German Court Says You Must Secure Your WiFi Or You May Get Fined

from the open-wifi-is-illegal? dept

Wed, May 12th 2010 1:30pm — Mike Masnick

Miranda Neubauer was the first of a few of you to send in the news of a bizarre German court ruling that makes it effectively illegal to offer open WiFi. Seriously:

Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data.

Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files, the Karlsruhe-based court said in its verdict.

"Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation," the court said.

This is backwards in so many ways. First, open WiFi is quite useful, and requiring a password can be a huge pain, limiting all sorts of individuals and organizations who have perfectly good reasons for offering free and open WiFi. Second, fining the WiFi hotspot owner for actions of users of the service is highly troubling from a third party liability standpoint. The operator of the WiFi hotspot should not be responsible for the actions of users, and it's troubling that the German court would find otherwise. This is an unfortunate ruling no matter how you look at it.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: copyright, germany, passwords, security, third party liability, wifi, wireless

53 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Travis Miller (profile), 12 May 2010 @ 12:39pm

password?
What if everyone who wish to leave it open just made the password "password" (or the German equivalent)? Would they be liable for not having a strong enough password? Who would they hold liable if the WiFi was locked with a strong password, but there was good reason to believe that the password had been compromised by other means?
[ link to this | view in chronology ]
- Stuart, 12 May 2010 @ 2:35pm
  
  Re: password?
  What the would do is assume that since your connection was "secure" that you were the one doing the downloading and hit you with that.
  [ link to this | view in chronology ]
- Tom Schweiger, 14 May 2010 @ 5:57am
  
  Re: password?
  yes, the case decided by the German Supreme Court (BGH) was a case with a wlan that used a password which was preselected by the manufacturer. So an "easy to know" password, would not be sufficient. You have to use a "secure" password.
  [ link to this | view in chronology ]
Rose M. Welch (profile), 12 May 2010 @ 12:47pm

So... if someone steals your car in Germany, and then uses it as a getaway car in a robbery, can you be charged for that as well?

Besides, in a normal crime, even if you knew about it, you could only be charged as an accessory, not the perpetrator.

This is nuts.
[ link to this | view in chronology ]
- Anonymous Coward, 12 May 2010 @ 1:32pm
  
  Re:
  if you lend your car to someone to perform a robbery, perhaps. if they steal it, no. open wifi is a stupid, stupid concept only supported by the internet tree huggers and bandits who dont want to pay for anything. it is the internet version of 'snitches get stiches' and just as dishonest. you might as well leave your front door open during the day so strangers can use your sofa and tv while you are at work. totally stupid.
  [ link to this | view in chronology ]
  - Phillip Vector (profile), 12 May 2010 @ 1:38pm
    
    Re: Re:
    YEAH! Those coffee houses that have seats in them to entice people to drink their coffee in the place (and perhaps get them to buy more stuff when the caffeine kicks in) shouldn't be allowed to have them. They are only used by people who want to sit down for free.
    [ link to this | view in chronology ]
    - Anonymous Coward, 12 May 2010 @ 2:17pm
      
      Re: Re: Re:
      the coffee house is more than able to provide connection information to their patrons, in the same manner that you might grant someone use of your home network when they visit. you are thinking like an american, using bizarre absolutes to try to prove a point. do you let everyone into your house, or only people you choose?
      [ link to this | view in chronology ]
      - Anonymous Coward, 12 May 2010 @ 2:30pm
        
        Re: Re: Re: Re:
        I let everyone into my home. You know what they say, sharing is caring.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 12 May 2010 @ 2:49pm
        
        Re: Re: Re: Re: Re:
        in which case you are an exceptional idiot, and you can pay the fines.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 12 May 2010 @ 2:54pm
        
        Re: Re: Re: Re: Re: Re:
        What fines? No one fines me for letting people into my home. That's just stupid!
        [ link to this | view in chronology ]
      - DocMenach (profile), 12 May 2010 @ 2:57pm
        
        Re: Re: Re: Re:
        the coffee house is more than able to provide connection information to their patrons, in the same manner that you might grant someone use of your home network when they visit
        
        You fail again TAM. I work at a place that is simply too large to conveniently "provide connection information" to our patrons. Unless we put signs up all over the place we would have tons of customers wasting staff time asking how to get on the wireless network. By leaving the connection open we make it much more convenient for our customers. Besides, putting a password on it still wouldn't prevent people from doing illegal things with that network connection.
        
