Megaupload: A Lot Less Guilty Than You Think

The recent Department of Justice decision to indict Megaupload for copyright infringement and related offenses raises some very thorny questions from a criminal law perspective. A few preliminaries: I’m responsible for the musings below, but I thank Robert Weisberg of Stanford Law School for taking the time to talk through the issues and giving me pointers to some relevant cases. Also, an indictment contains unproven allegations, and the facts may well turn out to be different, or to imply different things in full context.

DMCA SAFE HARBOR: BELIEVE IT AND IT WILL BECOME REAL: As a matter of criminal law, the discussion of whether Megaupload did what it needed to do to qualify for the DMCA Safe Harbor misses the point. Did they register an agent? Did they have a repeat infringer policy? These are all interesting CIVIL questions. But from a criminal law perspective, the important question is did Defendants BELIEVE they were covered by the Safe Harbor? This is because criminal infringement requires a showing of willfulness. The view of the majority of Federal Courts is that “willfulness” means a desire to violate a known legal duty, not merely the will to make copies.

In other words, for criminal liability, it doesn’t really matter whether the service qualifies, so long as Defendants believed it qualified. If so, they were not intentionally violating a known legal duty, and so their conduct would not satisfy the willfulness element of the offense. For criminal liability after the DMCA safe harbor, as in horseshoes, close may be good enough.

SECONDARY COPYRIGHT LIABILITY AND CRIMINAL LAW:

The heart of this case is whether and when an enterprise can be held criminally liable for the conduct of its users. (For example, both copyright infringement claims (Counts 4 and 5) identify aiding and abetting as a basis for the charge.)

Aiding and abetting is something like the civil liability inducement theory the U.S. Supreme Court created in the 2005 Grokster case. Experts opine that the indictment makes out a pretty good inducement case against Megaupload. But the first question from a defense perspective has to be “Can the Grokster theory of CIVIL liability even be the basis for CRIMINAL copyright claims?” This has never been decided by any Court.

However, the pending Second Circuit case of Puerto 80 Projects v. USA (“Rojadirecta“), raises the issue squarely. There, the plaintiff is challenging the ICE seizure of its Rojadirecta domain names based on an allegation of criminal copyright infringement. For background on the case, and on the ICE domain seizures, check out Techdirt’s coverage.

Rojadirecta’s lawyers at Durie Tangri have challenged the U.S. Government’s assertion that criminal liability arises from linking to infringing content. The lawyers argue that judge-made secondary infringement liability theories, including Grokster style inducement, cannot be the basis for a criminal copyright violation because the criminal copyright statute doesn’t mention secondary liability. Congress considered and rejected statutes that would have created such liability, in COICA and PROTECT IP. In sum, due process doesn’t allow incarceration under a civil legal theory that the Supreme Court dreamed up in 2005. The issues yet to be decided in Rojadirecta apply to the Megaupload case as well.

AGREEMENT + CIVIL VIOLATION = PRISON?: Count 2 is a conspiracy to commit copyright infringement claim, and references unknown parties as members of the conspiracy. Conspiracy entails an agreement to commit an offense and an overt act in furtherance of that agreement. The act in furtherance need not itself be illegal, but there must be an agreement to do an illegal act. The list of overt acts show that the object of the conspiracy was infringement by Mega users. If Defendants agreed with each other to induce others to infringe, and Rojadirecta’s lawyers are correct that inducement is not a crime, there’s a conspiracy only to violate a CIVIL law. If the idea is that Mega conspired with its users to infringe, those users may or may not have been criminally infringing copyright. They were located all over the world, and may or may not have acted willfully, i.e. intended to violate U.S. law. Again, the government would basically have alleged an agreement to violate a U.S. CIVIL law, including by many people who are not subject to U.S. rules.

Is it a federal crime to conspire to induce others to violate a U.S. civil law?

