REPORT PREPARED FOR:

Megaupload Case Analysis

BY Vikrant Khadilkar

Dhannya Karumiyar

Nishiket Rajput

Vijayvardhan Kotiyal

Karishma Bhadana

POSTGRADUATE DIPLOMA IN BUSINESS

APMG 8119: DIGITAL ENTERPRISE

ASSOCIATE PROFESSOR DR. NITIN SETH

AUTHOR CONTACTS

NAME: Vikrant Khadilkar

Mobile: 022 370 8162,

Email: Vikrant.b.khadilkar@gmail.com

Student ID:1486800

NAME: Dhannya Karumiyar

Mobile: 022 4631603,

Email: Dhannya.rajeev@gmail.com

Student ID:1470615

NAME: Nishiket Rajput

Mobile: 022 3953795

Email: Nishiket9@gmail.com

Student ID:1482056

NAME: Karishma Bhadana

Mobile: 022 4585142,

Email: bkarishma55@gmail.com

Student ID:1487177

NAME: Vijayvardhan Kotiyal

Mobile: 0212169668,

Email: vijayvardhan2986@gmail.com

Student ID:1487543

Executive Summary

The number of cloud servers are growing rapidly in the global market. Cyber security is decreasing   and the major concern for customers storing of data, privacy and ownership of data are some major concern for customers. Mega upload came into existence in 2005 in Hong Kong as a service provider like sharing, storing and downloading of the data. It was one of the widely used websites and the services were free of cost.

However, in the year 2012 US government took a step and charged all the main members of Megaupload with a copyright infringement.  This report gives the highlight of the business background of Megaupload, and also the laws which has been breached by Megaupload as per the United states. Furthermore, report also shows some of the New Zealand’s law and even identifies whether Megaupload has breached any of these or not. Moreover, what are the implications of this case on other cloud services like Apple Cloud which allows users to store their data on servers on the internet.Our team has gone through thepiratebay.com a popular megaupload look alike website, where people from around the world can download the videos, games, applications, etc. The report has been concluded with some real fact which cloud storage provider are lacking in their services. For example, we cannot move from one cloud service provider to other service provider because every provider has their own dependent code and which cannot be shared with the other providers. So, this is one pioneer gap which a person can find in cases like Megaupload.

ContentsExecutive Summary31) Introduction:5a) Megaupload Case5b) i) Did Megaupload breach US copyright laws?5ii) Data Ownership and its implications62) Implications of Cloud Computing6a) The Pirates Bay7b) Data ownership of The Pirates Bay8c) Key Findings83) Conclusion:94) References105) Appendices126) Presentation Slides15

1) Introduction:a) Megaupload Case

Megauploads.com came into existence back in 2005 in Hong Kong which was a provider of services like sharing, storing and downloading of data which had copyrights and were intellectual properties and were freely available to all users. Music, movies, computer games were one of the few listed files which included infringing materials.

However, beginning of the Year 2012, US Government took a decision to take down Megauploads.com website and file charges against the Internet giant, Kim Dotcom, real name ‘Kim Schmitz’ and his partners for copyright infringement, money laundering, racketeering, illegal allowance of uploads for sharing and refusing to adhere to copyright-protected files. For which Kim Dotcom and his partners were apprehended for the above charges which may lead to serious fines and years of imprisonment in U.S. federal prison (Johnson, 2013).

But the other side of the coin is that US is not within their jurisdiction to extradite Kim and his partners over the said charges as US and New Zealand extradition treaty doesn’t list the charged of copyright infringement.

b) i) Did Megaupload breach US copyright laws?

There are many sites like Megaupload few are Piratebay, 4shared, otorrents etc. Although these sites self-proclaim to be an online service provider of storing and sharing content, but the main business of these are to distribute all copyright files for free intended to promote sharing of popular copyrighted services for millions of users.

