

MegaUpload complaint has Dropbox Implications - vessenes
https://plus.google.com/112885659993091300749/posts/UhcajuqEYRr

======
gst
So what's the difference to files hosted in Gmail? Does this mean that Google
also needs to delete all mails containing a certain MP3 (for example)?

~~~
molmalo
I think that the difference is that the RIAA can't look at your GMail account,
so they can't know that you have that MP3. Therefore, they will not file a
takedown notice.

BUT... (there's always a but =P ), what happens if you upload a video to
YouTube, and you save it also in your gmail.

If someone files a takedown notice on that video, should google also delete
from your email ? should they also delete it from every other gmail account
that holds a copy of that video? Oh man, this is getting complicated...

~~~
JumpCrisscross
You have the link in your Gmail, not the original file. The link just wouldn't
work. This is comparing apples to oranges.

~~~
CWIZO
He meant that you've downloaded the video file and attached it to some email
in gmail.

~~~
molmalo
Exactly. Thanks for making it clear.

------
pjscott
Even if Megaupload took down files based on hash, there are ways for pirates
to work around it. The MKV and AVI video container formats, for example, have
loads of places where you could stick a nonce so that the _exact_ same video
would produce arbitrarily many hash values.

~~~
gst
<http://en.wikipedia.org/wiki/Locality-sensitive_hashing>

~~~
nitrogen
So Locality-sensitive hashing has basically the opposite goal of a
cryptographic hash function, where a single bit change in the input should
result in a significant change in the output?

What if there's a legitimate, private file uploaded to Megaupload's
hypothetical successor, but someone uploads a highly-similar file publicly
that gets a takedown notice?

The problem with forcing digital locker sites to remove content by hash rather
than by URL is that it's impossible for them to know whether some of the URLs
that point to a given hash are legitimate (e.g. a FLAC file being transferred
by a musician to their CD pressing company and a select set of friends, but
someone leaks the FLAC files and they get re-uploaded and deduped). This
problem would be exacerbated by using a fuzzy or locality-sensitive hash
rather than a cryptographic hash.

------
forrestthewoods
"simply removing a single link to the content while duplicate links were left
in place"

I don't know how MegaUpload works. Does that statement mean that a single user
uploaded a file and there were multiple links to that file or does it mean
that multiple users uploaded bit-for-bit identical files which each had links?
The way it's phrased it sounds like the former, in which case it's obviously
wrong.

~~~
Maxious
The latter but that is what Dropbox does. See claims 21-24 @
<http://www.scribd.com/doc/78786408/Mega-Indictment>

Megaupload took DMCA requests in the form of URLs (21), URLs allow access to a
certain MD5 sum indexed file on their CDN (22), they would disable specific
URLs to comply with DMCA requests while leaving others active rather than
removing the file from their CDN (23) however if the material was child
pornography/terrorism they had the ability to actually delete files and all
their links (24)

~~~
josnyder
The way I view copyright law (IANAL), this is the correct approach. Each
upload of an item to Megaupload is an independent assertion by the uploader
that they have a license to put the work in question on the site. _Content_
itself is not prima facie infringing; instead, it is the unlicensed _use_ of
the content that is infringement. This was essentially Youtube's argument when
Viacom uploaded "roughed up" content to their site [1]. In that case, the
roughed up copy as originally uploaded would be a licensed copy, but any
copies that other users uploaded, even with the same MD5 hash, would be
unlicensed.

On the other hand, child pornography can never be "non-infringing." It is
always illegal to knowingly store obscene content, regardless of who stores
it. Thus, one link to a child-pornographic file is as culpable as the next,
justifying mass removal. This is essentially the argument made by Katherine
Oyama of Google at one of the SOPA hearings [2].