The answer to that is an obvious “no”. The conspiracy statute itself makes clear that the object of the conspiracy must be an offense or fraud against the United States, in other words, a federal crime. 18 U.S.C. 371. It is true that Oliver North and John Poindexter were prosecuted for conspiracy to violate Boland Amendment, which prohibited Defense Department spending on the Nicaraguan Contras, but was not itself a crime. And there is a 1979 case (U.S. v. Ruffin, 613 F.2d 408 (2nd cir. 1979), where the defendant was convicted of conspiracy when he convinced an unwitting person to divert federal funds to the defendant’s personal benefit. But both cases constituted fraud involving U.S.taxpayer dollars, which is also a basis for conspiracy liability. Civil violations simply are not.

For these reasons, prosecuting this case against Mega, especially if Defendants get good criminal lawyers who also understand copyright law, is going to be an uphill battle for the government.

A few other points. Some direct infringement convictions look easy, but COUNT 4 IS WEIRDLY INCOMPLETE: I agree with the copyright law experts interviewed by Ars Technica that the most damning allegations in the indictment are the claims of direct infringement, particularly for the prerelease movies. Interestingly, the indictment identifies four films that the defendants supposedly distributed before release: The Green Hornet, Thor, Bad Teacher, Twilight–Breaking Dawn Part 1. But Count 4 only charges one such act of prerelease infringement, the movie Taken. What about the other films? Why were those not also charged?

Finally, this case is extremely interesting from a JURISDICTIONAL standpoint. One of the very first issue to be litigated will be extradition to the United States. Does the United States have jurisdiction over anyone who uses a hosting provider in the Eastern District of Virginia? What about over any company that uses PayPal? That’s a very broad claim of power, and I expect it will be vigorously contested.

Comments

A brilliant read, thanks for this.

Down here in New Zealand public opinion seems to suggest that the owner of the system should in no way be held accountable for users that violate what is a pretty explicit terms of service agreement. It will be very interesting to see how this plays out through the NZ legal system and what the future implications might be for other similar file-upload systems.

Remarkable article, you see all the society being flown to the stream of the antipiracy speech but minor sides are there to remind the racional use of the law. Thank you for those words.

So if the DoJ doesn't 'win' what happens to the people who had legitimate files hosted (assuming in the meantime the data is deleted)? I know nothing about the technicalities of legal battles, so have no idea what winning entails. Can the users bring a class action suit against the DoJ?

The issue with hosting is that bandwidth, servers, power, air conditioning, space, employees all cost money. If Mega doesn't pay the hosting companies can take them off-line and delete the data.

What would be smart of the hosting companies is to put up information on how to contact them for their data. Of course there would be a fee involved to retrieve the data, if the hosting companies can access it. Which itself leads to another question - would anyone who wanted to obtain their data actually pay to retrieve the data.

Internet users fail to user stand free doesn't actually mean free - somewhere along the line someone has to pay for all of the hosting components to allow a website service to run and without revenue generated from advertising the user need to buck up and pay the bill.

Thanks for that article, now I have a better view regarding US laws. by the way, I had always thought that Megaupload Programmers are Innocent they cannot control all the content on their website... anyway they were offering a service, Which lot of people had paid. Therefore, i think they could not be able to delete or block any kind of data that users had uploaded.

The problem with the entire case is the extent of jurisdiction of DMCA and by extension, U.S. laws in general.

If a HK/NZ-based company like Megaupload are expected to follow U.S. laws like DMCA, then it logically follows that ALL companies outside of the U.S. are also expected to follow DMCA. Going even further, we could expect ALL companies outside of the U.S. to follow ALL U.S. laws.

Then there are the EU laws, Japan laws, Russia laws, China laws, etc. Would it be unreasonable for China to ask U.S. to arrest and extradite Tibetan activists in U.S. for violating Chinese laws on dissent?

But I digress. In the case of Megaupload, why would NZ allow the DMCA to take precedence over its own sovereign copyright laws? Is this based on the extradition treaty between NZ and U.S.? If this is the case, the would it be prudent for all Megaupload-type companies all over the world to study the extradition treaties between their home countries and the U.S. to determine whether they would be subject to the jurisdiction of DMCA and thus take the necessary steps to conform with the DMCA?

Bottom line question is this: should companies like Megaupload that are based outside of the U.S. be aware of and conform to U.S. laws as they pertain to copyrights?

