Yet Another Court Says You're Not 'Negligent' If Someone Uses Your Open WiFi To Infringe
from the shutting-down-that-line-of-argument dept
Some of the folks filing mass copyright infringement lawsuits have tried to claim that merely having an open WiFi connection on which someone else infringes on copyright-covered works is a form of negligence. Basically, they're suing based solely on limited information -- an IP address -- and when those pursued point out that they have an open WiFi, the lawyers insist that this, alone, is a form of negligence. However, the courts aren't buying it. In July, we wrote about a district court in New York rejecting this argument quickly, noting that the position was "untenable."And now a California district court has ruled similarly, completely rejecting the negligence theory on three different points. First up, there is no negligence because negligence requires a relationship and a duty to protect, but no such relationship exists between the copyright holder, AF Holdings, and the defendant in the case:
AF Holdings has not articulated any basis for imposing on Hatfield a legal duty to prevent the infringement of AF Holdings’ copyrighted works, and the court is aware of none. Hatfield is not alleged to have any special relationship with AF Holdings that would give rise to a duty to protect AF Holdings’ copyrights, and is also not alleged to have engaged in any misfeasance by which he created a risk of peril.Even ignoring that, the court is skeptical. Noting that even if there was a negligence claim it would be unavailable in this case, because of copyright "pre-emption" (basically, federal copyright law wipes out any state statutes that seek to do the same work).
The allegations in the complaint are general assertions that in failing to take action to “secure” access to his Internet connection, Hatfield failed to protect AF Holdings from harm. Thus, the complaint plainly alleges that Hatfield’s supposed liability is based on his failure to take particular actions, and not on the taking of any affirmative actions. This allegation of non-feasance cannot support a claim of negligence in the absence of facts showing the existence of a special relationship.
AF Holdings is seeking to protect its “exclusive rights” from “copying and sharing.” Simply recharacterizing the claim as one of “negligence” does not add a legally cognizable additional element.... Thus, because AF Holdings alleges that Hatfield’s action or inaction constituted interference with its “exclusive rights in the copyrighted work,” the negligence claim is preempted by § 301 of the Copyright Act.And then the court goes even further, and says that even if the first two theories don't kill the negligence claim, there's also Section 230 of the CDA, which we've discussed for years. While the Section 230 safe harbors (protecting a service provider from liability concerning the actions of their users) technically does not apply to intellectual property issues, the negligence claim is not an IP law issue, and thus gets wiped out thanks to Section 230 immunity.
Basically, the idea that you're negligent if you leave your WiFi open and someone else uses it to infringe seems dead in the water.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: copyright, copyright trolls, negligence, open wifi, preemption, section 230, wifi
Companies: af holdings
Reader Comments
Subscribe: RSS
View by: Time | Thread
I do foresee a spike in this type of allegation for common file sharing cases. The MAFIAA shifted priorities from end users to p2p sites though so I believe this will only act as deterrent to the porn companies =/
[ link to this | view in thread ]
[ link to this | view in thread ]
h**p://torrentfreak.com/french-3-strikes-court-fines-first-file-sharer-even-though-hes-innoce nt-120813/
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Well ok, it's probably best not to do that just for protection if some one does infringe and one lobby or another have forced a change in the law you might get screwed over but I thought it was a point worth making.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
The Pirates Win Again
[ link to this | view in thread ]
Not after X strikes
In the courts, sure.
But that's a moot point once the 3/5/6/whatever strikes "agreements" come into play. Why bother with the courts, due process, finding the real person at fault, when you can just ban them extra-judicially?
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: The Pirates Win Again
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: The Pirates Win Again
[ link to this | view in thread ]
I don't think a solution should be to disallow people to freely offer their neighbors open wifi altogether (Gasps!!! big anti-free market capitalistic U.S. corporate cartels must be going crazy, they are used to fully exploiting their wrongfully granted, government established, monopoly privileges and they can't bear the thought of offering a decent product for a decent price, they must receive monopoly rents on everything!!!!), but perhaps a guest network setting that has stringent restrictions that only allows people to surf the Internet without doing things such as submitting posts on blogs, e-mails, submitting wikipedia entries, etc...
