9 Aug 2016

Mega heads to court to protect users' privacy

11:32 am on 9 August 2016

Mega, the company Kim Dotcom founded, says a court order to hand over user information to the Kazakhstan government is an unnecessary breach of privacy.

no caption

Photo: 123RF

The New Zealand-based cloud-storage site is fighting the order at a hearing in the High Court in Auckland.

Mr Dotcom relinquished his involvement in the company in 2014.

The order required Mega to hand over IP addresses, email addresses and other personal information of Mega users suspected of hacking Kazakhstan's government computer system in 2014.

Kazakhstan said substantial numbers of sensitive government documents and emails were stolen during the hack and then uploaded to Mega.

It had filed legal proceedings in a New York court suing 100 unnamed "John Does" who are believed to have carried out the hack, but wanted the information from Mega to help identify who those people were.

Earlier this year, Mega chairman Stephen Hall said the company was worried about what could happen to the users whose information had been requested if Mega complied with the order.

"Kazakhstan has a terrible civil rights record, and although they've couched it as a civil proceeding ... we were very concerned that these users may suffer significant impact if their email addresses are disclosed."

Earlier this year, a California federal court refused to grant a similar order against Facebook, where the Kazakh news website Respublika, a major critic of the country's government, had published articles based on the hacked documents.

Mega defence lawyer Fletcher Pilditch said in court today that the order included people who had only used the website to store news articles that were based on, or referred to the hacked information.

There was nothing to suggest those users were the hackers or had any relationship to the hackers, he said.

What they had stored was akin to news articles based on Wikileaks material, or New Zealand author Nicky Hager's book, Dirty Politics, which was based on stolen emails, Mr Pilditch said.

Nicky Hager's Dirty Politics claims that Tony Falkenstein, was the target of online attacks written by the blogger Cameron Slater.

Daniel Kalderimis drew comparisons between people who used Mega to store hacked information and Nicky Hager's book Dirty Politics, which was based on stolen emails. Photo: RNZ

"What we see is no different to what happens when journalists come into possession of information that may have come from leaks."

Those users' private information was therefore irrelevant to identifying who may have carried out the hack, he said.

Mega also did not accept that users who had posted "raw material", such as emails and other documents, were necessarily those who had carried out the hack, Mr Pilditch said.

The website would, however, comply with the part of the order requiring those particular users' information to be handed over.

But Kazakhstan's New Zealand lawyer Daniel Kalderimis argued that the details of those users was highly relevant to identifying the hackers.

"There's every reason to think that those documents were posted by people working in concert with the hackers."

Each of the articles stored on Mega had stolen emails embedded in them and those emails were not available by "casually browsing" the internet, he said.

"The inference is that they must have come from somewhere else."

Whoever had embedded the emails "must have had independent access", Mr Kalderimis said.

Mega was not denying that the users who had stored articles had independent access to the stolen emails, Mr Pilditch said.

"They had access in the same way that [Nicky] Hager had access to [National Party] emails.

"But just because they had access to it doesn't mean they were responsible for the hacking."

Get the RNZ app

for ad-free news and current affairs