
Germany plans to remove owner liability for piracy on open Wi-Fi hotspots–report - Tomte
http://arstechnica.co.uk/tech-policy/2016/05/german-open-wi-fi-storehaftung-law-repealed/
======
denzil_correa
The article doesn't mention that the case was fought in court by German Pirate
Party activist Tobias McFadden.

[http://piratetimes.net/german-pirates-went-to-the-
european-c...](http://piratetimes.net/german-pirates-went-to-the-european-
court-for-free-wi-fi/)

In addition, there is a Freifunk - a non commercial initiative to provide free
public WiFi.

[https://freifunk.net/en/](https://freifunk.net/en/)

------
germanier
The wording of the proposed law is not published yet and there are good
reasons (including statements by the involved ministries) to believe that it
does not really have the effect they claim.

~~~
DasIch
Just politically it doesn't make any sense to me to believe the change will
have that effect.

Why would after such a long time the CDU suddenly drop the pro-Störerhaftung
position? It seems much more likely that SPD and CDU have reached a compromise
that eliminates the Störerhaftung only partially.

I expect the outcome will just create legal uncertainty. So that there won't
be any positive effect.

~~~
denzil_correa
> Why would after such a long time the CDU suddenly drop the pro-Störerhaftung
> position?

That's because the Advocate General (AG) to the Court of Justice of the
European Union (CJEU) has decided it to be so [0]. According to the AG, there
has to be balance between "freedom to conduct business" and "protection of
IP". So, the requirement to make WiFi networks secure via passwords is an
unfair balance.

The AG's counsel is not binding on the CJEU but it gives you fair direction on
which side the CJEU would rule.

[0]
[http://curia.europa.eu/jcms/upload/docs/application/pdf/2016...](http://curia.europa.eu/jcms/upload/docs/application/pdf/2016-03/cp160028en.pdf)

~~~
DasIch
That's a very good reason. I don't think it truly explains the shift,
considering the larger context. They suffered similar and larger legal
setbacks on data retention and they didn't change their position on that, they
pursued it further.

Why are they willing to drop this so much more quickly? Is the legal argument
stronger here? Are the law and order people just that much more powerful than
the intellectual property people? Is there a larger compromise at play, where
the CDU compromises on this issue and the SPD on another?

~~~
nickbauman
The black helecopter conspiracy theorist in me whispers: As a mass
surveillance strategy it makes much more sense to have a national tap on all
the free wifi than to require passwords/id, which would send potential
terrorists underground with something harder to tap. The threat of an
effective security culture of "undesirable" cells around, say, one-time pads,
is the end-game that any state security apparatus is trying to avoid.

~~~
kuschku
Especially with the Freifunk community threatening to provide a free, secure,
public WiFi system anyway.

------
Aissen
The situation is similar in France, with the HADOPI(3-strike law) adding a
"neglect" infraction for lack of securing your Internet access. So you're
indirectly responsible of piracy, but won't pay fines for it, only for
negligence of securing your wireless network (ie running an open network).
It's pretty comical and hard to apply, and only one person has been sentenced
in the 7 years of this law.

Luckily, there's always onionpi ([https://learn.adafruit.com/onion-
pi/](https://learn.adafruit.com/onion-pi/) ) should you need to run an open
wifi network.

~~~
palunon
>only one person has been sentenced in the 7 years of this law.

That's not true. At the end of 2015, about 31 people were found guilty.

[https://nextinpact.com/news/96525-hadopi-plusieurs-
abonnes-c...](https://nextinpact.com/news/96525-hadopi-plusieurs-abonnes-
condamnes-a-300-et-500-euros-d-amende.htm)

~~~
Aissen
But how many were condemned _specifically_ for "neglect" ? I'm guessing it's
not that many. Anyway, even if it's 31 people, it's still a very low number
considering the money spent there.

------
abhi3
Is this a common practice in Europe /US? It seems ridiculous that the WiFi
provider would be held liable for such a thing. Why stop there, should make
the ISP liable too!

~~~
BjoernKW
No, it's just Germany that has this stupid rule. Yes, it's ridiculous but has
that ever kept politicians from implementing legislation?

Germany is particularly notorious when it comes to useless, ridiculous and
downright detrimental laws regarding anything that has to do with the
Internet, notable examples being the so-called 'Leistungsschutzrecht'
([https://en.wikipedia.org/wiki/Leistungsschutzrecht](https://en.wikipedia.org/wiki/Leistungsschutzrecht)
) and the 'Impressumspflicht' (legal notice requirements for websites)

~~~
kpcyrd
The Impressumpflicht that is applied to websites now, is based on a law from
1530[1]

[1]:
[https://de.wikipedia.org/wiki/Impressumspflicht#Geschichte](https://de.wikipedia.org/wiki/Impressumspflicht#Geschichte)

~~~
germanier
The idea is old but the law now applied to websites was deliberately extended
to the internet.

------
awqrre
It's just common sense... Can a ISP be liable for what it's user do? An open
Wi-Fi hotspot is basically an ISP....

~~~
detaro
That's the core of the legal issue. ISPs are protected, it's not clearly
regulated what/who an ISP actually is, and the courts generally haven't
granted the status to private/on-the-side providers.

------
cm3
It's safe to speculate that the final wording will have limitations and still
require identification of users to pursue "pirates", online bullies, online
vandals, etc.

------
ulfw
Years too late. Many years really.

