New Zealand-based cloud-storage site Mega is fighting a court order to hand over user information to the Kazakhstan government, which it says is a dangerous breach of privacy.

Kazakhstan contests that the Kim Dotcom-founded site was very likely used by the hackers behind the release of sensitive government documents and emails.

Kim Dotcom graffiti
Kim Dotcom – Wikimedia Commons/Thierry Ehrmann

A mega hack

Last year, hackers stole a large number of government documents, which ended up online - including on Mega - and were indexed on website named ’Kazaword’.

At first, the Kazakhstan government reacted by taking its primary media critic Respublika to US court for reporting on some of the kazaword documents.

Respublika, which has suffered from constant DDoS attacks and had its offices firebombed, as well as facing malware and phishing attacks, is currently blocked in Kazakhstan. The court case, however, was unsuccessful as US courts ruled that journalistic publications can report on information that may have come from illegal sources, even if it is known that the information was illegally obtained.

Stymied in its attempts to bring legal action against Respublika, the Government of the Republic of Kazakhstan turned its attention to Mega earlier this year, claiming that the files were uploaded to Mega before being available anywhere else, and therefore came directly from hackers.

Mega, the creation of controversial Megaupload creator Kim Dotcom, launched in 2013 as a cloud storage website that claims that all user files are encrypted locally before being uploaded.

Dotcom, a former millionaire and one time Call of Duty world champion currently fighting court cases against the US over Megaupload’s alleged copyright infringement, left Mega in 2014 - but the site has continued to gain users. In January 2016, it said it had 40 million registered users in more than 245 countries, with more than 12 billion files uploaded to the service.

100 of those users, Kazakhstan claims, were behind the hack.

Kazakhstan has filed legal proceedings in New York suing 100 unnamed ’John Does’ which it says it needs Mega to provide information on. 

Mega, however, has so far refused, with chairman Stephen Hall saying earlier this year: “Kazakhstan has a terrible civil rights record, and although they’ve couched it as a civil proceeding… we were very concerned that these users may suffer significant impact if their email addresses are disclosed.”

Kazakhstan responded to the refusal by taking Mega to court in New Zealand.

Speaking to New Zealand’s High Court this week, Mega defense lawyer Fletcher Pilditch said that the order included users who had stored news articles referring to the Kazaword files, and that there was nothing to suggest they had any relation to the hackers, Radio New Zealand reports.

“What we see is no different to what happens when journalists come into possession of information that may have come from leaks,” he said, drawing comparisons to journalists who use Wikileaks material, or New Zealand author Nicky Hager, whose book Dirty Politics used stolen National Party emails.

He said: “Just because they had access to it doesn’t mean they were responsible for the hacking.”

Kazakhstan’s New Zealand lawyer Daniel Kalderimis disagreed, saying: “There’s every reason to think that those documents were posted by people working in concert with the hackers.”

He claimed the articles on Mega had emails that were not available by ‘casually browsing’ the internet. “The inference is that they must have come from somewhere else.”