Yet Another Court Says You're Not 'Negligent' If Someone Uses Your Open WiFi To Infringe

from the shutting-down-that-line-of-argument dept

Some of the folks filing mass copyright infringement lawsuits have tried to claim that merely having an open WiFi connection on which someone else infringes on copyright-covered works is a form of negligence. Basically, they’re suing based solely on limited information — an IP address — and when those pursued point out that they have an open WiFi, the lawyers insist that this, alone, is a form of negligence. However, the courts aren’t buying it. In July, we wrote about a district court in New York rejecting this argument quickly, noting that the position was “untenable.”

And now a California district court has ruled similarly, completely rejecting the negligence theory on three different points. First up, there is no negligence because negligence requires a relationship and a duty to protect, but no such relationship exists between the copyright holder, AF Holdings, and the defendant in the case:

AF Holdings has not articulated any basis for imposing on Hatfield a legal duty to prevent the infringement of AF Holdings’ copyrighted works, and the court is aware of none. Hatfield is not alleged to have any special relationship with AF Holdings that would give rise to a duty to protect AF Holdings’ copyrights, and is also not alleged to have engaged in any misfeasance by which he created a risk of peril.

The allegations in the complaint are general assertions that in failing to take action to “secure” access to his Internet connection, Hatfield failed to protect AF Holdings from harm. Thus, the complaint plainly alleges that Hatfield’s supposed liability is based on his failure to take particular actions, and not on the taking of any affirmative actions. This allegation of non-feasance cannot support a claim of negligence in the absence of facts showing the existence of a special relationship.

Even ignoring that, the court is skeptical. Noting that even if there was a negligence claim it would be unavailable in this case, because of copyright “pre-emption” (basically, federal copyright law wipes out any state statutes that seek to do the same work).

AF Holdings is seeking to protect its “exclusive rights” from “copying and sharing.” Simply recharacterizing the claim as one of “negligence” does not add a legally cognizable additional element…. Thus, because AF Holdings alleges that Hatfield’s action or inaction constituted interference with its “exclusive rights in the copyrighted work,” the negligence claim is preempted by § 301 of the Copyright Act.

And then the court goes even further, and says that even if the first two theories don’t kill the negligence claim, there’s also Section 230 of the CDA, which we’ve discussed for years. While the Section 230 safe harbors (protecting a service provider from liability concerning the actions of their users) technically does not apply to intellectual property issues, the negligence claim is not an IP law issue, and thus gets wiped out thanks to Section 230 immunity.

Basically, the idea that you’re negligent if you leave your WiFi open and someone else uses it to infringe seems dead in the water.

Filed Under: , , , , , ,
Companies: af holdings

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yet Another Court Says You're Not 'Negligent' If Someone Uses Your Open WiFi To Infringe”

Subscribe: RSS Leave a comment
Tim Griffiths (profile) says:


I don’t see why you should be kidding. If providing a bit of free wifi (a good thing in it’s own right) helps to protect you from the scatter shot shake down efforts then why not do it? If you are ever wrongly targeted as a shake down you can point to the fact you wanted to provide a public service ๐Ÿ™‚

Well ok, it’s probably best not to do that just for protection if some one does infringe and one lobby or another have forced a change in the law you might get screwed over but I thought it was a point worth making.

Anonymous Coward says:

The Pirates Win Again

I now foresee people having “open” boats. They will let anyone on their boat, and then after attacking a cargo ship, they will just claim, “Oh, but I had an open boat. You can’t prove it was me who took over that ship and ransomed its crew. No, I don’t know where that diamond-studded gold AK-47 came from. I keep an ‘open’ house.”

Josh in CharlotteNC (profile) says:

Not after X strikes

Basically, the idea that you’re negligent if you leave your WiFi open and someone else uses it to infringe seems dead in the water.

In the courts, sure.

But that’s a moot point once the 3/5/6/whatever strikes “agreements” come into play. Why bother with the courts, due process, finding the real person at fault, when you can just ban them extra-judicially?

Anonymous Coward says:

While I don’t care much for copy’right’ law, if someone does do illegal activity on an open Wifi (ideally assuming that we have good laws and that what is illegal ought to be), such as facilitate terrorist activity, perhaps there should be some sort of accountability somewhere.

