Kim Dotcom is one of the most polarizing individuals in the world.
To some he is a folk hero, a freedom-fighter for the Internet battling global corruption and attempts to censor the Web. To others, he’s an outright thief who, through Megaupload, amassed a tremendous fortune by exploiting the works of musicians, filmmakers and other artists who never saw a penny.
But what isn’t up for discussion is his current legal predicament. Last week, after years of delays, a New Zealand court ruled that he, along with three of his employees, were eligible for extradition to the United States. Though that decision is on appeal, if he is extradited he will face some 13 counts including criminal copyright infringement, money laundering and racketeering. If convicted he could spend decades in prison.
But the case has raised an interesting question. Even those who despise Kim Dotcom struggle to understand how someone who is not from the United States, has never visited the country and has no businesses registered in the country can be extradited to it.
Or, to put it as Kim Dotcom himself said:
I never lived there I never traveled there I had no company there But all I worked for now belongs to the U.S. https://t.co/l3B0Cuj0tr
— Kim Dotcom (@KimDotcom) March 29, 2015
So I wanted to take a moment, without making any judgments, try to understand why both the U.S. government and at least one New Zealand court believes that Kim Dotcom is eligible for extradition to the United States even though he’s never set foot in the country.
To be clear, I’m not making any judgments on guilt vs. innocence or other areas of law surrounding extradition. The goal is to look at the jurisdiction arguments and why Kim Dotcom may soon be headed to a courtroom in Virginia.
The reason, in truth, turns out to be quite simple.
Some Quick Background
To quickly recap the case, Kim Dotcom was arrested in January 2012 in his home in New Zealand. At the same time, his then-site, Megaupload, was shuttered. It’s domain was seized as was its servers and all the bank accounts connected to Dotcom and Megaupload.
Overnight, Kim Dotcom went from running one of the most popular sites on the Web to having no business, no access to his funds and, for a time, no access to bail (though he was granted it later).
The accusation against Kim Dotcom is that Megaupload was a haven for pirated works. More importantly, the U.S. government claimed that Dotcom and his staff were not only aware of the rampant piracy, but actively encouraged and even rewarded it through a payment system that gave uploader of popular files rewards and that Megaupload continued to make those payments even after many received large numbers of copyright notices. Those files, according to the prosecutors, were then kept online through a type of shell game that feigned compliance while keeping infringing files active.
All in all, the government estimates that Megaupload contained 90 percent infringing material and also accuses the company of direct copyright infringement of YouTube videos as a means to populate Megaupload’s sister site MegaVideo.
Dotcom, however, has contended that his service was simply a file sharing tool akin to Dropbox and that he was not responsible for how it was used. He has also repeatedly denied other allegations, calling them “meritless”.
Regardless of whether he’s guilty or not, the issue of who gets to prosecute him and what laws he is prosecuted under still has to be answered. The U.S. has made it very clear that they want him to face trial in Virginia even though Dotcom has never set foot in the country.
The reasons, it turns out, come down to how Megaupload was built.
The Jurisdiction of Kim Dotcom
Kim Dotcom and Megaupload is a virtual jurisdiction nightmare. Dotcom himself holds German and Finnish citizenship but has long resided in New Zealand. His company was registered in Hong Kong, which is where much of his assets were also kept.
Megaupload itself, however, was primarily hosted in two countries: The United States and the Netherlands. In the U.S., the servers were provided by Carpathia Hosting (now owned by QTS), which is in Dulles, Virginia.
In short, much of Megaupload’s servers were located in the U.S. This, for the purpose of jurisdiction, means two things. First, much of the alleged crimes took place physically in the United States. The infringements, the payments, etc. took place, at least in large part, in Virginia even if the people orchestrating it were scattered all over the world.
More importantly though, courts in both the U.S. and now New Zealand have ruled that these servers provide sufficient contact with the U.S. to give it jurisdiction over the criminal case. While jurisdiction alone doesn’t mean a person can be extradited, it’s a crucial step and this also explains why a man who never set foot in the U.S. can be extradited to it for a crime committed online.
However, this isn’t the first time the U.S. has used the server argument it’s been using it for years to combat securities fraud in the country.
Beginning in 1996, The U.S. Securities and Exchange Commission (SEC) began to require all documents filed with it to be submitted via its Electronic Data Gathering, Analysis and Retrieval system (EDGAR). That server is located in Alexandria, VA.
Since all SEC filings pass through it, in 2010 Neil MacBride, at that time the U.S. Attorney for the Eastern District of Virginia, launched a special Financial and Securities Fraud Task Force that would take jurisdiction over nearly all securities fraud cases and prosecute them in Virginia as the courts had already ruled the EDGAR database provided sufficient contact for such prosecutions.
This meant that a Hawaiian company committing securities fraud could have its owners hauled to Virginia to face the charges, even if they never set foot in nor did business Virginia.
MacBride used the same tools to take the lead on the Megaupload case, which began under his tenure. Using the jurisdiction created by the location of Megaupload’s servers, he has sought to extradite Dotcom and his alleged accomplices to Virgina and, with last week’s ruling, his successor is one step closer to making it happen.
However, it’s important to note that the rules and jurisdiction claims in the Megaupload case are not unique to Kim Dotcom. They had been used on U.S. citizens for years before, even before the creation of MacBride’s task force.
While it is true that Dotcom is not a U.S. citizen, has never travelled to the country and didn’t register his businesses there, that doesn’t mean he didn’t have sufficient contact with the country to establish jurisdiction.
Since many of Megaupload’s servers were hosted in Virgnia, not only did much of the alleged crime physically take place in the country, but it’s sufficient contact with the area for the court to take jurisdiction, so agrees both one U.S. and one New Zealand court in this case alone.
The theory being used to give the Eastern District of Virginia jurisdiction in the case isn’t exactly new or novel, even to the district itself. Prosecutors there had used a similar process for years to streamline prosecuting securities fraud.
Agree or disagree with the logic, the reasoning is clear and, contrary to what some have indicated, it wasn’t some twist of the law created just for Kim Dotcom. It’s a recent practice, but one established well before Dotcom’s prosecution.
For me, the main takeaway is that the idea of jurisdiction becomes significantly more complicated with the Internet and that, through the nature of having an online business, there could be several locations with legitimate claims of jurisdiction over your activities, especially when you look at all of the different means one can establish civil or criminal jurisdiction over a person or company.
While it’s unlikely that any nation will bother with extradition unless your crimes are very serious, it should still give one pause to think about all of the nations that may be able to ask for your extradition should they decide your actions are illegal.
In the end, this is just another area where laws written decades or centuries ago are struggling to keep pace with the Web. The Kim Dotcom case is just one of the more complicated examples of the challenges we face when it comes to jurisdiction.