Kim and his colleagues were charged under 13 counts, of which main counts are listed below under US (Megaupload Indictment, 2012):

1. Count one: 18 U.S.C 1962(d)- conspiracy to commit racketeering

2. Count two: 18 U.S.C 371 - conspiracy to commit copyright infringement

3. Count three: 18 U.S.C 1956 (h)- conspiracy to commit money laundering

4. Count four: 18 U.S.C 2, 2319; 17 U.S.C 506 – Criminal copyright infringement by distributing a copyright work being prepared for commercial distribution on a computer network and aiding and abetting of criminal copyright infringement

New Zealand Copyright law states “To attract copyright protection, a work must be ‘original’ in the sense that it originates from the creator and is not copied from another person’s work. It must result from the author exercising independent skill and labour.’’ The above is state in Copyright Council of New Zealand.

Megaupload was illegal based on the following reasons:

· Offering rewards/ incentives for uploading users which will depend upon number of downloads from the site, infringing intellectual property law (Managing Intellectual Property, 2011).

· Making profits over the original work of the creators, against the copyright laws.

· More than 90% of the users only uploaded illegal files which were against copyright and intellectual property rights and in turn the same number of users downloaded the same amount (Satherley, 2012).

ii) Data Ownership and its implications

Data ownership refers to the law or act that define the rightful and lawful access and full control over data. In other words, it specifies the owner of the data who has the right to use and further distribute it at his sole discretion. (Wei, 2015)

In the case of Megaupload, the website was shut down due to infringement and violation of copyright laws. Therefore, this case is not related to breach of privacy, but is regarding the loss of user's data that was confiscated along with the shutdown of website.

Many large websites that provide cloud services, do not provide a guarantee of the data security and do retain the rights to delete the user's data, if necessary.

Therefore, in the case of Megaupload, such rights of cloud service providers can create a major dilemma for the users to claim their data, further complicating the situation of data ownership.(Hogan & Shepherd, 2015)

ii) 1) Due to the shutdown of Mega upload site, the ordinary customers are insecure about the use of their content that have been uploaded in this site. (Kang, 2012). Many customers have used this site to transfer the files (songs, videos and other data) between their clients and customers. They are now at the threat of the seizure of this data by any foreign based service. If the data corruption is detected in distributed servers, it is said to have simultaneous identification of misbehaving servers. (Huang, 2013).

2) Implications of Cloud Computing

One of the most demandable and advanced technology is cloud computing which offers services like cloud storage. It uses internet and central remote servers to maintain its applications. This technology provides the user centralised storage, memory, bandwidth and processing of data. The data is stored in different third party servers and the security of the same is taken care by this service provider. The user exactly has no idea, where the data is stored. The data which is stored in the cloud flows through the network as plain text poses security threat. The user sees a virtual storage place in his own pc. But the actual storage location changes every minute to minute, as the cloud utilizes the available space. (Kumar, Lee & Kumari, 2012).

The below are some methods proposed for the user to securely store and access the data in the cloud.

· A publicly auditable cloud data storage enables the users to assess the risk of outsourced data when needed, by delegating an external party for the audit.

· Usage of cryptography encryption to protect the data files in the cloud. The user must check for the authentication of their login in the cloud. Once authenticated, they are redirected to cryptographic module which then asks for a PIN to generate secret key. The data cannot be stored in plain text, so with the help of secret key, the data is encrypted. If the user has download request, the cloud will send data in encrypted format. Once downloaded, the data is decrypted, and the client gets the original file. This method will make the users carefree about the cloud providers using their data illegally.

a) The Pirates Bay

The Pirates Bay was founded in 2003 by Swedish think tank Piratbryan. The Pirate Bay allows visitors to search, download and contribute magnet links and torrent files, which facilitate file sharing among users of the bit torrent protocol which is very similar to Megaupload ("Pirate Bay - Wikipedia," 2017). Right now, pirates bay has been banned in around 30 countries, so according to the New Zealand copyright law, it protects following types of work:

• Literary works, including o written works, such as letters, e-mails, journal articles, novels, screen plays, poems and song lyrics; o tables and compilations, including compilations of data and multimedia works; o computer programs;

• Dramatic works, including dance, mime and film scenarios or scripts;

• Musical works, being the music itself, separate from lyrics or sound recording;

• Artistic works, including paintings, drawings, diagrams, maps, engravings, etchings, photographs, sculptures and architectural works;

• Sound recordings, being the recording of sounds itself, separate to the actual music or story; • films, being the moving images on a video or DVD, separate from underlying works such as scripts and music; Copyright Council of New Zealand www.copyright.org.nz

