German Court Holds Internet User Responsible For Passing On Unknown, Encrypted File
from the knowing-the-unknowable dept
A natural response to the increasingly harsh enforcement of laws against unauthorized sharing of copyright files is to move to encrypted connections. It seems like a perfect solution: nobody can eavesdrop, and so nobody can find out what you are sharing. But as TorrentFreak reports, a German court has just dealt a blow to this approach.
The case involves RetroShare, which describes itself thus:
RetroShare is a Open Source cross-platform, Friend-2-Friend and secure decentralised communication platform.
It lets you to securely chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides filesharing, chat, messages, forums and channels
That sounds pretty safe, but TorrentFreak explains why it wasn’t in the current case:
This week a Hamburg court ruled against a RetroShare user who passed on an encrypted transfer that turned out to be a copyrighted music file. The user in question was not aware of the transfer, and merely passed on the data in a way similar to how TOR works.
The court, however, ruled that the user in question, who was identified by the copyright holder, is responsible for passing on the encrypted song.
The judge ordered an injunction against the RetroShare user, who is now forbidden from transferring the song with a maximum penalty of €250,000 or a six month prison term. Since RetroShare traffic is encrypted this means that the user can no longer use the network without being at risk.
That’s because the user can’t know what’s in an encrypted file passing through his or her system, and thus cannot guarantee that it is not the song in question. In truth, this situation is partly the user’s own fault:
RetroShare derives its security from the fact that all transfers go through “trusted friends” who users themselves add. In this case, the defendant added the anti-piracy monitoring company as a friend, which allowed him to be “caught.”
But even if the court case in Hamburg is a result of fairly exceptional circumstances, it creates an awful precedent: that German users are responsible for encrypted contents passing through their connection, even though there is no way they can know what they might contain. Unfortunately, this is of a piece with a previous ruling by a German court that people can be fined for what others do with their open wifi connections, regardless of whether they knew what was going on.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Filed Under: encryption, file sharing, germany, intermediary liability, liability, secondary liability
Companies: retroshare
Comments on “German Court Holds Internet User Responsible For Passing On Unknown, Encrypted File”
I am from germany and the more cases like that get absurd rulings, the more I think that even having any potential data connection is starting to become an unbearable liability.
I mean, being liable for encrypted connections despite not able to know the exact contents of the connection is madness. I mean, who knows exactly what installed software is sending out to who knows where in an encrypted fashion? what if the software gets compromised by malware?
Even worse, considering that here an old women that didn’t even have a computer was found guilty for copyright infringement, what stops these parasites from simply claiming copyright infringement, just because there was some encrypted communication going on?
how are you going to defend against this?
And nobody tell me they wouldn’t do that. these bastards will sink as low as physically possible to extort people who did nothing wrong, or in some cases even nothing at all.
Re: Re:
It is not so much about the money as scaring people away from sharing any files over the Internet. The music industry sees the Internet as a threat to its control over the distribution of music and piracy is a convenient excuse for engaging in terror tactics to try and stop ALL file sharing over the Internet. If it disrupts Independent artists from distributing their works it is helping to disrupt the competition to their business.
Re: Use a VPN
I see a great business opportunity for a company which helps Germans make sure all of their data is tunneled over a VPN via a country like, say, Moldova.
Re: Re: Use a VPN
I see an instant ban on all encrypted internet traffic through Germany, as the ISP has no way of knowing whether or not that encrypted traffic contains infringing files.
Re: Re: Re: Use a VPN
And when people start using obfuscated VPNs running on nonstandard ports, the ISPs will be forced to prevent all internet traffic at all.
Re: Re: Re: Use a VPN
And immediately after that, we’ll hear about the most ginormously massive data breach in history, since things like passwords, banking data and state secrets all involve encrypted data to one degree or another.
A blow?
I don’t know if I’d call this a dealt blow … in the long run, on a global scale, this position is unsustainable.
Rightsholders walk a fine line. They have to defend their copyrighted material in a pitch black, Wild West arena without provoking a response that overturns or devalues the rights they have. The German’s court’s positon will never be tolerated by the global public even if the consequence was that all copyright was abolished (and nobody wants that, not even the pro-piracy trolls).
Re: A blow?
> Rightsholders walk a fine line. They have to defend their copyrighted
> material in a pitch black, Wild West arena without provoking
> a response that overturns or devalues the rights they have.
Um, NO. They don’t have to.
If communication is in pitch black, then it is none of their business because they do not and cannot know what people are communicating — and this is how it should be. I can speak in private with someone about anything we agree to speak about.
