Tuesday 25 May 2010

Q: When is a fine not a fine? A: When it’s legal fees.

Although she is late off the mark with this, Matron can’t help being somewhat irked about the level of cross-cultural misinformation surrounding the German Supreme Court’s decision on open wi-fi networks. A number of commentators, including Outlaw and the SCL Editor’s blog reported that the court has "fined" the owner of a wi-fi network because he did not secure it with a password and it was used to download music without the copyright holder's permission. Even though Outlaw then makes it clear that the “fine” consisted in the payment of legal fees, this does little to divert from the sense of uproar instilled by the article’s headline. So what actually happened?

A musician had sued the owner of a (private) unsecured wi-fi connection because his connection was used to illegally download that musician’s music. The owner of the wi-fi network could prove that he had been away on holiday at the relevant time and was understandably upset at being held responsible for that unlawful activity. As far as Matron could ascertain (the full decision has not yet been published), the musician sued the owner on two counts: (1) for payment of damages in respect of the unlawful use of his music and (2) for omission of the behaviour that enabled the unlawful activity to take place (that is, leaving his wi-fi open). The claimant's lawyers, who had been instructed to enforce the claim, also requested payment of their legal fees, incurred in relation to the sending of the letter requesting payment of damages and omission.

The court held that:

1. The owner of an open wi-fi network did not have to pay damages unless the claimant could prove that the owner himself was involved in the unlawful activity (rather than just enabling it by leaving his wi-fi network unsecured).

2. The owner of an open wi-fi network was under an obligation secure his wi-fi network by taking the technical steps deemed adequate at the time of installation.

3. The owner of an unsecured wi-fi connection was liable for the legal fees of a claimant who could prove that this enabled behaviour that damaged the claimant’s rights. However, the court capped the fees that a claimant can claim in this respect at 100 Euro.

There has been a lot of huffing and puffing about this decision from all corners of the internet with many predicting that this is going to be the thin end of the wedge as far as online copyright enforcement is concerned. But before we all jump to that conclusion, lets put the judgement into its proper legal and cultural context.

To start with, the fact that the defendant in this case was not found liable to pay damages to the claimant is surely a positive and well-reasoned step in the right direction. The owner of a wi-fi network may be under an obligation to secure that network, but he will not become vicariously liable for any unlawful activity that other people use it for. Claims that the court has created a new intermediate liability for private individuals are therefore wildly exaggerated.

Of course, the decision is not without its problems. In this particular case, the defendant could prove that he was on holiday when the illegal activity took place. But what happens in cases where that isn’t possible? What level of proof will be required from the claimant? Might there even be, heaven forbid, a reversal of the burden of proof whereby the owner of an unsecured wi-fi network will have to exculpate himself? For the answer to those questions we will have to wait for the next judgement, I’m afraid. But stranger things have happened at sea and in German case law and we would do well to keep a watchful eye on developments.

Secondly, the German court has unequivocally stated that he who runs a wi-fi network must secure it. This is the point that many find disturbing, but given the existence of certain longstanding private law concepts (in particular the concept of “Störerhaftung”), it will not come as a surprise to anyone qualified in German law. “Störerhaftung” effectively means that if you create or operate something that is likely to infringe the rights of a third party, then that third party has the right to request you to stop creating or operating that something (the right to claim an omission).

Other examples for this type of claim include the right of a property owner to stop someone from building a factory next door which emits dangerous fumes or preventing the owner of a neighbouring property to set up a building that blocks all his light or television reception. In relation to online activity, this concept has long been the basis of intermediary liability of ISPs, website hosts and platform owners (whose liability is then in turn limited through the provisions implementing Articles 12 to 14 of the E-commerce Directive). We may not appreciate the end result, but like the courts in other countries German courts must enforce and interpret statute law (in this case section 1004 of the German Civil Code), and with a lot of interpretative history in this area, it is relatively easy to see why the Supreme Court decided as it did.

