By: Juliana W. Chen
The Megaupload saga is one of the latest development to affect cloud computing. Visitors to the file sharing and cloud storage site Megaupload.com will now find a notice from the U.S. government that the domain name has been seized. In connection with this seizure, several individuals and entities have been charged with an assortment of crimes, including criminal copyright infringement. The shutdown of Megaupload reinforces conventional advice and raises additional considerations for both customers and service providers.
Megaupload illustrates why cloud storage customers ought to keep the following issues in mind:
- Back up data regularly. Although a cloud storage solution may offer a cost-effective and convenient way to store and access data, it should not be the sole means of storing that data. Some of the 180 million registered users of Megaupload discovered this the hard way. Whether users will be able to recover legitimate files stored through Megaupload remains uncertain at this stage. The U.S. Department of Justice has noted that Megaupload expressly warned its users that they assumed the risk of losing their data, which some other cloud storage service providers do as well. An earlier blog post discusses tips for addressing data back-ups before the vendor stops returning phone calls.
- Be careful that your data is non-infringing. A cloud storage customer should ensure that it and its employees do not upload infringing content to the cloud even if that infringement is not intended to be malicious (e.g., an employee uploading third-party proprietary content that he or she likes and wants to share with others or thinks may be helpful to the business). The takedown of Megaupload appears to be part of a series of ongoing anti-online piracy efforts by the U.S. government. Diligently avoiding the storage of infringing content is one way to reduce the likelihood of being caught in the fray.
- · Screen service providers. The cloud storage industry is growing. New service providers are beginning operations, and existing service providers are starting to offer new storage models, so customers have an increasing array of options. A vendor that turns a blind eye to the sharing of pirated content through its service offerings is probably not the right choice for a legitimate business customer who intends to use the cloud to store important data.
Megaupload brings other issues to the fore for service providers, including the following:
- Avoid unintentionally encouraging piracy. Vendors that want to avoid the same fate as Megaupload would do well to avoid encouraging piracy. Something that is seemingly innocuous, like file-sharing functionality or a rewards program that encourages users to upload or download content from a cloud storage service, could have the unintended consequence of encouraging piracy. In the wake of the Megaupload shutdown, some service providers have discontinued such offerings.
- Act properly to take advantage of the DMCA safe harbor. Under 17 U.S.C. § 512(c), the Digital Millennium Copyright Act provides a “safe harbor” to online service providers that meet certain criteria. For cloud storage vendors and other service providers that deal with user-generated content, these requirements include registering a designated agent with the Copyright Office and removing or disabling access to infringing content promptly after receiving proper notice from a copyright holder. Megaupload did appear to attempt to qualify for the safe harbor (e.g., it registered a designated agent with the Copyright Office). However, the DOJ alleges in its 72-page indictment that Megaupload does not meet the safe harbor criteria because “they are willfully infringing copyrights themselves on these systems; have actual knowledge that the materials on their systems are infringing (or alternatively know facts or circumstances that would make infringing material apparent); receive a financial benefit directly attributable to copyright-infringing activity where the provider can control that activity; and have not removed, or disabled access to, known copyright infringing material from servers they control.” The DOJ also notes that Megaupload did not designate an agent until years after it had been operating and the DMCA had been enacted and that Megaupload merely deleted some links to infringing content, while leaving the infringing content on its servers and leaving other links to the infringing content intact.
The nature and extent of the fallout from Megaupload will not be known for some time. However, both cloud storage customers and vendors can take action now to avoid the pitfalls that this case reveals.