No response overturns their rights if they are actual rights. Only they themselves can devalue their rights, not the response. I think they can devalue their content, but not devalue their rights. And they are very hard at work devaluing their content by not making it available at a reasonable price.
Re: A blow?
The German’s court’s positon will never be tolerated by the global public even if the consequence was that all copyright was abolished (and nobody wants that, not even the pro-piracy trolls).
Actually I want all copyright to be abolished.
(Although I would not want to make plagiarism legal and I would still want contract law to allow works to be created in return for a one-off payment.)
Re: A blow?
I want copyright abolished.
I believe it’s time has past and even if properly time limited (18 months) and only intended to effect genuine commercial copyright infringers. It’s potential for misuse would still be too high.
Re: Re: A blow?
I do actually want to keep one part and one part only.
The right of the creator to be acknowledged as the creator of the work, so no too plagiarism but otherwise, end copyright now.
Re: A blow?
Wild west? Get your facts right cowboy.
https://www.techdirt.com/articles/20120206/07083817668/we-dont-have-wild-west-internet-now-we-will-if-sopa-similar-is-passed.shtml
https://www.techdirt.com/articles/20110527/13281714462/can-we-kill-off-this-myth-that-internet-is-wild-west-that-needs-to-be-tamed.shtml
Re: A blow?
The German’s court’s positon will never be tolerated by the global public even if the consequence was that all copyright was abolished (and nobody wants that, not even the pro-piracy trolls).
Oh, I can think of at least one chubby, pro-piracy troll who does.
Re: Re: A blow?
I love it when you lie like a slimy little maggot.
Security FAIL
Security FAIL: The ?Insider Threat? is a classic. You can read all about it at the latest network security sites!
Like right here, for example.
( History is replete with conspirators and revolutionaries betrayed by their “trusted friends”. )
Re: Security FAIL
Absolutely true. Trust No One is more than a catchy slogan from the X-Files. It’s security rule #1.
This is actually a good example of another security truism: you’re never more vulnerable than when you think you’re secure.
Re: Security FAIL
Uh, no. Not on the part of RetroShare. On the part of the user, yes.
For the given data transfer model (are you going to walk the file over to wherever yourself?), that is more secure.
Insecure behavior like adding friends who are not friends to your network is your problem, not the tool’s.
Re: Security FAIL
Exactly. The most vicious account “hacking” I’ve ever personally encountered was a guy who thought he could trust his cousin with his password. Family is family, blood is thicker than water, etc, etc.
The problem was, the cousin naturally trusted his own father. And the account-owner’s uncle thought it would be hilariously funny to go into the account, delete or give away everything the guy had in there, then login to the forums as his nephew and very profanely come out of the closet as a homosexual pedophile.
Abolish copyright
What is a piracy copyright troll? Copyright is no human right and I think it should be abolished in the moment it imposes negative externalities on third parties.
If the anti piracy group found out about the illegal transfer wouldn’t that make them also liable? They must have seen the file somehow in order to charge the person. In order to see it they must have passed some data through their network. That makes them just as guilty if not more so then the other user.
Re: Re:
Nope, they get a pass because the leeching fuckers wrote the laws.
Re: liability
This is a good idea. Users of these private groups just need to copyright the encryption public keys. The act of decrypting the message using the public key is evidence of unauthorized distribution. So if anyone brings the case to court sue the company back for their unauthorized distribution of your copyrighted private key. Damages are equal to whatever they sue for plus make this a web application enivronmnet and then press for criminal prosecution for unlawfull access to a system environment. Also use any portion of identification (such as health info) within the public key and you might have a HIPAA violation to report as well. This could become a nighmare if setup correctly.
Re: Re:
More important is hacking and wiretap charges…
This doesn’t have only implications for filesharing, everything others do now can and will be used to screw anybody.
Any service provider is liable right now in Germany it doesn’t matter if others did it.
Post office
So if a pirated DVD is sent throught the POst then, by this logic, the post office (and even its employees personally) would be liable.
Re: Post office
Watch out for it in new legislation.
Re: Post office
Was thinking much the same thing. By their reasoning post offices should all be pre-emptively shut down for their flagrant disrespect for copyright laws.
Re: Post office
You don’t even have to use an analogy. In this case, the ISP(s) that routed the encrypted file from its source to the defendant also “passed on” the file, so they should also be liable by this ruling, for any and all file transfers on their network.
Re: Re: Post office
Not to mention those running the main routing nodes in and out of countries it passes through… those owning any physical infrastructure such as fibre or satallites that the ISP’s lease.. etc etc. They should all be flensed!
Re: Post office
“So if a pirated DVD is sent throught the POst then, by this logic, the post office (and even its employees personally) would be liable.”
Incorrect. This occurred on the internet.
