The Megaupload defendant in charge of IP and website issues is Mathias Ortmann, who is still in custody in New Zealand, with his bond hearing continued until Friday. The Indictment says he is the Chief Technical Officer of Megaupload and resides in Germany and Hong Kong:

From the onset of the Conspiracy through to the present, ORTMANN has overseen software programmers that developed the Mega Conspiracy’s websites, and has handled technical issues with the ISPs. His particular areas of responsibility include setting up new servers, sending and responding to equipment service requests, and problem solving connectivity problems with the Mega Conspiracy websites.

Surely he was able to provide Carpathia the information it needed to provide user access to the servers prior to his arrest without coming to Virginia. Why can't he provide the access information through his lawyer now?

And if the U.S. agrees to unfreeze funds so Carpathia gets paid, and voila, users can access their accounts to retrieve their data, how does that jive with Carpathia's statement today that it doesn't have the ability to make it available?

What's in it at this point for Megaupload to make the data available to users? They want the data to use in their defense, but their company is history now, win or lose. They will never regain what the Government has taken from them.

According to the Government, Megaupload is under no obligation to its customers to retain data. See the footnote on page 5 of the Indictment:

[A]ll users are warned in Megaupload.com’s “Frequently Asked Questions” and Terms of Service that they should not keep the sole copy of any file on Megaupload.com and that users bear all risk of data loss. The Mega Conspiracy’s duty to retain any data for even a premium user explicitly ends when either the premium subscription runs out or Megaupload.com decides, at its sole discretion and without any required notice, to stop operating.

The Indictment also says that a search warrant for Megaupload was issued in June, 2010 and infringing files were found on the Carpathia servers. Megaupload customers were able to access the servers after that search warrant was executed, so why not now?

On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S. District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were present on their leased servers at Carpathia Hosting, a hosting company headquartered in the Eastern District of Virginia.

Also, Carpathia's website, under the section "Ethical Advocate", describes the services it provides to other clients. For several, it provides disaster recovery so data won't be lost and daily back up services. On one page of their website, they say, "Your data can be protected and made available through managed backup and restore & storage solutions. " Megaupload paid them hundreds of thousands of dollars a month, were these services not included?

One last thing: Why is Carpathia blaming the Government for giving out the wrong information in its letter to the Court? The Government is the hand that feeds them. According to this paper on their website, Carpathia also manages servers for the Department of Defense, Homeland Security, Intelligence agencies, the Departments of Commerce, Health and Human Services, Veterans' Affairs and the GSA.

I won't pretend I understand the technical details of servers or "The Cloud." But every hosting company I've ever used during the past ten years has allowed me to login and access my files, and has backed up my data whenever significant changes are made to the server.

I doubt we'll ever know the real story behind this conundrum, which is beginning to seem manufactured to me. I can't tell who's responsible, whether this is just about money, or if there is some legitimate technical explanation. But the bottom line for those of you who store information on other people's servers, is keep a back-up on your own computer. Whether it's Quicken, iTunes, GMail or a photo-storing site, they can all be subject to data breaches, takedowns, hacks, and malware -- or just go out of business.

Original Post

DOJ Okays Destruction of MegaUpload Data Starting Thursday

Update: Carpathhia Hosting has issued a statement saying DOJ is wrong, it does not have access to material stored on MegaUpload servers, and users should not contact them. It recommends contacting Megaupload:

Dulles, Va. – January 30, 2012 – In reference to the letter filed by the U.S. Department of Justice with the Eastern District of Virginia on Jan. 27, 2012, Carpathia Hosting does not have, and has never had, access to the content on MegaUpload servers and has no mechanism for returning any content residing on such servers to MegaUpload’s customers. The reference to the Feb. 2, 2012 date in the Department of Justice letter for the deletion of content is not based on any information provided by Carpathia to the U.S. Government. We would recommend that anyone who believes that they have content on MegaUpload servers contact MegaUpload. Please do not contact Carpathia Hosting.

The Department of Justice has advised the Court that Carpathia Hosting and Cogent Communications are free to delete data on the MegaUpload servers beginning this Thursday. The reason: It obtained access to the servers via a search warrant on January 19. It didn't take physical custody of the servers, just copied the data (and not all of it.) Now that it has finished copying the data it it wanted, the execution of the search warrants is complete, and it no longer has any right to access the servers. Thus, the hosting companies can decide to delete it or not, as they wish.

Shorter version: Government to Megaupload customers: Don't blame us if your data is destroyed, blame Carpathia and Cogent.

From the U.S. Attorney's Letter (Available on Pacer):

The execution of those search warrants has now been completed. The United States copied selected Mega Servers and copied selected data from some of the other Mega Servers, but did not remove any of the Mega Servers from the premises.

