The European Court of Justice (ECJ) recently announced its decision in Sony v McFadden with important consequences for open wireless in the European Union. The court held that providers of open wifi are not liable for copyright violations committed by others, but can be ordered to prevent further infringements by restricting access to registered users with passwords. EFF reported on the legal aspects of the case last year and collaborated on an open letter to the ECJ on the costs to economic growth, safety and innovation of a password lockdown.

Free wifi is rare in Germany compared with other EU countries due to legal uncertainty generated by the doctrine of Störerhaftung, a form of indirect liability for the actions of others, which has deterred cafes, municipalities and others from offering free connectivity. Many in Germany hoped that the McFadden case would remove these doubts, but it is now clear that a legislative fix is needed instead.

A Community Wireless Advocate in Court

McFadden, a community wireless activist with Freifunk, offered free wifi from his shop. He received a cease and desist letter from Sony Music after a user shared music from his network, and they also demanded that he pay the lawyer fees for this letter. McFadden successfully argued he was a service provider under the national implementation of the E-Commerce Directive and a 'mere conduit' for his users' traffic. This shielded him from direct liability for his users’ copyright violations but not from Störerhaftung - a liability attaching to any party in a position to ‘terminate or prevent’ the infringements. As a result copyright owners had a claim for injunctive relief against McFadden.

The German court proposed three enforcement options: shutting the network, monitoring all traffic, or ending user anonymity through a registration and password system. According to the ECJ only the last of these is consistent with EU law, but such a ‘solution’ will introduce major administrative overhead for providers. Worse still, they could also be saddled with the legal costs incurred in seeking the injunction. In the face of such burdens many operators will shut down...

A Solution in Sight?

The ECJ found that password based restrictions are consistent with EU law, not that they are required by it. The other options, however, would have would have entailed breaches of the E-Commerce rules and fundamental rights. The good news is that this means a domestic solution compatible with EU law is possible. Ideally German legislators would abolish Störerhaftung altogether. A previous attempt at legal reform last June was supposed [German] to deal with this but is regarded as flawed.

An alternative, less comprehensive approach, would be to shift the legal costs of the injunction to the party requesting it. If the bills are paid by the wifi owner, there is an incentive for lawyers to launch actions against every open wifi node in the country. Copyright trolling has history in Germany, where lawyers have leveraged the 'formal system of notice' for cease and desist letters (abmahnungen) into a shakedown system against millions for alleged copyright infringement online. But if the rightsholders must cover their own costs, orders will only be sought against nodes which are a serious source of infringements.

Universal Access: Forever Deferred?

A day before the McFadden verdict, the head of the EU Commission outlined a goal of free wifi throughout Europe by 2020. This will never be achieved by top-down means alone, but will require a user-based movement of connection sharing. The ECJ did not address the situation of individuals who make wifi available without economic motive, but German activists are protecting themselves against risks by technical means. Freifunk, for example, routes user traffic through a virtual private network so that it appears to originate in the Netherlands or Sweden, countries where Störerhaftung does not exist.

Universal access to the net will ultimately require curbing the power of a copyright industry which sees free networks as a threat to their property, something to be controlled and monitored rather than opened up and shared. In March, the Advocate General, whose reports are intended to guide the ECJ's decisions, rejected the password lockdown approach as inconsistent with a fair balance of the competing fundamental rights involved. He continued:

any general obligation to make access to a Wi-Fi network secure, as a means of protecting copyright on the Internet, could be a disadvantage for society as a whole and one that could outweigh the potential benefits for rightholders.

The ECJ did not follow his advice, and now it's up to legislators to fix what's broken.