Another Bad EU Ruling: WiFi Providers Can Be Forced To Require Passwords If Copyright Holders Demand It

from the really-now? dept

For quite some time now, we’ve been following an odd case through the German and then EU court system, concerning whether or not the operator of an open WiFi system should be liable for copyright infringement that occurs over that access point. Back in 2010, a German court first said that if you don’t secure your WiFi, you can get fined. This was very problematic — especially for those of us who believe in open WiFi. The EU Court of Justice agreed to hear the case and the Advocate General recommended a good ruling: that WiFi operators are not liable and also that they shouldn’t be forced to password protect their access points.

The ruling, unfortunately, says that WiFi operators can be compelled to password protect their networks. It’s not all bad, in that the headline story is that WiFi operators, on their own, are not liable for actions done on the network, but that’s completely undermined by the requirement to password protect it if a copyright holder asks them to.

In today?s judgment, the Court holds, first of all, that making a Wi-Fi network available to the general public free of charge in order to draw the attention of potential customers to the goods and services of a shop constitutes an ?information society service? under the directive.

Next, the Court confirms that, where the above three conditions are satisfied, a service provider such as Mr Mc Fadden, who providers access to a communication network, may not be held liable. Consequently, the copyright holder is not entitled to claim compensation on the ground that the network was used by third parties to infringe its rights. Since such a claim cannot be successful, the copyright holder is also precluded from claiming the reimbursement of the costs of giving formal notice or court costs incurred in relation to that claim.

However, the directive does not preclude the copyright holder from seeking before a national authority or court to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers.

Lastly, the Court holds that an injunction ordering the internet connection to be secured by means of a password is capable of ensuring a balance between, on the one hand, the intellectual property rights of rightholders and, on the other hand, the freedom to conduct a business of access providers and the freedom of information of the network users. The Court notes, in particular, that such a measure is capable of deterring network users from infringing intellectual property rights.

The details here are especially troubling. As legal experts are noting, this ruling basically says that the times when an injunction can be ordered for password protection, the reason is for the sake of identifying users:

In McFadden the CJEU appears to have decided that password protection would be effective only if the user is required to provide identity details to the service provider so that the user cannot act anonymously.

Now that should raise some very serious concerns about anonymity and privacy — things that we thought the EU supported. Instead, the CJEU basically seems to be saying you have a right to anonymity in connecting to the internet up until the point a major copyright holder doesn’t like it any more, and they can now force WiFi operators to lock up their WiFi and/or demand identification to use it. Yikes.

This also punches a HUGE hole in the previous day’s announcement by the EU Commission that there would be open WiFi across Europe. Under this new CJEU ruling, that may no longer be possible. It’s fairly incredible how, between the European Court of Justice and the EU Commission, they seem so oddly confused about copyright and related issues that they seem to be messing absolutely everything up in just a few short weeks.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Another Bad EU Ruling: WiFi Providers Can Be Forced To Require Passwords If Copyright Holders Demand It”

Subscribe: RSS Leave a comment
JoeCool (profile) says:

Courts orders ISP to produce unicorns

to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers.

How do you prevent someone from doing something illegal. No one has managed that in the history of the world!

How can you even TELL if your customers are infringing copyright? Only the copyright holder can tell that.

Ninja (profile) says:

Re: Courts orders ISP to produce unicorns

Only the copyright holder can tell that.

Eh. Nope. Even the copymorons seem to be confused and we have pretty recent examples.

But the ISPs and the people could get clever: we will do so if there is a central copyright registry that lists each and every legit content and provide clear fair use guidelines because there is no way we can evaluate the copyright status of any unencrypted data flow as things are now.

Of course, encrypted connections, tunnels, proxies may render any password pretty useless. And regular pirates already use them anyway.

Roger Strong (profile) says:

Re: Re:

They ARE ordering individual passwords per user.

> In McFadden the CJEU appears to have decided that password protection would be effective only if the user is required to provide identity details to the service provider so that the user cannot act anonymously.

In other words, the average home or small business WiFi access point won’t work. You’ll need one connected to a server with a user database. A massive investment of money and time.

The point is to outlaw open WiFi without admitting that they’re outlawing open WiFi. That’s a pretty goddamned dishonest “Court of Justice” there.

John Cressman (profile) says:

Re-read the article

Those of you posting silly comments about stupid wifi password, re-read the article.

It’s worse than that… MUCH worse. It reads to me that they are actually going to require UNIQUE user id’s and passwords for wifi access so the copyright overlords can use that to prosecute people.