Now that the United States has completed execution of its search warrants, the United States has no continuing right to access the Mega Servers. The Mega Servers are not in the actual or constructive custody or control of the United States, but remain at the premises controlled by, and currently under the control of, Carpathia and Cogent. Should the defendants wish to obtain independent access to the Mega Servers, or coordinate third-party access to data housed on Mega Servers, that issue must be resolved directly with Cogent or Carpathia. It is our understanding that the hosting companies may begin deleting the contents of the servers, beginning as early as February 2, 2012.

This raises a host of potential issues. Will Carpathia and Cogent agree to keep the servers intact long enough time for Megaupload customers to retrieve their uploaded and stored files? If not, will the users sue these hosting companies instead of the Government?

Do the hosting companies have any liability to Megaupload customers if the customers contracted with Megaupload, but not directly with the hosting companies? Or, is the users' remedy solely against Megaupload?

If the users' remedy is now only against Megaupload (the party they contracted with,) since Megaupload's funds have been seized for forfeiture, what recourse do users have? Can they intervene as third party claimants in the criminal forfeiture part of the Indictment, asserting they were innocent owners or good faith purchasers? Without a secured claim, would their claims get trumped by the Government's claim to Megaupload's seized funds?

Unlike civil forfeiture cases, in a criminal forfeiture case, forfeiture can only be granted once the Government gets a conviction on the underlying criminal charge. If the Megaupload defendants are acquitted at trial, there is no forfeiture. That's going to take a year or more. When can users begin filing the claims? Do the users have to wait until the criminal charges are resolved before they seek to intervene as claimants in the forfeiture portion of the case?

These are complicated issues, and while I could spend the next day analyzing them, like I did the New Zealand laws last week, I've got my own cases to attend to. I'm going to wait until the legal scholars following the case weigh in, and then either agree or disagree.

All I'll say is this is very crafty of the Government, which clearly is aware that class action lawsuits by Megaupload users were headed its way. They can now say to users: Hey, don't blame us if your data is gone. We didn't destroy it. We were allotted 10 days to execute our warrants, we finished on time and the servers are now back in control of the hosting companies with all data intact. You want your data, ask the hosting companies for it.

This is a lot of material. Megaupload payed around a million dollars a month for its servers.

I doubt Carpathia and Cogent will be happy about having to expend employee time responding to MegaUpload user demands to return the data. They may think they have no legal obligation to MegaUpload customers, and they may be right. But they have to weigh the cost of keeping the servers open and available to users to retrieve the documents they uploaded, against the legal fees it will cost them to defend the users' lawsuits. Seems to me the best course is for Cogent and Carpathia to be magnanimous here and issue a press release stating that customers of Megaupload will have two weeks to log on to the servers and retrieve their data at no cost. It would also be a good public relations move.

But doesn't this defeat the Government's purpose to some extent? Cogent and Carpathia surely aren't going to make customers prove their uploaded data wasn't copyright-infringing. That's far beyond their pay grade. And too expensive given the 100 million MegaUpload customers. Seems to me their choice is open up the servers for all users to get their data, or destroy it all and risk a lawsuit. If they allow all users to retrieve their data, infringing material and all, what has the Government accomplished? Megaupload customers who uploaded and are allowed to retrieve inappropriately obtained copyrighted material, will now have it back and you can bet they'll find another site to upload it to.

This whole case is a losing proposition for the Entertainment and Movie Industry, whose goal was to stop people from uploading, downloading and sharing copyrighted works. All that's been accomplished is one company's owners and employees may go to jail, but the data, if returned, will be available to the MegaUpload users to upload elsewhere.

You can bet it won't be on servers hosted in the U.S, but on servers in countries that don't have extradition treaties with the U.S., countries without laws that criminalize piracy as felonies, or countries that haven't signed on to ACTA or similar agreements. It's now a shell game. Move the material from U.S. servers to a safer country. Even if these new countries cut off U.S. users (like the poker sites did when they got charged), there are millions of international users who will continue to upload and download the copyright material outside the U.S.. MegaUpload will be just a temporary blip on the radar screen, soon to be replaced by more sophisticated and less detectable sharing applications overseas, which will be harder for the U.S., handmaiden to the entertainment industry that it is, to take down.

Having made millions off of MegaUpload, shouldn't the hosting companies now be magnanimous and tell users it will return their data upon request? Maybe, since the hosting companies aren't accused of wrongdoing, their insurance companies will pick up the tab.

This is just my 20 minute assessment. Usually, I will spend days analyzing relevant topics before rendering an opinion. But, as I said, I'm too busy with my own cases. Also I know very little about copyright law. I do know about civil and criminal forfeiture statutes, and third party claims to the money or property the Government seeks to seize, but not the issues presented here.

I think Carpathia and Cogent will start getting a slew of calls and emails from MegaUpload users tomorrow, asking for their data back.

I'll end this with "Developing - stay-tuned."