Megaupload takedown demonstrates the danger of storing data anywhere in the cloud

When the FBI took down Megaupload at the end of last year, it also seized the servers and all of the files they contained. But Megaupload had many legitimate users who used the service to store their own proprietary files. Kyle Goodwin is one such user, and with the help of EFF he has been seeking the return of his property.

The government, however, is seeking to prevent or at least delay the return of Megaupload files. According to a report in Wired, “The government fears a rush of some of 60 million-plus former Megaupload customers could make a claim to get their data back.” On 30 October it filed a court brief calling, suggests EFF, “for a long, drawn-out process that would require third parties – often individuals or small companies – to travel to courts far away and engage in multiple hearings, just to get their own property back.”

The real problem, according to EFF, is that “the government's approach should terrify any user of cloud computer services – not to mention the providers.” There are two concerns. Firstly, if the authorities seize the servers of a cloud provider, they will feel at liberty to examine all of the files contained, regardless of content and regardless of ‘owner’. No further warrant is required.

But the issue with the widest implications is that the government brief is suggesting that merely by using cloud storage, the file owner loses property rights to the content. “Apparently,” notes EFF, “your property rights ‘become severely limited’ if you allow someone else to host your data under standard cloud computing arrangements.” While this could be a serious problem for individuals such a Kyle Goodwin, it could prove catastrophic for business.

It is an issue that should concern any user of cloud services, including companies that use Google’s Drive or Dropbox. Ira Rothken, an attorney for Megaupload, told Ars Technica, “The DOJ's action of bypassing password protection and snooping into Mr. Goodwin's Megaupload storage account data raises some customer privacy rights concerns that will need to be addressed.” Those concerns will only get more complicated if the customer concerned is a European user or company subject to EU data protection requirements. If the US court accepts this brief filed by assistant US attorney Jay Prabhu, Europe will need to think very carefully about whether and to what extent it is able to use public cloud storage services in the future.

What’s Hot on Infosecurity Magazine?