March 06, 2012, 4:31 PM — One of the biggest questions raised by the Dept. of Justice raids that shut down Megaupload Jan. 19 was how U.S. law enforcement agencies could claim jurisdiction over a company whose official headquarters was in Hong Kong, was run primarily from New Zealand, that was founded and led by a guy with dual Finnish/German citizenship who didn't live in the U.S.
At least some of the content that allegedly violated thousands of copyrights lived on servers in Ashburn, Va. The federal court district in eastern Virginia decided, at the prompting of the DoJ, leased servers in a co-location facility represented enough of a presence to treat the whole company as if it fell under U.S. laws.
The decision raised howls of protest, mainly from Anonymous and other activists who didn't like the heavy-handed application of copyright law or dramatic effect on a company that had not yet been proven to have broken any laws.
There were just as many quiet, complex objections from those wondering how a foreign company could fall so clearly under U.S. jurisdiction, even if some Megaupload users violate plenty of copyrights and that having a physical presence in the U.S. can't help but give U.S. authorities the idea they should have jurisdiction whether they had good reason to or not.
(The legal basis for the DoJ's charges are a lot less clear than most people think, btw, even if every specific act alleged in the charges against Megaupload are entirely true.)
Feds assume they have jurisdiction even when it's clear they don't
The weak point in the case against U.S. jurisdiction is that "the complex border-hopping nature of today’s technology means that safe harbor is hard to find, because placing data “in” a particular country may not mean that at all," according to a blog discussing the raid by Gregory Jackson, VP of the higher-education IT organization Educause.
The offending files may not be on Megaupload's servers in Virginia, may never have been on Megaupload's servers in Virginia and may never be, Jackson concluded.
It is so difficult to decide for sure whether a file ever did hit a particular server that few governments or law-enforcement agencies will bother.
If a company has a physical presence in one country, that will continue to be enough of an excuse for national cops to consider the whole company to be under the jurisdiction of its digital-content protection laws.