Re: Re: Post office
Well in that case you may as well sue all the ISP’s for transmitting all the copyright material that’s encrypted that is transmitted through their network.
Re: Post office
How about sending a letter containing an illegally copied song or video to that judge’s home address, but with the name wildly wrong (his neighbor, for example).
When the judge passes the misdelivered mail on, he will be guilty of illegal file sharing.
ISPs
When you use SSL, your ISP is passing on the encrypted data, without having any way of knowing what is inside. So, if you use SSL to connect to a file sharing site and transfer a copyrighted file, your ISP is responsible for the data being shared? This is madness.
how old and internet savvy is the idiotic judge that ruled this way? i suppose if he got stopped by the police for going through a traffic light that was showing no light and hit another car, it would be the other drivers fault! what a prick! guess everything didn’t end after all when Germany lost the last war!
In case anyone needed to be reminded:
Copyright law is only enforceable when all communications are monitored.
The encryption itself is the "crime", see?
So, pirates, tell me again how you’ll dodge deep packet inspection and REALLY draconian enforcement? — You can’t. That’s why you’d better rely on making the moral case (against all being spyed on, including by, say, Google…), not dodging surveillance.
Now I’ll read the other comments, but I ain’t too hopeful…
Re: The encryption itself is the "crime", see?
You apparently don’t understand the history of cryptography.
http://en.wikipedia.org/wiki/History_of_cryptography
Go ahead and read up. I’ll wait here.
The history is a cat and mouse game. When someone creates an “unbreakable” method, someone else breaks it. Then someone else creates a new “unbreakable” method, and someone else again breaks it. Repeat ad infinitum. This will be the case with deep packet inspection.
Heck, there’s already a way around it that is already a significant source of file-sharing:
http://www.techdirt.com/articles/20121004/12122520595/why-mpaa-cant-win-hearts-minds-public-file-sharing-is-mainstream.shtml.
People already think it’s acceptable to share with friends and family. Everyone is friends of friends of everyone else from a Kevin Bacon point of view.
Re: The encryption itself is the "crime", see?
I’m no pirate, but all of this is easy to circumvent. In even the most draconian internet regime, you can still mail or walk an SD card to its destination.
Re: Re: The encryption itself is the "crime", see?
And you can be sued if the card gets into the hands of the copyright industries and traced back to you.
Re: Re: Re: The encryption itself is the "crime", see?
Yeah, so what? At least the postal service can’t be sued for letting you mail the card, and the manufacturer of the pocket you put the card in while you carried it can’t be sued, and the manufacturer of the car you drove while transporting it can’t be sued.
Re: Re: Re: The encryption itself is the "crime", see?
And when are we getting to that point? People getting strip-searched for being out on the street on suspicion of carrying data?
Though I guess if you wanted to you could masturbate to that. Sounds like you would, too.
Re: The encryption itself is the "crime", see?
I would rather be a pirate than a copyright apologist like you.
BTW, ootb, did you pay attention to the Elections in November?
Look what happened in Washington and Colorado…
Pot is legal in those states now.
Because it’s stupid to go after people who do stuff with legal means when too many people do it.
Re: Re: The encryption itself is the "crime", see?
Guess they made it legal to stop the increase amount of men bouncing down the street on their balls ala South Park episdoe.
Re: Re: Re: The encryption itself is the "crime", see?
Who watches South Park?
Re: Re: Re:2 The encryption itself is the "crime", see?
I do sometimes,You can get it on Netflix.
Re: Re: Re:3 The encryption itself is the "crime", see?
And on Hulu Plus.
Re: The encryption itself is the "crime", see?
So if encryption itself is the crime then all governments around the world is in breech for encrypting.
Re: Re: The encryption itself is the "crime", see?
More likely there will be a requirement for encryption to require some sort of license based on need. Sending infringing content is unlikely to be deemed a need.
Re: Re: Re: The encryption itself is the "crime", see?
But how do you know it’s infringing if you can’t see it?
As I’ve said before, stupid laws get ignored, regardless of how intensely they’re enforced.
Re: Re: Re: The encryption itself is the "crime", see?
More likely there will be a requirement for encryption to require some sort of license based on need. Sending infringing content is unlikely to be deemed a need.
Ever heard of steganography?
Re: Re: Re: The encryption itself is the "crime", see?
“More likely there will be a requirement for encryption to require some sort of license based on need. Sending infringing content is unlikely to be deemed a need.”
If you have to submit material for review before encrypting it, it isn’t really being encrypted.
Re: Re: Re: The encryption itself is the "crime", see?
More likely there will be a requirement for encryption to require some sort of license based on need. Sending infringing content is unlikely to be deemed a need.
