back to article Are open Wi-Fi network bods liable for users' copyright badness?

The EU's highest court has been asked to rule on whether commercial providers of free and open Wi-Fi networks can be held liable for copyright infringement carried out without their knowledge by a user of their network. A court in Munich has asked the Court of Justice of the EU (CJEU) to provide it with guidance on how to …

  1. Anonymous Coward
    Anonymous Coward

    So all that's required is that you set a password ?

    Great idea... doesn't stop you from telling everyone the password though...

    (Or naming your SSID to reflect that password...)

    And since there seems to be no requirement to log everything I guess people can remain anonymous...

    1. Velv
      Pirate

      Re: So all that's required is that you set a password ?

      You've missed the point. It's not about anonymity, it's about copyright theft - if I permit someone to use my wifi and they steal movies and music, am I liable for their actions. If they download illegal material, am I liable?

      By setting a password you will be deemed to be "in control" of the wifi network and therefore (rightly or wrongly) liable for illegal activity. If you log who uses it (and they can be traced by the authorities), that becomes evidence it wasn't you directly who breached copyright. With no password, you currently have no defence.

      1. JeffyPoooh
        Pint

        Re: So all that's required is that you set a password ?

        "With no password, you currently have no defence."

        With no password, they probably have no case. Which is why they're trying to plug this hole.

        If the Wifi hotspot owner is liable, then the same theory works right back to the Tier 1 networks owners. Sometimes an argument can be too good.

        1. Radbruch1929

          Re: So all that's required is that you set a password ?

          > With no password, they probably have no case. Which is why they're trying to plug this hole.

          No, you still have to show and to prove that an unknown MAC address used the wireless lan.

          > If the Wifi hotspot owner is liable, then the same theory works right back to the Tier 1 networks

          > owners. Sometimes an argument can be too good.

          Not quite. The regulated networks are exempt because they are not allowed to inspect the contents of data traffic. Thus they can claim statutorily mandated ignorance. The owner of a commercial or private network is not forbidden to inspect the contents of the traffic and may not claim mandated ignorance.

          If an owner of a commercial or private network does not secure the access to the network, he is liable to inspect the traffic. Failing to do so (and a proven incident of copyright infringement occured), under German law he indirectly caused police intervention and is liable to cease and desist from doing so in the future, i.e. he has to protect the network or to start to monitor the traffic. This does not mean he is liable for damages.

          The case now revolves around the question whether a cafe hotspot is a public network with the result that the cafe owner can rely on the exemption that he is not allowed to inspect the traffic and not liable for indirectly causing police intervention. Or is it just a commercial network where he can and has to inspect the traffic. I doubt that using a publicly available password is going to be a sufficient defence under German law.

          1. edge_e
            Facepalm

            Re: So all that's required is that you set a password ?

            No, you still have to show and to prove that an unknown MAC address used the wireless lan.

            Prove that somebody didn't log into my network using my own laptops mac address .

            After all, setting an adapters mac address is trivial and my mac is in the air.

      2. big_D

        Re: So all that's required is that you set a password ?

        @Velv sort of. The law in Germany has gone backwards and forwards.

        If you are a private individual and have an open wi-fi spot, you are/were/are/were/? responsible for everything that happened on the network, unless you could prove that it wasn't you - i.e. you had to keep a log of MAC addresses, names and addresses and what those PCs did at specific times. If it was private and you had a password, you were okay, if you could prove that someone had cracked your password and done something illegal without your permission.

        Businesses had to pretty much ensure that they logged what was going on. Which wasn't a problem for the bigger providers or those that used a professional outfit to run their wi-fi hotspot. But it is a problem for small cafés and hotels etc. who run their own private wi-fi hotspots, but don't run / can't afford a proper logging system.

      3. Cynic_999

        Re: So all that's required is that you set a password ?

        I see no sense whatsoever in making a person responsible for someone else's deed just because they did not require a password. If you allow someone free use of your camera, or even your pen, and they use it to infringe copyright, how can that be deemed to be your fault?

      4. John Brown (no body) Silver badge

        Re: So all that's required is that you set a password ?

        "With no password, you currently have no defence."

        The Post Office don't require me to use a password or otherwise identify me or log details to post a pirated DVD or CD through the postal system. Ditto with BT if I decide to conspire in criminal activity from a public phone.

        This could be an interesting precedent if it goes against the "free" WiFi operators.

