We need to distinguish between primary storage, syncing, backup, distribution, and other cases. I wouldn't even call MegaUpload "cloud storage"; I would call it more of a CDN. If Akamai went down, people wouldn't complain about losing data, because Akamai isn't used as primary storage.
Likewise, the US DOJ makes a distinction between uploader-pays and downloader-pays business models, so we must also.
How about using some common sense? Megaupload was primarily focused on enabling, and even incentivizing, piracy. Although bashing on the government is popular in our community, I don't think there is very much precedent that would indicate they would close something like Dropbox out of the blue.
How about being innocent unless proved guilty? Megaupload went down without any trial, and even though the site was obviously used for piracy (was it really?), that should still be proven in court and then only the illegal section of the website should be removed from web.
There's really nothing unique about that. If you were accused of selling drugs via a restaurant front, it'd be shutdown while you're standing trial too.
There is no general authority for the police to abruptly shut down a business. Once a warrant has been executed, the police leave and the business can reopen at its leisure, even if it might need to replace some equipment and staff.
The authority given to courts and federal authorities to behave as they are for suspected copyright infringement is extremely abnormal and cause for great consternation as to the direction of our legal system.
The author, like many other commenters in the past week or so, is wasting words by saying "this is scary - what if it happened to Dropbox and I lost access to all those files!"
Let's not forget Dropbox is just a replica of local storage. That's the whole model. It's more meaningful to discuss whether or not this could happen to S3. I don't see anyone legitimately worried about that, because it's quite obviously a very legitimate business with tens of thousands of legitimate customers (just like Dropbox). Articles like these portend to get you thinking about the broader implications of a takedown, but in truth they cloud clear thinking with what are essentially scare tactics.
It gets scary when the operators of the "replica" has the ability to delete files from your local storage as well. Amazon did this with Kindle & 1984, which caused a sizable controversy at the time. Next thing you know, somebody sends a DMCA notice to Dropbox, they delete your remote copy, and your local Dropbox folder is automatically updated to reflect the change. Whoa, no thanks.
Dropbox is also an apt comparison because part of the MegaUpload indictment has to do with their deduplication system. Dropbox is also very good at deduplication, which means that a single court order can cause all copies of an offending file to be remotely deleted from everyone's Dropbox folder.
The primary difference with your 1984 example is in that case the content originated at Amazon. In the Dropbox model you provided it to start.
If mozy was taken down do you think that it's possible they would wipe the drives of all users? I don't.
Amazon also quite clearly keeps hashes of all keys in S3, which Dropbox rides on. Would you expect the government to be able to issue hash based takedowns to amazon across all buckets?
Amazon also quite clearly keeps hashes of all keys in S3, which Dropbox rides on. Would you expect the government to be able to issue hash based takedowns to amazon across all buckets?
I was under the impression that Dropbox, while having the ability to decrypt your files, encrypts them before they hit S3. If so, a hash-based takedown sent to Amazon would at best be able to take down a single encrypted instance of a piece of data.
So I suspect what happens is that everybodies bittorrented dvd rip of Avatar on dropbox is deduped and stored once on S3, admittedly encrypted, but all with Dropboxes encryption key and all with the same hash pointing at the same single encrypted instance of the file.
I believe Dropbox uses a method analogous to block-level dedupe. That is, files are split up into smallish chunks and then the chunks are what get "deduplicated". A "file" basically consists of a list of pointers to chunks.
This makes things extra problematic because completely unrelated files might share chunks. Standard file formats may lead to duplicate headers. Or consider a political science textbook that contains a complete copy of the US Constitution, and a file that contains just the US Constitution. One is perfectly legal to distribute freely, the other may not be, but both might share some common blocks, and a federal judge with a shoot-first mentality might craft an order requiring the deletion of those common blocks.
When one of my coworkers deletes something in a shared folder, it dissapears from my local machine. This is fine because Dropbox lets you undelete it and revert to their latest copy, but they're sure as hell not going to do that if it was a takedown, whether that takedown was legitimate or not.
This would be vastly more damaging in the context of Dropbox, not less.
With all threat assessments I like to know (appox. to an order of magnitude) the likelihood of any downside. With the M.U. -> dropbox/s3 analogy, I have no guess for an estimate.
I'm honestly curious -- what is the likelihood that you estimate your files being deleted from dropbox? It was always very clear to me that M.U. was shady, and I feel probably deserving of shutdown. Given a 5 year timelines, what is the probability that you guess dropbox suffers a similar fate (total annihilation, server seizure, etc.)?
