For the half-year to 31 December 2014, the IPKat's regular team is supplemented by contributions from guest bloggers Rebecca Gulbul, Lucas Michels and Marie-Andrée Weiss.

Regular round-ups of the previous week's blogposts are kindly compiled by Alberto Bellan.

Thursday, 20 May 2010

Germany: liability for an unsecured private WiFi network

An interesting case has been decided by the German BGH on 12 May 2010. A private individual left his home WiFi router unsecured (on factory default settings). Someone downloaded a copyright protected piece of music using the unsecured WiFi spot. The owner could show that he was, at the time of the download, on vacation and could therefore not have been the one downloading. The owner of the copyright in the song sued for copyright infringement, asking for an injunction and financial damages.

The first instance court both issued an injunction and found the owner of the WiFi spot liable to pay damages. The second instance court reversed and dismissed the claim of the copyright holder.

The German Supreme Court (BGH) distinguished between the injunction and the financial damages: the owner of the WiFi spot could be enjoined, but was not liable for financial damages. He was not required to use the latest, state of the art security technology to secure his WiFi router, but at the time of the installation common precautions against the use of the WiFi spot by unknown third parties had to be taken (this means using the WEP encryption option, I guess). The defendant could be forced to take the necessary precautions and has to bear the legal costs for the lawyer's letter by the copyright owner (Abmahnkosten). He was a "Störer", but not a "Täter", i.e. not personally committing the infringement. He also was not an abetter to copyright infringement, because he lacked the necessary intent to support the infringement. Therefore, he could not be held liable for financial damages.

Whether you should leave your WiFi home network open is hotly debated (it could also be against the terms of use of your ISP). Some advocate that the openness of the Internet and the sharing culture speak for leaving WiFi networks unsecured. Others warn against the dangers this might expose your computer to. In Germany, there is now another reason for switching on the encryption.

3 comments:

MM said...

A good article at last! Did you see that nearly all English reports saw the Abmahnkosten as a criminal fine?

pacelegal said...

The Karisruhe Court didn't say what form of password or encryption a wi-fi connections needs to use. Older WPA keys are much easier to crack compared to WEP or WEP-2 keys used by modern wi-fi routers. However it seems as though at least German courts take the view that password protection is required as a threshold.

In England there has never been to my knowledge any legal duty or responsibility for a person to secure a wi-fi connection in relation to the acts of a third party using the wi-fi connection.

In Australia the Roadshow and iinet decision of the Australian Federal Court found iiNet hadn't authorised copyright infringement by its users, even where it was happening on a large scale.

The Digital Economy Act 2010 UK may allow users to be cut off more easily. Have to wait and see.

What the German decision highlighted very well was that technically speaking the ability to identify infringing file sharers is problematic. You can check the internet connection where infringing material passes through but to tie it to a particularly person having used that connection seems to be a necessary element of any proceedings involving sanction under the Digital Economy Act.

Virgin Mobile claim to have developed CView through which they say they use deep packet inspection software to identify ip addresses to identify individual users and even they concede that their solution won't identify any one person as opposed to any machine has been responsible for infringing use.

Unless english courts subscribe to the german approach of just imposing liability on the owner for 'a degree of responsibility', then there is still no sucessful way for individuals to be prosecuted unless you abandoned any onus of proof which you would expect if someone were to be penalised civilly or criminally.

There doesn't seem to be any immediate solution becaues Talk Talk and other ISPs have made secret of the fact that they won't police illegal file sharers despite what OFCOM is asking.

It might have some deterrent effect though as I've read about those who make available wi-fi access at their place of business closing it down because of fears of exposure to liability. This accords with the statistics on the reduced use of wi-fi because of the fear of liability and the uncertainty.

pacelegal said...

The Karisruhe Court didn't say what form of password or encryption a wi-fi connections needs to use. Older WPA keys are much easier to crack compared to WEP or WEP-2 keys used by modern wi-fi routers. In England there has never been to my knowledge any legal duty or responsibility for a person to secure a wi-fi connection in relation to the acts of a third party using the wi-fi connection. In Australia the Roadshow and iinet decision of the Australian Federal Court found iiNet hadn't authorised copyright infringement by its users, even where it was happening on a large scale. The Digital Economy Act 2010 UK may allow users to be cut off more easily. Have to wait and see. What the German decision highlighted very well was that technically speaking the ability to identify infringing file sharers is problematic. You can check the internet connection where infringing material passes through but to tie it to a particularly person having used that connection seems to be a necessary element of any proceedings involving sanction under the Digital Economy Act. Virgin Mobile claim to have developed CView through which they say they use deep packet inspection software to identify ip addresses to identify individual users and even they concede that their solution won't identify any one person as opposed to any machine has been responsible for infringing use. Unless english courts subscribe to the german approach of just imposing liability on the owner for 'a degree of responsibility', then there is still no sucessful way for individuals to be prosecuted unless you abandoned any onus of proof which you would expect if someone were to be penalised civilly or criminally. There doesn't seem to be any immediate solution becaues Talk Talk and other ISPs have made secret of the fact that they won't police illegal file sharers despite what OFCOM is asking. It might have some deterrent effect though as I've read about those who make available wi-fi access at their place of business closing it down because of fears of exposure to liability. This accords with the statistics on the reduced use of wi-fi because of the fear of liability and the uncertainty.

Subscribe to the IPKat's posts by email here

Just pop your email address into the box and click 'Subscribe':