Such a solution wouldn't be too hard to implement in theory. Perhaps the router can have a setting that alerts websites to the fact that this packet has been sent from an open-wifi connection over a guest network so that websites can take security measures to ensure that certain features (ie: techdirt post submissions) are disabled (or labeled as such).
You may argue that it could get hacked, of course it could, it will initially have bugs and the bugs will get worked out over time, but the fact that it could have bugs is no reason to completely disable any form of security measures whatsoever. If you did that, you won't have https or WPA (which succeeded WEP), etc..., they are also subject to bugs, the solution, of course, would be to work out all the bugs over time (ie: from WEP to WPA).
BTW, this idea is not subject to patent protection.
[ link to this | view in thread ]
Re: The Pirates Win Again
I think it's closer to this scenario:
I legally lease a boat from Company X. I then (unknowingly to Company X) use said boat to commit crimes on the high seas. Is Company X liable for my actions?
It's about placing blame where the blame actually belongs.
[ link to this | view in thread ]
Re:
As in, "Why would anyone who doesn't bother to secure a network go to all that trouble to try and make a secure-but-not-really guest account?"
[ link to this | view in thread ]
Have you ever looked at a router operating manual? You know, how to setup the security side? It reads like Greek. Terms the average layman has never run into to describe actions he's never heard of. The terminology sounds like a foreign language, even to experienced computer users that have never messed with routers. The whole setup is impossibly difficult to the uninitiated.
But lets add to that another level of complication. No two router makers use the same terminology nor have any clue as to what standardization means. Even two models made by the same maker can look like each was produced in a different country.
But the copywrong gang expects you to just know this. For their benefit you should become that computer user they are so scared of. The one that knows all the ins and outs, which is probably viewed as the gateway drug of piracy.
Sounds like they should be more careful want they demand to me.
[ link to this | view in thread ]
Re: Re:
Would you put a sign on your front lawn telling everyone they can use your house for whatever purpose they want "(a good thing in it's own right)"? Why would you do the same with your internet?
[ link to this | view in thread ]
Re: Re: The Pirates Win Again
/sarcasm
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
As for the rest of your post it's just an general argument against having open wifi and one that is largely irrelevant while most people are not correctly or fully securing their close ones.
http://arstechnica.com/security/2012/08/wireless-password-easily-cracked/
Some ones who knows enough to want to set up open wifi, for any of the number of reasons that lots of people do, knows enough how to correctly protect their privet part of the network.
On the other hand with relatively little time and investment you can in to privet networks who's owners think are secure. Which I'd guess is by far more attractive to criminals for any number of reasons.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Why go to all that trouble?
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Pretty simple really. And you can even set quotas for the bandwidth if needed and if you can install dd-wrt, tomato or the likes it's even easier. Also, there's that little tp-link router (affectionately called 'pirate box') you can hook up to your computer ethernet and control how much bw and data is accessible more easily.
I don't really see a security problem here.
[ link to this | view in thread ]
Re:
The accountability rests on the person performing the illegal activity, not at the service or open wifi provider levels.
Your suggestion is unworkable as it would require upgrading or replacing all existing wireless routers, which puts the expense (time and/or money) back on innocent third parties. Additionally, that would prevent me from using features of some websites from my own internet connection if I were not savvy enough to:
A) purchase the new router
B) configure secure wireless on the new router
C) connect my devices to the secure network
D) ensure that no device up the chain flipped the flag to "yes" to avoid liability
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
So very true. My spouse recently got a Samsung Galaxy S3 as a birthday gift, the first device of this type we've ever owned and one that's loaded with all kinds of wireless sharing options. Due to bandwidth limitations, I had to set up wi-fi at home in order to avoid the steep overage fees.