I don't think Dropbox will suffer anything as drastic as the MegaUpload shutdown. Unlike Dropbox, MegaUpload was shady to begin with, and with a lot more emphasis on public file sharing. But the possibility of individual files being taken down is pretty real. Dropbox probably does it all the time already, otherwise they'd be in trouble with DMCA.
Now, whether they will only delete your online copy, or whether they will let the deletion propagate to your local copy, is totally up to Dropbox. I don't agree with @hemancuso's claim that your local copy will be safe, because there's no guarantee whatsoever. A court order might even specially say that Dropbox should delete local copies too (if possible).
I'm not totally sure on how to square "a lot more emphasis on public file sharing" with the fact that I could never find even a search box on their website.
That's our criteria for takedowns? Whether it feels shady? I understand the law can't always be black and white, but that's a heck of a lot greyer than I'm comfortable with.
What are the odds the you think any of your files could have a DMCA takedown while on dropbox?
I am concerned about the abuses of power under these recent events. However, i still don't see a likely problem for legitimate use (with dropbox), outside of an outlier.
The rhetoric on both sides of the argument has me a bit concerned.
I don't store any files on my Dropbox account that even remotely resemble anything owned by media companies, so I suppose the risks are negligible for myself. Using something like EncFS on top of Dropbox wouldn't hurt, either.
Other people might not be as lucky. People in some countries could store and share files that are completely legal to distribute where they live, but still protected in the U.S. For example, copyright expires 50 years after death in Canada, compared to 70 years in the U.S. If an American company issues a blanket takedown notice and Dropbox obliges, Canucks may be adversely affected. Besides, humans make mistakes. What if somebody pastes the wrong hash into their takedown notice and Dropbox staff forgets to check it?
So even people who never violate any copyright might have philosophical objections to unilateral takedowns like this. It is important to avoid alarmism and hyperbole, but that doesn't mean that there's nothing to worry about.
Am I off base to draw a parallel between this and a right to privacy situation? The folks who say, "the only people who worry are the people who have something to hide"? (FTR, totally against that argument...)
Off topic, the spirit of the internet never ceases to amaze me. We're on ostensibly a business focused board, and you make a compelling argument defending the protection of potential competitors. (I.e., your customers/clients will receive a tangible benefit due to your awareness of these issues, and non-reliance on less capable competition.) Yet, you seem interested in the overall good, rather than looking to exploit your advantage commercially.
According to the Berne Convention, that's not how it works. Even if Canadian works only have life + 50 years of copyright, works created in the US are to be protected by copyright in all the countries that signed the convention for life + 70 years.
Quoting:
In any case, the term shall be governed by the legislation of the
country where protection is claimed
> Let's not forget Dropbox is just a replica of local storage. That's the whole model. It's more meaningful to discuss whether or not this could happen to S3.
Well, every Dropbox account has a `Public` folder with direct HTTP access.
The Megaupload indictment reads that they removed links to the illegal file, but did not remove the actual file. To those blissfully unaware of how the internet works, this makes sense.
It has nothing to do with the Internet. In the context of file-systems, the word "remove" actually means to "unlink". Doesn't this technicality invalidate the indictment?
> I’m the first to agree that any website obviously engaged in piracy (vs. having independent users leverage the platform in unintended ways) should be shut down
So if you wanted to start a website like this and maximise your business and legality - the simple answer is to just let people use it for piracy and pretend you dont know it is happening? This seems slightly silly to me..
this assumes that Megaupload will lose in the courts, and it might not. all that we have so far are the claims of a handful of federal agents and their interpretation of the law plus some very weak search warrants with little PC. I agree that interpretation is scary, but I hope it turns out that it isn't right.
Does anyone know if all Megaupload content was defaulted to being publicly available? This seems to me the most obvious signal for suspicious behavior. I'm aware that with Dropbox, you can publicly post things, but in this case it's the individual user which is "choosing" to distribute the content and thus it would make sense that the user would be the one held liable. I'm not a lawyer, just exploring what might appear to clarify some of the distinctions that might help prevent abuse of anti-piracy laws.
Edit: Youtube, as a counter example, (I think) makes everything public by default, but they enforce the DMCA pretty heavily.
once you uploaded something you got a link with a unique ID which you could share. Other people could not access your file without knowledge of this unique link as you could not search for specific files (unlike Youtube). As far as I know there was also a list of Top Downloaded files but those didn't resemble the truth as they were carefully selected by Megaupload (to make sure that only legal content would be listed)
a kneejerk reaction inspired by his fear of a legal precedent where a "physical file must be deleted where one of many users with ‘links’ engages in illegal activity"
Likewise, the US DOJ makes a distinction between uploader-pays and downloader-pays business models, so we must also.