From a standing start in January 2013, file-hosting platform Mega has gone from strength to strength.
Founded by Kim Dotcom in response to the Megaupload takedown of 2012, Mega has since parted ways with the entrepreneur but its growth has continued in his wake.
According to figures published by Mega, at the end of the final quarter of 2013 the cloud storage company was hosting around 0.6 billion files. In 2014, that had leaped to 3.6 billion files, a figure that almost doubled to 11.9 billion by the end of 2015. The latest published data reveals that at the end of September 2019, Mega was storing an impressive 63.8 billion files.
Early 2015 the company published its first transparency report, a common practice for large technology companies including Google, Twitter and Reddit. The latest installment published today by Mega strives to underline the platform’s compliance with local and international law and has a clear emphasis on how it deals with copyright infringement.
With an obvious eye on the fate of Kim Dotcom and the ongoing Megaupload saga, Mega stresses that it enjoys safe harbor protections under New Zealand’s Copyright Act in respect of content uploaded by its users. Additionally, while there is no technical need for it to do so, the company says that it also respects the standards required to achieve safe harbor under the DMCA and the EU Copyright Directive.
As a result, Mega reports that when it receives a takedown notice it aims to disable access to content within four hours, with takedowns “usually being actioned” well within that self-imposed limit. However, with files reportedly being uploaded at the rate of 500 per second, there are bound to be some that breach copyright law.
For the first nine months of 2019, Mega reports that it processed around 317,500 takedown requests. As the table below shows, that is a relatively small number when viewed alongside the total number of files stored by the company.
Data provided by Mega shows that the number of links taken down peaked in 2014 at around 150,000, with a downward trend following until late 2015. Since then, takedowns have varied from a low of around 50,000 in the third quarter of 2018 to a high of 120,000 in the second quarter of 2019.
However, as the table below shows, the relatively steep rises seen this year had very little impact on the trend of reducing takedowns when compared to the percentage of files stored overall.
In light of the ongoing lawsuits in the United States, particularly involving ISP Cox Communications, the manner in which technology companies handle the issue of so-called “repeat infringers” is now a key battleground when questions are raised over liability for infringement. In this regard, it’s clear that Mega doesn’t want to be seen falling short.
After initially operating a “five strikes” policy, in 2015 Mega introduced a “three strikes” regime that remains in place today. Related account suspensions peaked in the third quarter of 2017 at just over 8,000 but then suddenly tailed off to a relatively steady 2,000 to 2,500 suspensions per quarter thereafter.
Since its inception, Mega says it has suspended around 78,000 accounts for hitting the limits of its repeat infringer policy, which is a significant number but relatively small when compared to the number of user accounts overall.
Mega launched as “The Privacy Company” with file encryption a key selling point. The cloud storage platform says that it cannot decrypt any files without the appropriate key but “does have access to registration information and IP addresses used to access our services.”
The company adds that it holds personal data relating to users for extended periods, including email and IP addresses, plus “limited activity detail” relating to account access, file uploads, shares, and chats.
“Personal data is retained indefinitely while the user’s account is open. After account closure, Mega will retain all account information as long as there is any law enforcement request pending but otherwise for 12 months after account closure as users sometimes request that an account be re-activated,” Mega states.
“After 12 months, identifying information such as email and IP addresses will be anonymized (except that email address records will be retained for reference by the user’s contacts or where the user has participated in chats with other Mega users) but other related database records may be retained.”
This information will only be handed over when Mega is required to do so by New Zealand law, a New Zealand court, or law enforcement authority “with appropriate jurisdiction”. However, the company notes that it may “consider” requests from overseas law enforcement and civil claimants.
“During the 2018-2019 year, Mega was served 7 legal orders from NZ authorities and then disclosed account information for 540 user accounts which are alleged to be involved in serious criminal activity overseas,” the company concludes.