Naked Security Naked Security

Password-protect your Wi-Fi hotspots and ask for user details too, rules ECJ

The ECJ has ruled that Wi-Fi hotspot operators aren’t liable for copyright infringements, but they may have to demand users' identities and password-protect their networks.

Europeans who provide Wi-Fi hotspots aren’t liable for copyright violations by the strangers who use them, according to Europe’s top court.

However, there’s a whopping big “but.”

The European Court of Justice (ECJ) also ruled that the holders of infringed copyrights can demand that those Wi-Fi hotspots be password-protected to deter future violations.

What’s more, users will be required to “reveal their identity to be prevented from acting anonymously.”

Perhaps that was not quite the outcome that Pirate Party supporter Tobias McFadden was hoping for in his suit against Sony Music Entertainment Germany. But those unintended consequences do have a way of coming back to bite you.

According to The Register, McFadden ran an open, password-free Wi-Fi hotspot in his Munich store. In 2010 Sony “found the hotspot was being used for copyright infringement, and obtained a court injunction ordering him to pay costs, on the grounds that McFadden hadn’t secured it.”

As the case moved through the European legal system, Fortune reports…

The court’s top legal advisor recommended that the business owner…should not be forced to password-protect his network either.

Advocate general Maciej Szpunar said ‘conferring an active, preventative role’ on hotspot operators would be inconsistent with their protected status under the 2000 e-Commerce Directive.

Unexpectedly, the top court didn’t agree.

Yes, it said, coffee shop Wi-Fi providers do deserve the same protection against copyright suits that European internet service providers (ISPs) already get. (That’s somewhat good news for those who’d like to see more Wi-Fi access throughout Europe, as the decision clears away some of the uncertainty businesses faced if they chose to offer it.)

But, no. Businesses shouldn’t be freed from responsibility to safeguard their networks. Allowing the holders of infringed copyrights to demand password-protection would balance “the intellectual property rights of rightholders [vs.] the freedom to conduct a business of access providers and the freedom of information of the network users.”

It’ll be interesting to see whether local Wi-Fi providers tighten up access proactively, or wait for lawyers’ letters from copyright holders to arrive before doing so.

It’ll also be interesting to see how willing national courts across the EU will be to issue injunctions against the owners of unprotected Wi-Fi hotspots.

Fortune quotes the European ISP trade group EuroISPA as encouraging hesitation:

It is essential that national courts follow the finely-balanced reasoning of the CJEU, and order such injunctive relief only in those instances where there is demonstrable and serious risk of repeat infringements.

Those aren’t the only questions arising from this ruling. Martin Schweiger, an IP attorney who practices in Munich, asks if it may contradict the EU’s ecommerce directive, which bans monitoring of the relevant data traffic.

How can the Wifi router provider check the eligibility of the Wifi router user without monitoring the data traffic that is generated? How far goes the required checking of the eligible user’s identity? Does he need to produce a passport or an official ID card…?

We can’t answer these questions. But we do know this: finding the answers will likely require the liberal use of attorneys.