Deep Linking Could Be Infringement In Germany If Website Puts Even Ridiculous Weak Attempts To Block It
from the anti-circumvention dept
We've pointed out numerous problems with anti-circumvention rules, which make it infringement to break pretty much any attempt at circumventing any type of content protection measures (even if not to infringe on the copyright). Sometimes courts realize how silly this is, such as a ruling from a few years ago in Europe, which noted that it's silly to consider such anti-circumvention rules reasonable if the technical protection measures are not considered "effective." In other words, if your protection scheme is laughable, it's silly to make it infringement to get around it. Apparently not all the courts in Europe have gotten this message yet. An anonymous reader points us to a case from a few months back in Germany, in which the court said that deep linking to content that had ridiculously weak measures to block deep-linking is still infringing (that link is a not so great Google translation of the original German -- though, the submitter gave a more complete explanation).In this case, the content involved online maps, and the "protection measures" were that to visit a page with an actual map, you had to have a sessionID, that you would get as you visited the website. If you went to a deeper page without a sessionID, you would be redirected to the front page. Of course, it's not hard to actually provide the user with a sessionID, which one site did upon linking to these maps, meaning that visitors went straight to the deep-linked page, rather than being redirected to the home page. This is basically how the internet works. While the lower court properly rejected the copyright infringement claim as being ridiculous since the technical protection measures were so laughable, the higher court appeared to ignore all precedent on this matter, and said that as long as the site owner made any attempt whatsoever to block such deep linking, getting around those measures could represent infringement.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: copyright, deep linking, drm, germany, session id
Reader Comments
Subscribe: RSS
View by: Time | Thread
No matter how weak the security on a website, bypassing it isn't exactly much better. Providing a fake sessionid is like providing a fake key to get in.
You may not like the ruling, as it is very extreme to the end, but it is a logical conclusion. Think of it as a bizarre absolute, similar to what happens in many US constitutional cases.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
If it had, instead, redirected to a nasty "you can't link to that page" message, then what I said above would still apply.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
False comparison, I'll give you that it makes a good image upon reading, and might even be "close" to the situation.
Digital "objects" are not physical "objects", no matter how hard we try to make them (at least until Tron is real... but ehh)
A slightly better example might be a company posting all of their maps on a billboard and handing out a "code word" that could let them see the billboard past the old 90 year old , sitting at the folding table, given the title of "Security" so he can get a paycheck... then one person gives out his/her code word to others....
See... That wasn't so hard... to at least get farther away from physical objects and closer to the real situation
[ link to this | view in chronology ]
Re: Re:
Say you come upon someone's front gate with a lock and chain on it. The lock isn't locked. Is the owner trying to secure the gate or simply using the lock and chain to keep it from swinging open and letting the dog/cattle/whatever out? Is it a security measure or a utility measure?
[ link to this | view in chronology ]
Re: Re: Re:
you tell your employees that the secret code to get past the security guard is "hello"...Then arresting the pizza delivery guy for getting into the building with false credentials.
[ link to this | view in chronology ]
Re: Re: Re:
Its like putting a screen door on the side of a submarine.
[ link to this | view in chronology ]
Re: Re: Re:
What matters is that laws against trespassing or burglary are vastly different to laws against copyright infringement. As you suggest, security measures in the offline world have pretty much one effect in relation to the law: evidence of intent. In this case though, how does bypassing a security measure prove intent to infringe copyright? They aren't committing burglary, they're sharing information. If a company gives out passwords to all its customers and one of those customers shares that password with a stranger then are they liable if that stranger uses the password to commit a crime?
[ link to this | view in chronology ]
Re: Re:
Someone using that code word without authorization is very likely trespassing.
If you have a code to enter your office building and you give that code out to someone who does not work there, can they legally enter?
Now, while I agree that it is pretty dumb to secure information on the internet that you want available to the public but want to force them through your website in a certain way to get to it, the effectiveness of the security should have no bearing on this type of case.
In this case, however, it is arguable that they did not have ANY security. They intended the information to be public. It may be arguable that it was not security that was circumvented as it was not a measure against people getting to the information. The intent may be very important here.
[ link to this | view in chronology ]
Re: Re: Re:
They are trespassing if they are not authorised to be there, it has nothing to do with whether they bypassed any security measures. I would guess that at most you could use it as evidence of their intention to trespass, much like a 'no trespassing' sign would be.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
The user would have to have some inkling that there were doing something untoward for this to be a valid analogy.
