Another Bad EU Ruling: WiFi Providers Can Be Forced To Require Passwords If Copyright Holders Demand It

from the really-now? dept

For quite some time now, we've been following an odd case through the German and then EU court system, concerning whether or not the operator of an open WiFi system should be liable for copyright infringement that occurs over that access point. Back in 2010, a German court first said that if you don't secure your WiFi, you can get fined. This was very problematic -- especially for those of us who believe in open WiFi. The EU Court of Justice agreed to hear the case and the Advocate General recommended a good ruling: that WiFi operators are not liable and also that they shouldn't be forced to password protect their access points.

The ruling, unfortunately, says that WiFi operators can be compelled to password protect their networks. It's not all bad, in that the headline story is that WiFi operators, on their own, are not liable for actions done on the network, but that's completely undermined by the requirement to password protect it if a copyright holder asks them to.
In today’s judgment, the Court holds, first of all, that making a Wi-Fi network available to the general public free of charge in order to draw the attention of potential customers to the goods and services of a shop constitutes an ‘information society service’ under the directive.

Next, the Court confirms that, where the above three conditions are satisfied, a service provider such as Mr Mc Fadden, who providers access to a communication network, may not be held liable. Consequently, the copyright holder is not entitled to claim compensation on the ground that the network was used by third parties to infringe its rights. Since such a claim cannot be successful, the copyright holder is also precluded from claiming the reimbursement of the costs of giving formal notice or court costs incurred in relation to that claim.

However, the directive does not preclude the copyright holder from seeking before a national authority or court to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers.

Lastly, the Court holds that an injunction ordering the internet connection to be secured by means of a password is capable of ensuring a balance between, on the one hand, the intellectual property rights of rightholders and, on the other hand, the freedom to conduct a business of access providers and the freedom of information of the network users. The Court notes, in particular, that such a measure is capable of deterring network users from infringing intellectual property rights.
The details here are especially troubling. As legal experts are noting, this ruling basically says that the times when an injunction can be ordered for password protection, the reason is for the sake of identifying users:
In McFadden the CJEU appears to have decided that password protection would be effective only if the user is required to provide identity details to the service provider so that the user cannot act anonymously.
Now that should raise some very serious concerns about anonymity and privacy -- things that we thought the EU supported. Instead, the CJEU basically seems to be saying you have a right to anonymity in connecting to the internet up until the point a major copyright holder doesn't like it any more, and they can now force WiFi operators to lock up their WiFi and/or demand identification to use it. Yikes.

This also punches a HUGE hole in the previous day's announcement by the EU Commission that there would be open WiFi across Europe. Under this new CJEU ruling, that may no longer be possible. It's fairly incredible how, between the European Court of Justice and the EU Commission, they seem so oddly confused about copyright and related issues that they seem to be messing absolutely everything up in just a few short weeks.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    JoeCool (profile), 16 Sep 2016 @ 10:56am

    Courts orders ISP to produce unicorns

    to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers.


    How do you prevent someone from doing something illegal. No one has managed that in the history of the world!

    How can you even TELL if your customers are infringing copyright? Only the copyright holder can tell that.

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 16 Sep 2016 @ 11:04am

      Re: Courts orders ISP to produce unicorns

      Only the copyright holder can tell that.

      Eh. Nope. Even the copymorons seem to be confused and we have pretty recent examples.

      But the ISPs and the people could get clever: we will do so if there is a central copyright registry that lists each and every legit content and provide clear fair use guidelines because there is no way we can evaluate the copyright status of any unencrypted data flow as things are now.

      Of course, encrypted connections, tunnels, proxies may render any password pretty useless. And regular pirates already use them anyway.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Sep 2016 @ 1:38pm

      Re: Courts orders ISP to produce unicorns

      The other point is that the person infringing on their copyright is the person who is making their work available, rather than the person who gets a copy from them. They want to attack downloading because of the collateral damage done to self publishing creators.

      reply to this | link to this | view in chronology ]

    • icon
      Padpaw (profile), 16 Sep 2016 @ 7:58pm

      Re: Courts orders ISP to produce unicorns

      That is easy, by deciding what is and what is not legal even when those two definitions contradict each other.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 16 Sep 2016 @ 10:57am

    Hmmm...

    SSID: EU_WI-FI
    PASSWORD: FUCKYOUMAFIAA

    Done.

    And it will still be anonymous even while protected with a password. Unless there is some specific order to provide individual passwords per user.

    reply to this | link to this | view in chronology ]

    • icon
      Roger Strong (profile), 16 Sep 2016 @ 11:19am

      Re:

      They ARE ordering individual passwords per user.

