Well, I can’t say I’m entirely surprised by the FBI’s actions – but then again, the entertainment industry might as well arrest itself, throw itself in jail and eat the key.
Most post-production companies I’ve dealt with over the years have used the likes of FTP servers (their own, their clients’ or some other third party service), Dropbox-like servies and even MegaUpload-like services to transfer LEGITIMATE content (dailies, notes, previews, pre-viz, whatever) between themselves. I’ve also encountered badly configured FTP servers which may – if picked up by rogue elements – could be utilised to store illegal content (in the real early days when film companies started using the internet – most FTP servers shipped with the anonymous upload facility on – you just had to find a server that supports anonymous uploads AND downloads and Bob’s your uncle – instant piracy).
I recall when I was working at MPC that we had our FTP set-up to use anonymous access (because when you had a million and one different advertising agencies and their clients uploading assets, etc.) it was a PITA having to assign each and every client a username and password. Indeed, I set-up a system that would do this, but everybody found it complicated – people forgot the credentials and nobody liked it (tough shit, but ultimately they’re paying the moolah and it’s our job to make it easy for them).
The way it worked was thus: the FTP server was configured to allow anonymous uploads but ONLY to specific (hidden) directories, the path of which would be sent to the client via email. This prevented regular anonymous users from attempting to upload tons of pirated movies, music, etc. and let the legitimate folk do their stuff. Similarly nobody outside of MPC could browse or view the contents of the anonymous FTP account, so client data was kept confidential. If you connected anonymously via FTP without a specific path, you’d see nothing and would be able to do nothing.
It wasn’t perfect, I grant you, and I’d love to have had a full username/password system and even deploy full SCP/SFTP access to boot – but many of these advertising agencies didn’t have a bloody clue how to handle FTP or SFTP and anything more complicated than that would have been a full time job in itself. For main film productions, VPNs and much tighter ACLs allowed us greater control of how data moved back and forth between clients.
All I can say is that the FBI and the entertainment companies concerned had better have a water-tight burden of proof that Megaupload and it’s owners have been engaging in known illegal activity (to the point of absolutely condoning piracy) otherwise this could seriously backfire – making the public even more wary about just how much do the entertainment companies understand technology. The language used in law within these cases looks to be far too broad and may well have serious implications for all – and even the entertainment companies themselves that operate file sharing between themselves and third party outsourcing (namely post-production/VFX, marketing companies, distributors, etc. etc).
How does the law deal with companies or even individuals accidentally leave “anonymous” access which may result in illegal content being hosted and served from their servers? The law needs to deal with that situation. While most distributions of FTP, SFTP and other file serving software ships with a relatively secure default configuration that should prevent the situation I describe above, it only takes somebody not to have read the manual or understand how the software works to chimp it up spectacularly. Or even worse – what if there is a major bug in the file server that would allow undesirable folk to exploit the server to upload/download whatever they wanted?
From my PoV, most film studios (and that extends to TV broadcasters, independent production companies and advertising agencies) have barely come around to using non-explosive film stock. Anything more complicated and they just throw up their hands, hitch up their skirt, or turn around on the spot flapping their arms proclaiming that the sky is about to fall on their heads. I’d also imagine that most film studio and record label bosses barely understand how to use email – they just get their PAs to do it – and possibly even get them to load DVDs and Blu-Rays into their players. I have yet to encounter anybody above middle management in these companies that are truly tech savvy.
As other people have pointed out, it kind of proves the point that SOPA and it’s ilk aren’t needed given how fast this action has been brought – but I have to ask what have the courts been presented to get the arrest warrants issued? What courts issued them, and who exactly were involved and how well versed are they in technology and it’s use?
Either way I’m not impressed and will be following this situation with great interest and it’s impact could well affect how other major file sharing services operate (and I’m looking at Dropbox, Box.net, Google Docs – ANYTHING where somebody can upload files and share them publicly or even privately).