Up until now I had avoided using wi-fi completely because I didn't really know much about it, meaning it's always been disabled in the router/modem given to us by our service provider. Enabling wi-fi meant I finally had to give in and do my research. Thanks to comments sections like the one here, I had a general idea that I should use WPA2 with a nice long SSID of random characters, but that's about it.
One of the options I came across in the router settings was titled WPS (Wi-fi Protected Setup) and it wouldn't let me disable this whenever I tried. So I looked it up and the first thing I found was this:
http://arstechnica.com/business/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver/
So much for taking all the proper steps to make sure my wireless network will be secure (MAC filtering, WPA2, long SSID, no broadcasting, etc) because it's clearly impossible right now. And my model of router isn't the only one on the market that won't let the user disable WPS either. Some do and even say it's disabled, but actually it isn't (some Linksys models for instance). I'd get rid of my router if I could, but in addition to being a DSL modem, it's also required for my cable service, therefore I can't.
What I'm getting at is that this ruling is spot on. I hope the judges in my country are similarly well informed and fair should a similar case appear before the court. For the time being, there is just no way to stop someone intent on using your network from doing so. Plus most people, like my parents, either aren't aware of the precautions they should be taking when dealing with wi-fi networks, can't understand them, or simply don't care even when it is explained to them (usually a combination of those for the older generation).
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
I've dealt with numerous DSL/cable provided/required routers before. If the one provided/required has at least one free ethernet port, what you can do is disable WiFi completely on the dsl/cable router. Then plug in a differing router into the free port that will be exclusively for WiFi purposes. There are numerous on the market, and without knowing exactly what you're looking for, I can't make any specific suggestions. The most recent one I personally setup was an Amped one. It was in conjunction with a non-wireless cable company provided router and it allowed for the home I put it in to now have wireless internet. I can't remember the exact model, but it had the WPS ability (which I disabled from the setup menu), and it also had the ability to have a guest network setup (which I also disabled). Also, the technical support is extremely helpful should you need to call them (and they'll take down your information to personally call you back should problems arise or just to check how things are going with your setup). I should add that most of their (Amped's) products are a bit pricey (spending at least $100 is about par for the course for the majority of their products), but it's $100 well spent.
Ah, found the exact product I'm referring to. (I purchased it from Amazon, since it was for my boss' parents and basically money is no expense in regards to his parents. But I still managed to save a few bucks over ordering directly from Amped.)
http://www.amazon.com/Amped-Wireless-Wireless-N-Gigabit-R10000G/dp/B006UACRVO
Just fyi, in case you're interested. And I am in no way affiliated with Amped. But I found it to be a top notch product. Heck, even if it wasn't working as well as it is their customer service alone would have me praising the company.
[ link to this | view in thread ]
yes, but..
[ link to this | view in thread ]
Re: Re:
I wouldn't mind sharing my wifi with my neighbors provided
A: You don't slow down my connection (I get bandwidth priority)
B: My ISP doesn't mind and you don't use too much bandwidth (perhaps some open wifi bandwidth limitation options, options regarding priority, speed, and download/upload megabytes per day/week/month/time interval, would be useful, especially for ISP's with data caps).
C: You can't do anything on the Internet on my behalf (ie: post on websites).
[ link to this | view in thread ]
Re: Re:
No one said anything about requiring all wireless routers to be replaced or upgraded. I'm just mentioning an option that should be discussed among various standard organizations to give wireless router manufacturers the option of manufacturing new routers with more options. A header in each packet indicating that this packet originates from an open wifi is something Wikipedia and other sites could incorporate into how their website responds to packets.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
Edit(hadn't hit the submit button yet): After looking at the reviews there, the Asus RT-N66U looks pretty good. Routers have improved a lot feature-wise since I last bought one (1999 IIRC). A VPN would be perfect for my wife so she doesn't have to worry when using open wi-fi away from home (currently set up to avoid) plus she'd be able to securely access all our media via the server features no matter where she was in the world. Guess I'll have to dig out that old router and see if it works when behind the clunky, unfriendly one my service provider forces me to use (they said no when I asked for a DSL modem only).
