Leo Bicknell bicknell at
Fri Jan 20 20:02:16 UTC 2012

In a message written on Fri, Jan 20, 2012 at 09:37:16AM -1000, Paul Graydon wrote:
> From what I understand about MegaUpload's approach, they created a hash 
> of every file that they stored.  If they'd already got a copy of the 
> file that was to be uploaded they'd just put an appropriate link in a 
> users space, saving them storage space, and bandwidth for both parties.  
> Fairly straight forward.  Whenever they received a DMCA take-down they 
> would remove the link, not the underlying file, so even though they knew 
> that a file was illegally hosted, they never actually removed it.  That 
> comes up for some argument about the ways the company should be 
> practically enforcing a DMCA take-down notice, whether each take-down 
> should apply to just an individual user's link to a file or whether the 
> file itself should be removed.  That could be different from 
> circumstance to circumstance.

Note that with A DMCA take down the original uploader can issue a
counter-notice to get the content put back.  Most sites don't
immediately delete the content but rather disable it in some way
so that should the file be counter noticed it can be put back up.

Also, when using a hashed file store, it's possible that some uses
are infringing and some are not.  I might make a movie, put it on
Megaupload, and then give the links only to the 5 people who bought
it from them.  One of them might turn around, upload it again to
Megaupload, and share it with the world, infringing on my content.
I would hope that when I issue a takedown notice they take down the
infringers copy (link), but leave mine in place.

None of this should be taken to mean I'm behind Megaupload.  I have
a greater concern here wondering if law enforcement, the courts,
and most importantly the law makers understand the technolgy and
can craft and apply laws in a reasonable way.  One major issue that
already came up is that a whole lot of people used Megaupload for
storing perfectly legal content.  It's now offline, and there appears to
be no way for them to retrieve that data.  At what percentage is that
reasonable?  If 99% of your users are infringing?  50%?  1%?  Could this
be used to take down your competitors?  Buy some Amazon instances and
put a bunch of infringing content on them, and then watch the feds seize
all of Amazon's servers?

Lots of troubling questions, no good answers.

       Leo Bicknell - bicknell at - CCIE 3440
        PGP keys at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list