MediaFire DMCA Response Exposes Risks Of Cloud File Hosting

The recent experience of virus researcher Mila Parkour highlights the risks of storing files via cloud hosting services. Parkour’s blog tells how popular file sharing site MediaFire suspended access to her paid account – for 3 consecutive copyright violations.

The copyright violations related to 3 files she hosted on MediaFire (linked to from her blog) and resulted from DMCA (Digital Millennium Copyright Act) Takedown Notices issued by a French copyright watchdog company called LeakID.

1 of the 3 files was a free and widely available Microsoft Office patch (security fix) – very unlikely to infringe copyright for sharing it. The fact that it included MS Office 2010 in the filename is likely to be the reason why it was wrongly assumed to be suspicious (e.g. a ‘crack’ for Office).

However, the other 2 files were encrypted zip files containing a malicious PDF attachment (for virus researchers). As they were encrypted there is no way they could be ‘read’ by LeakID to ascertain potential infringement of copyright. Even if they could be read, only an agent acting on behalf of the owner could claim copyright infringement – and nobody is going to admit to being the ‘owner’ of malicious code…

Therefore it appears that at least 2 of the 3 DMCA notices were totally groundless – so MediaFire would reject them, yes? No. They accepted each claim ‘as is’ and stopped those files from being shared. Even worse, because 3 consecutive claims were received, they suspended Parkour’s account – locking her out of all her 34GB+ of hosted files, not just the 3 in question.

MediaFire absolved themselves from all responsibility, putting the onus on their customer to counter-claim directly with LeakID – “If you file a counter-claim the reporting party has 10 days to respond  If they do not we can restore the file“. So even if you are totally innocent your files will be unavailable for up to 10 days…

According to Sophos, MediaFire’s Director of Support claimed “The circumstances of your case related to a 3rd party notice are unfortunate. Like all online service providers, we are compelled by law to suspend content upon the receipt of a complete DMCA Notice”.

Read that last bit again – ‘we are compelled by law to suspend content upon the receipt of a complete DMCA Notice’. Even if the notice is provably false and you have not violated anything, if you are wrongfully accused of copyright infringement by a third party (even in another country), those files will still be suspended.

Is this the fault of LeakID, MediaFire or DMCA?

All three.

LeakID and other such companies almost certainly use automated bots to trawl the net looking for files infringing copyright and the nature of automation means that a large number of innocent files may be caught up in the sweep – files where LeakID is most certainly not authorized to act on behalf of the owner.

If they knowingly ignore that fact it could even be construed as perjury – Parkour notes that the DMCA filing rules state “under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed“.

MediaFire haven’t covered themselves in glory by refusing to act on behalf of their (paying) customer – going so far as to suspend her entire account. Even a cursory inspection of the files would have revealed that 2 were encrypted – as they could not be read (and were malicious files anyway) it should have been impossible for anyone to claim copyright infringement.

However, it is the US DMCA legislation and its Takedown Notices that are the biggest culprit for this ridiculous “guilty until proven innocent” state of affairs. As Parkour notes “Apparently, anyone can contact any file sharing service and claim DMCA violations and make them suspend any file you don’t like”.

This isn’t the first time I’ve discussed DMCA – last month I wondered if Microsoft were using DMCA Notices to punish negative Windows 8 stories. Such a scattergun automated approach to takedown notices is an indication of the dangers that DMCA poses to free speech – Google noted back in 2009 that:

more than half (57%) of the takedown notices it has received under the US DMCA 1998, were sent by business targeting competitors and over one third (37%) of notices were not valid copyright claims”.

It appears not much has changed. Companies can fire off notices like buckshot in the (usually correct) expectation that smaller website owners will not have the resources to take legal action against malicious or incorrect notice requests…

The last words go to Mila “For me it is a black mark on all cloud services and a reason why I would be hesitant to recommend using cloud services for companies who are concerned about ownership of their files”.

I couldn’t agree more. Whilst there may be a place for cloud file hosting as a backup medium, relying on it for sharing files can be a risky undertaking – at least whilst DMCA remains so biased against the innocent party.