MegaUpload: Breaking Down the Indictment

Last week, the operators of a company called MegaUpload, including its founder, Kim Dotcom, were arrested under an indictment alleging the operation of a criminal conspiracy that infringed upon a wide variety of copyrighted works and enriched the conspirators by over $175 million in the process, through advertising and paid accounts to access movies, TV shows, music, and other works that were owned by third parties.[ref]Rumors that Swizz Beatz (Mr. Alicia Keys) recently became acting CEO of MegaUpload were apparently exaggerated; his lawyer has denied that a deal was reached and he was not named in the indictment.[/ref]

Although the arrests of the “Mega Conspiracy” and subsequent hacking by Anonymous have received significant media attention, most coverage has not explained the basis for the charges or the applicable law.

Copyright law provides protection to online service providers from liability for copyright infringement if they comply with the Digital Millennium Copyright Act’s takedown request provisions, protection that MegaUpload’s founder seemed to believe protected the service. However, the indictment alleges that MegaUpload intentionally kept files online after owners notified MegaUpload of the infringement, specifically so they could continue to profit from the files. The key allegation, explained in detail herein, appears to be that MegaUpload’s MD5 Hash system deliberately kept multiple links to infringing files available for download, even after the owner of a linked file (e.g., song, film, TV show) notified MegaUpload that it was being hosted illegally, thereby depriving MegaUpload of protection under the law.

As an aside, the MegaUpload case actually demonstrates the power of the Copyright Act as it exists and the ability of the Department of Justice to enforce it without additional legislation such as SOPA. Infringement of copyrighted works online can be divided into two general groups: casual use of copyrighted works that technically infringes upon another’s copyright (e.g., reposting a photo on a Tumblr blog without a license or singing along with a copyrighted song on one’s YouTube video[ref]YouTube has an excellent system for handling copyright issues, explained in this TED Talk:[/ref] versus a criminal conspiracy to infringe upon copyrighted works for profit. SOPA would increase enforcement against the former, but the indictment against MegaUpload paints a picture of the latter: a deliberate conspiracy to derive profit from infringement of movies, television shows, music, and other entertainment.

In light of the flurry of misinformation that has followed the arrests of the MegaUpload staff, particularly given the proximity to the SOPA/PIPA controversy, a review of the indictment and the basis for the charges seems to be in order. This article will provide a general overview of the application of the current copyright law to the service, the allegations in the indictment, and MegaUpload’s possible defenses to the charges.[ref]The indictment is available in its entirety at[/ref]

The MegaUpload Service

MegaUpload was a service that allowed users to upload and store files, after which MegaUpload would give the user a URL (an “MD5 Hash,” an algorithm for assigning a link) that anyone could use to download that file. If enough people downloaded a user’s files, MegaUpload would pay the uploader a cash reward. The indictment alleges that these files were often copyrighted movies, music, games, and books, some of which had not yet been released for commercial sale.

MegaUpload seemed to characterize its service as falling within the law, specifically the “safe harbor” provision of the Digital Millennium Copyright Act (17 U.S.C. § 512). Kim Dotcom recently wrote “Our business is legitimate and protected by the DMCA (The Digital Millennium Copyright Act) and similar laws around the world.”[ref]Kim Dotcom’s recent piece about MegaUpload, his history as a businessman, and the “Mega Song” controversy, is available here:[/ref] The Department of Justice has indicted the operators for a vast conspiracy to profit from aiding and abetting the illegal copying of protected works.

The Indictment

The indictment against the “Mega Conspiracy” – the seven defendants and associated corporate entities that made MegaUpload run – was filed under seal on January 5, 2012, as part of an investigation that goes back to March of 2010 (Indictment par. 69.b.). It contains facts about the case, including a number of damning quotes from several emails by the conspirators, as well as alleged facts about the operation of the MegaUpload sites.

All cites in this post are based on the allegations in the indictment, which are, at present, unproven allegations. This review of the indictment is simply that, and all of the defendants in the action are presumed to be not guilty. In response to the indictment, the New York Times published a statement from an attorney for MegaUpload saying: “MegaUpload believes the government is wrong on the facts, wrong on the law.”

With MegaUpload’s declaration of innocence and the burden of the prosecution to prove its case in mind, the indictment summarizes the evidence that the Department of Justice intends to present and the charges that it alleges the evidence establishes, which the grand jury reviewed in issuing the indictment. For those concerned that this action by the Department of Justice violates “due process,” these are criminal charges issued on the basis of the evidence after review by a grand jury.[ref]A note to those readers who may have been avoiding jury duty but are inclined to complain about due process implications of indictments such as this one: this might be a good time to re-think your commitment to your civic responsibilities.[/ref]

The Charges

The indictment contains five charges: conspiracy to commit racketeering, conspiracy to commit copyright infringement, conspiracy to commit money laundering, and two charges falling under criminal copyright infringement & aiding and abetting of criminal copyright infringement. Copyright infringement is the topic of the day, given the awareness around SOPA and PIPA, and will be the focus of this discussion (not to take away from the glamour of racketeering and money laundering).