        TAM is such a miserable failure.
        [ link to this | view in chronology ]
      - Hephaestus (profile), 12 May 2010 @ 8:43pm
        
        Re: Re: Re: Re:
        "the coffee house is more than able to provide connection information to their patrons, in the same manner that you might grant someone use of your home network when they visit."
        
        Ah I really love unintended consequences. One really big problem is that this will open up a huge new problem, WiFi locations and password lists online. Also WiFi hacking password software is another unintended consequence. Of course this hacking WiFi hacking software will lead to laws that, require you to get a new WiFi router everytime the encryption is cracked and the firmware upgrade doesnt work.
        [ link to this | view in chronology ]
  - Anonymous Coward, 12 May 2010 @ 1:39pm
    
    Re: Re:
    You don't really understand what the internet is, do you? That actually makes a lot of sense.
    
    http://en.wikipedia.org/wiki/Internet
    [ link to this | view in chronology ]
  - John Fenderson (profile), 12 May 2010 @ 2:19pm
    
    Re: Re:
    That comment made no sense whatsoever, and yet still managed to get across the fundamental concepts that sharing things with others is bad and people should be legally restricted from doing so. Kudos to you, sir!
    [ link to this | view in chronology ]
  - Rose M. Welch (profile), 12 May 2010 @ 2:29pm
    
    Re: Re:
    You, sir, are an idiot.
    
    Adding the level of security that the average user is going to be able to add means that they'll still be giving away wifi to plenty of people, just like locking your car door and walking away with the keys doesn't really stop anyone from stealing it.
    
    In both cases, it has nothing to do with permission, but only in one case can you be held responsible for what someone did without your permission.
    [ link to this | view in chronology ]
  - tuna, 13 May 2010 @ 5:18am
    
    Re: Re:
    We have open wireless at my workplace so that our vendors and techs can get on the internet for fixes, training and demos.
    
    If I put a password on it I would have to hand out that password to about 20 different people per week. Which means at the end of the year there are over a thousand people with that password anyway.
    
    You obviosly have no connection to the IT industry.
    [ link to this | view in chronology ]
  - btr1701 (profile), 13 May 2010 @ 11:40am
    
    Re: Re: Secure
    > you might as well leave your front door open
    > during the day so strangers can use your sofa
    > and tv while you are at work
    
    The point is that if I want to do that, then I should be able to. It's *my* house and *my* sofa and TV and if want to make it available to people to use, that's my business. It may not be smart, but I have the right to control my own property. It's none of the government's business.
    [ link to this | view in chronology ]
  - BearGriz72 (profile), 13 May 2010 @ 9:21pm
    
    Re: Re:
    I myself have an open access point. Granted it is firewalled, isolated from the rest of my network and bandwidth limited (to prevent negative impact on MY use. I am not an ISP) However if one of my neighbors wants to use that connection under those restrictions they are free to do so. That is what it is there for. Grow a Brain...
    [ link to this | view in chronology ]
- :Lobo Santo (profile), 12 May 2010 @ 1:48pm
  
  Re: Yep
  Plus, if any nearby Germans have rights, other nearby Germans are subject to violence (inexplicably).
  
  ; P
  [ link to this | view in chronology ]
- tuna, 13 May 2010 @ 5:15am
  
  Re:
  In the U.S. if you leave your keys in the car and someone steals it and commits a crime you are laible.
  [ link to this | view in chronology ]
  - abc gum, 13 May 2010 @ 6:09am
    
    Re: Re:
    "In the U.S. if you leave your keys in the car and someone steals it and commits a crime you are laible."
    
    Liable for what?
    
