Life is increasingly like
a Neal Stephenson novel.
Megaupload founder Kim Dotcom has announced that he will launch a new file-sharing website called Mega in January. Despite the fact that he's fending off the US authorities' allegations of industrial-scale copyright infringement, Dotcom has made it clear to the Feds that he couldn't give a toss. His previous file-sharing …
Poor old May, she claims the new spy and wire tap bling they are buying is 'Future Proofed'.
This venture, along with Silent Circle, is the new reality.
Let's see what GCHQ can do with this. All those little clouds filled with impenetrable secrets from the Middle East and 'terrorists'.
Sorry, I think this bit is wrong:
"... cannot access the encrypted uploaded data, absolving themselves of any responsibility for contents of the files."
This should surely be:
"... cannot access the encrypted uploaded data, in a somewhat implausible attempt to absolve themselves ..."
"It is understood Mega's staff and owners cannot access the encrypted uploaded data, absolving themselves of any responsibility for contents of the files"
Is this the opinion of the journalist or of me.ga??? It hasn't absolved any other service provider, so what makes anyone think its going to absolve me.ga of responsibility now.
If I rent out a lockup garage or warehouse to someone and they store naughty things there, am I legally responsible?
If I rent a house to someone and they indulge in naughty activities there, am I legally responsible?
If I deliver a letter containing naughty plans for someone am I legally responsible?
If I run a massive public broadcasting organisation and someone has rumpy-pumpy in a dressing room, am I legally responsible?
If I store encrypted files for someone am I legally responsible?
The person doing the naughty thing is the one responsible.
Not actually 'No' to all questions.
If you rent a house to someone who runs a meth lab or similar out of it. You, the home owner, will be fiscally responsible for some very expensive clean-up, government inspections, and regulatory paperwork. Not to mention the tremendous loss of equity IF you can even sell the house again.
With luck you won't go to jail or at least spend a lot of time in jail ... but it will definitely be financially devastating.
"If I rent out a lockup garage or warehouse to someone and they store naughty things there, am I legally responsible?" - Yes, if you are aware of it and choose to ignore it.
"If I rent a house to someone and they indulge in naughty activities there, am I legally responsible?" - If you are running a brothel essentially, then yes.
"If I deliver a letter containing naughty plans for someone am I legally responsible?" - Ask the Al-Qaeda couriers sat in GITMO.
"The person doing the naughty thing is the one responsible." - They are, but by acting as a wilful and willing enabler who deliberately turns a blind eye and fails to report the crime, you share responsibility in the eyes of the law.
Like it or not, that's the way the cookie crumbles. Standing by and helping people break the law is generally considered illegal, in most cases.
"If I rent out a lockup garage or warehouse to someone and they store naughty things there, am I legally responsible?" - Yes, if you are aware of it and choose to ignore it
Not so simple.
1) Mega is specifically refusing to even know what's in there, so by definition they are not aware of any naughty things stored in there.
2) "Legally Responsible" in what jurisdiction??
Which is where Cyberspace is going to get interesting, and there is no law that currently answers the problem.
Is it where the data is hosted?
Is it where the data owner is located?
Is it where the processing server is located (which may not be in the same jurisdiction as the storage)?
Is it where the company owner is located (which may be a registered company and subject to different laws for directors than from individuals)?
Is it where the domain name is registered?
Is it where the copyright content owner is located?
Is it at the choice of anyone who wants to raise the legal action in cases where there may be a choice (think patent law in the US where the case is filed in certain states which are more sympathetic than others - what would happen if the EU had a similar "federal" circuit of courts)?
Many of you will have opinions on these - please don't post replies, there is NO right answer at the moment.
"1) Mega is specifically refusing to even know what's in there, so by definition they are not aware of any naughty things stored in there."
Nice idea, but to put it into perspective, that's like a drug mule or afore-mentioned Al-Qaeda courier trying to avoid prosecution by not knowing what was in the briefcase. If you have reasonable suspicion to think that the bloke you are selling a firearm to is going to cap someone with it and they do, you bear a share of the blame in the eyes of the law. Which is kinda fair enough, when you think about it: Wilful ignorance shouldn't be a carte blanche to engage in smuggling, or to aid and abet criminals.