Abg guvf vqvbpl ntnva. Gur vqrn gung lbh pna ona rapelcgvba be erdhver n “yvprafr” vf fvyyl sbe n jubyr ubfg bs ernfbaf… vapyhqvat guvf irel pbzzrag. Vg’f n fvta bs fbzrbar jub qbrfa’g haqrefgnaq jung “rapelcgvba” zrnaf.
Re: Re: Re:2 The encryption itself is the "crime", see?
I think my Little Orphan Annie Secret Decoder Ring is broken.
I decoded your comment as “Be sure to drink your Ovaltine.” That can’t be right.
Re: Re: Re:2 The encryption itself is the "crime", see?
Wow, I haven’t used ROT13 in soooo long… thanks for making me feel old.
Re: Re: Re:2 The encryption itself is the "crime", see?
Vg’f abg n pbvapvqrapr gung thaf ner nyfb pbafvqrerq zhavgvbaf… 😉
Re: Re: Re: The encryption itself is the "crime", see?
How about “Because I have a right to a reasonable expectation of privacy in my communication”?
Re: The encryption itself is the "crime", see?
Unless they make encryption illegal or can break it, a system like this actually DOES work (assuming, of course, you don’t add the anti-piracy site as a trusted friend or make some other really stupid move.)
But you have a point, and people are out of line for flagging the post. If encryption becomes illegal, you really only have the options of attempting in-plain-sight encryption (which has limits) or not using the Internet.
Re: Re: The encryption itself is the "crime", see?
If he’d stop putting that sig in his posts, he’d get less flags.
Re: Re: Re: The encryption itself is the "crime", see?
There, much better…
Re: Re: The encryption itself is the "crime", see?
If encryption becomes illegal,
Then I for one will make a point of sending some large files of random numbers around.
Re: Re: Re: The encryption itself is the "crime", see?
As will myself and a lot of others.
How many here are old enough to remember the days of “spook food”?
Send a package of a burned DVD to each of the German politicians/prosecutors that supported this ruling with a note saying they are now liable for copyright infringement.
6 Months for a fucking MAFIAA Tune !
Boycott all MAFIAA.
Any Artist who signs with MAFIAA are Traitors and must not be supported.
some one needs to just hack there computer set them up so they are liable and see how fast things change
If you don’t know who you are with, don’t do anything you wouldn’t do in front of a cop. That’s the takeaway; no more no less. But most people already know that. So if some dumbshit gets his ass in a sling for being too wide-eyed, it’s not the end of the world.
That said, I’d be interested in learning more about how the contractor got said dumbshit to friend them. I’d wager there were some shady bits involved in that.
Re: Re:
And those shady bits probably took the form of a picture of a sexy woman.
Re: Re:
I’m more curious how they knew he sent an encrypted copyrighted file when the user himself didn’t know it was copyrighted.
“Entrapment” seems to be a word that doesn’t translate to German, Ja?
Go After the Big Offender
Isn’t the German Internet owned by the German government? hold the bastards liable for all the illicit file-sharing going on!
Auch Tongue
Just another example lately that the German legal system and by extension, Germans, are morons.
Networking appliances
Someone go tell the court every routers qualify as computers.
Tell the court to fine every ISP on the way if someone transmit encrypted music through the lines.
“maximum penalty of ?250,000 or a six month prison term”
Really? For one song? That’s more than some murderers and rapists get.
So wait what!?
The COPYRIGHT HOLDER shared a file. Encrypted. To someone else. And it passed *through* a third persons computer, and that third person is deemed to have breached copyright?
That is beyond absurd and back again several times.
It is also relevant than any file can be any other file but encrypted.
I can take any file in existence, and encrypt it to be any other file. All I need it an encryption key that is the difference between the files. Hence I can send a video of my mums cat, and claim it is in fact a copyrighted album of mp3 files.
This could spell total disaster for Freenet users based on how the shared storage works. Thanks for nothin, Deutschland…
Re: Re:
I think you’re spelling the French word for “shower” wrong! *_*
Ah, yes, Germany. Everytime I think America is going down the shitter, I can at least look at Germany and know it could be worse.
A little incorrect
Germany doesn’t follow common law, so the statement “it creates an awful precedent” is a bit inaccurate. Judges in Germany will continue to rule based on the laws, not based on prior cases such as this one.
Its an evolution and Thanks to this guy for his contribution
We all know what the “Friends network” was doingn wrong. Thank you to this unfortunate person for helping all of us see the other players hand. Time to morf into something new if you want to steal content. If you are an innocent person on this legal network then let the RIAA in and root out the people who like myself, STEAL other peoples work.
Peace Out…