At the same time, one could argue that the court has also set the bar for avoiding this sort of liability fairly low. All it requires is that, at the time of installation, owners install the most recent form of security (which should normally be what the router comes with anyway) and change the factory-set password to a personal one. If they do that, owners can run the thing for as long as they want, security measures can improve vastly during that time, but they are under no obligation to upgrade or even check it. They only have to do it once.

Now, this comes as no relief to:
  • people like Matron’s mother who would not know how to install security if it hit her in the face with a large stick (fortunately the nice man from Deutsche Telekom did it for her, and Matron expects that ISPs will take this judgement as an opportunity to widen their service offerings in this area),
  • cafes and other outlets who run open wi-fi systems (although the question here is whether the court will accept other ways to secure those networks, like an additional requirement to sign in), or
  • individuals who believe in open wi-fi.
However, maybe we should put our preconceptions aside here for a bit and ask ourselves whether, all things being equal, it is not a fairly rational demand to ask people to secure their wi-fi? Matron is all for an open network, but the fact of the matter is that that network can be used for good or ill. We are not only talking unlawful downloads here, but other things like the organisation of criminal networks, terrorist activity and the distribution of child pornography (and if readers could please take a moment here to comprehend Matron’s pain at having to play the kiddie porn card).

It is very nice that we may want to share. Sharing is good and fun and kind and we should all do it more often. But if we left our car unlocked with the keys in the ignition, knowing that any passer-by could help himself to it, would we really expect to escape liability if that passer-by turned out to be someone without a driving licence who then causes an accident? Of course we wouldn't! We accept that we are expected to take certain precautionary measures, both to protect our own property (and lets not forget that an unsecured wi-fi is also an open door to our own information) and that of others. Why should things be different online? Go on folks, move with the time!

Finally, let us turn to the small question of the “fine”. Of course, if you categorically believe that owners should be allowed to run unsecured wi-fi networks, then having to pay someone else’s legal fees just adds (financial) injury to (ideological) insult. However, those of us who see some wisdom in a requirement to secure a wi-fi network must try to evaluate this part of the judgement more reasonably. For this Matron has to dig a little deeper into the way German lawyers are paid.

Lawers’ fees are generally calculated on the basis of the “case value”. A fee table exists which sets out the amount a lawyer can charge for a particular action (for example, sending a letter before action or serving a writ) relative to the case value. The way that case value itself is calculated is relatively easy in cases like debt collection (the amount of the debt owed) but more complicated in relation to other situations. Before 2008, the way in which the case value of copyright cases was calculated had more to do with the premise of “what-can-I-get-away-with?” than any comprehensible tabulation and the courts in fact accepted case values of 10,000 Euro (proposed by the lawyers for the claimant, of course) for relatively minor infringements. This meant that potential infringers of copyright who received a lawyer’s letter requesting them to cease their infringing behaviour were, at the same time, asked to pay hundreds if not thousands of Euro in legal fees for the pleasure. This, is turn, led to something that can only be described as “fee-farming” with law firms sending hundreds of similarly phrased letters to people accused of infringement (for example, if they displayed photographs of a protected mark on eBay to sell their old household goods) just for the money it brought in. In September 2008, a new law was adopted to counteract this practice. It limited the fee that lawyers can charge for such letters to 100 Euros. The “fine” the court imposed in our wi-fi case was therefore nothing more than the application of a new law that was brought in specifically for the purpose of consumer protection.

This doesn’t change the fact that 100 Euro is still a lot of money for some people. But it beats the hell out of the threatening effect that a bill for 1,000 Euro would have had. And - Matron must come back to this fact - it can be avoided by taking a few simple security measures when you first set up your wi-fi network.

So here we are then. Was this a scary and dreadful judgement? Matron doesn’t think so. In an ideal world we could of course all leave our windows open and our front doors unlocked while we swan off for a three-week holiday in the Caribbean. But that ideal world we have yet to create. Back in the real world, we make damn sure that we have left our car in a secure car park, engaged our five-lever mortice locks and switched on the alarm. It’s common sense, really, and maybe we could do with a bit more of that online.