13 May 2016

Mega cites safety fears over users' info

8:39 am on 13 May 2016

The cloud storage site Mega says it fears for the safety of its users if it has to hand over their personal information to the Kazakhstan government.

no caption

Kazakhstan says sensitive government documents were stolen and uploaded to Mega. Photo: 123RF

The High Court in Auckland yesterday ordered the website to hand over IP addresses, email addresses and other information of Mega users, suspected of hacking Kazakhstan's government computer system in 2014.

The New Zealand-based website was founded by internet businessman Kim Dotcom but he said last year he was no longer a director, manager or shareholder.

Kazakhstan said substantial numbers of sensitive government documents and emails were stolen during the hack and then uploaded to Mega.

It had already filed legal proceedings in a New York court suing 100 unnamed "John Does" that it believed carried out the hack, but wanted the information from Mega to help identify who those people were.

The High Court ruling accepted that the information Kazakhstan wanted was "essential to identifying at least some of the 'Does' named as defendants in the complaint".

It ordered Mega to comply with the request to turn over IP addresses, email addresses, contact information, account information and payment information of certain users.

Cloud storage website Mega.

The Mega website was launched by Kim Dotcom in 2013. Photo: MEGA.NZ

Earlier this year, a California federal court refused to grant a similar order against Facebook, where the Kazakh news website Respublika, a major critic of the country's government, had published articles based on the hacked documents.

But in New Zealand, Justice Moore dismissed Mega's concerns about the privacy of its users.

"This information is neither particularly revealing nor particularly sensitive; it does not, for instance, carry the same degree of confidentiality as an individual's email or phone records. Therefore, I am satisfied that the privacy interests in this case should not carry significant weight," he wrote.

Mega's chairman Stephen Hall said the company was worried about what could happen to the users whose information had been requested, if Mega complied with the order.

"Kazakhstan has a terrible civil rights record, and although they've couched it as a civil proceeding ... we were very concerned that these users may suffer significant impact if their email addresses are disclosed."

Kazakhstan’s President Nursultan Nazarbayev

Kazakhstan’s President Nursultan Nazarbayev Photo: AFP

In some cases where users had clearly done something illegal, Mega did provide information to authorities if requested to do so, Mr Hall said.

"But at the same time we also see cases where there's repressive regimes trying to stifle genuine public comment under the guise of illegality or copyright abuse ... so it's a fine line to balance that repressive and improper use, and the genuine cases where, if there is illegal activity, we will support the authorities."

There was no indication or proof that the people who uploaded the documents to Mega were even the original hackers, Mr Hall said.

The company was considering its next steps, including whether to appeal the order, he said.

Kazakhstan's lawyer in New Zealand, Daniel Kalderimis, said he was not surprised the High Court had granted Kazakhstan's request.

"The jurisdiction that it's exercising under the Evidence Act is well-known, it's narrow - and that was the case that Kazakhstan had to satisfy the New Zealand court it could meet," Mr Kalderimis said.

"There was a narrow request for specific information, that wouldn't be a wide-ranging, fishing expedition."

Requests from foreign countries had been granted before, but it was the first time he was aware of that a request for internet user information had been made and granted, he said.