  2. DropBear

    I keep hearing this "unsecured hotspot" thing - huh? Yes that would make a difference for a private user, but how would it change anything for a "commercial provider" like a café? In my experience they generally DO use a password, but it's freely available on request or directly printed on the menu. It's not like anyone gets identified or authenticated MORE than they would be on a completely open hotspot, so what gives?!?*

    *Yes, I am aware some hotspots block your access until you visit a gate-page where you have to sign up in some way with them first - but I've only ever seen this done 2x (twice), grand total; possibly because dedicated apps not designed to redirect you to a webpage simply fail on any such network, and people rarely use the data connection for actual browsing in cafés these days.

    1. Velv

      Is the cafe providing commercial (albeit free) access to a private broadband connection (in breach of contract), or providing commercial access to a business broadband service that permits it to be resold (which is being done if it's a cafe, you're buying the coffee to get free access)?

      If it's full commercial broadband you'll probably find its already covered by the ISP regulations and contract. If it's a private connection you are sharing, you're probably going to find you are responsible for its illegal use.

  3. Meerkatjie

    Are electricity companies liable for the badness of people who use their electrical supply to grow plants of dubious legality?

    1. Anonymous Coward
      Anonymous Coward

      "who use their electrical supply to grow plants of dubious legality?"

      Or even provide the electricity (directly or indirectly) for the 'infringement'

    2. JoshOvki

      Or the post office for mail bombs

    3. chivo243 Silver badge
      Big Brother

      @Meerkatjie

      Try harassing someone on your landline*, The Phone Company will be happy to block your access to that number... if the harassed feel inclined to mention it to TPC.

      *I know this to be true in the USA. May not fly in European countries.*

  4. Zippy's Sausage Factory
    Joke

    So if the cafe are liable, and I get run over, could I sue Toyota* for providing the tools for the driver to hit me?

    * or Volvo, Nissan, etc...

    1. JeffyPoooh

      "...could I sue Toyota for providing the tools for the driver to hit me?"

      Possibly. They have had some purported issues with brake pedals, floor mats, spaghetti code, solder whiskers, and various reports of unintended acceleration.

      (Facts may vary from the news.)

  5. ukgnome
    Trollface

    It's not the WiFi owner

    It's bloody Google and their juicy links.

    Actually no it's not it's those bloody telco's and their ISP

    Ooh maybe not, it's the content providers such as the music, movie and gaming industry

    Damn it's every mother lover for providing such juicy content

    If you have read these comments then you owe me 25p

    *5p will go straight to El Reg

  6. heyrick Silver badge
    Mushroom

    Please don't fuck this up

    At the moment, the only safe public WiFi that I can use is in McDonalds (here in France). It is reasonably unrestricted, enough that I can connect up and then set a VPN connection running so my comms will be encrypted even over a public AP. Useful for stuff using older send-password-in-the-clear protocols like POP3.

    The alternative? Go to a KFC. Not only is their WiFi AP so locked down that only the common protocols work , any attempt to visit an SSL site throws an error on my iPad because KFC are trying to pass off a fake certificate. Always the same one, no matter what https address I go to. It is an active, deliberate, MITM which completely undermines any end-user security whatsoever. Essentially my communications would go to KFC's box, be decrypted, then re-encrypted for the journey out. But what happens in the middle? Oh, sure, they'll probably give some spin about piracy and paedos, while glossing over the part where they would have full access to all data passing. Online banking? Cheers, thanks for your full login details. Checking your Amazon or eBay sales? Thanks for the username and password.[1]

    I fear that if public providers are made to be liable for what passes through their network (as dumb as this is, refer to the hyperbole examples above), then we will see less openness, less willingness to permit VPN and the like, and more attempts to pass off fake certificates. One must already assume that any communication on a public AP is available to be read by anybody else in the room; therefore if opportunities to privacy are removed in order to satisfy liability, it will make public APs less and less useful, possibly to the point where they aren't useful at all.[1]

    1 - while at KFC, I switch on my Bouygues phone. They permit tethering on a pay-as-you-go card, so I go online via Bouygues. Can't VPN, but at least my mail password is not available to everybody in the room and SSL is not messed with.

    1. Forget It
      Pint

      Re: Please don't fuck this up

      > At the moment, the only safe public WiFi that I can use is in McDonalds (here in France).

      Obligatory culture reference:

      http://www.youtube.com/watch?v=SLtwFugudZE&t=0m58s

    2. BogBeast
      FAIL

      Re: Please don't fuck this up

      This is Europe. They will almost certainly fuck this up..