MU operated in the US, several of their servers were in Virginia- which is why VA was the location of the trial.
If MU had no physical presence inside the US, you would be correct.

You say: "In other words, for criminal liability, it doesn’t really matter whether the service qualifies, so long as Defendants believed it qualified. If so, they were not intentionally violating a known legal duty, and so their conduct would not satisfy the willfulness element of the offense. For criminal liability after the DMCA safe harbor, as in horseshoes, close may be good enough."

I am going to hazard that this is going to be a very difficult argument for them to make and goes to the crux of the indictment against them — in essence, claiming that they believed themselves to be complying with the DMCA in order to establish Safe Harbor could be easily trumped by a showing of objective recklessness — which is what the preponderance of evidence (if true) cited in the indictment suggests, if not far worse. As of a few years ago, objective recklessness was sufficient in the courts' mind to show willful infringement of patents and prior to that all one had to do was show negligence. If the definition is similar for copyright infringement, then your interpretation of willful is far narrower than the definition the courts recognize. Furthermore, after a reading of 512c. combined with the evidence provided in the indictment, I find it difficult to believe that a Court would conclude a reasonable person could believe they were complying with the necessary provisions of the law in order to be granted Safe Harbor. The core issue, that they removed links rather than the actual material, if known to any of the defendants along with the criteria for safe harbor, makes the standard of willfulness incredibly easy to meet.

Additionally, your inducement argument neglects the possibility that it was inducement to violate a criminal law, not just a civil law. That Mega may have believed their site to be protected by safe-harbor cannot be used as a defense by a user who was uploading a pre-release copy of Taken; that user's act is without a doubt willful, criminal, infringement, and if that criminal act was induced, than that aiding and abetting is similarly criminal, regardless of whether or not 506 mentions secondary liability.

My understanding was Rojadirecta was making its claims on prior restraint grounds, lack of notice, etc... rather than exclusively the argument that there was no criminal liability — so its confusing to bring it up here. Furthermore, because unlike Rojadirecta Megavideo hosts the content, there is a lack of similarity between the two cases. It isn't just the users of the site committing the direct infringement, it is the site, Megavideo, itself committing direct infringement, which the statute does mention.

Finally, jurisdictionally, to my mind, this case is a slam dunk. Of course the US has jurisdiction over anyone who uses a hosting provider in the Eastern District of Virginia — they are acting within the United States. Asking that question seriously, without further support or citation, somewhat discredits your entire line of questioning. I'm not sure what the point of raising PayPal is, but if the money or transaction travels across US servers and cables, then absolutely — to state otherwise would be to impose a limitation on US sovereignty.

While your argument is interesting, I frankly don't think it holds water, though I of course could be wrong.

"The core issue, that they removed links rather than the actual material, if known to any of the defendants along with the criteria for safe harbor, makes the standard of willfulness incredibly easy to meet."

I have read this supposed problem from several people, and it is nonsense.

Multiple uploads of an identical file by different users would result in one copy on MU servers, with each user getting a unique link. This is justified from an operational standpoint (it is efficient).

If you are suggesting that, on a complaint, the data should be removed and thus ALL links are made invalid to that content, then you are ignoring the fact that some of the uploading users may have had the necessary rights to making that upload (say, an entirely private copy for fair-use backup) even if the individual who sparked the complaint was using their link in an infringing manner. It would be inherently incompatible with the right to appeal against a DMCA takedown.

I am going to hazard that your argument about their intention to violate is going to be a very difficult argument for them to make and goes to the crux of the indictment against them — in essence, claiming that they believed themselves to be complying with the DMCA in order to establish Safe Harbor could be easily trumped by a showing of objective recklessness — which is what the preponderance of evidence (if true) cited in the indictment suggests, if not far worse. As of a few years ago, objective recklessness was sufficient in the courts' mind to show willful infringement of patents and prior to that all one had to do was show negligence. If the definition is similar for copyright infringement, then your interpretation of willful is far narrower than the definition the courts recognize. You also fail to acknowledge the difference between an act which is bad in fact, or bad because it is prohibited, which tends to change the necessary standards of willfulness as well, without stating why you use that standard. Furthermore, after a reading of 512c. combined with the evidence provided in the indictment, I find it difficult to believe that a Court would conclude a reasonable person could believe they were complying with the necessary provisions of the law in order to be granted Safe Harbor. The core issue, that they removed links rather than the actual material, if known to any of the defendants along with the criteria for safe harbor, makes the standard of willfulness incredibly easy to meet.