That’s a huge pain in the arse to keep track of and maintain. What small business is buy the required hardware for that or have the time to setup manual username/passwords on standard routers?

Kal Zekdor (profile) says:

Re: Re-read the article

It’s not that much of a burden. There’s been a lot of movement in the last few years in the area of “Coffee Shop WiFi”. There are a bunch of APs on the market that offer easily configurable entry portals, or generate temporary passwords that can be sent directly to a network connected (reciept) printer. I’ve even seen one that lets people login with Facebook! If that’s not de-anonymization, I don’t know what is…

Of course, none of that changes the fact that this is an incredibly stupid and dangerous ruling.

PaulT (profile) says:

Re: Re: Re-read the article

Correction: it’s not that much of a burden if you have the hardware and know what you’re doing. The majority of businesses won’t, so it definitely becomes a burden. The solutions you describe can also be quite limited – for example, what about businesses that offer wifi without requiring a purchase? What about customers who don’t use social media? Etc.

Kal Zekdor (profile) says:

Re: Re: Re: Re-read the article

Well, my point was that there’s a lot of cheap hardware on the market that designed for use by non-technical people. A business could probably set something up for less than $200 (not sure if prices vary much over there, but shouldn’t be far off), including hiring someone to install/setup. That wouldn’t be an undue burden, if there was any merit to the requirements. Since, clearly, there’s not, even the slightest burden is far too much.

PaulT (profile) says:

Re: Re: Re:2 Re-read the article

“A business could probably set something up for less than $200… including hiring someone to install/setup”

Again, assuming prior knowledge. Most won’t know what they actually need to buy in order to both meet their business requirements and meet the new legal standards. So, they’ll be paying out a few hundred just for someone to advise on what they need to buy. Then, you might well be buying more than one, so you’d need to know how to connect them, etc. It might get expensive, and that’s even without considering the potential revenue impact of customers having to work out a new way to connect and ongoing support costs. Or, of course, them buying the wrong thing and therefore remaining non-compliant.

“(not sure if prices vary much over there, but shouldn’t be far off)”

Depends on the routers/APs you’re looking at, but they will definitely be higher on exchange rates and sales taxes alone. I can look if you have examples, but you might also need to bear in mind that different regulations mean the same models won’t necessarily be available in the local market. Plus, if there’s legal liability and/or a genuine business need for wifi to be available to customers, you probably don’t want to be buying whatever’s cheapest off the shelf.

“That wouldn’t be an undue burden”

I still disagree. I think that if you look at it from the POV of someone who is completely clueless with technology, but needs wifi for their business, it becomes a large burden quite quickly. Or, again, they might install it poorly and remain vulnerable to legal action.

Kal Zekdor (profile) says:

Re: Re: Re:3 Re-read the article

Familiarizing oneself and complying with regulations is just a cost of doing business. I don’t think that the “burden” argument has any merit here. If there was a legitimate need for these regulations, then, unless the burden is unreasonable, it shouldn’t be a concern. An unreasonable burden would be one that the majority of businesses would be unable to responsibly meet. In this case, that would mean businesses that give up on wifi altogether. I don’t think that’s the case here. I mean, sure, nobody’s happy about shelling out, at worst, 500 euros to hire somebody to bring the wifi into compliance for them, so that they don’t need any knowledge. A couple hours of research and some minor technical acumen can cut that cost down seriously. But it’s not an unreasonable burden. No one is going to have to close up shop because they can’t afford to comply.

Ultimately, objecting to this regulation because of the burden it would cause is a red herring. I mean, what if they provide a grant and a team of government qualified contractors to every business that wants to offer wifi. Or, more likely, subsidize business ISPs to provide compliant equipment, as most of the businesses offering wifi (at least the ones with no technical staff) are probably using whatever equipment their ISP provided. Suddenly the burden argument is gone, and the rest gets a hand waving. This should be objected to because of the horrible precedents it sets regarding privacy, not because it might cause businesses to spend some money.

PaulT (profile) says:

Re: Re: Re:4 Re-read the article

“Familiarizing oneself and complying with regulations is just a cost of doing business.”

Yes, and for something like wifi which is usually not related to the core of that a small business actually does, complying with these is a burden. At present, there are few regulations placed on the end business – those that are borne by the manufacturer or service provider. Placing extra regulations increases the burden, and these types of regulation would increase them exponentially on many businesses.

Is this really so hard for you to understand?