It's more like being arrested for trespassing when walking through a public park, because you accidentally crossed into private territory. However, there were no doors, no fences, and no signs stating where one ended and the other began.
(However, the judge finds you guilty because, unbeknown to you, the owner put a "No Trespassing" sign on display in the bottom of a locked filing cabinet, stuck in a disused lavatory with a sign on the door saying "Beware of The Leopard".)
[ link to this | view in chronology ]
There was no password - so there was no lock. If they poorly designed their door to be secure, but didn't put a lock on a 'public' place, how is that illegal?
Misunderstanding perhaps..
[ link to this | view in chronology ]
Eh...
Is it any less of a crime if someone steals your vehicle because you didn't lock your doors? (Yay! A car analogy!)
Does it make abuse any less heinous if it's against a child, who can't defend themselves as well? (Won't somebody think of the goddamn children?)
Does it make it not piracy if some eyepatch-wearing Somalians attack a boat not equipped with guns? (Them pirates just want everything for free!)
Okay, now this is just getting fun....
[ link to this | view in chronology ]
Re: Eh...
OCA - Obligatory Car Analogy. ;)
I'm not so sure ineptitude in security isn't something that should be considered. I know anecdote doesn't equal evidence, but I've gone to sites where I could, by clicking around, get past whatever sign-in or register procedure is in place. My intent wasn't evil, more confused about how to get to this page or that of the site.
And shouldn't a distinction be made between security and procedure? I could make up a tag and register here at TD, but I don't have to. Is registering somehow a security system? Doesn't seem so to me.
[ link to this | view in chronology ]
Re: Eh...
[ link to this | view in chronology ]
Re: Eh...
[ link to this | view in chronology ]
Re: Re: Eh...
[ link to this | view in chronology ]
Re: Re: Re: Eh...
Helmets within helmets.
[ link to this | view in chronology ]
Re: Re: Re: Re: Eh...
A good novel writer leaves the writing open to the reader's interpretation....
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Eh...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Eh...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Eh...
we'll talk more, outside the TD comments :D
[ link to this | view in chronology ]
There's no such thing as "deep linking"
In the HTML world, links are either absolute or relative. Relative links obviously have no meaning outside local context, so we may dismiss them from further consideration here. Similarly, we may also dismiss absolute links whose targets are local.
This leaves us with absolute links whose targets are external. All such links are topologically equal: the construct called a "home page" is just a label, an artifact of convenience. It has no special place among those targets, in a technical sense -- it's merely some people who choose to elevate it above others because they find it convenient to do so.
And as a convenient artifact, that's fine: it's handy to be able to refer another human to a site's "home page". But as a technical matter, there is no difference between an external link to http://www.example.com and one to http://www.example.com/foo/bar/blah.html.
Beyond all that: when one publishes a web page (glossing for a moment over the complexities involved in doing so) on the Internet, then one has clearly expressed one's intention to make the content on that page available to everyone AND to make that page a possible target for an external link. It is utterly preposterous to contend otherwise.
[ link to this | view in chronology ]
Re: There's no such thing as "deep linking"
So, you're saying that all of the methods down through the years that've been implemented to provide security to websites have been just academic exercises that were never meant to really secure anything? That must be some seriously good crack you've been smoking.
I'll grant you that there's little to no effective difference between /index.html and /foo/bar/baz.html but your end conclusion is absurd.
[ link to this | view in chronology ]
Re: Re: There's no such thing as "deep linking"
Information can be protected in tonnes of different ways online, but the string that identifies its location is not one of them. All content must have a location, and once it does, people are free to point to that location. Lock down the content if you want so those people are pointing to a dead end - but trying to control references to its location is pointless and, in my mind, has no legal basis.
[ link to this | view in chronology ]
Re: Re: Re: There's no such thing as "deep linking"
That's more of what I was calling absurd than urls pointing to the content. It's possible Richard just misspoke but I have to go by what he said.
[ link to this | view in chronology ]
Re: Re: Re: Re: There's no such thing as "deep linking"
[ link to this | view in chronology ]
Re: Re: There's no such thing as "deep linking"
I really have no idea why you think security is relevant to this. It's not -- at all.