Additionally, your inducement argument neglects the possibility that it was inducement to violate a criminal law, not just a civil law. That Mega may have believed their site to be protected by safe-harbor cannot be used as a defense by a user who was uploading a pre-release copy of Taken; that user's act is without a doubt willful, criminal, infringement, and if that criminal act was induced, than that aiding and abetting is similarly criminal, regardless of whether or not 506 mentions secondary liability.

My understanding was Rojadirecta was making its claims on prior restraint grounds, lack of notice, etc... rather than exclusively the argument that there was no criminal liability — so its confusing to bring it up here.

Furthermore, because unlike Rojadirecta Megavideo hosts the content, there is a lack of similarity between the two cases. It isn't just the users of the site committing the direct infringement, it is the site, Megavideo, itself committing direct infringement, which the statute does mention.

Finally, jurisdictionally, to my mind, this case is a slam dunk. Of course the US has jurisdiction over anyone who uses a hosting provider in the Eastern District of Virginia — they are acting within the United States. Asking that question seriously, without further support or citation, somewhat discredits your entire line of questioning. I'm not sure what the point of raising PayPal is, but if the money or transaction travels across US servers and cables, then absolutely — to state otherwise would be to impose a limitation on US sovereignty.

While your argument is interesting, I frankly don't think it holds water, though I of course could be wrong.

Not a criminal law person, but could you say if the criminal intent standard is actual belief or reasonable belief or both? Thanks!

Going one step further... are sovereign countries but pawns to the US civil laws and corporations who lobby for, and are protected by them? It should be remembered that it is this global bullying behavior and self-serving interest of the US which precipitated the Islamic hatred and backlash against them.

The US has a history (rap sheet) of extradition by force (Guantanamo Bay, Vietnam, Iraq, etc.) - they can enforce the own laws against anyone, anywhere by legal or illegal means.

Megaupload may not have had control over their users (which will definitely be argued down here in New Zealand), but they are going to have a very hard time defending themselves from the fact that their advertisers were knowingly advertising Chinese bit-torrent sites with pre-release movies and earning the largest bulk of the money from the ad revenue of these pirate site advertisers. This is what they were actually able to get the site shutdown and the operators arrested on.

The US of course will argue a case for extradiction to the US so the defendants can also face the charges for violating US laws, but that is going to be a tougher challenge given the defendants are already guilty of violating New Zealand laws. It isn't as easy to extradict like it is between states within the US where a crime has occured in multiple states.

Did Megaupload act criminally with regards to profiting from their advertisers who were promoting piracy? Yes, and that should be enough to get them a harsh sentence in New Zealand (not as long as it would likely be in the US, after all it is not like the New Zealand taxpayer wants to pay for their incarceration any longer than necessary, unless of course it fast tracks the free trade agreement between the US and NZ or removes the quota limits on New Zealand apples being sold in the US).

To me, it appears that Megaupload is capable of substantial noninfringing uses (or at least more than Grokster). This is test the SCOTUS developed in Sony v. Universal City Studios (1984). If the court were to agree with me, Megaupload would be off the hook, no? Is it not relevant in this case?

To me, it appears that Megaupload is capable of substantial noninfringing uses (or at least more than Grokster). This is test the SCOTUS developed in Sony v. Universal City Studios (1984). If the court were to agree with me, Megaupload would be off the hook, no? Is it not relevant in this case?

Looking past the tech - if you own a "U-Store-It" place and rent out the storage cubbies to the public, can you be held legally responsible for what your renters do?

- Storing drugs?
- Using the cubby as a drug dealers "drop-box"?
- How about a dead body?

I don't see any difference between the "U-Store-It" and their online siblings.

