Monday 22 October 2012

The Blind Ostrich Head In The Sand Protocol

Here are two questions for our esteemed readers, and if anyone is minded to respond, answers, on a postcard please, to our comments section on this Blog. 

Question one is this:

Is Kim 'Dotcom' Schmitz an anagram of 'Blind Zombie Ostrich'.

Why do I ask? Well, before move onto question two, we need to look at some background. Schmitz is the large framed MegaUpload boss currently living in New Zealand hoping to avoid extradition to the United States on copyright infringement charges (along with charges of money laundering). He is fighting the extradition.

Now Schmitz, and his business partner Mathias Ortmann, have been talking to Wired about their plans for a new file-transfer platform to replace MegaUpload. In a blinding flash of inspiration, the new file transfer platform is just called 'Mega' and here's the really 'clever' bit - it will include new technology that will automatically encrypt any file a user uploads to the system - and that user will be given a unique key code for each file uploaded, and only someone with that code will be able to access the content that has been stored on the Mega server. 

So - no one at Mega can see the file or its contents. Brilliant! Its a real 'mere conduit' - Mega really will just be the postman - they can't look at the files being transferred or swapped because they have all been locked in bomb proof boxes (provided by Mega of course) and only the users have the keys (errrm, provided by Mega).  Probably. Ortmann is of the learned opinion that the encryption will protect the Mega's business from any liability for copyright infringement, contributory or otherwise, because there is no way their platform could know what is stored and swapped on its service and (multi jurisdictional servers) and it would be entirely the liability of users if, say, they were swapping or distributing unlicensed music or movie files. Really? A real 'safe harbour' ? A bona fide DCMA "get out of jail free" card? 

So Question Two is this: Is the Blind Zombie Ostrich plan just the best business plan you have ever read? And does it defeat any qualms rights owners and the content industries might have about the service set up by Mssrs Dotcom and Ortmann?  Will it soar like a golden eagle? Or is it just another turkey? Or are we in cloud cloud cuckoo land (excuse the digi-pun)? Or is it al a bit bird brained? 

Over to you! And the answer to question one is NO!

More on MegaBox - another of Mr Dotcom's new ideas here

In other news, The Pirate Bay have announced that they will be moving their entire operation to the cloud, one can only presume to be free of those annoying raids by local law enforcement agencies who seize servers. Mega will have servers in at least two separate countries to maintain a continuity of service, in case one country's legal system goes 'completely berserk'.

My thanks to the ever wonderful CMU Daily for alerting me to this whacky wheeze.


Francis Davey said...

Apologies for the pedantry but in e-commerce directive terminology (where the phrase originates) the heading would be "hosting" not "mere conduit". In other words article 14 not article 12. Much snappier terminology than the 17 USC 512 (DMCA) headings "Information Residing on Systems or Networks At Direction of Users" v "Transitory Digital Network Communications".

You can't turn a hosting provision service into a mere conduit by lack of knowledge, rather lack of knowledge is a defence - in article 14 terms - for so long as the provider does not know.

The DMCA equivalent is roughly similar, though it has more gateways and probably rejects a wider class of Nelsonian blindness than the EU directive.

Annoyingly there's no harmonised law on this, but most countries where megaupload has servers will have one or more of these sorts of provisions.

Eg, I understand Megaupload is based in Hong Kong (though with servers around the world) and I'm guessing the Chinese "Regulation on the Protection of the Right to Network Dissemination of Information" would apply. A much more sensible statute than anything we or the US have I may say. Article 22 of that might protect megaupload (though I suspect that they may have had trouble with 22(4) in their previous business model) if megaupload did not know a work was infringing.

None of this should make life harder for a rights holder making a direct assault. If the general public can access a file, so can the rights holder, who can present sufficient evidence to megaupload to give them the requisite knowledge.

What it may do is immunise megaupload against a claim they did know prior to notice.

Of course the megaupload case had some rather special features that distinguished it from the normal "file locker" service. Whether this helps them or not may depend on whether they reform their business model.

Andy J said...

Ben, I know you have relied on the Torrentfreak article for the facts in your post, but you and they are incorrect to say that Mega will povide the key to the encription. In order for Mega to be totally in the clear it is essential that the file is uploded to their server already encripted, and this requires the uploader's computer to do the encription (using the AES standard as mentioned in the Torrentfreak article). This means the key will actually be generated locally on the user's computer, and the encrypted package may well be transferred to the Mega server over an HTTPS link which effectively double encrypts the file while it passes over the internet. This is not actually all that novel, as it is the way people have been using hosts suchas Rapidshare for some time, albeit not using AES but a much less secure system provided by the .rar encryption facility.
Since standard AES encryption with a 128 character key is considered vulnerable to routine de-encryption by the major national agencies such as NSA and GCHQ, no-one should expect that the MPAA won't be able to find out the content of these files, if the US Cyber Intelligence Sharing and Protection Act passes into law, effectively allowing the NSA to pass commercial intelligence to private companies and NGOs.

Binn Fatato said...

His name is not Kim 'Dotcom' Schmitz. Dotcom is not a nick name or an alias, the man in question was once named Kim Schmitz, but is now Kim Dotcom.

Question 1: No, Kim 'Dotcom' Schmitz is not an anagram of 'Blind Zombie Ostrich.' Seeing as Kim 'Dotcom' Schmitz does not contain the letter 'b' as does 'Blind Zombie Ostrich' does, one can immediately deduce one is NOT an anagram of the other.

Question 2: No, this is not the best business plan I've ever read. It more than likely does not defeat any qualms rights owners and content industries might have about the service as these so called rights owners are mired in antiquated distribution models aimed at starving the actual artist and building wealth for a few who control the draconian means of distribution.

Martin said...

"and only the users have the keys (errrm, provided by Mega)"

Not by Mega but rather by software running on your local machine I have to assume. What would be the point otherwise?

And this is not meaningless. It means that people can't reasonably claim that they have an obligation to police their own servers.

They would still have to react to notices I assume, but I guess they already do that.

Unknown said...

it will include new technology that will automatically encrypt any file a user uploads to the system - and that user will be given a unique key code for each file uploaded, and only someone with that code will be able to access the content that has been stored on the Mega server.

Media Monitoring