• Communication works, including radio and TV broadcasts and Internet transmissions, separate from the films, music and other material which they contain;

• Typographical arrangements of published editions, being the layout of a published edition of the whole or part of a literary, dramatic or musical work. Copyright protects original works, whether in hard copy or electronic form. (New Zealand copyright, 2017)

In April 2009, the pirates bay website's founders were found guilty in the trial in Sweden for assisting in copyright infringement, and were sentenced to serve one year in prison and pay a fine. In some countries, Internet service providers have been ordered to block access to the website. Google's new "repeat offender" policy makes it difficult for the website to run in New Zealand (NZ Herald, 2016). Subsequently, proxy websites have been providing access to it. This is how they are fully accessible in New Zealand

b) Data ownership of The Pirates Bay

The Pirate bay (or TPB) is a torrent based indexing website that provides digital content online. The website violates all copyright laws by providing entertainment media and software and facilitating peer to peer sharing. (Humphries, 2012) The website operates though virtual serves, hosting from different addresses, making it almost impossible for the authorities to trace the real source of the content.(Gray, 2014)

c) Key Findings

The Pirate Bay has been blocked by several ISPs across the globe. These proxies are hosted in countries where the pirate bay is not blocked. These pirate bay proxies can still deliver the content of the pirate bay. Thus, even though this website is infringing the New Zealand copyright law, it still manages a way to operate through proxies.d) Practical implications of Apple Cloud

Today the storage of data has become a vital part of everyone’s life and for this most of the companies has started their services of cloud storage . Some of them have free storage services and some offer it for paid services. Out of some free storage provider, they charge for subscription price. (Pros and Cons of Cloud Storage, 2013)

· Easily accessible from any devices.

· For business competency companies are reliving IT resources depending on cloud storage.

· Provides scale to further servers to fulfil computing wants.

· Allows you to work with recent software’s and hardware’s. Most of the storage providers manages your virtual machines, updating software patches, and maintenance work.

· Always up-to-date and low IT service costs by using some model of cloud.

· Provides back-up and disaster recovery with virtual backups.

· As it is virtual storage based, it prevents data loss from any natural disasters.

· Some of the cloud services are free and some are paid but you just have to pay for what space we use.

3) Conclusion:

It is a big challenge when we need to move from one storage provider to other because most of the provider has dependent code which cannot be accessible other providers. Free storage has some privacy issues such as governments can easily access your data. So in order to store data on cloud you need to encrypt your data.(Cloud news daily, 2015)

4) References

Cloud news daily. (2015). Public Cloud Computing Providers, Services & Technology Guide. Retrieved fromhttp://cloudnewsdaily.com/public-cloud/

Gray.D. (2014). Data ownership in the cloud. Retrieved from http://dataconomy.com/2014/03/data-ownership-in-the-cloud/

Hogan, M., & Shepherd, T. (2015). Information ownership and materiality in an age of big data surveillance. Journal of Information Policy, 5, 6-31.

Humphries .M. (2012, October 17). The pirate bay is now hosted anonymously in the cloud. Retrieved from https://www.geek.com/news/the-pirate-bay-is-now-hosted-anonymously-in-the-cloud-1522725/

Huang, K. T. (2013, p.64-67). Whose rights are being protected? Published by Florida State University. Retrieved from http://diginole.lib.fsu.edu/islandora/object/fsu:183762/datastream/PDF/view

Johnson, P (2013). Explaining the Kim Dotcom/Megaupload case. Retrieved from https://www.itworld.com/article/2832811/cloud-computing/explaining-the-kim-dotcom-megaupload-case.html?page=4

Kang, C. (2012). Megaupload shutdown raises new Internet-sharing fears. Published by The Washington Post.Retrieved from https://www.immagic.com/eLibrary/ARCHIVES/GENERAL/GENPRESS/W120120K.pdf

Kumar, A., Lee, B. G., Lee, H., & Kumari, A. (2012, pp. 336-339). Secure storage and access of data in cloud computing. Published in ICT Convergence (ICTC), 2012 International Conference. Retrieved from https://s3.amazonaws.com/academia.edu.documents/36751566/first.pdf?AWSAccessKeyId=AKIAIWOWYYGZ2Y53UL3A&Expires=1508588300&Signature=4rMzNJNdukcjM0R996PifDo8%2BNM%3D&response-content disposition=inline%3B%20filename%3DSecure_storage_and_access_of_data_in_clo.pdf

Managing Intellectual Property. (2011). Perfect 10 Targets Megaupload (206), p. 87.