[1] <http://news.bbc.co.uk/2/hi/8575666.stm>

[2] [http://danwin.com/2012/01/the-sopa-debate-and-how-its-
affect...](http://danwin.com/2012/01/the-sopa-debate-and-how-its-affected-by-
congresss-understanding-of-child-porn/) (Ctrl-f "REP. MARINO")

------
joering1
> The complaint says that when notified under DMCA of an infringing file,
> present at a link, say megaupload.com/dark-knight-video-rip.iso that
> MegaUpload WOULD in fact remove the link, but that they would NOT remove the
> file, or remove links at say, megaupload.com/dk-knight-dvd-rip_O_o.iso, even
> if no DMCA takedown notice occurred for that particular link.

it would be great to know if its possible they had an insider. how otherwise
would they know that other links linked to the same content were linking to
exact the same file that DMCA note was sent to take down. Otherwise it was
unfair and thats the purpose why safe harbour exist -- it protects you a small
company from millions of users uploading their content and being shorthand or
not having boots to check each and single file whether it violates someones
copyrights or not.

> Consider this totally legal (for me) scenario: I rip the Dark Knight DVD,
> and place it in Dropbox as a legal backup of my content. I share the link
> with nobody; it's just mine, all mine.

I am not sure if this is entirely legal.

First you say you didnt make a copy, but "rip". Its called ripping because
DVDs content is locked with an encrypted key, so locked DVD with a movie is
not just a folder with files you can copy over to your desktop. Years ago
there was a movie when they forgot to lock the key and based off of it
software developers were able to build a key decryptor for any encrypted DVD.
Most DVD ripping software is illegal throughout the world, at least some
software vendors got lawsuit over their software functionality.

Further, while I dont have a link handy, but I recall there was a discussion
on HN that 9th circuit make it illegal for anyone to stream any copyrighted
content, whether to themselves or a group of people. So uploading it into
cloud and then getting it back out of it technically is illegal, AFAIK, but
that was month ago when I saw this posting.

~~~
vessenes
Hmm, MGM claimed that ripping a CD was legal to the SCOTUS, and I am certainly
allowed to circumvent CSS on DVDs for non-infringing purposes, but I think my
argument holds just fine if you substitute an ISO of Snow Leopard, a DVD I
finally found in my basement recently.

I find the claim that I can't remotely backup the ISO over the internet
surprising -- I have never even heard of such a stance.

~~~
trotsky
<http://store.apple.com/Catalog/US/Images/MacOSX.htm>

2\. Permitted License Uses and Restrictions. A. This License allows you to
install and use one copy of the Apple Software on a single Apple-labeled
computer at a time. _This License does not allow the Apple Software to exist
on more than one computer at a time,and you may not make the Apple Software
available over a network where it could be used by multiple computers at the
same time_. You may make one copy of the Apple Software (excluding the Boot
ROM code) in machine-readable form for backup purposes only; provided that the
backup copy must include all copyright or other proprietary notices contained
on the original.

~~~
vessenes
This is my point, exactly. A backup to a private DropBox folder of the iso is
clearly fine even by Apple's own terms, regardless of what the law says.

However, a backup to a public Dropbox folder with a known, distributed link
is.

So far so good. The question is, does DMCA require both to be taken down for a
given notice, because they hash to the same file in the Dropbox database?

~~~
trotsky
Copy #1: the installed version of the OS (permitted)

Copy #2 (backup): The .iso file in your local dropbox folder (permitted if on
the same computer as #1)

Copy #3: The .iso file on dropbox's primary storage array (not permitted -
second backup copy)

Copy #4: The .iso file on dropbox's high availability storage array (not
permitted - third backup copy)

Copy #5: The .iso file as copied to any other of your subscribed dropbox
clients (not permitted - forth backup copy)

Not to mention the fact that copies #3 and #4 seem to obviously qualify as
"available over a network where it could be used by multiple computers at the
same time"

While I understand that there may be some difference in interpretation about
these clauses I think you should reconsider your working definition of the
term "clearly".

~~~
fluidcruft
> "available over a network where it could be used by multiple computers at
> the same time"

To me, they're clearly describing a network boot setup. i.e. you only have one
installed copy of the OS, and you have a bunch of (possibly diskless) client
machines boot from that single copy via netboot or similar.

