Kazakhstan wins bid to get Mega IP address info on state secrets hackers File storage site Mega has been ordered to hand over IP address information to the Kazakhstan Government that could identify a user alleged to have uploaded more than 100,000 stolen documents to the service. Hackers allegedly popped Kazakhstan networks last year, allegedly uploading the stolen documents to Mega's servers …
"It is a particularly sharp loss for the firm which bills itself as a privacy-conscious file host."
A drum I've banged many times before; the best way to be "privacy-conscious" is to **not keep log files in the first place**. If you haven't got the data you can't be forced to turn it over.
Mega should be able to respond to this subpoena by handing over an *empty envelope* and saying "here - this is everything we have..."
"I direct:
(a) The issuing of the subpoena requiring an authorised representative of Mega to attend at the High Court for examination before the Registrar and to produce documents in Mega’s possession, custody and/or control sufficient to identify the:
(i) IP addresses;
(ii) email addresses;
(iii) contact information;
(iv) account information; and
(v) payment information
connected to the accounts of certain users of [Mega’s] website <https://mega.nz>, as detailed in paragraph ... for the purpose of civil proceedings that have been instituted before the SDNY."
http://www.nbr.co.nz/sites/default/files/KazakhstanvMega.pdf
Since the government of Kazakhstan restricts freedom of speech, assembly, and religion, it should have no standing in any court in any democratic nation. An appropriate response would be for the United States to suspend diplomatic relations with New Zealand - presumably, this wouldn't last long, and would get the government's attention.
I agree with your first sentence. But the second doesn't make sense. The subpoena is exactly the sort of demand the US tries to make around the world - although as far as possible it might try to avoid foreign courts in favour of direct action - and it's more likely to support the Kazakhstan government than citizen.
They are still a legally recognised nation state and they have their own laws. In particular, the law they enforcing is pretty much a valid law in most jurisdictions anyway. They may well be an over the top authoritarian state, but what they are doing in this case is no different to what many other states are doing all over the world without comment from anyone else.
Considering NZ is quite happy to prosecute* Kim Dotcom for an offence that doesn't exist in NZ at the USA's request, I very much doubt the US will be cutting off diplomatic ties over supplying info to the Kazak's on something that does in fact appear to be a crime.
Of course NZ has a delightful history of trying out shiny new laws to prosecute old grudges, only to have those cases cause massive blowback when the police/SIS turn out to have been ignoring or breaking the law.
* at great expense, and in violation of the law
Mega's method of encrypted file storage has been dubious from the beginning, it seems it's much weaker than standard 128bit AES. It does a bunch of weird stuff with the encryption, and the rule of thumb with encryption, is that if you're doing it yourself, you're probably getting it wrong. Further Kim Dot Com was forced out of the company so one can assume it's in government control. All of which means it's not a great place to store files securely.
Now for legal files that don't compromise one's own privacy and one doesn't mind sharing with the world it can still be a useful file host. I simply wouldn't rely on Mega to keep access to anything secure though.
This isn't about keeping something secret, it's about publishing something to the world, and getting away with it. Perhaps the person in question should have used WikiLeaks. Now the Khazak government wants to know who is the culprit. Yeah, +1 on anonymous VPN and Onion, and using a public WiFi with a modified mac address.
I've got a little old lady customer who is a Khazak national, living in the UK with her husband, a former Para. She likes to read the "alternative" Khazak press, and communicates with "liberal" friends back home. So far in three years I've had to rebuild her PC four times because it had been hopelessly compromised by rootkits, keyloggers and multiple other infections. Her e-mail box is permanently hammered with malware-ridden spear-fishing attacks. All coming from Cossack land
This woman is in her 70's, frail, and about as much risk to the Khazak government as my son's pet hamster.
The Khazak authorities are nothing but a bunch of stalinist brutalist oppressive thugs
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
