The FBI seized popular upload site Megaupload.com yesterday. They took the site down and now own the servers.
I am not an attorney, and I have no opinion on whether or not the MegaUpload guys were breaking laws or encouraging users to violate copyrights through illegal uploading and streaming of movies, recordings, etc. Right or wrong, the FBI did it and now we need to deal with the fallout.
The challenge is that there were very likely many users who were not breaking any laws. People backing up their music, photos, websites, documents and who knows what else. I highly doubt any large corporations would want to use such a site, but I bet a lot of small businesses did. My focus here is on the ramifications to the enterprise, and how to protect yourself from being impacted by this.
What if the offending site was using Amazon, Google or Microsoft to store their bad content? I’m sure that the Feds would have had no problems getting the sites shut down through these companies without needing to resort to taking them offline. But legally could they have gone in and seized the AWS data centers? Or some of the servers? Maybe legally, but perhaps not easily for both technical and legal reasons (Amazon has lots of money for lawyers…).
What if the cloud provider was someone smaller, without the financial ability to challenge the FBI? I mean, those guys usually don’t call ahead — they just bust in the door and start taking stuff. The point is that IT needs to take some steps that protect themselves from getting caught up in an aggressive enforcement action, legitimate or not.
Recommendations to IT
- Stick with larger, more legitimate vendors that have the ability to square up with the Feds when necessary – not that will stop them but it could slow them down enough to let you get your data
- Encrypt your data using your own keys so that even if your servers get taken, your data is secured (of course, that’s just a good idea in general)
- Back up your data to another cloud or your own data center. Having all of your eggs in one basket is just stupid (and that goes for consumers who are more likely to just trust a single backup provider like Carbonite (who stated in their S1 offering docs that they expected to lose data and that the consumer’s PC was assumed to be the primary copy!)
Feds, Please Consider Doing it Differently
Perhaps we need some legislation to protect the innocent legitimate users from the enforcement fallout caused by people who are clearly breaking laws. I don’t understand why, for example, the FBI could not have copied off all of the files, logs, databases etc. but left the site running. Even watching the traffic that occurred after the announcement could have given the FBI some interesting insights into some of the illegal usage.
Bottom Line – protect yourself because this is a story that could be coming to your preferred cloud someday.