~~~
nitrogen
_To me, they're clearly describing a network boot setup._

Both "to me" and "clearly" will get you into serious trouble when dealing with
legal matters. The likely outcome is that, if Apple decided to file a civil
suit, or a prosecutor found grounds for criminal copyright infringement
prosecution, the prosecuting attorneys would use whatever interpretation is in
their favor.

~~~
fluidcruft
I don't see how "used by multiple computers at the same time" makes any sense
in your interpretation but I was trying to be diplomatic.

~~~
nitrogen
"Used" is a word with a very broad definition. It doesn't just mean "run as
primary operating system," it could also mean "capable of reading any of the
bits of," or "looked at metadata of." The interpretation of "at the same time"
is also rather flexible.

I'm not saying Apple will hunt you down and sue you (to paraphrase Jon
Stewart). I'm saying, unless you're a lawyer, _and_ you have another lawyer
representing you, it's best for us non-lawyers not to think we understand
legalese.

~~~
fluidcruft
I guess what you're saying is that nobody should use MacOS/iOS under any
circumstances except after seeking the advice of an attorney.

------
nl
Don't get too hung up on this.

Technologist love to think through the technical implications of something,
and assume these implications will be carried through legally.

The law doesn't work like that. Provided Dropbox adheres to both the letter
and the spirit of the DMCA - or works with complainants to develop an
arrangement both are hppy with the technical details DO NOT MATTER.

~~~
wladimir
If it only was so simple... no matter what, it costs companies such as Dropbox
a lot a lot of extra effort to appease all possible companies that can file
complaints. That could cause them to go out of business, to have to charge
more money, and/or be really restrictive to what files and users they allow.

A net loss for all users of the internet, _especially_ law-abiding ones.

~~~
nl
Oh yes, I agree with this!

But that's the case no matter what the _technical_ implementation is.

~~~
wladimir
It does. The technical implementation can have a lot of effect on the chilling
effect of a law.

Let's take the extremes. If the technical implementation is " _we'll send a
drone to fire a missile at your building_ ", people will be much more scared
to take any risk at all of hosting user-generated content than if the
implementation is " _you'll get a warning and a $5 fine_ ".

Everything considered, " _We'll arrest you and everyone that works for your
company and nuke your DNS entry_ " is pretty chilling. If they only punished
bank misconduct that hard...

------
jahewson
I don't see this happening - each file on Dropbox must have an ACL of sorts,
otherwise I could access any private file simply by knowing its URL. A
takedown of a public file could therefore only apply to specific users by
modifying the ACL.

------
assistantpilot
Whats more f'ed up is that it is not even clear if ripping a legally owned
CD/DVD is legal.

Eg. [http://www.washingtonpost.com/wp-
dyn/content/article/2007/12...](http://www.washingtonpost.com/wp-
dyn/content/article/2007/12/28/AR2007122800693.html?hpid=topnews)

~~~
joering1
a similar article made me think if I ever owe any digital audio whether from
my own CDs or from internet, I would have stored it on encrypted drive,
preferably encrypted with more than one encrypting algorithm, and either
download from work/starbucks etc, or at least owe wireless router so if they
go after me, I could claim someone was using my wireless router without my
knowledge. I could just hope case against me wouldnt be that strong that they
would weight between me giving out a key to my hard drive and lets say 15 hard
years in jail.

EDIT: and then in court I would say I forgot the password because I havent
been using this drive for a while now.

~~~
nicholasreed
I've thought through similar scenarios multiple times, and then when I am
about to post any of them online, I realize my post would probably be read by
any competent investigator and it would be turned into an additional
premeditation-based charge.

It definitely sucks having to consider how my comments will be construed in
the future and what rights may be retroactively taken away due to intense
lobbying and legislative ignorance.

~~~
joering1
thats why I never downloaded i single music file, never ripped a CD, and wrote
this post from my work's network, just in case.