I don’t think a solution should be to disallow people to freely offer their neighbors open wifi altogether (Gasps!!! big anti-free market capitalistic U.S. corporate cartels must be going crazy, they are used to fully exploiting their wrongfully granted, government established, monopoly privileges and they can’t bear the thought of offering a decent product for a decent price, they must receive monopoly rents on everything!!!!), but perhaps a guest network setting that has stringent restrictions that only allows people to surf the Internet without doing things such as submitting posts on blogs, e-mails, submitting wikipedia entries, etc…

Such a solution wouldn’t be too hard to implement in theory. Perhaps the router can have a setting that alerts websites to the fact that this packet has been sent from an open-wifi connection over a guest network so that websites can take security measures to ensure that certain features (ie: techdirt post submissions) are disabled (or labeled as such).

You may argue that it could get hacked, of course it could, it will initially have bugs and the bugs will get worked out over time, but the fact that it could have bugs is no reason to completely disable any form of security measures whatsoever. If you did that, you won’t have https or WPA (which succeeded WEP), etc…, they are also subject to bugs, the solution, of course, would be to work out all the bugs over time (ie: from WEP to WPA).

BTW, this idea is not subject to patent protection.

Gwiz (profile) says:

The Pirates Win Again

I now foresee people having “open” boats. They will let anyone on their boat, and then after attacking a cargo ship, they will just claim, “Oh, but I had an open boat. You can’t prove it was me who took over that ship and ransomed its crew. No, I don’t know where that diamond-studded gold AK-47 came from. I keep an ‘open’ house.”

I think it’s closer to this scenario:

I legally lease a boat from Company X. I then (unknowingly to Company X) use said boat to commit crimes on the high seas. Is Company X liable for my actions?

It’s about placing blame where the blame actually belongs.

Anonymous Coward says:

Re: Re:

Just because it’s not something you would do doesn’t mean it’s something no one would do. Some people may want to give their neighbors free access to important information while restricting their ability to post on Wikipedia, post comments on Techdirt, chat on IRC, etc… using their IP address/hostmask. I’m not saying this restriction option should be mandatory for open wifi networks, but it should be a default option for those who configure their routers to operate an open wifi point (and open wifi should not be a default wifi option but it should be an available option).

I wouldn’t mind sharing my wifi with my neighbors provided

A: You don’t slow down my connection (I get bandwidth priority)

B: My ISP doesn’t mind and you don’t use too much bandwidth (perhaps some open wifi bandwidth limitation options, options regarding priority, speed, and download/upload megabytes per day/week/month/time interval, would be useful, especially for ISP’s with data caps).

C: You can’t do anything on the Internet on my behalf (ie: post on websites).

Anonymous Coward says:

So the 6 strikes becomes 5 strikes. No need for an open router as a defense as it’s legal.

Have you ever looked at a router operating manual? You know, how to setup the security side? It reads like Greek. Terms the average layman has never run into to describe actions he’s never heard of. The terminology sounds like a foreign language, even to experienced computer users that have never messed with routers. The whole setup is impossibly difficult to the uninitiated.

But lets add to that another level of complication. No two router makers use the same terminology nor have any clue as to what standardization means. Even two models made by the same maker can look like each was produced in a different country.

But the copywrong gang expects you to just know this. For their benefit you should become that computer user they are so scared of. The one that knows all the ins and outs, which is probably viewed as the gateway drug of piracy.

Sounds like they should be more careful want they demand to me.

Keroberos (profile) says:


Because it’s really stupid from a security point of view, plus it might even increase the chances of getting accused of infringing. I can almost guarantee that given enough time, someone will connect to your open wifi to infringe or do something else illegal (It’s what some friends of mine used to do). You don’t know who’s connecting to your open wifi, and there are a whole lot of illegal things that can be done on the internet than just copyright infringement. I would much rather have accusations of copyright infringement than getting investigated for downloading child porn (which will ruin your life whether you did it or not). If you need protection because you are infringing, there are better, more secure, and undetectable methods available.

Would you put a sign on your front lawn telling everyone they can use your house for whatever purpose they want “(a good thing in it’s own right)“? Why would you do the same with your internet?

