and filtering obligations on thousands of ISPs and search engines, creating a whole host of technological and security problems. There was also the private right of action, which seemed more susceptible to abuse by overzealous copyright owners who were able to find a friendly judge. But the central power of the government to shut down web domains is already there in PRO-IP, and has been used to seize hundreds of sites already—wrongfully in at least some cases. Incidentally, those absurdly inflated phony statistics I wrote about earlier this month—the ones the Government Accountability Office has debunked, which even the content industries have finally stopped using—were heavily cited as evidence for why PRO-IP was needed, featuring prominently in press releases by the bill’s authors.

The owners of Megaupload don’t seem like particularly sympathetic characters, but the abrupt seizure of the domain before trial ought to give us a bit of pause. The site was plainly used to enable an enormous amount of copyright infringement—and judging by the indictment, the site’s operators appear to not only have known about this, but encouraged it in order to bolster their ad revenues. But that doesn’t mean that’s all the site was used for. Plenty of people made legitimate use of the site for cloud storage, or to (legally) share large files with friends, family, or colleagues. Indeed, no small number of major-label recording artists declared in song  that they used the site for just such purposes. Journalist Adam Penenberg tweeted this morning that he was in the habit of using the site to share recordings of his interviews with a transcription service. If you Google around, of course, you’ll mostly see evidence of the more illicit uses—but that’s because people don’t post a link publicly on the Internet when they’re trying to share a file in a more limited way. Taking the entire domain down has affected all those legitimate uses along with the illicit ones.

Civil forfeiture laws have, frankly, always been subject to abuse. But when a suspected drug dealer’s car is seized, the effects are at least limited to the suspect and his family. The de facto seizure of an entire online platform, by contrast, affects all the users of that site, including many thousands who were using it to engage in legitimate, protected speech. And precisely because the non-pirate uses are less likely to involve public links, it’s extremely hard to know in advance exactly how much collateral damage is inflicted on legitimate activity by the seizure. In this specific case, I’d wager the proportion of illicit to legitimate content was quite high, but I can guarantee there’s also a whole lot of copyright-infringing videos posted to YouTube at any given instant as well; most people, presumably, recognize that shutting down YouTube in order to disable access to those videos would not be worth the enormous cost to protected speech.

There are also some troubling arguments offered by the government in the indictment. They suggest, for instance, that Megaupload shouldn’t be eligible for “safe harbor” under the Digital Millennium Copyright Act because though the firm would disable specific URLs linking to “infringing content” upon notice by copyright owners, it did not remove the underlying file entirely. (Megaupload was designed, like many other cloud storage services, to only keep one underlying copy of a file that many different users had uploaded, though it would create a different virtual address for each user’s “own” instance of the file.)  This may sound like shameless flouting of the DMCA takedown process, but it’s a bit more complicated than that, because in reality “infringing content” is something of a misnomer. Content is content. It’s what you do with it that infringes copyright.

Just about everyone’s hard drive these days is full of copyrighted music in MP3 format.  But it isn’t necessarily “infringing content.” In my case, it’s music I’ve downloaded from legal venues like the iTunes store or ripped from CDs I purchased back when one still bought music in shiny-plastic-disc form. Many people will put their legal MP3 files in a private Dropbox folder, or some other cloud storage service, so they can access the music from the office as well as their home desktops, or from their networked mobile devices. Creating a public link to those files, and distributing them to anyone on the Internet who wants them, would clearly be copyright infringement.  But that doesn’t mean the files themselves are suddenly “infringing content,” and it doesn’t mean that every user should lose his own access to the same files because other users tried to publicly distribute them.

This is another reason the takedown-before-trial model is disturbing. Again, there’s strong evidence in the indictment that Megaupload’s conduct here was anything but innocent. But now imagine some other cloud storage site that comes under the crosshairs of the government or content industries. As I suggest above, they might have very good reason for only disabling specific, publicly distributed links to a copyrighted file in response to a takedown notice, rather than cutting off access to every user who has remotely stored the file, regardless of how they’re using it. At a trial, they’d get to explain that.  If the site is shut down before its operators have an opportunity to even make the argument … well, that doesn’t bode well for investment in innovative cloud services.