Yes, you can argue about creating a nuisance; a derilect building attracting the "wrong element" into an otherwise nice neighborhood. But unless the owner has the authority to go through each cubby whenever they want (they can't), how can they be held responsible over the (actually guilty) "unknown parties".

And for the not charging for all pre-released films - it might be a means of preserving a future case after the offense (Gov't) learns a bit more about the defense's game plan and which way the playing field tilts. Each is a separate crime, each can be prosecuted separately.

Just my $0.02.

I, myself, had thought of many of the same points; namely, that companies outside of the US, whom have little to no control over user submitted content, should NOT be held liable to, in this case, mostly US Civil laws.

At best, the case for criminal prosecution is tenuous, and leaves a tremendous burden of proof on the DoJ. Like so many other "headline" cases that the DoJ has undertaken, I suspect that, after the media frenzy has subsided, this case will be dismissed and sent to Civil court.

It is disconcerting just how much of an international power grab this appears to be, especially considering SOPA/PIPA and the lobby dollars being pushed around to motivate our government to introduce this type of single beneficiary legislation.

My personal opinion is that, while I thought the DCMA was a stretch, cases like Mega and legislation like SOPA/PIPA are past the point reason, especially when the DCMA has already granted enough take down powers.

Your point of the slippery slope, where other countries being subjected to US law implies that we are subject to the laws of other sovereign nations is well taken.

Kudos for a well written (and well referenced) article. I actually enjoyed reading it - well, as much as one can enjoy reading about case law and legal opinions ;-)

I would be willing to believe that the nuances of this situation will be debated for a long time, but my question should be much easier to definitively answer.

Should the non-infringing material being stored on the same servers be destroyed along with the "illegal" material?

As an analog I'm looking at a typical self-storage facility. The government finds a bunch of stolen property in one of the 600 units in the facility. According to the government in the Megaupload case, not only will the stolen property be destroyed, but everything else in the facility as well. Once all of the material, legal and illegal, is destroyed, the facility is burned to the ground.

Somehow I'm thinking that this is a tad on the side of overkill like using dynamite to kill a flea. The only justification for such a heavy-handed approach is that the government is too lazy to sift through the rest of the stored information so destroying it all is the easiest route.

Also suppose that a former tenant of the unit housing the illicit material had kept a key to the unit. If that key turned up in another facility, the government could seize everything from the second facility as well.

Somehow I think that this is a serious case of the "cure" being much worse than the disease.

If the US gets away with this I'm going to turn the ruling around on itself by setting up server in Amsterdam and then selling prostitution over the internet to US citizens. As the act of payment is the legal issue in the United States, should the courts rule that merely hosting a server in a nation places the transaction in jurisdiction of that nation it seems like I could transact the payments in Amsterdam even though the sexual act takes places in the United States.

What's the diference between having data in a megaupload server or money in a bank of Belice. Does somebody mind the procedence of your Belice "hosted" money. Is easy to explain: If you where playing poker with other nine people and only you and other where cheating, you probably earn a lot of money, but the problem comes when all ten people is cheating, and playing breaks. Belice or jersey Islands allows cheat to people from the elite, what is OK, but Megauload allows cheat to the fishmonger on the corner, what is no so OK. I think Megaupload people is in great trouble, The message from the US autorithies will be: "IS LEGAL, BUT DON'T DO IT"

I'm following this case every day on the internet, and I agree with on of the previous posts. If a company is based outside of the U.S why does the company need to follow U.S. Laws ? U.S. = World Law? :-( Just does not make sense to me me. Can't wait to see the outcome of this case. One thing is for sure what ever the outcome might be it will have a big impact on the future of the internet.

Regards,

Sabrina

Your analysis regarding conspiracy is applicable with regard to the charge of conspiracy to commit copyright infringement under 18 USC 371. However, the Megaupload defendants are also charged with conspiracy to commit racketeering under 18 USC 1962(d). Racketeering activities include criminal infringement of a copyright under 18 USC 2319, which I assume to be among the several racketeering activities the government will attempt to prove. The conspiracy to commit racketeering charge does not require that the object of the conspiracy must be an offense or fraud against the United States.

Add new comment