One of the biggest questions raised by the Dept. of Justice raids that shut down Megaupload Jan. 19 was how U.S. law enforcement agencies could claim jurisdiction over a company whose official headquarters was in Hong Kong, was run primarily from New Zealand, that was founded and led by a guy with dual Finnish/German citizenship who didn't live in the U.S.
At least some of the content that allegedly violated thousands of copyrights lived on servers in Ashburn, Va. The federal court district in eastern Virginia decided, at the prompting of the DoJ, leased servers in a co-location facility represented enough of a presence to treat the whole company as if it fell under U.S. laws.
The decision raised howls of protest, mainly from Anonymous and other activists who didn't like the heavy-handed application of copyright law or dramatic effect on a company that had not yet been proven to have broken any laws.
There were just as many quiet, complex objections from those wondering how a foreign company could fall so clearly under U.S. jurisdiction, even if some Megaupload users violate plenty of copyrights and that having a physical presence in the U.S. can't help but give U.S. authorities the idea they should have jurisdiction whether they had good reason to or not.
(The legal basis for the DoJ's charges are a lot less clear than most people think, btw, even if every specific act alleged in the charges against Megaupload are entirely true.)
Feds assume they have jurisdiction even when it's clear they don't
The weak point in the case against U.S. jurisdiction is that "the complex border-hopping nature of today’s technology means that safe harbor is hard to find, because placing data “in” a particular country may not mean that at all," according to a blog discussing the raid by Gregory Jackson, VP of the higher-education IT organization Educause.
The offending files may not be on Megaupload's servers in Virginia, may never have been on Megaupload's servers in Virginia and may never be, Jackson concluded.
It is so difficult to decide for sure whether a file ever did hit a particular server that few governments or law-enforcement agencies will bother.
If a company has a physical presence in one country, that will continue to be enough of an excuse for national cops to consider the whole company to be under the jurisdiction of its digital-content protection laws.
The Megaupload raids caused a flurry of changes as file-sharing services either shut themselves down or took themselves overseas to avoid any chance of being Megauploaded by the U.S. Justice Department
On the Internet, no one knows this isn't your jurisdiction
Now, apparently, a physical presence is no longer necessary to get you raided by authorities in the U.S.
Last week the DoJ shut down online-gambling site Bodog.com, and indicted its three top execs, despite their non-U.S. citizenships, residence outside the U.S. and the fact that the company is based in Vancouver, has no physical presence in the U.S. and its gambling business is legal in the country in which the company operates.
It was enough for the U.S. Attorney's Office that Bodog bought advertisin in the U.S. and paid customers who live in the U.S., allegedly violating federal laws making it illegal to transmit or transport money from a foreign country to promote or carry on an illegal practice within the U.S.
Having no U.S. presence should have been enough to insulate Bodog from being shut down, even if it was not enough to protect its executives from being indicted.
U.S. Attorneys got around that by serving court orders for the seizure of Bodog to VeriSign, which runs the .com, .tv, .net, .cc, .name and .org domains.
While the feds couldn't touch Bodog, they could force VeriSign to remove it from the DNS database and redirect requests sent to Bodog.com to an ICE page with a notice saying Bodog had been shut down.
Bodog.com is one of about 750 domain names seized by the feds, mostly from companies using foreign registrars, which most probably think is enough to protect them from the increasingly meddlesome and presumptuous U.S. Dept. of Justice from their door.
Alas, foreign borders, foreign laws, a lack of jurisdiction and the complete lack of any physical or virtual presence within the U.S. is apparently not enough to convince the DoJ it shouldn't be allowed to shut down and prosecute anyone it wants just because its attorneys can see "illegal" activity by watching it online.
Prosecuting foreigners for operating legally, not U.S. residents who break the law by using foreign sites
Geographic national and legal borders are difficult to map to activities online, there's no question about that.
But they do exist. When a company operates in another country, is run by foreign citizens, never crosses your border with either pirated content or its own illegal services, is it really reasonable to try to prosecute that company under U.S. laws?
Maybe the U.S. residents who use the site can legitimately be said to be breaking the law, and even of crossing state or national boundaries to do it.
But the service company? Sitting there nice and legal in Canada? Is it really reasonable to try to prosecute them?
Wouldn't that just invite every national police agency in the world to do the same? Wouldn't that be a really good way to get a lot of U.S. citizens indicted for un-Islamic activities or Crimes Against the Motherland or insulting Turkishness (all are real crimes in their home countries but pretty decidedly are not crimes in the U.S.).
It's not necessary that the DoJ actually understand the Internet before it tries to prosecute everyone on it.
It's not even necessary that it understand being able to see something on the magic TV on your computer doesn't mean it has happened here. That's too much to ask of minds pureed into ooze by the combination of law and politics that fuels these prosecutions.
It is necessary, before the DoJ understand that it is responsible only for enforcing laws covering things that happen here in the U.S., not every act of every person in the world who ever has access to the Internet.
If that isn's made clear to the U.S. Attorney's office, the next step will be indicting Vladimir Putin for being elected leader of Russia without following U.S. election laws or indicting the entire national of Tajikistan for un-American activities.
In the U.S. that can probably get you a lifetime pass to Gitmo and free plane fare to Cuba.
In Tajikistan it will get you a medal – one the Tajik government has absolute right and unquestionable jurisdiction to provide.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.