    IANAL, however - I do recall that (in the US) some states have laws which penalize those who leave their keys in the vehicle. In addition, there are laws (in some states) which penalize those who leave the vehicle running, etc. It is my understanding that the vehicle owner is not liable for the actions of the car thief, whatever they may be. If you have information in support of your assertion that would be great, please share.
    [ link to this | view in chronology ]
  - btr1701 (profile), 13 May 2010 @ 11:42am
    
    Re: Re:
    > In the U.S. if you leave your keys in the car and
    > someone steals it and commits a crime you are laible.
    
    There are so many things legally and factually wrong with that statement that I hardly know where to begin.
    [ link to this | view in chronology ]
- btr1701 (profile), 13 May 2010 @ 11:38am
  
  Re: Accessory
  > Besides, in a normal crime, even if you knew about
  > it, you could only be charged as an accessory
  
  That's not true, either. (At least under American law. I have no clue what German law says about this.)
  
  Merely knowing about a crime doesn't make you an accessory (despite what cops in movies and TV shows seem to think). In order to be an accessory, you have to have provided some kind of material support or facilitation to the perpetrators of the crime.
  
  In most US jurisdictions, citizens aren't under any obligation to stop a crime they know about or witness; they're not even required to report it to the police. The only exception for this is child abuse. Most states have passed laws that impose criminal liability on people who know about child abuse and fail to report it.
  [ link to this | view in chronology ]
- J.D., 3 Jan 2014 @ 12:04am
  
  Response to: Rose M. Welch on May 12th, 2010 @ 12:47pm
  In Germany, if you left your door unlocked (either home or vehicle) and it was broken into or stolen, insurance will claim neglegence and not cover you. So yes, Germany has some weird victim blaming.
  [ link to this | view in chronology ]
Anonymous Coward, 12 May 2010 @ 1:54pm

how silly, this is probably one of those laws legislators pass just to appear to be doing something, but will never be enforced because of the shitstorm it would cause
[ link to this | view in chronology ]
Cynyr (profile), 12 May 2010 @ 2:36pm

i wonder
I wonder if you can apply to have an open wifi network if it is part of a business, or though some other means. It would probably require locking down some aspects of the service and logging data.
[ link to this | view in chronology ]
Anonymous Coward, 12 May 2010 @ 2:41pm

Yeah, that was TAM, our resident RIAA shill. He never makes any sense and has no fucking clue about technology. Just the same as that German court.

Using a password is only part of securing the wifi. WEP can be easily broken and even WAP, although more difficult. The point is you can claim your wifi has been hacked. Then what?

And what if you did everything you know to secure your network but left a weak point and got hacked?

What if you are a moron like TAM?
[ link to this | view in chronology ]
- Anonymous Coward, 12 May 2010 @ 4:33pm
  
  Re:
  ask your insurance company what the difference would be between leaving your car running with the doors unlocked and it being locked, with an alarm system, an immobilizer, a club, and a gps tracking device. then you will maybe understand the difference rd.
  [ link to this | view in chronology ]
  - Anonymous Coward, 12 May 2010 @ 4:44pm
    
    Re: Re:
    hi mike.
    [ link to this | view in chronology ]
  - DocMenach (profile), 12 May 2010 @ 5:17pm
    
    Re: Re:
    You fail again TAM (You've been failing a lot today). Your analogy between open Wireless and a car is worse than Ted Stevens considering the internet "A bunch of tubes". There is no correlation between a car and a wireless access point. You are simply trying to derail the discussion with something completely irrelevant.
    [ link to this | view in chronology ]
  - Anonymous Coward, 13 May 2010 @ 6:14am
    
    Re: Re: WIFI insurance
    Why would I do that?
    This makes no sense at all.
    
    Do I now need WIFI insurance?
    [ link to this | view in chronology ]
Anonymous Coward, 12 May 2010 @ 2:58pm

To #3: If you really believe that people "dont want to pay for anything" you probably don't watch TV, which is "free" and is supported by advertisers. Coffee houses provide "free" wifi, which is supported by the increase in business.
[ link to this | view in chronology ]
Anonymous Coward, 12 May 2010 @ 3:21pm

Some European hotels not offering open Wifi anymore
I was in Prague for a few days this Spring and our hotel didn't offer open Wifi for this very reason, but when we checked in they gave each of us a patch cable so we could connect to their network for free internet access.
[ link to this | view in chronology ]
- Atkray (profile), 12 May 2010 @ 4:04pm
  
