Chris Barton: Kim Dotcom fights back with encryption

Internet tycoon Kim Dotcom at the launch of his new encrypted file-sharing service Mega. Photo / Richard Robinson

For his latest trick Kim Dotcom is not just fighting back against his oppressors. He has unleashed the dogs of war. Whether the encrypted mega.co.nz does indeed cry havoc on the movie and recording industry is still playing out. But at the very least the exotic New Zealand resident has set one of Gareth Morgan's hated killer cats among the pigeons.

There's no doubt there's some utu at work here too. Dotcom is getting some payback for the way the United States, with the assistance of the New Zealand government, its police, and its spy agency, the GCSB, unilaterally shut down his megaupload.com business.

There is a touch of The Terminator too as Mega delivers a cheerfully maniacal "I'm baaack!"

But while most of the focus so far has been on whether the new cloud-based service passes the safe harbour test afforded to internet service providers - that they are only conduits for data and as such don't have any liability or responsibility for the content that flows through their servers - Mega makes encryption so easy, it could be a game changer.

Suddenly personal data stored online can now be incredibly secure. What's more, unlike Facebook and Google services like Gmail or Google Drive, control of the security of one's personal data through encryption keys is firmly in the hands of the user rather than the corporation.

Encryption - scrambling computer data into something incomprehensible using a key so that only the holder of a matching key can unscramble it - is such an elegantly simple idea you have to wonder why nobody thought of it before. Of course people have thought about it. Codes or ciphers have been around for thousands of years, and on the internet there is plenty of public-key cryptography software available.

But it's never been mainstream. Which is odd really because it was part of the original plan for the internet. As Michael Gross points out in World War 3.0 full cryptographic capability was the ultimate goal when Vint Cerf and others were working on a new communications network for the US military in 1975. Somehow the encryption part never got done and companies like Google, Facebook and Twitter have always balked at the prospect, citing, as Gross points out, that it's too expensive, the web was never designed to be encrypted and that the net is not a private place anyway. The truth is a little more self serving. Encryption with customer-controlled keys would massively disrupt Google, Facebook et al's business model which relies "on the cloud provider's ability to data mine or otherwise exploit the users' data."

In other words, using access to users' data to make money by improving search results, delivering ads and the like. If all of Facebook, Google etc's stored data was encrypted, it would indeed wreak havoc on their businesses.

While most of us have blithely accepted the loss of privacy is something we just have to live with - the cost of being online and using cloud-based services - encryption, especially if it's easy and on-the-fly in the browser as it is with Mega, gives lie to that assumption. But the secrecy of privacy has two faces. Sometimes it represents liberty. Other times it hides bad things.

Encryption would have made a huge difference in the 2009 Green Revolution protests in Iran, when the Iranian government spied so easily on its citizens by reading their emails, their social network pages, and tracking protesters' every online move. Encryption would also be very useful to counter the American Foreign Intelligence Surveillance Act which enables mass "dragnet" surveillance of cloud-based services data without a warrant. The legislation, which has been in place since 2008, enables the US to mine any foreign data in US Clouds whenever it wishes - an act that if it was being performed on its own citizens would be contrary the 4th Amendment of the American constitution.

It's is also likely that encryption will make it much easier for users to share copyrighted material - especially among trusted groups. And that it could provide a safe haven for nefarious activities such as child pornography and credit card fraud. But Dotcom is counting on safe harbour protection - that he can't be expected to police what users do with his service and, with the content in the Mega cloud encrypted, he doesn't actually know what users are doing.

To claim safe harbour, Mega has to show responsibility when it becomes apparent that that content on its servers is objectionable or in breach of copyright or whatever else. So far that's exactly what the service is doing. When somebody in France publicly posted on a torrent site a number of links to Mega with the encryption keys, the service immediately responded to the takedown notices received and removed the content. On the face of it Kim Dotcom is being a good cyber citizen.

To stay squeaky clean Dotcom will have to continue responding to takedowns and avoid any suggestion of contributory infringement - that is, any suggestion that the service encourages copyright breaches. The legal question yet to be tested is whether the service itself encourages illegality. When nobody knows what content is there, is that in itself an encouragement to infringe? On the other hand Mega has a good defence. It can say hand on heart it's not involved in copyright infringement, that it's just providing shelf space for users to put their stuff. Like a cyber Swiss bank account.

For its sheer audacity, Dotcom's Mega is hard to beat. As one commentator noted: "I like this guy; he's beating copyright enforcers at their own game. That's literally DRM [digital rights management] the other way around." As a new weapon in the ongoing copyright wars, Mega's encryption is going to give governments and the movie and recording industry a serious headache. But the real brilliance of Mega is how it gives back something ordinary users online had given up hope of ever seeing again - privacy.

Human nature will decide whether or not that's put to good use.