Strictly speaking, the top five pirated films of the year were Fast Five, The Hangover II, Thor, Source Code, and I am Number Four. It’s nota‘best of’ list, exactly, but that’s a different story.

Even most opponents of SOPA/PIPA maintain a common front on this issue: the foreign thief must be stopped. Chris Dodd is right about this: the only public debate is about how.

For the past few years, Kim Dotcom (nee Schmitz) has been the MPAA’s go-to example of the foreign thief. Dotcom is a flamboyant hacker/entrepreneur with a fraud conviction, a penchant for fake names, and a fortune built, like many new media fortunes, in the grey areas of IP law. Megaupload was one of the first cloud storage or ‘cyberlocker’ services, and is routinely ranked in the global top 50 in traffic. There is little doubt that it hosted a lot of infringing media. There is doubt about the extent to which Megaupload encouraged this, and how that affects their liability for infringement.

The Megaupload case has important legal implications. Mike Masnick has a very good rundown, but let’s focus on two. The case will certainly challenge the scope of the “safe harbor” from liability afforded online storage providers—a very important issue in an era of cheap, ubiquitous cloud services. It will also be a front in the government’s (and, more particularly, MPAA’s) push to shift from an ex post model of enforcement, involving notification and takedown requests when infringing content is identified, to an ex ante model based on the surveillance and filtering of user activity.

If this sounds familiar, it’s because it is also fundamentally at stake in SOPA, and raises all the same censorship and free speech issues. Holding Megaupload liable for failing to monitor and filter user activity for infringement, for example, would compel monitoring across a wide range of web services, from search to social media. And that would mark a very fundamental shift in the freedoms associated with the Internet. SOPA and the Megaupload case are part of this long game.

The Megaupload indictment is also a public effort to cast a villain in the file sharing story: to prove that someone, other than consumers, benefits from piracy. Kim Dotcom’s arrest—with all of his luxury cars on prominent display—is about making the case not only for abstract losses to industry but also theft from industry. We’ve repeatedly taken issue with the industry calculation of losses, most of which are fictional. But let’s ask the narrower question. Who is the foreign thief, and how much is he stealing?

As usual when talking about piracy, there are lots of claims but very few hard numbers. The revenue estimates that do circulate in file sharing cases are notable, however, for their miniscule size compared to the 10s or, occasionally, 100s of billions in losses claimed by industry groups. Here are a few examples…

• The Swedish trial of The Pirate Bay trial in 2009 became an occasion for all sorts of competing estimates of revenues. Record industry group IFPI estimated the site’s revenues at $ 3 million per year. The MPAA described $ 5 million in revenues. But prosecutors endorsed a much lower number: $ 170,000 from advertising (against what the defense characterized as $ 112,000/year in server/bandwidth costs and $ 100,000 per year in revenue). This is for a site that appears consistently among the top 100 visited sites in the world.
• NinjaVideo, a Brooklyn-based movie indexing site whose owners were arrested in 2011, was alleged by prosecutors to have made $ 500,000 in 2