  Re: Some European hotels not offering open Wifi anymore
  Most hotels I have stayed at in the United States give you a password when you check in. In contrast most of the businesses I have worked at have open WIFI for their customers. I think the main reason is because the hotel has a closer relationship with the customer name and address are given usually a credit card is on file etc... In a retail business you do not always have that communication with customers but it is advantageous to have free WIFI in the customer waiting area. Yes we could encrypt and issue passwords but that stretches our already limited staff even thinner. A sign that says "Free WIFI" is great at getting potential customers into a business.
  [ link to this | view in chronology ]
erica ann (profile), 12 May 2010 @ 5:40pm

so...
the courts are saying it has to be secured against unauthorized users.

So, hotspots would have a username and password to use for the public plus a record of mac and ip addresses used. and the users are then authorized vs unauthorized. anyone can connect, but its still 'secured' vs 'open'

Home and small business users would protect themselves from having someone borrow their bandwith or illegally obtain network files of data and possibly other client information, spam or other activity not authorized to do - by putting a password on their wifi connection.

seems like common sense to me.
[ link to this | view in chronology ]
Pixelation, 12 May 2010 @ 5:58pm

Cheaper
$126 is cheaper than a lawsuit from the RIAA. Just make a deal with your neighbor. I'll use your open wifi and you use mine. We both have the same $126 risk. Even better, the RIAA won't see a dime!
Brilliant law to screw the RIAA. Yay Germany!
[ link to this | view in chronology ]
Regilberto Girão, 12 May 2010 @ 6:11pm

CONGRATULATIONS
Congratulations to the German court.
Imagine if your wireless network is used to commit a crime: bullying, theft, murder, tax evasion, drug trafficking, terrorism, etc..
Here in Brazil we say, until you proves that pig's snout is no outlet, your life becames a hell.
[ link to this | view in chronology ]
Anonymous Coward, 12 May 2010 @ 8:07pm

Here's my password
For a business, it's ridiculous for them to have to tell me the password for their wireless so I can log in and do illegal things.

Why not just let me get on without the password so I can do the illegal things? They aren't going to refuse me the password, so why make them jump through the hoop of giving it to me?

Let's say they do capture my MAC id; so what? There's no way to track me down by MAC. There's no giant DB of MAC id's, plus they're easy to spoof.
[ link to this | view in chronology ]
dean, 12 May 2010 @ 11:47pm

Wifi
So, why can't the re-jig things to say "private residences"

i.e. if you have a registered business (as hot spot owners / cafes, etc, etc should presumably have)...then some different interpretation applies

if you're NOT a business AND you have unsecured wifi...then Blam, fine, thanks!

I do believe already that the document kind of states this as it's worded "private individuals"
[ link to this | view in chronology ]
- PaulT (profile), 13 May 2010 @ 12:13am
  
  Re: Wifi
  Cool, you can get your neighbour sued in 4 easy steps! - Go round for a cup of coffee and note down their password when their back's turned - Log into their router and change it to an open network - Download a few movies - Relax and laugh when he opens his settlement bill Much better than trying to get them to make sense by not making 3rd parties responsible for actions they have no control over.
  [ link to this | view in chronology ]
- Anonymous Coward, 13 May 2010 @ 6:15am
  
  Re: Wifi
  But corporations are now people.
  [ link to this | view in chronology ]
tuna, 13 May 2010 @ 5:25am

wifi
I live in an apartment complex and have turned into the resident IT guy. I know all my neighbors passwords because I set their wirless systems up.

Personally, I prefer MAC filtering.
[ link to this | view in chronology ]
Anonymous Coward, 13 May 2010 @ 6:21am

WooHoo
1) pass a law that requires a new protocol for WIFI, something like Secure Interface Control (SIC)

2) in order to get everyone on board (except consumers), promise to never shut off a user WIFI

3) FCC ... something, something

4) PROFIT !
[ link to this | view in chronology ]
- PaulT (profile), 13 May 2010 @ 9:08am
  
  Re: WooHoo
  Actually I think it goes like this:
  
  3.5) every business currently offering wifi turns it off because even their business clientele isn't worth the cost of running the service and subsequent legal exposure.
  