Kim is basically going to be handing people the tools to commit an offence with and then sticking his fingers in his ears and saying "LALALALA I don't know that you're breaking the law". Except it won't even be that opaque to him: For the site to be used for its (less face it:) intended purpose of sharing movies and music, the Keys will have to be easily accessible to anyone. Hell: They'll probably be listed in the file description on the site, which makes the encryption and 'invisibility' to the site admins a moot point.
I don't see it really working out to well: He doesn't have a shred of plausible deniability and his entire defence is based on technicalities and lying under oath if it goes to court ("I honestly didn't know anything illegal was happening on my website, judge!")
2) "Legally Responsible" in what jurisdiction??
New Zealand? If that's where he is and his business is.
He's clearly trying to ensure that the US can't touch him. That might work. It depends on who has the best lawyers, I guess.
"Nice idea, but to put it into perspective, that's like a drug mule or afore-mentioned Al-Qaeda courier trying to avoid prosecution by not knowing what was in the briefcase. If you have reasonable suspicion to think that the bloke you are selling a firearm to is going to cap someone with it and they do, you bear a share of the blame in the eyes of the law. Which is kinda fair enough, when you think about it: Willful ignorance shouldn't be a carte blanche to engage in smuggling, or to aid and abet criminals."
Couriers... not a drug mule. A courier may carry certain items that are illegal but under their terms and conditions you are not allowed to do that. Similarly i would presume you are not allowed to host content on me.ga that is unlawful/copyrighted etc. However, just cos they provide a hosting service doesn't make the company unlawful or guilty of a crime. They provide a service just like a courier does. However, if you are willingly providing a service to known terrorists or drug barons then of course ignorance isn't going to save you.
Kim is basically going to be handing people the tools to commit an offence with and then sticking his fingers in his ears and saying "LALALALA I don't know that you're breaking the law".
Quite. So when is Google cloud service (and other cloud services) being charged then?
"unless you work in politics or banking."
Not true: Look at the kind of shit financial institutions get into via the actions of a few rogue traders fixing rates, for example... and they didn't even *know* about it. Likewise, the current hoo-ha as regards NoTW pivots around whether senior figures *knew* if the law was being broken.
If you can establish plausible deniability (which Kim is trying to do via the "It's encrypted, so I don't know it's illegal" thing), then you might be able to avoid culpability. If that plausible deniability isn't plausible enough ("I didn't know the dodgy guy who gave me a grand to carry a bag through customs had put drugs in it!"), then you're in trouble.
Remember that, even if we had legal systems not violently corrupted by big business and money, legally responsible is not a lot to do with morally responsible.
It has even less to do with factually responsible.
You are responsible for whatever a big company says you are responsible for. In the same way, they are not responsible for whatever they have decided they are not responsible for.
If I rent a house to someone and they indulge in naughty activities there, am I legally responsible?
But the guy was still allowing people access to ripped off goods (aka stolen) He was also moving money about in an attempt to not pay taxes.
You can't, on the one hand claim to want to do wtf you want and not pay for it, then with the next ask for the protection of the people you have been ripping off.
Yeah the USA are idiots, and their legal system and the way its foreign policy works explains how people can hate them enough to kill themselves in order to hurt them, but this Kim guy is not a nice robin hood persona deserving of any compliments.
He hunts baby dolphins as well apparently
I don't want to weigh in and defend the guy here - I know nothing abut whether he is a nice chap or not, but I jave to clear you up on one point - copied is not stolen. Stealing something deprives the owner of it, copying it does not, although it may prevent them from profiting by metering access to it.
Copying != theft != piracy.
Whether copying is morally right is another question, but by sttempting to conflate it with other 'serious illegal' activities, copyright owners are doing themselves no favours when it comes to credibility.
> the definition of "theft" was broadened some time back in the UK.
It still doesn't cover copyright infringement.
> It varies wildly with jurisdiction.
It varies a little. I'm unaware of any jurisdiction that considers copyright infringement to be theft, however much various organisations would like you to believe it to be so.
One thing I don't get, a comparison of markets if you will.
Company A makes a profit of 8billion in the USA, but thanks to clever accounting they can shift it around (as they do in every country) to avoid 90% of the tax. And that is perfectly legal, despite the fact that the company deals with US customers on US soil.
Meanwhile internet company A makes a much smaller profit thanks to users in the USA, while everything else it has is offshore. And that is illegal.
One has many many links to the USA and is untouchable.
The other has one link which is in common with the first, and that's it. And the US can charge in and do what they want.
My god I love American logic.
"bake backdoors into your systems either at the hardware or OS level."
