My editorial of the last security newsletter provoked many reactions. It could have been expected because I reported about MegaUpload’s shutdown. The typical reaction was the tricky question: how do you decide that a cyber locker is acting evil? Is the cyber locker operator liable for its users to store illegal contents? We’re back to the safe harbor issue.
who-owns-the-rain-a-discussion-on-accountability-of-whats-in-the-cloud posted on http://parasam.me/ blog nicely presents the problem. In a nutshell, why only megaUpload? Most of the other cyber lockers will probably host illegal content.
The issue of cyber lockers is similar with the situation of Peer To Peer. The technology is not to be blamed, it is its misuse that is to be blamed. How often did we see people automatically identifying P2P to piracy? And too often, even us, the specialists, oversimplify communication by identifying the technology with its use. P2P and cyber lockers are valuable technology and have many legitimate use. Therefore, we must be very careful about breaking the identification of cyber locker to piracy harbors.
Now why striking MegaUpload? Of course, there were non-infringing content stored on MegaUpload, as there may be illegal content stored on DropBox (choose any other name). I am sure that I will certainlyfind legitimate content on The Pirate Bay (both on there P2P service and their own cyber locker). When closing MegaUpload, most probably some people did loose legitimate content. Now, why would MegaUpload be evil and not DropBox? Most probably, the difference between bad/good comes from the actual behavior of the site owners. For instance, YouTube answers to cease and desist notice. According to the US justice, MegaUpload did not have such a clean behavior. An extract of the FBI announcement about MegaUpload.
The indictment states that the conspirators conducted their illegal operation using a business model expressly designed to promote uploading of the most popular copyrighted works for many millions of users to download. The indictment alleges that the site was structured to discourage the vast majority of its users from using Megaupload for long-term or personal storage by automatically deleting content that was not regularly downloaded. The conspirators further allegedly offered a rewards program that would provide users with financial incentives to upload popular content and drive web traffic to the site, often through user-generated websites known as linking sites. The conspirators allegedly paid users whom they specifically knew uploaded infringing content and publicized their links to users throughout the world.
The reward program was most probably a good indicator as well as a red rag under the nose of MPAA. The frontier is most probably in the applied business model. Does most of your money come from “legitimate” business? But even that is a difficult test. If your business model is purely based on advertisement revenue, then you should try to increase the traffic, thus the number of eye balls. Free copyright content is one of the categories that attracts visitors.
As for all ethical matters, it is not Manichean. And the grey scale is large.
What is your opinion?