@Invidious Aardvark
"There's nothing to stop the user passing the key in the URL, I guess, except it seems a somewhat insecure method of transmitting your key. Encryption only works when your key is secret, if you're broadcasting it to the world every time you request a file then why bother encrypting at all?"
That's easy! It's just so that the file host (Kim Dot Com's new outfit) cannot read the file themselves, thus tunneling a nice new loop hole in the laws that Megaupload got slapped with. Since this new site has no way of reading the contents of the files, they cannot possibly ever know that the file uploaded contains copyrighted data.
It shifts ALL the burden of responsibility to the users of the service, you can store your files encrypted in the cloud, completely secure even if the servers are hacked or taken by the fuzz, or you can share a link with your friends that lets them download and decrypt the file.
I would assume that ALL the file encryption/decryption is done on the user's side, possibly in-browser through some javascript, so that there is no way at all that the original unencrypted data passes to the cloud server, that way there is no way that they could know what was just uploaded was infringing in some way.
I think it's a pretty clever and damn good service that will manage to skirt the law much to the annoyance of the FBI, RIAA, MPAA , etc