He described the indictment against Megaupload as "breathtaking." It doesn't name specific works that were allegedly infringed, or name any individuals responsible for sharing those works. Instead, the indictment holds Megaupload and its operators responsible for the conduct of its users.

That position is incompatible with how cloud services work, Rothken contended. Privacy laws in the U.S. prevent cloud storage providers from looking at the content its users have stored, he said.

"As a practical matter, anything that is needed for a cloud storage provider to make an assessment of what is infringing or what is not is essentially off-limits for them to look at," he said.

Megaupload hasn't filed its response to the charges indicating how it will defend itself. Julie Samuels, a staff attorney with the Electronic Frontier Foundation, said Rothken is likely to cite the safe harbor provisions of the Digital Millennium Copyright Act, which protect ISPs against liability for what users do on their networks. It's not clear yet if that protection extends to storage service providers, however.

Rothken contends that Megaupload had a robust program to take down infringing content in compliance with the DMCA. It means that Megaupload would not meet the "willful" requirement to prove criminal copyright infringement, he said.