Copyright Council of New Zealand. (n.d.). Retrieved from http://www.copyright.org.nz/basics.php

NZ Herald. (2016, November 13). Say goodbye to The Pirate Bay - NZ Herald. Retrieved fromhttp://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11747162

New Zealand copyright. (2017). Copyright Council of New Zealand. Retrieved from http://www.copyright.org.nz/viewInfosheet.php?sheet=29

Satherley, D (2012). Megaupload's Kim Schmitz arrested in Auckland, site shut down. Retreived from http://www.newshub.co.nz/technology/megauploads-kim-schmitz-arrested-in-auckland-site-shut-down-2012012009

The Pirate Bay - Wikipedia. (2017). Retrieved October 22, 2017, from https://en.wikipedia.org/wiki/The_Pirate_Bay

The Pros and Cons of Cloud Storage. (2013, April 5). Retrieved from http://www.episerver.com/learn/resources/blog/udaiappa-ramachandran/the-pros-and-cons-of-cloud-storage/

Wei.W (2015). The Pirate bay returns from the dead. Retrieved from https://thehackernews.com/2015/01/the-pirate-bay-returns.html

5) Appendices

Privacy Law Obligations in the Cloud: Cloud computing offers significant benefits to businesses in terms of scalability, availability and cost. However, businesses that store information in the cloud still have responsibilities for that information under the Privacy Act 1993 (Act).

A business that stores information in the cloud must be able to control access to and use of the information as well as protect the legal rights of the individuals whose information has been sent to the cloud. Those legal responsibilities become more complex when information crosses border as the interface between different regulatory regimes can be ambiguous, uncertain and risky.

This article addresses the privacy obligations on businesses under the Act and describes the measures that a business can take to minimize its risk of breaching those obligations. Privacy Act Principles. Section 6 of the Act sets out the 12 information privacy principles which businesses dealing with “personal information” must comply with.

The following five principles are of particular relevance in the context of cloud computing:

· Principle 5: Storage and security of personal information

· Principle 6: Access to personal information

· Principle 7: Correction of personal information

· Principle 10: Limits on use of personal information

· Principle 11: Limits on disclosure of personal information

Contractual Considerations: To assist your business in complying with the above privacy principles, you should seek to ensure that its contract with the cloud provider deals satisfactorily with the following issues:

Ownership of data: The contract should be clear that all data provided by or generated for the business is owned by the business and can only be used by the cloud provider for the purpose for which the business has provided the data (i.e. to store it).

Access to data: The business should know how to access and retrieve its data from the cloud provider during and after termination of the contract.

Confidentiality, security and privacy: The service provider should be contractually obliged to keep the business’s information confidential and to be responsive to any request about its confidentiality practices, back up processes, security and privacy as they relate to the business’s information. The business should also be comfortable with such practices before signing the contract.

Warranties, indemnities and liability: The business should try to negotiate sufficient warranties and indemnities from the cloud provider in relation to the security and confidentiality of the business’s data. If the cloud provider seeks to exclude certain losses or limit its liability, such exclusions and liability should not apply to breaches of confidentiality.

Support: What level of support will be provided by the cloud provider to the business should the business need to, for example, retrieve data in order to correct the personal information of a customer (as it can be obliged to do under the Act)? If the cloud provider is based outside New Zealand, will support be provided during New Zealand business hours?

Geographic restrictions on data storage: Section 10 of the Act provides that a business which transfers information outside New Zealand remains responsible for that information under the Act. Therefore, a business should know where the information is going to be held and try to ensure that if it is to be held outside New Zealand the information is held in a jurisdiction that has comparable privacy laws to ours. That would give the business some comfort that the information will be stored and used in a manner that would enable the business to comply with its obligations under the Act.

Termination: The business may want to ensure it has the right to terminate its contract with the cloud provider for convenience. The business may also want to prescribe the sort of assistance the cloud provider might give the business in such circumstances to allow it to shift seamlessly to another cloud provider

6) Presentation Slides

2 | Page