MrWilson says:

The Pirates Win Again

No, no, no. Assaulting, robbing, murdering, and raping on the high seas is a perfectly valid analogy for copying an infinitely reproducible, non-exclusive good that you may or may not have been able to pay for. You’re just not understanding. IP is a human right and corporations are people and people have human rights. Don’t you remember the founding fathers including copyright when they mentioned important rights like life, liberty, and the pursuit of happiness in the Declaration of Independence?


Keroberos (profile) says:


That’s my point. There’s not a whole lot of trouble that can be caused with limited access to my water. I see my internet connection as being like unlimited access to my house, there’s a whole lot that of things that could be done with it that I could be held liable for. And it’s very difficult to make it so it they couldn’t do those things.

Tim Griffiths (profile) says:


Note that I pointed out that if you do open your wifi you are open to people infringing on it and might be caught on the wrong side of the law for doing so given this is yet to be set in stone.

As for the rest of your post it’s just an general argument against having open wifi and one that is largely irrelevant while most people are not correctly or fully securing their close ones.

Some ones who knows enough to want to set up open wifi, for any of the number of reasons that lots of people do, knows enough how to correctly protect their privet part of the network.

On the other hand with relatively little time and investment you can in to privet networks who’s owners think are secure. Which I’d guess is by far more attractive to criminals for any number of reasons.

Anonymous Coward says:


Also remember that opening your wifi won’t just open it up for folks to anonymously infringe IP (which the courts will basically throw out as the article just said). It also opens your wifi for unsavory types to do things like upload child porn. The court’s reasoning in this case hinges a lot on IP-based laws. Not so sure the same can be said if criminal child pornography charges are filed against you.

Keroberos (profile) says:

Why go to all that trouble?

Just to secure my network for public use? Why bother? In my small town of less than 20,000 people there are three public wifi access points within a 2 minute walk of my house (2 restaurants and the public library), and there are probably more that I don’t know about. Plus, I can’t think of any reason to open my wifi for public use even if there were some way to make it more secure (other than offering free internet to people who use their damn smartphone too much).

Ninja (profile) says:


Modern routers allow you to set up an independent open wireless connection isolated from the rest.

Pretty simple really. And you can even set quotas for the bandwidth if needed and if you can install dd-wrt, tomato or the likes it’s even easier. Also, there’s that little tp-link router (affectionately called ‘pirate box’) you can hook up to your computer ethernet and control how much bw and data is accessible more easily.

I don’t really see a security problem here.

Anonymous Coward says:


Copyright infringement != terrorist activity

The accountability rests on the person performing the illegal activity, not at the service or open wifi provider levels.

Your suggestion is unworkable as it would require upgrading or replacing all existing wireless routers, which puts the expense (time and/or money) back on innocent third parties. Additionally, that would prevent me from using features of some websites from my own internet connection if I were not savvy enough to:

A) purchase the new router
B) configure secure wireless on the new router
C) connect my devices to the secure network
D) ensure that no device up the chain flipped the flag to “yes” to avoid liability

Anonymous Coward says:

Re: Re:

“Your suggestion is unworkable as it would require upgrading or replacing all existing wireless routers”

No one said anything about requiring all wireless routers to be replaced or upgraded. I’m just mentioning an option that should be discussed among various standard organizations to give wireless router manufacturers the option of manufacturing new routers with more options. A header in each packet indicating that this packet originates from an open wifi is something Wikipedia and other sites could incorporate into how their website responds to packets.

Ninja (profile) says:


I’m fairly sure any open wi-fi, including public ones (as in provided by the Government), can be used for the same goals. Once the precedent is set the only thing that matters is that IP doesn’t equal a person. And besides, there are forensic steps that can be taken to determine exactly if the content is really coming from that household. They would be more expensive and complex than some idiotic anti-piracy moron firing up bittorrent and taking note of the IPs he see.

Keroberos (profile) says:


while most people are not correctly or fully securing their close ones

While I do agree with this, some security is better than none.

Some ones who knows enough to want to set up open wifi, for any of the number of reasons that lots of people do, knows enough how to correctly protect their privet part of the network.

Don’t use absolutes–part of my job is fixing the computers people broke while being absolutely convinced they knew what the hell they were doing.

with relatively little time and investment you can in to privet networks who’s owners think are secure.