      > In McFadden the CJEU appears to have decided that password protection would be effective only if the user is required to provide identity details to the service provider so that the user cannot act anonymously.

      In other words, the average home or small business WiFi access point won't work. You'll need one connected to a server with a user database. A massive investment of money and time.

      The point is to outlaw open WiFi without admitting that they're outlawing open WiFi. That's a pretty goddamned dishonest "Court of Justice" there.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Sep 2016 @ 11:26am

    SSID:password is 1234
    PASSWORD:1234

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Sep 2016 @ 11:28am

    Copyright trumps all other rights

    It seems these days that copyright trumps all other rights.

    reply to this | link to this | view in chronology ]

  • identicon
    John Cressman, 16 Sep 2016 @ 11:32am

    Re-read the article

    Those of you posting silly comments about stupid wifi password, re-read the article.

    It's worse than that... MUCH worse. It reads to me that they are actually going to require UNIQUE user id's and passwords for wifi access so the copyright overlords can use that to prosecute people.

    That's a huge pain in the arse to keep track of and maintain. What small business is buy the required hardware for that or have the time to setup manual username/passwords on standard routers?

    reply to this | link to this | view in chronology ]

    • icon
      Kal Zekdor (profile), 16 Sep 2016 @ 12:07pm

      Re: Re-read the article

      It's not that much of a burden. There's been a lot of movement in the last few years in the area of "Coffee Shop WiFi". There are a bunch of APs on the market that offer easily configurable entry portals, or generate temporary passwords that can be sent directly to a network connected (reciept) printer. I've even seen one that lets people login with Facebook! If that's not de-anonymization, I don't know what is...

      Of course, none of that changes the fact that this is an incredibly stupid and dangerous ruling.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 17 Sep 2016 @ 12:27pm

        Re: Re: Re-read the article

        Correction: it's not that much of a burden if you have the hardware and know what you're doing. The majority of businesses won't, so it definitely becomes a burden. The solutions you describe can also be quite limited - for example, what about businesses that offer wifi without requiring a purchase? What about customers who don't use social media? Etc.

        reply to this | link to this | view in chronology ]

        • icon
          Kal Zekdor (profile), 18 Sep 2016 @ 2:24pm

          Re: Re: Re: Re-read the article

          Well, my point was that there's a lot of cheap hardware on the market that designed for use by non-technical people. A business could probably set something up for less than $200 (not sure if prices vary much over there, but shouldn't be far off), including hiring someone to install/setup. That wouldn't be an undue burden, if there was any merit to the requirements. Since, clearly, there's not, even the slightest burden is far too much.

          reply to this | link to this | view in chronology ]

          • icon
            PaulT (profile), 19 Sep 2016 @ 2:35am

            Re: Re: Re: Re: Re-read the article

            "A business could probably set something up for less than $200... including hiring someone to install/setup"

            Again, assuming prior knowledge. Most won't know what they actually need to buy in order to both meet their business requirements and meet the new legal standards. So, they'll be paying out a few hundred just for someone to advise on what they need to buy. Then, you might well be buying more than one, so you'd need to know how to connect them, etc. It might get expensive, and that's even without considering the potential revenue impact of customers having to work out a new way to connect and ongoing support costs. Or, of course, them buying the wrong thing and therefore remaining non-compliant.

            "(not sure if prices vary much over there, but shouldn't be far off)"

            Depends on the routers/APs you're looking at, but they will definitely be higher on exchange rates and sales taxes alone. I can look if you have examples, but you might also need to bear in mind that different regulations mean the same models won't necessarily be available in the local market. Plus, if there's legal liability and/or a genuine business need for wifi to be available to customers, you probably don't want to be buying whatever's cheapest off the shelf.

            "That wouldn't be an undue burden"

            I still disagree. I think that if you look at it from the POV of someone who is completely clueless with technology, but needs wifi for their business, it becomes a large burden quite quickly. Or, again, they might install it poorly and remain vulnerable to legal action.

            reply to this | link to this | view in chronology ]

            • icon
              Kal Zekdor (profile), 19 Sep 2016 @ 11:45pm

              Re: Re: Re: Re: Re: Re-read the article

              Familiarizing oneself and complying with regulations is just a cost of doing business. I don't think that the "burden" argument has any merit here. If there was a legitimate need for these regulations, then, unless the burden is unreasonable, it shouldn't be a concern. An unreasonable burden would be one that the majority of businesses would be unable to responsibly meet. In this case, that would mean businesses that give up on wifi altogether. I don't think that's the case here. I mean, sure, nobody's happy about shelling out, at worst, 500 euros to hire somebody to bring the wifi into compliance for them, so that they don't need any knowledge. A couple hours of research and some minor technical acumen can cut that cost down seriously. But it's not an unreasonable burden. No one is going to have to close up shop because they can't afford to comply.