Please keep in mind, this indictment has nothing to do with SOPA or PIPA on its face. The charges all arise under laws that currently exist, and as of this writing, SOPA and PIPA are all but dead. As such, the indictment actually supports the idea that the current laws against infringement are sufficient to deter and prosecute pirates and those who aid and abet them. While the Department of Justice certainly could have intended to make the point that current law is sufficient to enforce copyright law internationally against clear infringers, the indictment was handed down weeks prior to recent protests and the investigation against MegaUpload goes back years, well before SOPA and PIPA came along.

Copyright Infringement and Takedown Compliance

Without going into a full explanation of copyright, to understand the indictment, it is enough to know that copyright generally gives the owner of a work (usually the creator of the work) the exclusive right to copy that work and to prevent anyone else from copying it. Copyright infringement is copying without permission; aiding and abetting copyright infringement is helping someone else copy without permission.[ref]A note on the desirability of copyright law in general: some opponents of SOPA/PIPA, (and perhaps the charges against MegaUpload), as David Pogue recently noted, are generally opposed to copyright, and want to be able to copy music, movies, books, and games with impunity. Consider that copyright law is a part of what encourages the creators and marketers of these works to create them in the first place. Yes, plenty of musicians and artists will create art no matter what the return is, and often give away their work for a variety of reasons. However, if multimillion-dollar enterprises such as movies, television, and video games had no copyright protection, and thereby no guarantee of financial return on a product that could be legally copied upon release, few would invest the time, money, and energy to create them. Copyright is what allows many of these things to exist in the first place.[/ref]

The Digital Millennium Copyright Act (the “DMCA,” a 1998 amendment to U.S. Copyright Law) provides a method to avoid liability, or “safe harbor” for web service providers who comply with certain “takedown” requirements, a defense that seems to be at the core of MegaUpload’s position. Essentially, if the owner of a copyrighted work contacts a website or service operator with a complaint about an infringing copy of their work on the operator’s server or site, the service provider must contact the supposedly infringing uploader, who has a chance to file a counter-notice before the service acts upon the takedown request. If the alleged infringer does not respond, the operator takes the infringing material down. Whatever the outcome, the operator of the site remains protected from liability for any possible participation in the infringement by the safe harbor provision.[ref]The provision of the DMCA limiting liability for service providers can be found in its entirety at 17 U.S.C. § 512. A simple example of a takedown policy in effect is YouTube’s takedown form, which is available here:[/ref]

MegaUpload may intend to argue that it fell within this safe harbor, but the indictment alleges it did not comply with the requirements, and is therefore not protected. Instead of complying with the takedown requirements, the indictment alleges that the operators of MegaUpload knowingly and deliberately creating an environment in which infringement ran rampant and MegaUpload reaped the rewards, in part by letting copyright owners believe that their takedown requests were being honored when they actually remained available for download. These rewards were generated in part through advertising and payment from users for premium accounts. Regular users had limits on the amount of content they could view or download from MegaUpload, but if the user paid a fee, those limits were relaxed or lifted (e.g., Indictment par. 4, 5, 54).

With this brief background, on to the allegations in the indictment, which paint a picture well beyond a simple company that let people upload their files and receive a download link in return, but was, in reality, a scheme that pretended to comply with the takedown notices while continuing to host and profit from copyrighted material.

The “MD5 Hash” and the “Abuse Tool”

The “MD5 Hash” system and MegaUpload’s use of it to avoid takedown requests appears to be the most important element of the alleged conspiracy by MegaUpload. The indictment claims that MegaUpload never actually took down infringing files under DMCA takedown rules, but that multiple links would be generated for any given infringing file, and that, at most, MegaUpload would take down a single link on demand if an owner found it, but leave the file and all other links to it in place.

MegaUpload allegedly did this through the use of a unique identifier called an “MD5 Hash.” (Indictment par. 22). Each time someone uploaded a file, an MD5 Hash and a unique download URL or link would be generated; however, if a second user attempted to upload an identical file, the MD5 system would generate a new, unique download link for the second user that would point to the original file, and it would discard the duplicate file. This would occur each time a user uploaded an identical file to one already residing on MegaUpload’s servers, creating multiple, unique download URLs for the original file.

To handle infringement complaints, MegaUpload had an “Abuse Tool” that let copyright owners believe that they could request removal of a file by submitting an infringing URL that led to their copyrighted work.[ref]An account of Warner Brothers Entertainment, Inc., attempting to use the Abuse Tool and MegaUpload’s resistance to Warner’s use of it is detailed in the indictment (Indictment par. 69.lll.).[/ref] However, when a copyright holder used the Abuse Tool to demand the removal of any given download URL, the indictment alleges that MegaUpload might take down that URL — that is, the infringing link that the owner was aware of — but would leave the original file on its servers, as well as any other download links that were pointing to it. (Indictment par. 22).