[ link to this | view in thread ]
Re: The Pirates Win Again
[ link to this | view in thread ]
Decision has some good elements, but still lazy
I think that the decisions that say it is pre-empted are erroneous, and the result of judicial laziness, at best. I don't see how a common law claim can pre-empt another common-law claim. Further, negligence requires an additional element, beyond the infringement, which places it outside of pre-emption. But, when your judge is lazy or simply hostile to torrent actions, then you're not going to get anywhere with that.
The Section 230 analysis is just plain stupid - especially when we consider it in light of the pre-emption analysis.
Extending section 230's definition of a "service provider" to a residential subscriber, who leaves their wi-fi open, has neither a textual nor logical basis, nor does the legislative history of the Act support such a reading.
Further, if we understand that Section 230 exempts IP claims, but we say that it applies nonetheless, because the negligence claim is a state law claim, then the pre-emption analysis' weakness shows itself. If it is an IP claim, then Section 230 doesn't apply. So, if it is pre-empted, then Section 230 can't apply. On the other hand, if it is not an IP claim, then it can't be pre-empted. You can only have Section 230 or pre-emption, no matter how much you want to screw over Prenda to get them the hell out of your district.
On the other hand, the weak link in the open wi-fi negligence theory is proving the existence (or non-existence) of a legal duty. Whether there is a legal duty is for the courts to decide, as stated in the "tugboat case." That's what The TJ Hooper case stands for - it is the province of the courts to recognize, or reject, new duties of care in tort actions.
If the court finds no duty, then there is no duty. In part, I like this AF Holdings case, because this court, unlike the two before it, finally did the work of analyzing whether or not a duty exists. It may not bind any other court, but at least it finally devoted some thought to that element. That is where the debate really should be focused.
A recent Wyoming Supreme Court case tends to support the logic that open wifi would not expose the subscriber in a negligence claim. It has some good analysis of both the duty analysis and the causation analysis.
In Lucero v. Holbrook, 2012 WY 152 (Wy. 2012) the defendant left a running car in the driveway, and a meth-head walked by, stole it, and crashed it into the plaintiff after a high-speed chase. The plaintiff argued, logically, that had she not done something so foolish as leave her car running, unattended, no harm would have come to her.
The Wyoming Supreme Court found that not only was there no duty, but that the harm was not proximately caused by the defendant's carelessness. These are arguments that might also fly in a defense against an open wifi negligence case. Of course, the Wyoming case might have turned differently, had the car been left on a public street, instead of in the owner's driveway - as there is a statute that prohibits leaving the car unattended and unsecured on a public highway. But, that's a matter of state law. Compare State v. Eckhardt, 165 Vt 606; 686 A.2d 104 (Vt. 1996) (Private driveway considered to be a "public highway" for purposes of enforcing DUI statute).
Naturally, all legal analogies break somewhere. So, we might one day find that a court gets past the lazy issues, and then finds that leaving your residential wi-fi open is different than a car accident, and the harm is foreseeable. Or, the thread may continue, with proximate cause or duty (or both) turning against the theory. We may see a sliding scale for forseeability - that in an urban area, the harm is almost certain to occur, and in a rural area, almost impossible that it would occur. A court might find that it applies to a residence, but that a commercial establishment with public wifi might fall under another standard. (Personally, I think that a commercial establishment should not be held negligent for having an open wifi, but I think that a residential customer should be, under the right facts).
Before you open your wi-fi to celebrate this case, wait for an appellate court to weigh in. One will have to, sooner or later, and it might conclusively reject the existence of a duty, but it might not. I am confident that the pre-emption analysis will eventually be rejected by an appellate court. But, then you're going to be left with some heavily fact-based analysis of duty and proximate cause.
[ link to this | view in thread ]