Kim Dotcom's second file locker project (now disowned), Mega, has been hit with a court order in the U.S. demanding that the site hand over the user information for certain accounts. This comes after sensitive, foreign government documents were found on the site after a hack.
This court action could be very important for Mega's future. Although the site is well out of Kim Dotcom's hands at this point, the whole purpose of Mega was to maintain the secrecy of its users, encrypting their files by default and thereby protecting the owners from being held responsible for user actions.
However Mega has always maintained the IP addresses of its users. While it can't provide files or encryption keys to law enforcement, it could theoretically hand over data on particular customers if they are already found to be in breach of laws. The question is, will it?
The hack the court order relates to is the breach of a Kazakhstan government system back in 2014, though as TorrentFreak explains, it was only discovered in 2015. Many of the sensitive documents were spirited away and ended up on Mega, according to the Kazakh authorities.
What happened next was messy, with injunctions and wars with the Electronic Frontier Foundation, but ultimately we've ended up in this position where the high court has dismissed Mega's efforts to protect its users' privacy and is demanding it hand over user data.
The judge in question contended that since IP addresses didn't hand over email addresses or phone records, it was rather innocuous in comparison to what some companies have asked for.
“Therefore, I am satisfied that the privacy interests in this case should not carry significant weight. I am also satisfied that any potential harm could be mitigated by the imposition of properly worded protection orders,” he said.
Mega is still contesting the decision, or at least talking about how it disagrees. It believes that the Kazakhstan government is being especially heavy handed and should instead opt for a takedown request. It is however now legally compelled to comply.
Discuss on our Facebook page, HERE.
KitGuru Says: This is another of those instances where even though the right legal channels have been used, it still feels a little distasteful. IP addresses are far from an accurate way to identify someone, so should they be used in criminal cases?