A site which publishes information -- let's say, by putting up a web page at http://www.example.com/foo/bar/blah.html -- has explicitly disabled enough security to make it visible to the rest of the Internet. Otherwise...you wouldn't be able to load it into your web browser, because it would (variously) be behind a firewall that prohibited HTTP, or on a server without a running web service, or in a password-protected directory, or accessible via subscription only, or readable by owner-only and not by the web service, or any number of other things that would stop you from accessing it.
But they did (publish it). They have thus -- whether they realize it or not -- explicitly made it a peer with billions of other web pages, any of which can link to any other.
Now...they may want to indulge in some wishful thinking: for example, they may want to think that page is more important than some other pages...but it's not. Or they may wish to think that it should/should not be a page that others link to...but that's patently absurd, since of course they don't get to decide what characters anyone else gets to put in their pages, including the characters that comprise an HTML link.
Any entity which doesn't get this doesn't below on the web, because they lack a fundamental understanding of what it is. The solution that I endorse for such entities is to give them exactly what they demand: I "BOGUS" their domain in DNS. Seems reasonable: they don't wish to participate as peers in the web, so I'm making sure that they get precisely what they're so petulantly demanding.
(What "BOGUS" in this context essentially means is that their domain name, MX records, etc. will no longer resolve. This effectively removes them from the local view of the Internet, although of course they're quite likely still reachable via IPv4/IPv6 address.)
[ link to this | view in chronology ]
Re: Re: Re: There's no such thing as "deep linking"
Don't get out much, do you?
[ link to this | view in chronology ]
Re: Re: Re: Re: There's no such thing as "deep linking"
Of course I haven't suggested any such thing, and it's quite absurd for you to state that I have.
First, these are not "my rules": I've merely articulated the method by which the web works. When you publish something...you publish something. If you don't want it to be published, then don't publish it. But having chosen to do so, it's not only disengenuous, but appallingly stupid, to complain that it's been published.
Second, I'm not required to access any site that I choose to avoid. I'm quite free to refrain from visiting those sites, or to firewall them out of my network, or to use a browser plugin that blocks them, or to BOGUS them. This is not censorship -- it's merely a choice, and given that it's a choice that only affects me/my operation, it's my choice to make.
I suggest that your undertake some remedial self-education on how the web works as well as on the concept of "censorship" -- as clearly the latter does not mean what you mistakenly think it means.
[ link to this | view in chronology ]
Re: Re: Re: There's no such thing as "deep linking"
Personally, I don't see a session id as any form of security. That was where the judge made his mistake in this case, not in saying that deep linking was any form of hacking.
Your argument isn't a bad one but it isn't relevant to this conversation.
[ link to this | view in chronology ]
Re: Re: Re: Re: There's no such thing as "deep linking"
I concur that the court case talked about secured information. I disagree that "secured information" was involved -- because it wasn't. (Secured, that is.)
[ link to this | view in chronology ]
Pictures and text have no copyright then?
[ link to this | view in chronology ]
Re: Pictures and text have no copyright then?
[ link to this | view in chronology ]
Re: Pictures and text have no copyright then?
If you want to put the TD, microsoft.com, and theregister.co.uk websites or any content they host inside iframes on your web page, you are fully within your rights to do so unless said sites have taken steps to prevent it and so long as you don't use them in such a way as to constitute trademark infringement or something of the sort.
Copying and pasting is another matter entirely. Mike is fine with it but the other two would likely sue you and win.
[ link to this | view in chronology ]
Re: Pictures and text have no copyright then?
You publish some information on the web,
You then decide it should no longer be available and make the page itself a member only access.
I try and access it via a previously created direct link, but I can't.
It's fairly clear to me that this is intentional on your part. You don't want me to see it before I sign up and register (and maybe pay a subscription).
But I find a cool technology that allows me to access the content anyway, without registration.
Clear intent.
And hence I go and read the content for free.
have I breached any laws ?
Has the maker of the technology breached any laws ?
(the technology in this case is the Google page cache)
[ link to this | view in chronology ]
Re: Re: Pictures and text have no copyright then?
Your Google page cache example is erroneous too. You are not accessing content protected by the new security when you view a cached page. You are accessing a snapshot that the site allowed to be taken, with full consent of the host of the cached page, Google. Google might have something to worry about (though they don't if you go by the cases they've won on this very thing) but you do not.
[ link to this | view in chronology ]
Re: Pictures and text have no copyright then?
Yes, you are free to do this. Why would we mind that you're promoting our content?