              Ultimately, objecting to this regulation because of the burden it would cause is a red herring. I mean, what if they provide a grant and a team of government qualified contractors to every business that wants to offer wifi. Or, more likely, subsidize business ISPs to provide compliant equipment, as most of the businesses offering wifi (at least the ones with no technical staff) are probably using whatever equipment their ISP provided. Suddenly the burden argument is gone, and the rest gets a hand waving. This should be objected to because of the horrible precedents it sets regarding privacy, not because it might cause businesses to spend some money.

              reply to this | link to this | view in chronology ]

              • icon
                PaulT (profile), 20 Sep 2016 @ 1:22am

                Re: Re: Re: Re: Re: Re: Re-read the article

                "Familiarizing oneself and complying with regulations is just a cost of doing business."

                Yes, and for something like wifi which is usually not related to the core of that a small business actually does, complying with these is a burden. At present, there are few regulations placed on the end business - those that are borne by the manufacturer or service provider. Placing extra regulations increases the burden, and these types of regulation would increase them exponentially on many businesses.

                Is this really so hard for you to understand?

                "No one is going to have to close up shop because they can't afford to comply. "

                No, but a lot of people will stop offering wifi at all, even if that means a loss of overall revenue. Others will be at risk because they were unable to comply correctly, for whatever reason. And yes, the guy who has a little bit of knowledge and configures his own off-the-shelf purchase is probably most at risk because he may end up non-compliant when he believes he's set things up properly. Years of support for such people in my early career have taught me that the people who think they know what they're doing on their own are the ones doing a botch job that doesn't meet requirements.

                "Suddenly the burden argument is gone"

                No, it still there, it's just been shifted to another party. A party that is perhaps able to meet the requirements with lower costs and greater expertise, and perhaps turn that into increased business for themselves. But, it still exists.

                "This should be objected to because of the horrible precedents it sets regarding privacy, not because it might cause businesses to spend some money"

                Why not both? For the record, I'm not objecting to the ruling because of costs to the small businesses. I was merely correcting your false statement that it's not a burden for many of those businesses.

                reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 19 Sep 2016 @ 11:58pm

              Re: Re: Re: Re: Re: Re-read the article

              " impact of customers having to work out a new way to connect and ongoing support costs"

              Exactly so, most businesses lack the resources to do this right. You need look no further than the so-called Internet of Things, and see how well that's working out.

              And from a customers standpoint this is a whole load of stupid. As a customer am I really going to need Id's and passwords for a) the local Starbucks, b) the train station, c) my local library, d) the city library, e) my supermarket cafe...... z) my parents house?

              And who's going to verify these id's? Hows that going to work? The whole thing is stupid.

              reply to this | link to this | view in chronology ]

              • icon
                PaulT (profile), 20 Sep 2016 @ 1:27am

                Re: Re: Re: Re: Re: Re: Re-read the article

                Yes, even if implemented properly, the usability of the entire system is shot. You're no longer connecting automatically to a free wifi spot you've used before, you're having to log in. That alone reduces the convenience of free wifi and the drop in usage might lead businesses to lose money even if they do comply for little cost.

                "z) my parents house"

                I believe that the rules would only apply to businesses. If not, most ISPs supply routers with passwords pre-loaded, so in theory they'd already be compliant unless I've misunderstood to ruling.

                reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Sep 2016 @ 11:40am

    No free wifi because copyright monopoly?

    https://youtu.be/rX7wtNOkuHo

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Sep 2016 @ 11:40am

    Why is a non critical industry, that only controls what other produce, being allowed to determine how technology can be used? They are rapidly becoming the a major roadblock to the development of the arts and sciences.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Sep 2016 @ 12:50pm

    How to achieve full compliance, in one step:

    Set the password to "password".

    There. The network is now password-protected.

    reply to this | link to this | view in chronology ]

    • icon
      Jeremy2020 (profile), 16 Sep 2016 @ 1:21pm

      Re: How to achieve full compliance, in one step:

      As pointed out by others, that does not meet the requirement. They require that the user are identifiable.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Sep 2016 @ 2:03pm

    Setting up a system wiht authentication can cost a lot of money, plus all the extra hardware that is needed. I would like to turn the guest Wifi I run at home into something to make money, but it rquires a lot of extra hardware. And piece of hardware you cannot get anymore is a PCI ethernet card.

    You cannot even get PCI hardware anymore.

    reply to this | link to this | view in chronology ]

  • identicon
    Skeeter, 16 Sep 2016 @ 3:35pm

    Bye Bye Free WiFi

    And, in one blind slap, free WiFi just ended for the New World Order. You will now only be able to access WiFi if you get authorization through a commercial provider, sanction by ID verification through the state.