With relatively little time and investment you can get through any door lock–but I wouldn’t be an advocate of not using them.

Which I’d guess is by far more attractive to criminals for any number of reasons.

Why would this be the case? I think it would be more likely for them to take the path of least resistance and move on to find a wifi access point that is not secure. The same is true for door locks, if it’s locked they usually move on to find one that’s not.

Keroberos (profile) says:


The accountability rests on the person performing the illegal activity, not at the service or open wifi provider levels.

Of course it does. We just need to have an unappealable supreme court ruling that an IP address does not equal a person. I just don’t see that happening (they seen to like to punt these kind of cases back to the lower courts).

Lord of the Files says:


“And it’s very difficult to make it so it they couldn’t do those things.”

So very true. My spouse recently got a Samsung Galaxy S3 as a birthday gift, the first device of this type we’ve ever owned and one that’s loaded with all kinds of wireless sharing options. Due to bandwidth limitations, I had to set up wi-fi at home in order to avoid the steep overage fees.

Up until now I had avoided using wi-fi completely because I didn’t really know much about it, meaning it’s always been disabled in the router/modem given to us by our service provider. Enabling wi-fi meant I finally had to give in and do my research. Thanks to comments sections like the one here, I had a general idea that I should use WPA2 with a nice long SSID of random characters, but that’s about it.

One of the options I came across in the router settings was titled WPS (Wi-fi Protected Setup) and it wouldn’t let me disable this whenever I tried. So I looked it up and the first thing I found was this:

So much for taking all the proper steps to make sure my wireless network will be secure (MAC filtering, WPA2, long SSID, no broadcasting, etc) because it’s clearly impossible right now. And my model of router isn’t the only one on the market that won’t let the user disable WPS either. Some do and even say it’s disabled, but actually it isn’t (some Linksys models for instance). I’d get rid of my router if I could, but in addition to being a DSL modem, it’s also required for my cable service, therefore I can’t.

What I’m getting at is that this ruling is spot on. I hope the judges in my country are similarly well informed and fair should a similar case appear before the court. For the time being, there is just no way to stop someone intent on using your network from doing so. Plus most people, like my parents, either aren’t aware of the precautions they should be taking when dealing with wi-fi networks, can’t understand them, or simply don’t care even when it is explained to them (usually a combination of those for the older generation).

Anonymous Coward says:


Lord of the Files, if you don’t mind me making a suggestion. I routinely set up routers for people, while there is no truly 100% secured router, for your spouse’s needs (and to avoid said overage fees), I hope you don’t mind if I make a suggestion.

I’ve dealt with numerous DSL/cable provided/required routers before. If the one provided/required has at least one free ethernet port, what you can do is disable WiFi completely on the dsl/cable router. Then plug in a differing router into the free port that will be exclusively for WiFi purposes. There are numerous on the market, and without knowing exactly what you’re looking for, I can’t make any specific suggestions. The most recent one I personally setup was an Amped one. It was in conjunction with a non-wireless cable company provided router and it allowed for the home I put it in to now have wireless internet. I can’t remember the exact model, but it had the WPS ability (which I disabled from the setup menu), and it also had the ability to have a guest network setup (which I also disabled). Also, the technical support is extremely helpful should you need to call them (and they’ll take down your information to personally call you back should problems arise or just to check how things are going with your setup). I should add that most of their (Amped’s) products are a bit pricey (spending at least $100 is about par for the course for the majority of their products), but it’s $100 well spent.

Ah, found the exact product I’m referring to. (I purchased it from Amazon, since it was for my boss’ parents and basically money is no expense in regards to his parents. But I still managed to save a few bucks over ordering directly from Amped.)

Just fyi, in case you’re interested. And I am in no way affiliated with Amped. But I found it to be a top notch product. Heck, even if it wasn’t working as well as it is their customer service alone would have me praising the company.

Lord of the Files says:

Re: Re:

Thanks, I’ll look into it.

