Mega’s little problem with a pesky thing called the law

Kim Dotcom is blowing hard once again on Twitter.


He is going on about ‘his’ MegaChat…funny thing is he was crying poverty and said he had given all his shares in Mega to his estranged missus…so quite how it is his is another matter entirely. Perhaps he has misled another court?

In any case his boastfulness ignores a problem.

Chris Keall at NBR explains.

Mega has said it will abide by the laws of every company it operates in. As a registered commercial entity it can barely take any other stance.

And when the FBI so successfully eavesdropped on the Skype chats and instant messages Kim Dotcom and his co-defendants while investigating Megaupload, it did so with a warrant issued by a judge.

What would Mega do if a law enforcement agency in a country its service operates in (that is, anywhere), hands it, or one of its users, a lawful warrant asking for encryption keys? In NZ, it has to live under the Telecommunications (Interception Capability and Security) Act, aka TICS, which gives our government broad-brush powers to demand depcryption keys from a service provider when there is a (very broadly defined) threat to NZ’s national interest. This as-yet-untested legislation gives the ICT Minister discretion over who is defined as a service provider. Network operators like Spark, Vodafone, 2degrees are very clearly service providers. It’s more of a grey area for the likes of Microsoft Skype, Google Hangouts and now MegaChat – but I’m guessing the Crown won’t give MegaChat a free pass.  

There’s also the wrinkle that the FBI did not have to serve Skype itself (the events took place before the service was bought by Microsoft); rather, the agency was apparently able to plant spyware on the defendant’s computers. If you’re listening in via snooping software on a person’s computer – or, heck, even a conventional bug planted in their living room – encryption won’t help.

It will only take one incident of law enforcement accessing a MegaChat conversation, or one country blocking the service (as Italy recently blocked Mega, albeit temporarily), to make it a whole lot more difficult for the new service to attract users.

With Mega now offering communications services they can easily be deemed a service provider now. That means that if requested…and you can bet they will be…they have to hand over to the authorities the decryption keys.

As soon as the authorities do that MegaChat is dead in the water and Dotcom’s claims will collapse like all this other claims. On top of that investors will begin to get very squeamish once they understand the risks that TICS poses to a business like Mega, the funny thing is Vikram Kumar knew this and talked about it often…perhaps that is one of the reasons that he got the arse card.

Basically it goes like this. If the authorities under warrant request using the TICS legislation the decryption keys and Mega fails to provide them…and word is they can’t, then the service will have to, by law, be shut down.

Now that to me doesn’t sound like a winning investment opportunity.

With Mega still willing to associate their brand with Kim Dotcom I don;t suppose pesky things like laws matter too much to them.




THANK YOU for being a subscriber. Because of you Whaleoil is going from strength to strength. It is a little known fact that Whaleoil subscribers are better in bed, good looking and highly intelligent. Sometimes all at once! Please Click Here Now to subscribe to an ad-free Whaleoil.

  • Korau

    It may well be that Mega does not have the encryption keys!

    If their system is set up using SSL type encryption the keys are known only to the receiver, with the sender using the receivers public key. I understand this is similar to the system being adopted by various ohone makers, much to the chagrin of the US spies.

    For a simplified view of this system watch

    • shykiwibloke

      The last part of the article explains that if that is the case then the service must be shut down under the law.

    • taurangaruru

      In Mega’s case I would have thought they were the receiver, they do the encryption within their infrastructure don’t they? Do they use their own PKI? If so then they have the private keys, if they use a certificate from a public authority (Go Daddy etc) then they would have the private key that was issued with the certificate. In any case what is being discussed in the video is encrypting data before being sent over the internet i.e. credit card details during an online transaction. My understanding was that Mega would encrypt the data once it was stored within their infrastructure, whatever mechanism they have for encrypting the data is no doubt owned & controlled by Mega. That is why I cannot believe Mega when they say they cannot decrypt files stored in their systems. As surely as they can encrypt they can also decrypt. Would be a lot harder & take a longer time but they have the means.

      • Korau

        The new service under discussion is a chat service. This is different to the storage of data at mega which appears to be the thrust of your point.

        Without knowing the technicalities of how this new service operates it’s difficult to know if Mega would have access to keys.

        In any event the service is likely to be trumped by the new Firefox Hello service which is browser to browser. I understand this is via SSL so the two browsers would hold the decryption keys after the handshake. There is a third party who assists in starting the conversation, then plays no further part. This service is available for the latest Firefox, Chrome and Opera browsers. Google Firefox Hello.

        • taurangaruru

          Thanks for the info

  • shykiwibloke

    So if I was a crazy loner with nothing whatsoever to do with any religion I guess I might be attracted to such a service. Which would trigger the law, and shut the service down. Would not surprise me if this is exactly what KDC is aiming for in order to play the victim publicly yet again while creating more legal confusion and grounds for challenge to his extradition.

    • Kevin

      Just another delaying tactic? Could well be.

  • The Accountant

    Until Mona gets cuddly with another man, I call “asset protection strategy” on their separation.

  • Burf

    Almost 2 years before that police raid – in the April 2010 edition of Investigate magazine – Ian Wishart outed Kim Schmitz in an excellent in-depth article titled Merry Chrischmitz. In the article, Ian listed the companies that Schmitz [aka Kim/Tim/Jim Vestor] was a director. They included a porn site called Megarotic Ltd. The MSM totally avoided this article and its implications way back then – and ever since.
    I read recently that Schmitz claims to have ‘made’ $40 million since his ‘arrest’. Can someone please tell me if Schmitz is still making money from that site and is there any concern that – with a couple of mouse clicks – children can access this hard core porn?

    • Alex

      Made an account just to comment on this…. There is nothing illegal about running a porn site? So what’s the problem? That site no longer exists, I believe it was shutdown during the Megaupload Raid.

      Second, do you not understand that the purpose of the internet is that you should have freedom without censorship (other than child exploitation). The internet is not to blame for kids looking up porn.. That is the parents responsibility.

  • caochladh

    I’d like to know when the police are going to drag the fat lying criminals backside into court over the obvious perjury in the Bank’s case