MEGA Provided Suspended Account Files to FBI in Child Porn Case

MEGA shares users' account information with the New Zealand government, which can then provide it to other agencies, court records show.
October 9, 2020, 4:48pm
Mega
Image: Brendon O'Hagan/Bloomberg via Getty Images

Popular file sharing service MEGA recently shared the content of a user's suspended account after the FBI provided the service with a list of potential passwords in a child abuse case, according to court records.

The court records highlight the data retention policies and law enforcement communication practices of MEGA. They also show how MEGA does not ask for authorities to provide a court order for data when requests from law enforcement relate to certain types of alleged crimes.

"Account Details are voluntarily disclosed to relevant authorites without notifying the user in all cases of alleged CSAM (Child Sexual Abuse Material) or Violent Extremism storage/sharing—no subpoena or MLAT procedure is necessary," one of the court records reads, referring to a Mutual Legal Assistance Treaty, an agreement between governments that lets them request data from bodies based in other countries.

Do you know anything else about what sort of data companies provide to law enforcement? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

MEGA works similarly to other file sharing and cloud storage services such as Google Drive or Dropbox. What separates MEGA is its use of end-to-end encryption to protect the content of users' files.

"End-to-End Encryption," MEGA's website reads. "Your MEGA files and chats are encrypted with keys controlled by you."

In an overview video, MEGA explains how two fictional lawyers called Alice and Bob are trying to store their documents securely. Alice chooses to use MEGA, which uses "cryptographic keys that only she controls," the video's narrator says.

"Nobody else, not even MEGA, has access to them," the narrator adds. "Only parties of Alice's choosing receive the keys to decrypt the files that she shares with them."

In Motherboard's experience, MEGA is often a preferred choice among some criminal groups or communities for sharing files, be that revenge porn, hacked files, or material related to other crimes. Some of these criminal users may be attracted to MEGA for its end-to-end encryption, as well as its relatively large free plans of 50GB worth of storage.

mega-2.png

A section of the warrant application. Image: Motherboard

The recent case of MEGA providing data to the FBI relates to a child abuse investigation. In September, Dickson Woo, a Task Force Officer from the FBI, filed an application to search data they had obtained from MEGA. In the application, Woo explains the FBI investigated users on the messaging app Kik they suspected of sharing child abuse material. In July 2019, Woo and another FBI official met suspect Macgwire Beck at his place of work to interview him. During that interview, Beck admitted to trading sexual image of minors, and said he had child pornography in his MEGA account in 2018. Beck added that the account had been closed because of a breach of MEGA’s terms of service, the document says.

Beck provided the FBI with a list of potential email addresses and passwords for the MEGA account, the document adds.

"SA Mustell attempted to access the account during this interview but the MEGA account was not accessible due to the account being closed," the document reads.

Another FBI official then "contacted the New Zealand government that has access to MEGA account information and forwarded the information to them so they could access the contents of Beck's MEGA account," the document reads. The official was told that MEGA has given access to their records to a "select amount of people that work in the New Zealand government" for cases that involve sexual exploitation of children.

The FBI then received around 40GB of data, the document adds.

mega-1.png

A section of the warrant application. Image: Motherboard

Stephen Hall, chairman at MEGA, told Motherboard in an email that "all files are encrypted at the user’s device before being uploaded to Mega, so neither we nor anyone else can read them," unless the user provides their password to, say, law enforcement, or if the user shares a link to the material publicly along with the decryption key. With MEGA this can be included in the URL itself for ease of access if the user chooses.

"MEGA has zero tolerance for Child Sexual Abuse Material which is universally illegal. We do get reports from general users, and from law enforcement, of links to CSAM complete with the decryption keys, which have obviously been shared on a public forum," Hall added.

"Our approach to illegal activity applies to all types of accounts. We will never profit from illegal activity," Hall wrote.