“No one is going to have to close up shop because they can’t afford to comply. “

No, but a lot of people will stop offering wifi at all, even if that means a loss of overall revenue. Others will be at risk because they were unable to comply correctly, for whatever reason. And yes, the guy who has a little bit of knowledge and configures his own off-the-shelf purchase is probably most at risk because he may end up non-compliant when he believes he’s set things up properly. Years of support for such people in my early career have taught me that the people who think they know what they’re doing on their own are the ones doing a botch job that doesn’t meet requirements.

“Suddenly the burden argument is gone”

No, it still there, it’s just been shifted to another party. A party that is perhaps able to meet the requirements with lower costs and greater expertise, and perhaps turn that into increased business for themselves. But, it still exists.

“This should be objected to because of the horrible precedents it sets regarding privacy, not because it might cause businesses to spend some money”

Why not both? For the record, I’m not objecting to the ruling because of costs to the small businesses. I was merely correcting your false statement that it’s not a burden for many of those businesses.

Anonymous Coward says:

Re: Re: Re:3 Re-read the article

” impact of customers having to work out a new way to connect and ongoing support costs”

Exactly so, most businesses lack the resources to do this right. You need look no further than the so-called Internet of Things, and see how well that’s working out.

And from a customers standpoint this is a whole load of stupid. As a customer am I really going to need Id’s and passwords for a) the local Starbucks, b) the train station, c) my local library, d) the city library, e) my supermarket cafe…… z) my parents house?

And who’s going to verify these id’s? Hows that going to work? The whole thing is stupid.

PaulT (profile) says:

Re: Re: Re:4 Re-read the article

Yes, even if implemented properly, the usability of the entire system is shot. You’re no longer connecting automatically to a free wifi spot you’ve used before, you’re having to log in. That alone reduces the convenience of free wifi and the drop in usage might lead businesses to lose money even if they do comply for little cost.

“z) my parents house”

I believe that the rules would only apply to businesses. If not, most ISPs supply routers with passwords pre-loaded, so in theory they’d already be compliant unless I’ve misunderstood to ruling.

Skeeter says:

Bye Bye Free WiFi

And, in one blind slap, free WiFi just ended for the New World Order. You will now only be able to access WiFi if you get authorization through a commercial provider, sanction by ID verification through the state.

Wait a minute. Why, that sounds almost like


Imagine that, and we thought Hitler had it wrong all these years, when in fact, the courts just ruled, he was VISIONARY!

(Then again, American Government seems to think stoking race wars like Charles Manson recommended back in 1969 is a great idea to drive racial equality, too – go figure)

Anonymous Coward says:

‘messing absolutely everything up’

have you not yet realised that, like everywhere else in the world, the entertainment industries are the most important thing on the planet and that every court, every government are doing whatever is in their power to fuck the public while handing the world and most importantly, the Internet, over to the industries so they have the complete control they have been after for 20 years? every step they take gets closer to the goal and with prison terms of 10 years on the cards, it’s better to rob a bank and buy the disks. if caught, the sentence is at least less!! and dont forget, you and i are paying for everything these shit asshole industries get and still want, not a dime from them!!

Anonymous Coward says:

Do you guys ever get stress migraines having to report on all the arrogance and stupidity coming from tech-illiterate bureaucrats (Eurocrats) owned by self-serving global corporations? Not to mention the willingness (whether conscious or not) of the public to buy into their schemes because “damn those entitled little brats who want everything and a unicorn, but aren’t willing to get a job and pay for it.”

I’m going to bet no one ever thought a cartoon mouse would be the bargaining chip being used to implement a frog-in-boiling-pot, death-by-a-thousand-cuts surveillance state apparatus.

The gall of these people is astounding. But even more so is the ignorance and cognitive dissonance of the mass populace in falling for what they’re selling, because the “face” of “copyright infringement” is that of a spoiled teenager or college student living in mom’s basement collecting welfare while jerking off to bootleg anime films.

Not to mention the public considers movie stars the saints of its civic religion of celebrity worship. They will gladly sign over their freedoms to sic a SWAT team on said millennial punk, who apparently thinks he can just steal from the church coffers without doing his required penance for giving Kanye and Britney a sad.

The term “red herring” might as well be a communist insult applied to “pirates” as far as some people are concerned. Not to go all Godwin like the previous guy did, but “first they came for the downloaders” does, in fact, apply here.

Anonymous Coward says:

They can require all the passwords and unique identifiers in the world, but would it really matter. Could you not just log into your WIFI, then use that to log into a no-log secured VPN or proxy in a country that doesn’t give a fuck?

The people they are claiming they are trying to prevent from having anonymous WIFI are already 3 steps ahead of them. This is just an excuse to track the average Joe’s WIFI use… more useless data….

It’s like the answer to them not finding the needle in the haystack is to add more hay.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...