There Be Pirates In These Clouds!

pirate-cyberlock-blog
The other big news after SOPA crashed and burned last week following online protests, was the shutdown of the website Megaupload for online infringement. The U.S. Department of Justice announced in a statement that a grand jury had indicted seven individuals and two corporations with running an “international organized criminal enterprise allegedly responsible for massive worldwide online piracy of numerous types of copyright works.” Notably, law enforcement officials arrested top executives of Megaupload, including the infamous Kim Dotcom who was previously convicted of insider trading and embezzlement (and who had to be cut out of his mansion’s panic room where he hid with a sawed-off shotgun). Law enforcement also seized the domain and approximately $50 million in assets in the United States and eight other countries.

So what are the takeaways from the MegaUpload indictment? And what are the implications for other cyberlocker services and cloud storage providers?

First, this should be clear and convincing evidence that piracy is big business. The indictment states that the alleged conspirators earned more than $175 million in illegal profits through their services and caused over $500 million in economic harm to copyright owners. Moreover, these are profits that instead of going to legitimate businesses or taxpayers in the United States were instead spent by an ex-con in New Zealand on his self-described playboy lifestyle of “fast cars, hot girls, superyachts and amazing parties.” While we will never know the exact economic impact of piracy on the United States, this case demonstrates exactly how the content industry cannot simply create better business models to solve the piracy problem. A legitimate startup cannot compete fairly with another site that does not pay copyright owners for their content.

Second, this puts the business model of cyberlockers on the proverbial hot seat. Cyberlockers are file-sharing services that allow users to easily store and share files online. For example, users may use cyberlockers to back up the contents of their hard drive or to send large files to friends or colleagues that would otherwise be cumbersome to send by email. Cyberlockers come with various features: some limit files to a few hundred megabytes, some have almost no limit; some are ad-supported, some are paid subscriptions, etc.

Cyberlockers have been under scrutiny for some time now as reports have found that as of 2011 cyberlockers account for 5.1 percent of global Internet traffic. And they have been getting a bad rap over the past few years because legitimate uses have become secondary to illegitimate uses. Much of it is due to the willingness of a few bad actors to facilitate piracy and, as a result, this has overshadowed the legitimate use of these services. For example, in December 2011, the USTR identified Megaupload and the UK-based Putlocker in its “Out of Cycle Review of Notorious Markets” report that identifies the worst of the worst markets, including on the Internet, for piracy and counterfeiting. The USTR noted that both of these sites used reward systems which are popular with illegal file uploaders.

Third, users naturally wonder what the impact of the Megaupload case will be on legitimate third-party file hosting sites like DropBox. Should they continue to store their files with online third-parties?  What will happen to their files?  Some Internet users are arguing that the Department of Justice should not have shut down an alleged infringing site since this hurt both illegal file sharers and legal file sharers.

For the most part, these legitimate sites (and their users) have nothing to worry about. Importantly, the DOJ indictment was not just of Megaupload.com’s hosting site, but of a broader “Mega Conspiracy” designed to intentionally infringe on copyrighted works through 1) its business model of paying users who upload popular copyrighted content and drive users to the website; 2) discouraging legitimate use of the service by deleting files that are not regularly downloaded; 3) actively supporting third-party linking sites that publicize infringing content. Sites simply hosting content and responding appropriately to DMCA take-down notices would not be in violation of the law.

Still legitimate third-party file hosting sites should make a concerted effort to distinguish themselves from their illegitimate peers. Some have already taken action to curtail bad behavior in the wake of the Megaupload indictment (although whether their motivation is to avoid prosecution or because they have a new-found sense of responsibility is unclear). Certainly some cyberlockers do provide a legitimate service–cheap online storage for storing and sharing files is useful and legitimate for many Internet users. But clearly some third-party storage services attract piracy and others do not. For example, Amazon’s cloud storage offering is not a likely haven for pirated content since their users pay for bandwidth (i.e. the uploader of a pirated file would pay for every user who downloaded the file illegally).

In contrast, the piracy-based business model of cyberlocker was basically as follows:

  1. Earn subscription fees from users who pay to access pirated content.
  2. Earn ad revenue from users who download pirated content.
  3. Entice users to upload more pirated content by giving them a share of the profit from steps 1 and 2.

Cutting off this incentive to pirate will help crack down on some online piracy. While a business model should not be illegal simply because it may facilitate some illegal activity, a responsible Internet business should take actions to ensure it minimizes illegal activity when possible. With that in mind, I would like to propose a set of voluntary best practices to reduce the use of file lockers for widely sharing illegal content.  Adopting industry best practices has helped keep user-generate content sites like Veoh, Dailymotion and Crackle from turning into piracy havens. Similarly, the cyberlocker industry should work to develop best practices and make their terms public. While this will not stop all infringement, and it certainly won’t stop small-scale file sharing between users on these services, it should reduce the use of file lockers for wide-scale infringement.

  • Repeat infringers should be prohibited from using the service and their other files should be deleted or made private (i.e. only available to the user who uploaded the content).
  • Affiliate programs which encourage people to upload popular files should be discontinued.
  • Cyberlockers should identify sites known for sharing links to infringing content. Publicly shared links to infringing content on a cyberlocker should be deleted or made private.
  • Private files should remain private. Files stored privately online should be treated the same as files stored privately at home on a computer.

Note that I do not suggest the use of content identification software because it is too easily avoided (i.e. encrypt the files) and too easily to trigger a false positive (i.e. a legal backup of an MP3).

I invite other suggestions on how to further refine these best practices.

Photo credit: Flickr user practicalowl

Print Friendly

About the author

Daniel Castro is a Senior Analyst with ITIF specializing in information technology (IT) policy. His research interests include health IT, data privacy, e-commerce, e-government, electronic voting, information security and accessibility. Before joining ITIF, Mr. Castro worked as an IT analyst at the Government Accountability Office (GAO) where he audited IT security and management controls at various government agencies. He contributed to GAO reports on the state of information security at a variety of federal agencies. He has a B.S. in Foreign Service from Georgetown University and an M.S. in Information Security Technology and Management from Carnegie Mellon University.
  • ZeaForUs

    Thouroughly encrypted content and/or applications are hard to discover. When discovered as being stolen i.e. copyright violation they simpley encrypt a mirror site with a new key and they start again spreading basically data without making a legal donation to the original creator. How to stop this? Not by giving the key in the hands of a government that barely knows how to keep their own organization safe. It’s work for people with a long theoretical knowledge ánd practical experience in the wide field of ICT. Protection against theft is ok, but this way is like fighting with medication against certain forms of cancer: The solution is worse than the disease, because of unwanted (even expected!) side effects where clean and good elements are damaged while the bad ones go on freely. An absurd and dark scenario, but so far near to reality.Keep Internet free and transparent so we continue working on a better world and not a surrogate 1984 going 38 years back instead of gently forward. “Yes we can” to end with a quote of the present president of the United States of America.

  • Jim

    Really interesting and important. As we see, there is certainly some gray area with regard to internet content, but pure malicious piracy deserves to be shut down. And, if we needed another sign of the central importance of the internet, here it is.