  4) RIAA/MPAA find another scapegoat because their profits are still falling.
  [ link to this | view in chronology ]
Vince (profile), 14 May 2010 @ 4:14am

You do not really understand :-)
The decision of the court actually makes the situation BETTER for Germans.

Until now the owner of an open wlan could be sentenced for everything that happenend over his network. He was directly responsible for illegal file sharing via his network, regardless of who really did that sharing. He had to pay compensation to companies also, even if it could not be proved that he has done the crime himself. Companies usually got immense compensation for each file.

Same is true when your car is getting into a speed trap and is photographed but the driver cannot be seen clearly. Even if you prove that you did not drive the car you have to pay the fine because it is YOUR car and you are responsible who uses it.

NOW the court says that an owner just has to pay 100 euro at the most if ANY criminal act has happened via his network (because of the nice german word "Stoererhaftung"), but he is not responsible for the criminal act itself and so does not have to pay any compensation to companies.

This means: Open your wlan, do illegal file sharing all the time and if somebody gets you and wants to admonish you, all you have to pay is 100 euro and be more careful the next time.

Now think for yourself if this is better than before. :-)
[ link to this | view in chronology ]
- Tom, 14 May 2010 @ 7:06am
  
  Re: You do not really understand :-)
  > This means: Open your wlan, do illegal file sharing all the time and if somebody gets you and wants to admonish you, all you have to pay is 100 euro and be more careful the next time.
  
  @Vince: well thats just not true!
  
  100eur limit only applys if your WiFi was hijacked! you will have to prove that you were out of the country(like in this case) or something similar while the filesharing occurred. Thats gonna be a case by case decision in court.
  And if a judge finds you did do it, they can still sue you for damages!
  [ link to this | view in chronology ]
Tom, 14 May 2010 @ 4:27am

...
There is apparently some misunderstanding. It's not a criminal court ruling(hint: "Zivilsenat")! And no, you cannot get fined for an open WiFi in Germany, it's not illegal. @Rose M Welch, the comparison with a stolen car and a comitted crime is just plain stupid... sorry. There is just no criminal law involved in this story.

The ruling says that if your unprotected WiFi is hijacked and used for filesharing you are NOT liable for damages sought by the label/RIAA or whoever. But they can demand a sort of German version of a Cease&Desist which the recipient has to pay for and is limited to 100eur.
If you dont secure your WiFi after the C&D you may get a problem obviously..
So if you want to operate an open WiFi you can do so, as long as nobody uses it for illegal acts. Coffee houses may just filter any P2P and should be fine(Is there such technology?).
[ link to this | view in chronology ]
BearHear, 14 May 2010 @ 1:55pm

judicial explanations of this case
You find some judicial explanations of this case here:

http://www.undergermanlaw.com/disturbance-liability-the-reason-for-wlan-restrictions-in-ger many/

(Explanations by a german lawyer, written in english)
[ link to this | view in chronology ]
Jens Müller, 14 May 2010 @ 2:38pm

Criminal court
"Germany's top criminal court" seems to imply it was a criminal ruling. It was not - it was a civil case brought by the music industry, and the "fine" are "just" attorney fees.
[ link to this | view in chronology ]
david, 19 Jul 2010 @ 3:06am

wirless users
Thats why I live in a free country like the good old USA. Courts would never fine the inocent.
[ link to this | view in chronology ]
david, 19 Jul 2010 @ 3:06am

wirless users
Thats why I live in a free country like the good old USA. Courts would never fine the inocent.
[ link to this | view in chronology ]
- Anon, 25 Sep 2010 @ 4:03am
  
  Re: wirless users
  That's what they want you to think. wAIT UNTIL acta TAKES EFFECT TOO BY THE WAY. then EVERYONE is screwed, even you in your so called "free country"
  [ link to this | view in chronology ]
- marc, 20 Jan 2013 @ 4:02am
  
  Re: wirless users
  well, usa�s law system has its disadvantages too my friend :)
  [ link to this | view in chronology ]