[ link to this | view in chronology ]
Re: Re: Pictures and text have no copyright then?
[ link to this | view in chronology ]
Re: Re: Pictures and text have no copyright then?
[ link to this | view in chronology ]
Re: Re: Re: Pictures and text have no copyright then?
Mike was pointing out the hypocrisy, not committing it.
[ link to this | view in chronology ]
Re: Re: Re: Pictures and text have no copyright then?
Not sure I understand your point? In the Lily Allen situation, we did, in fact make it clear that we didn't mind, but we used it to highlight how she apparently had not thought through her own positions, as she seemed to be violating the same rules she was advocating. We had no problem with her doing it. We just used it as a chance to help her understand that the issue was more complex than she made it out to be.
[ link to this | view in chronology ]
Re: Re: Re: Pictures and text have no copyright then?
The reaction would have been the same no matter where she copied content from - and the goal, if you read the stories at the time, was not to chastise her but to find a way to possibly turn it into a teaching moment - to perhaps make her realize that copyright infringement is a lot more commonplace than she thinks, and that she should take a step back before continuing her tirade against it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Pictures and text have no copyright then?
[ link to this | view in chronology ]
The reason for making people go through the main page is advertising. Either advertising for their own service, or for others. If it is illegal for someone to allow people to bypass the mainpage/ads, then how long do you think it will be before somone sues the makers of adblock+ or any other ad blocking software for allowing people to bypass the ads on their site?
Also, another analogy.
There is a company that has free maps anyone can view, however there is a large billboard you have to walk past to get in the main entrance. There is also a side door that is unlocked, but has a sign saying "Do not use". Of course, you open that door and let people in without walking past the billboard. In response, instead of buying a lock to put on the door, the map company decides to sue the guy who opened the door.
Seems perfectly reasonable to me.
[ link to this | view in chronology ]
Re:
No not enter (and closed door) means do no enter. Entering would be a trespass.
It think that if you have trouble understanding something as simple as this, you would have a hard time with things like DRM or file encoding in general.
[ link to this | view in chronology ]
http://haerting.de/de/3_lawraw/aktuell/index.php?we_objectID=1735
[ link to this | view in chronology ]
This seems illogical and backwards to me. You would give the least protection where it is needed the most. You would only give protection where none was needed.
[ link to this | view in chronology ]
Hmm
[ link to this | view in chronology ]
Re: Hmm
Anyways sorry for the blank comment.
The original post that I was about to make was to me a better analogy. This is like a building with a door but no walls with a sign out front stating that you can only use the door to enter the wall-less building.
You know your supposed to use the door, and there is a sign telling you to use the door. Since the building has no walls what are you going to do? My best bet is you'll walk around the door.
To me even if there is a door, and there is sign telling you to only use the door. If the person who owned the building didn't you to by pass that door they he should have put the walls up.
[ link to this | view in chronology ]
any protection scheme which can be circumvented is laughable. the protection of a movie can be circumvented, you can get DVD-rips of any movie on the net. that means the protection on DVDs is laughable. Ergo, DVD-rips are not infringement. Problem Hollywood?
[ link to this | view in chronology ]
Re:
Clearly this is false. A protection scheme requiring years of research or hundreds of hours of computer time to bypass is obviously not laughable. A "protection scheme" requiring three seconds with a copy and paste feature to "circumvent" is.
I put those in quotes because a session ID is not really a protection scheme, and supplying one is not really circumventing anything.
[ link to this | view in chronology ]
what the case is about
I can't see how more effective methods of enforcing a paywall, or subscription model, to protect copyrighted material would work here because of the mix of usage, wherein the common user was allowed free access. Depending on the law to make up for a bad business model or poor technical security is just awful. Hyperlinks are critical to the usefulness of the World Wide Web. Limiting access of websites or portions of websites is also critical to the usefulness of the Web. In general, there are technical solutions we should rely on for restricting access. There is no need to depend upon the law to restrict deep linking.
[ link to this | view in chronology ]
a good analogy
[ link to this | view in chronology ]
laughable protection
from what I've read every sort of content protection devised thus far has been defeated in a few days if not a few minutes
"and said that as long as the site owner made any attempt whatsoever to block such deep linking, getting around those measures could represent infringement."
the result of which is that the above is an appropriate response
[ link to this | view in chronology ]
Where is the copyright infringement here?
[ link to this | view in chronology ]