For example, if George uploads an MP3 of The Band’s Up on Cripple Creek to MegaUpload, that file will be assigned an MD5 Hash, as well as a unique link to the file that he can share with friends or strangers. If Jim, Dave, and Vijay then upload an identical file, they will each get new, unique download URLs to George’s original MP3, and their copy of the file would be trashed. However, if Jim foolishly sends his link to his friend Luca at a major entertainment company, who reports the link as infringing, MegaUpload would only remove Jim’s unique URL, but would leave the infringing file and its MD5 Hash, as well as Dave, George, and Vijay’s download links accessible.

The Department of Justice also alleges that MegaUpload’s MD5 Hash system could have been used to take down copyrighted material, but MegaUpload deliberately didn’t use it in this way. When something ended up on the servers that MegaUpload really didn’t want there, like child pornography or terrorism propaganda, MegaUpload used the MD5 Hash to track down the file and eliminate it from its servers permanently, preventing any further access to the file. The Department of Justice alleges that MegaUpload deliberately did not use that system for removing copyrighted material. (Indictment par. 24).

At least some of the information in the indictment came from a warrant executed in June of 2010 (Indictment par. 25). During the search, MegaUpload was informed of thirty-nine infringing films that were on their servers in Virginia; incredibly, those films remained on the MegaUpload servers as of November 2011.

MegaUpload’s Emails

Several pages of the indictment are dedicated to allegations of acts committed by the MegaUpload operators, which include a series of emails that the Department of Justice gained access to in the course of the investigation. The following are a few highlights of the allegations:

  • A chat log between two of the defendants, in which one said, “we have a funny business . . . modern days pirates :),” to which the other responded, “we’re not pirates, we’re just providing shipping services to pirates :)”;[ref]An account of Dotcom’s arrest in the New York Times indicated that he was hiding in a safe room, “standing near a firearm that they said looked like a sawed-off shotgun”; given the recurring piracy theme, one may reasonably conclude that the firearm was a blunderbuss.[/ref]
  • Discussion among the defendants of user complaints about streaming, infringing episodes of the television show Dexter that had problems with audio synchronization;
  • Emails regarding a variety of hosted film and TV titles are discussed, including Thor, Green Hornet, Battlestar Galactica, True Blood, Lord of the Rings, and the unreleased, upcoming Twilight film;
  • Defendants forwarding of links to “cracked” (a process by which hackers remove a program’s copy-protection measures) copies of infringing software and music by Armin van Buuren and 50 Cent;[ref]There is no accounting for taste among pirates.[/ref]
  • Lists of payments under the MegaUpload reward program to infringers, alongside descriptions of the infringing files they uploaded;
  • An email from one defendant to another regarding reward payments that discusses “very obvious copyrighted files”;
  • A complaint from one defendant to another that “the sopranos is in French :((( f**k.. can u pls find me some again ?”; and
  • Orders from Dotcom to subordinates to not comply with takedown requests, saying to: “not delete links… from insignificant sources.”

Dotcom’s contemplated defense to the alleged MegaUpload scheme is apparent in a reply he offered to a payment processor that suggested profiting from copyrighted material is not permissible: “The DMCA quotes you sent me are not relevant. We are a hosting company and all we do is sell bandwidth and storage. Not content. All of the content on our site is available for ‘free download’” (Indictment par. 69.ff.).

The Other Charges

The additional charges in the indictment arise from the operations of the company and additional infringement. The third claim alleges money laundering charges arising primarily from the international transfer of money derived from criminal copyright infringement. Millions of dollars worth of transfers are specified in the allegations during the operation of MegaUpload.The fourth count alleges that MegaUpload distributed a work being prepared for commercial distribution before its release, specifically, the film Taken, starring Liam Neeson, which allegedly appeared on MegaUpload three months before its release date. The fifth count charges infringement and aiding and abetting infringement by electronic means for a wide variety of films, books, games, television, and other copyrighted works.

The indictment also details the property that is subject to forfeiture, including over fifty bank accounts, several paypal accounts, all applicable domain names, a number of 82” televisions, and several luxury cars, including a 2010 Mercedes ML63 AMG with the license plate “GUILTY.”[ref]A photograph of Mr. Dotcom posing with what appears to be the vehicle at issue is available with the article written by Mr. Dotcom:[/ref]


As noted at the outset, the indictment simply represents the allegations against the MegaUpload defendants, which the prosecution will have the burden of proving. That said, if the allegations are proven to be true, the Department of Justice has a compelling argument that MegaUpload was not a mere service provider that complied with the takedown provisions of the DMCA, which would be entitled to safe harbor from prosecution, but that MegaUpload was actively infringing copyrights, aiding and abetting in infringing copyrights, and profiting immensely from said infringement.

Furthermore, this indictment demonstrates that the current legal framework is more than sufficient to enforce owners’ copyright interests in their work, and that the more burdensome requirements of SOPA and PIPA will have little benefit in combatting true piracy. The scheme alleged in the indictment is one that deliberately turned a profit in exchange for access to copyrighted works; if proven, this is clearly criminal activity under applicable law, and does not require an extension of current law to prosecute.

One thought on “MegaUpload: Breaking Down the Indictment”

Leave a Reply