Re: Megaupload.com seized

["James Smith" <james () smithwaysecurity com>]

Interesting, going to do some more digging.

-----Original Message----- 
From: Steven Bellovin
Sent: Friday, January 20, 2012 12:07 AM
To: Suresh Ramasubramanian
Cc: james () smithwaysecurity com ; NANOG
Subject: Re: Megaupload.com seized

I don't mean either -- I've only skimmed the indictment.  But from the
news stories, it would *appear* that they got a search or wiretap warrant
to get at employees' email.  I don't see how that would make it "not
private".  (Btw -- "due diligence" is a civil suit concept; this is a
criminal case.)  The prosecution is trying to claim that the targets
had actual knowledge of what was going on.

I do know Orin Kerr, however.  He's a former federal prosecutor and he's
*very* sharp, and I've never known him to be wrong on straight-forward
legal issues like this.  He himself may not have all the facts himself.
But here are two sample paragraphs from the indictment:

On or about August 31, 2006, VAN DER KOLK sent an e-mail to an
associate entitled lol.  Attached to the message was a screenshot
of a Megaupload.com file download page for the file Alcohol 120
1.9.5 3105complete.rar with a description of Alcohol 120, con
crack!!!!  By ChaOtiX!.  The copyrighted software Alcohol 120 is
a CD/DVD burning software program sold by www.alcohol-soft.com.

and

On or about June 24, 2010, members of the Mega Conspiracy were
informed, pursuant to a criminal search warrant from the U.S.
District Court for the Eastern District of Virginia, that thirty-nine
infringing copies of copyrighted motion pictures were believed to
be present on their leased servers at Carpathia Hosting in Ashburn,
Virginia.  On or about June 29, 2010, after receiving a copy of
the criminal search warrant, ORTMANN sent an e-mail entitled Re:
Search Warrant Urgent to DOTCOM and three representatives of
Carpathia Hosting in the Eastern District of Virginia.  In the
e-mail, ORTMANN stated, The user/payment credentials supplied in
the warrant identify seven Mega user accounts, and further that
The 39 supplied MD5 hashes identify mostly very popular files that
have been uploaded by over 2000 different users so far[.] The Mega
Conspiracy has continued to store copies of at least thirty-six
of the thirty-nine motion pictures on its servers after the Mega
Conspiracy was informed of the infringing content.

(I got the indictment from http://static2.stuff.co.nz/files/MegaUpload.pdf
-- while I'd prefer to use a DoJ site cite, for some reason their web
server is very slow right now...)

On Jan 19, 2012, at 10:48 PM, Suresh Ramasubramanian wrote:

> Er I'm sorry but do you mean joeschmoe () corp megaupload com type
> emails, or joeschmoe () hotmail com type emails?
>
> If megaupload's corporate email was siezed to provide due diligence in
> such a prosecution - it would quite probably not constitute private
> mail
>
> On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin <smb () cs columbia edu> 
> wrote:
> >        The Megaupload case is unusual, said Orin S. Kerr, a law professor
> >        at George Washington University, in that federal prosecutors 
> > obtained
> >        the private e-mails of Megaupload’s operators in an effort to show 
> > they
> >        were operating in bad faith.
> >
> >        "The government hopes to use their private words against them," 
> > Mr. Kerr
> >        said. "This should scare the owners and operators of similar 
> > sites."
>
>
>
> --
> Suresh Ramasubramanian (ops.lists () gmail com)


--Steve Bellovin, https://www.cs.columbia.edu/~smb