    Wait a minute. Why, that sounds almost like

    SOCIALISM AT WORK!

    Imagine that, and we thought Hitler had it wrong all these years, when in fact, the courts just ruled, he was VISIONARY!

    (Then again, American Government seems to think stoking race wars like Charles Manson recommended back in 1969 is a great idea to drive racial equality, too - go figure)

    reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 16 Sep 2016 @ 4:23pm

    No anonymity, no privacy!

    When are you going to "get it"? Governments DO NOT WANT citizens to have either anonymity or privacy.

    OTOH, the citizens DON'T KNOW what they want. Any government will confirm this "truth."

    reply to this | link to this | view in chronology ]

    • identicon
      Skeeter, 16 Sep 2016 @ 5:23pm

      Re: No anonymity, no privacy!

      Wow, I think you just defined 'Ouroboros Syndrome'...

      Let me ask the government if this is 'true-and-correct'.

      reply to this | link to this | view in chronology ]

  • icon
    Rapnel (profile), 16 Sep 2016 @ 8:06pm

    Copyright for your rights. Wow. Somebody wants to claim them.

    It won't be long now before this starts to ricochet. Poing poing.

    Copyrights unrequited need for total supremacy. Cunts, for short.

    Taking over teh internets like shootin' frogs in a barrel. Them frogs keep croakin'. Don't they? Yeeup.

    reply to this | link to this | view in chronology ]

  • identicon
    John Mayor, 16 Sep 2016 @ 11:55pm

    WHY WIFI

    The answer is OUTERNET!... and OUTERNET's pet project, called, The Lantern! And!... you might find the info at, https://libreplanet.org/wiki/Save_WiFi/Individual_Comments, quite interesting. Enjoy!
    .
    Please!... no emails!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Sep 2016 @ 10:28am

    'messing absolutely everything up'

    have you not yet realised that, like everywhere else in the world, the entertainment industries are the most important thing on the planet and that every court, every government are doing whatever is in their power to fuck the public while handing the world and most importantly, the Internet, over to the industries so they have the complete control they have been after for 20 years? every step they take gets closer to the goal and with prison terms of 10 years on the cards, it's better to rob a bank and buy the disks. if caught, the sentence is at least less!! and dont forget, you and i are paying for everything these shit asshole industries get and still want, not a dime from them!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Sep 2016 @ 11:49am

    Do you guys ever get stress migraines having to report on all the arrogance and stupidity coming from tech-illiterate bureaucrats (Eurocrats) owned by self-serving global corporations? Not to mention the willingness (whether conscious or not) of the public to buy into their schemes because "damn those entitled little brats who want everything and a unicorn, but aren't willing to get a job and pay for it."

    I'm going to bet no one ever thought a cartoon mouse would be the bargaining chip being used to implement a frog-in-boiling-pot, death-by-a-thousand-cuts surveillance state apparatus.

    The gall of these people is astounding. But even more so is the ignorance and cognitive dissonance of the mass populace in falling for what they're selling, because the "face" of "copyright infringement" is that of a spoiled teenager or college student living in mom's basement collecting welfare while jerking off to bootleg anime films.

    Not to mention the public considers movie stars the saints of its civic religion of celebrity worship. They will gladly sign over their freedoms to sic a SWAT team on said millennial punk, who apparently thinks he can just steal from the church coffers without doing his required penance for giving Kanye and Britney a sad.

    The term "red herring" might as well be a communist insult applied to "pirates" as far as some people are concerned. Not to go all Godwin like the previous guy did, but "first they came for the downloaders" does, in fact, apply here.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Sep 2016 @ 4:33am

    They can require all the passwords and unique identifiers in the world, but would it really matter. Could you not just log into your WIFI, then use that to log into a no-log secured VPN or proxy in a country that doesn't give a fuck?

    The people they are claiming they are trying to prevent from having anonymous WIFI are already 3 steps ahead of them. This is just an excuse to track the average Joe's WIFI use... more useless data....

    It's like the answer to them not finding the needle in the haystack is to add more hay.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Sep 2016 @ 4:33am

    They can require all the passwords and unique identifiers in the world, but would it really matter. Could you not just log into your WIFI, then use that to log into a no-log secured VPN or proxy in a country that doesn't give a fuck?

    The people they are claiming they are trying to prevent from having anonymous WIFI are already 3 steps ahead of them. This is just an excuse to track the average Joe's WIFI use... more useless data....

    It's like the answer to them not finding the needle in the haystack is to add more hay.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories

Close

Email This

This feature is only available to registered users. Register or sign in to use it.