EU ends anonymity and rules open Wi-Fi hotspots need passwords
Well done Pirates. Great result
Result, guys. Result.
A campaign by Digital Rights activists to preserve open Wi-Fi hotspots has resulted in Europe’s highest court deciding the exact opposite. The ECJ has advised that open Wi-Fi hotspots should probably be operated password-protected – and hotspot owners should require users to reveal their identities.
The unexpected advice comes in a case that pitted a Pirate Party supporter against the entertainment multinational Sony, in Germany, and revolved around whether a shop owner had a duty of care over what went on his open network.
Tobias McFadden operated an open, password-free Wi-Fi hotspot in his lighting shop in Munich. In 2010, Sony found the hotspot was being used for copyright infringement, and obtained a Court injunction ordering him to pay costs, on the grounds that McFadden hadn’t secured it. Operating a network involved the concept of a secondary liability in some German courts known as “Störerhaftung, or a duty of care.
The case percolated up to the ECJ, and the Attorney General’s expert advice was that McFadden was acting as an ISP, therefore he enjoyed the protection from liability provided by Article 12 of the E-Commerce Directive. The Luxembourg Court usually follows the AG’s advice, but not always, most notably in the Schrems "Facebook" data protection case.
The ECJ in its judgement broadly agreed, finding that McFadden satisfied three conditions necessary to qualify as an “information service provider” – he was providing a pipe, he hadn’t initiated the infringement, and he didn’t alter the transmission in any way.
But it also threw a bomb into the room.
Rather than establishing that open Wi-Fi hotspots don’t need a password, and right-holders have no business requesting a hotspot provider apply a password to an open hotspot, it concluded the opposite.
The Court holds that an injunction ordering the internet connection to be secured by means of a password is capable of ensuring a balance between, on the one hand, the intellectual property rights of rightholders and, on the other hand, the freedom to conduct a business of access providers and the freedom of information of the network users. The Court notes, in particular, that such a measure is capable of deterring network users from infringing intellectual property rights.
In that regard, the Court nevertheless underlines that, in order to ensure that deterrent effect, it is necessary to require users to reveal their identity to be prevented from acting anonymously before obtaining the required password.
If copyfighters hoped that a ruling on open hotspots would preserve an individual's ability to infringe anonymously and consequence-free, it’s had the opposite effect. The ruling ends anonymity on open hotspots, and has probably killed the open hotspots altogether. The CJEU is pretty forthright.
McFadden was supported and accompanied by the German Pirate Party, and posed in a Pirate Party T-shirt. If he'd only carried the can for his sole infringing user, anonymity would have been preserved, and open Wi-Fi hotspots wouldn't need a password. The ECJ's rulings can't be appealed*.
Pirates for Brexit, form a queue here. ®
* We noted the bizarre and arbitrary nature of the Europe’s highest Court last week. At the time we cautioned, not entirely sarcastically, that if you didn’t like a particular ECJ ruling, there would probably be another one along in a few weeks that completely contradicted it.
That advice still holds. The Lottery Wheel of Justice will doubtless spin again.
** The case was Tobias Mc Fadden v Sony Music Entertainment Germany GmbH and the ruling is here. [PDF]
Sponsored: Becoming a Pragmatic Security Leader