      1. Anonymous Coward
        Anonymous Coward

        Re: This is Europe. They will almost certainly fuck this up..

        Not sure it's really the fault of Europe ... more of the deranged apes currently inhabiting it and the rest of the planet. :-)

    3. Anonymous Coward
      Anonymous Coward

      Re: Please don't fuck this up

      I would hope (note: hope, not expect) that it would mean they're more willing to allow VPNs - it transfers the liability to the VPN endpoint rather than the hotspot you're connecting to.

    4. Elmer Phud

      Re: Please don't fuck this up

      "At the moment, the only safe public WiFi that I can use is in McDonalds (here in France)"

      But some of us won't set foot in McDonalds - anywhere.

    5. This post has been deleted by its author

      1. Intractable Potsherd

        Re: Please don't fuck this up

        McDonalds chips are lovely! (I don't eat meat anymore, but still pop in for a portion of fries occasionally)

  7. corestore

    "The court ruled that it was reasonable to expect individuals that run a private Wi-Fi network to at least use the standard password security mechanisms available as part of the WLAN network device."

    So if they're relying on what are considered 'standard... mechanisms that are... part of the network device', I presume they also have no objection to the use of the unsecured secondary 'guest network' facilities that are also built into many WLAN devices as standard?

    Those who live by the sword of 'standard mechanisms' can also die by that same sword.

    1. Velv
      Facepalm

      D'oh!

      Don't know about your model of hardware, but mine still allows a password on the "guest wifi". Guest wifi simply provides Internet access and blocks local network access.

  8. Anonymous Coward
    Anonymous Coward

    Lock 'em up

    and every single mail man / post man / person who has ever delivered anything not legal, every single person who has travelled on a train overhearing something downloaded illegally, every single person who has ever worked for an electricity company providing power for such downloads, gas/petrol company staff who provided fuel for the passengers in a car where an illegal download was played, and most importantly every single person in the creative industry that created the content that was downloaded.

    Or, perhaps a little quicker, lock up the idiot politicians who are too lazy to legislate to say "ISP = common carrier".

  9. Roland6 Silver badge

    Vexatious Record Company ebarks on a legal fishing trip...

    This article leaves out some key details, see: http://www.husovec.eu/2014/10/munich-court-asks-cjeu-about.html

    From various reports it seems the record company's claims have yet to be proven and are using every means possible to change/clarify the law in its favour before the Munich court passes judgement...

    1. phil dude
      Thumb Up

      Re: Vexatious Record Company ebarks on a legal fishing trip...

      thanks for giving this article some wider context....The link however has no content - the blog post has been removed...

      P.

      1. Roland6 Silver badge

        Re: Vexatious Record Company ebarks on a legal fishing trip...

        Agree content is very very thin. I see no reason why the terms "entrepreneur" and "record company" are being used, nor why no one is referring to the proceedings of the Munich court cases.

        Not sure which blog post you're referring to as the link I gave is still live, as is the source article it refers to: http://www.offenenetze.de/2014/10/08/lg-muenchen-i-legt-frage-der-haftung-bei-offenen-wlans-dem-eugh-vor-volltext/ (Google may or may not translate this from German for you).

  10. ElNumbre
    WTF?

    Service Provision

    As far as I'm aware, there is no expectation on the post office to scan digital media passing through its network for illegal content, despite it being a potential conduit for the illicit distribution of copyright content. Although they do retain the right to open and examine packages, as far as I can tell, if something slips through the net, they're not held accountable.

    So, why would an online service provider, responsible for receiving, transmitting and delivering packets be any different?

  11. Elmer Phud

    Only wifi spots with approved NSA and GCHQ software to be allowed?

  12. Anonymous Coward
    Anonymous Coward

    He who commits the crime...

    ...is responsible for the crime regardless of what network they use. The network owner is not responsible for the actions of the criminal unless they specifically and knowingly facilitate piracy or should have known they were facilitating piracy or other illegal acts.

  13. Cynicalmark
    Facepalm

    Analogy

    If I commit a speeding offence the manufacturer of my car should be prosecuted? Oh while we are at it so should the owners of the toll road I am using......;)

    Yet another crock of BS from record company lawyer parasites who don't understand the way of the web and are too lazy to go after the guilty.

    Ffs any moron can spoof a MAC code or an IP address.

    As for the European Hegemony - crusty muppets with no idea of what they are doing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like