U.S. Gov’t Seizure of Cloud Servers Puts Hyperlocal’s Content at Risk
Ohio hyperlocal sports publisher Kyle Goodwin’s videos vaporized in the cloud. The U.S. Justice Department (DOJ) seized the servers storing Goodwin’s videos as part of the DOJ’s criminal indictments against Megaupload.com. Now Goodwin is suing to get his videos back, claiming his hyperlocal sports business depends on the content. His attorneys further question the reliability of “cloud” data storage if the government can seize servers and deprive innocent users of their content.
Goodwin provides in-depth hyperlocal high school sports coverage primarily in the Cleveland/Akron area through his OhioSportsNetTV. He backs up his video on a local hard drive and kept another copy in the cloud on Megaupload.com. He lost his first set of video when his hard drive crashed. He lost his final backup when the FBI seized Megaupload’s servers.
In January 2012, the US Justice Department (DOJ) indicted Megaupload.com and affiliated companies and owners, including Kim Dotcom (a.k.a. Kim Schmitz), on a variety of criminal counts related to copyright infringement. With search warrants in hand, the FBI seized 18 domain names and over 1000 servers operated by Carpathia Holdings, an affiliate of Megaupload. On January 27, 2012, the DOJ notified the U.S. Federal Court in the criminal proceeding that it no longer claimed any right to access or control the Carpathia servers. Goodwin tried to recover his video from the various parties without success.
On May 25, 2012, with the help of the Electronic Frontier Foundation (EFF) and the Hoover Foundation, Goodwin filed a brief in the Megaupload criminal case in a Virginia federal court to recover his videos. According to the EFF, Carpathia still owns the servers and has not deleted the data, despite the government’s claims that Carpathia has no obligation to maintain that data. Carpathia claims that “it does not own and cannot access the data” and, as such, is not able to return it to its rightful owners.
Because the government has frozen all of Megaupload’s funds, the EFF alleges that Carpathia has been “stuck eating the costs of maintaining those servers — approximately $9,000 a day.” Carpathia has asked the court to allow it to repurpose the servers after allowing a brief period of access, to require another party to take control of the servers and pay Carpathia for them, or to require the parties to pay Carpathia to continue maintenance. Goodwin fears he may lose his data forever.
Goodwin’s pleading alerts the court that the seizure is killing Goodwin’s business: “Mr. Goodwin — who all parties agree is completely innocent in this matter — has already been deprived of access to his property for months, an especially significant deprivation for someone whose business turns, in part, on giving parents timely access to video of their children’s sports activities,” Goodwin’s counsel asserted in the brief.
In court documents, Goodwin’s claimed his seized files included a full length documentary of the Strongsville, Ohio girl soccer team’s full season and raw footage of players and coach interviews. He also is losing income because he is unable to provide parents with highlight reels of student athletes (which the site sells for a fee).
Goodwin’s brief also contends that the confiscation of Goodwin’s videos without notice violated his rights under the Fourth and Fifth Amendment of the U.S. Constitution, adding “allowing such seizures without regard to injuries to the property rights of third parties will create a dangerous practical, if not legal, precedent that will affect an increasing number of Americans as we move our information, data, and other content to the cloud.”
The risks of using “the cloud” for data storage has been the staple of legal seminars. Now, the risk of innocent users losing their data by government seizure under anti-racketeering laws adds a new twist. Whatever ruling is made by the federal court may provide some guidance in the future on what care the government must use to save and return data of innocent users. In the meantime, however, hyperlocals should reassess their data backup strategies.
The cost of backup drives have significantly dropped and should be an option. Hyperlocals also should research the ratings, financial strength and reliability of cloud providers. Companies such as Amazon, Google, Microsoft and Dropbox have joined the fray to provide data storage in the cloud. In reviewing any agreement for services with cloud services, hyperlocals must ensure that the cloud provider:
— Guarantee uptime (around 99.9%)
— Provide 24×7 security at its servers.
— Encrypt data.
— Conduct background checks of its data center operators.
— Limit access to data by its employees on a “need to know” basis.
— Guarantee that the data will not be shared with third parties.
— Provide redundancy, including backup servers and backup power supplies that can provide services if a center goes down.
— Regularly schedule backup of its data in the event of disaster.
— Provide a mechanism to notify you if there has been a breach of data and a process to contain the loss.
— Make clear that you unconditional own all data provided to the cloud service.
— Guarantee that the provider will not infringe the rights or others and will comply with all laws.
— A procedure in which you can recover your data (a wind down process) once your agreement with the cloud service expires.
— Guarantee that its services comply with certain technical standards, such as an SSAE audit, or compliance with PCI standards if handling credit cards.
Note, we provide this article for news information only. It is not intended to provided legal advice to any user.
Brian Dengler is an attorney with Vorys Legal Counsel and journalist who covers legal issues in eMedia. He is a former vice-president of AOL, Inc., a former newspaperman, and an EMMY-winning TV journalist. He teaches new media issues as an adjunct at Kent State University and formerly at Otterbein University.
Image courtesy of Flickr user Klearchos Kapoutsis.