Edit(hadn’t hit the submit button yet): After looking at the reviews there, the Asus RT-N66U looks pretty good. Routers have improved a lot feature-wise since I last bought one (1999 IIRC). A VPN would be perfect for my wife so she doesn’t have to worry when using open wi-fi away from home (currently set up to avoid) plus she’d be able to securely access all our media via the server features no matter where she was in the world. Guess I’ll have to dig out that old router and see if it works when behind the clunky, unfriendly one my service provider forces me to use (they said no when I asked for a DSL modem only).

Marc John Randazza (profile) says:

Decision has some good elements, but still lazy

I am a proponent of the “open wifi=negligence” theory. I still think it is a sound theory, but I also acknowledge that it is now 0-3, and it isn’t likely to go anywhere soon — at least not until someone other than a porn company raises it.

I think that the decisions that say it is pre-empted are erroneous, and the result of judicial laziness, at best. I don’t see how a common law claim can pre-empt another common-law claim. Further, negligence requires an additional element, beyond the infringement, which places it outside of pre-emption. But, when your judge is lazy or simply hostile to torrent actions, then you’re not going to get anywhere with that.

The Section 230 analysis is just plain stupid – especially when we consider it in light of the pre-emption analysis.

Extending section 230’s definition of a “service provider” to a residential subscriber, who leaves their wi-fi open, has neither a textual nor logical basis, nor does the legislative history of the Act support such a reading.

Further, if we understand that Section 230 exempts IP claims, but we say that it applies nonetheless, because the negligence claim is a state law claim, then the pre-emption analysis’ weakness shows itself. If it is an IP claim, then Section 230 doesn’t apply. So, if it is pre-empted, then Section 230 can’t apply. On the other hand, if it is not an IP claim, then it can’t be pre-empted. You can only have Section 230 or pre-emption, no matter how much you want to screw over Prenda to get them the hell out of your district.

On the other hand, the weak link in the open wi-fi negligence theory is proving the existence (or non-existence) of a legal duty. Whether there is a legal duty is for the courts to decide, as stated in the “tugboat case.” That’s what The TJ Hooper case stands for – it is the province of the courts to recognize, or reject, new duties of care in tort actions.

If the court finds no duty, then there is no duty. In part, I like this AF Holdings case, because this court, unlike the two before it, finally did the work of analyzing whether or not a duty exists. It may not bind any other court, but at least it finally devoted some thought to that element. That is where the debate really should be focused.

A recent Wyoming Supreme Court case tends to support the logic that open wifi would not expose the subscriber in a negligence claim. It has some good analysis of both the duty analysis and the causation analysis.

In Lucero v. Holbrook, 2012 WY 152 (Wy. 2012) the defendant left a running car in the driveway, and a meth-head walked by, stole it, and crashed it into the plaintiff after a high-speed chase. The plaintiff argued, logically, that had she not done something so foolish as leave her car running, unattended, no harm would have come to her.

The Wyoming Supreme Court found that not only was there no duty, but that the harm was not proximately caused by the defendant’s carelessness. These are arguments that might also fly in a defense against an open wifi negligence case. Of course, the Wyoming case might have turned differently, had the car been left on a public street, instead of in the owner’s driveway – as there is a statute that prohibits leaving the car unattended and unsecured on a public highway. But, that’s a matter of state law. Compare State v. Eckhardt, 165 Vt 606; 686 A.2d 104 (Vt. 1996) (Private driveway considered to be a “public highway” for purposes of enforcing DUI statute).

Naturally, all legal analogies break somewhere. So, we might one day find that a court gets past the lazy issues, and then finds that leaving your residential wi-fi open is different than a car accident, and the harm is foreseeable. Or, the thread may continue, with proximate cause or duty (or both) turning against the theory. We may see a sliding scale for forseeability – that in an urban area, the harm is almost certain to occur, and in a rural area, almost impossible that it would occur. A court might find that it applies to a residence, but that a commercial establishment with public wifi might fall under another standard. (Personally, I think that a commercial establishment should not be held negligent for having an open wifi, but I think that a residential customer should be, under the right facts).

Before you open your wi-fi to celebrate this case, wait for an appellate court to weigh in. One will have to, sooner or later, and it might conclusively reject the existence of a duty, but it might not. I am confident that the pre-emption analysis will eventually be rejected by an appellate court. But, then you’re going to be left with some heavily fact-based analysis of duty and proximate cause.

Leave a Reply to Anonymous Coward Cancel reply

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...