Hardware maybe, but the OS? I think not, because even if they did you can bet your bottom dollar that the Linux folks and others like the *BSDs will soon spot it and rip it out.
Another good reason to use FOSS.
Rather than store the encrypted data, they should store only BIG 'keys'. Some online key safe facility whereby you can share access to your keys, and one which extends to large keys too.
Encrypt the file using a key (otp maybe) of equal size to the file. In this scenario you effectively have 2 files, either of which can be considered the key to the other. Get two hosting companies to host your 2 keys (which one is the key and which one the encrypted file?). There is no law against holding keys for somebody.
[X] = secure 10MB file
[Y] = 10MB random key
XOR X,Y - to give [Z]
Upload Y and Z to 2 hosting companies. Which one is hosting the encrypted file and which on the key?
For added security you can add a 3rd key that could turn both keys into a legitimate (but safe) file.
[A] is a public 10MB pdf document, [B] is your 10MB 'secure' file, [C] is random 10MB data.
XOR A, B, C to create [D] (also 10MB).
XOR B,C to create [E] (also 10MB)
XOR A,C to create [F] (also 10MB)
D, E and F are themselves just 10MB keys, but when combined in the correct order they produce different results. Upload D to one provider, E to another, F to a 3rd. Keep C local (no need to upload it).
Combining (XOR) D and E yields the PDF document
Combining D and F yields the personal file
None of the hosting providers are storing encrypted data for you, they are hosting keys. But what are the keys for?
D is the key that turns E into the PDF document.
E is the key that turns D into the PDF document.
F is the key that turns your local C into the pdf document.
If you want to give a 3rd-party access to your secure data then point them to D and F.
Not perfect but you get the idea. What I'm saying is that by storing 'keys' rather than encrypted data things could get interesting - when the key length is the same as the data who decides which is which?
It could probably be simpler than this.
Use cloud storage providers in a way similar to RAID. Just store parts of the file across 3 different services. In other words, every third bit goes to service A.. There wouldn't be enough information at any two providers to actually figure out what it was. You would need all three.
You have a file (fragmented all over the place on that "toy" operating system known as WindblowZE) occupying hard drive space. To the O/S, it doesn't matter which sectors contain the file, just that it (the O/S) "knows" where the segments are, and in what sequence they need to be re-assembled in order to provide the complete file.
So, treat cloud storage as an extension of your local hard drive, and take that to a further extreme. Split your 'file' into multiple pieces, and store segments in different cloud locations. Only YOUR "directory" knows which sectors are stored at a specific location, and in the sequence that they need to be retrieved in order to make the file complete.
Now, try to figure out who has what????
@ac 14:30 re XOR X,Y -> Z
.....except that XOR Y,Z will reconstruct X. Admittedly, whoever was wanting to retrieve X will need to know this is what you have done, and obtain both Y and Z.
XOR is just not safe unless you increase the number of keys and operation as you do in the later examples, but the more keys you have, the more chance you have that one of the storage companies go out of business, get shut down or just lose the data.
It would be better to use something like use a distributed set of symbols of Reed Solomon hashed data blocks. Doing this would enable you to reconstruct the data if one set of symbols is lost, but would make it necessary for someone to get most of the symbols in order to decode the data. The exact number of symbol sets needed, and the minimum number of sets required to decode the data would depend on the parameters in the RS encoding chosen. Each subset would not contain any usable data.
This is an aside from how the USA took down the servers and the loss of access to legal files people had (stupidly) kept on a site designed to be a way around copyright. I don't agree with the methods and I think the site should have had a cease and desist order issued by the hosting country and/or the country where the owner/s reside. That would have given time for legal files to be moved, for the illegal files to be tracked when they were moved (which provides evidence for future court proceedings) and time for the owner/s to prepare their legal defense.
If you copy a copyrighted file to avoid paying the copyright owner their fee, that is theft. I don't care what semantics you try to use. If you don't think that movie, music, artwork or picture is worth the price then don't buy it. Don't go and download it from a buddy and claim that since you weren't going to buy it anyway that there is no loss to the owner. I will grant that that loss is hard to quantify, and most of the numbers being used in court cases are complete bull.
For those of you that are going to claim that you pirate whatever to see what artists you like so you can then purchase their stuff; let's just say I believe you to be an extreme minority, like leprechauns and unicorns.
Biting the hand that feeds IT © 1998–2021