~~~
tajen
Why? Here's my current POV: 1. Internet is not really a public resource, it's
rather a gigantic alliance of p2p connections, mostly organized by private
entities who can make whatever contracts they want. 2. On this alliance, if
one actor wreaks havoc (spam, DOS, scam, piracy), the victim can only turn
back to the node which transmitted the connection; 3. It's up to this node to
keep logs and forward the pursuit upstream to the attacker; 4. It's the only
way it can decently work, because we may lack proofs or the chain of
responsibility to attack the upstream node directly; 5. Legal problems will
happen if we treat the Internet as a public resource, where politics have a
say, where access is not authenticated, and where no-one bears responsibility
for crimes.

Now it appears that you don't follow this opinion, you think we should let
criminals access the internet anonymously?

~~~
AnthonyMouse
> you think we should let criminals access the internet anonymously?

Of course we should, because that is unavoidable. Making anonymity harder will
make it so that _only_ criminals have anonymity, because they are the ones who
can justify extraordinary measures and are willing to break laws in order to
get it. All laws against anonymity do is harm honest people who need it for
anonymous speech and privacy.

And somehow all of your premises are wrong, even though only one has to be for
your argument to fail:

> Internet is not really a public resource, it's rather a gigantic alliance of
> p2p connections, mostly organized by private entities who can make whatever
> contracts they want.

This is like saying transportation isn't a public resource because buses and
taxis and airplanes are provided by lots of different people under privately
negotiated terms. You don't have to show ID to ride in a taxi, nor should you.

> On this alliance, if one actor wreaks havoc (spam, DOS, scam, piracy), the
> victim can only turn back to the node which transmitted the connection

Victims of scams can follow the money or flow of goods. Spam and denial of
service can be algorithmically identified and rate limited. Undetectable
piracy is not a problem your proposal would solve; see also direct download
sites, foreign VPN services, I2P, sneakernet, LAN parties, etc.

It is also possible for endpoints to choose to require that the opposite
endpoint authenticate cryptographically before accepting any other data from
it, which will always be significantly more reliable then relying on every
carrier and endpoint on the internet to remain uncompromised in its ability to
assert the origin of traffic it forwards.

> It's up to this node to keep logs and forward the pursuit upstream to the
> attacker

This isn't a premise at all, it's just an unsupportable conculsory normative
assertion.

> It's the only way it can decently work, because we may lack proofs or the
> chain of responsibility to attack the upstream node directly

So block it until the attack stops then. Or require users to register using
some collateral or proof of work.

> Legal problems will happen if we treat the Internet as a public resource,
> where politics have a say, where access is not authenticated, and where no-
> one bears responsibility for crimes.

Just because an IP address doesn't map to a person doesn't mean "no-one bears
responsibility for crimes." It just means investigations are more expensive.
Which is _good_ , because it means serious crimes can still be prosecuted but
mass surveillance and petty crusades are impeded.

~~~
tajen
Good points, thank you for developing. You might even have changed my mund, it
was worth it.

------
Pica_soO
To be perfectly honest- everyone ignored it. That seems to be the role of the
lawmakers lately. Make some law to comfort the elderly and ignorant- then
don't enforce it and clear up the mess and damages created by the chilling
effect. Ironically it wont even save those ISPs it was made to protect for,
which paid ridiculosis amounts of money for smartphone frequency's.

------
blubb-fish
The infamous CP card is usually played by backwards-minded conservatives but
it was, is and keeps being a potential big problem when you open your Wifi to
the public. Also other criminal online activities.

~~~
chokma
This is still a problem even if the Störerhaftung (WIFI-owner being liable for
misuse) is removed: When the police comes looking for someone distributing CP,
they go by the IP address and take everything that remotely looks like a
computer for forensic examination.

So, having an open WIFI is like painting a huge target on your back, albeit a
somewhat smaller one when media companies are removed from the list of
potential trouble makers.

(See also: [http://www.lawblog.de/index.php/archives/2016/05/12/dein-
wla...](http://www.lawblog.de/index.php/archives/2016/05/12/dein-wlan-dein-
risiko/) (in German), for a defense lawyer's perspective)

~~~
dave2000
Well, no, if the law says "anyone can run open wifi, and any suspicious use
there should be investigated, and not just taken as read that the person who
owns the wifi is the user of it" then the moment permission is sought to raid
the place it should be denied immediately until there's some evidence the
person running the wifi also committed the crime. If that's written into the
law; if at the point a warrant is sought, or if at the start of a court case
the defence can just say "this case should be tossed out; you aren't allowed
to go after people running free wifi" then there would be no point in going
after the people providing free wifi. After all, no-one goes after the ISPs.

~~~
ascagnel_
Except that there is evidence to show that the specific equipment was used to
commit a crime. You'd be hard-pressed to provide a legal standard that
prevented police from obtaining permission from a court to seize that evidence
as part of their investigation, even if the owner isn't implicated.

It's not too dissimilar from a shop owner being forced to give up security
camera footage -- the owner is not being targeted in the investigation, and
there's plenty of unrelated footage, but there is a high likelihood of
relevant evidence existing.

------
codecamper
I think there should be a law that would disallow passwords for public wifi.

passwords are soooo annoying (is that a 1, l, or I?) & if everyone had open
wifi, then it could be utilized much more, lowering everyone's wireless
carrier usage. also, you wouldn't need to worry about someone using too much
bandwidth -- it would happen, but i doubt more frequently than with the
passwords. Well, wifi could be throttled if it were really a problem.

~~~
pjc50
If it's got a password, it's not really _public_ wifi. Isn't it usually
complementary wifi for patrons of a particular business?

~~~
jackvalentine
I think he might be referring to "public" but not public wifi, like coffee
shops etc.

I've long thought that if your business is using public unlicensed spectrum
then you should be required to let the public in.

A very large national phone carrier in my country is blanketing the cities
with wifi reserved for their customers - using a public resource and clogging
up the unlicensed spectrum for private gain. They've already bought a lot of
spectrum licenses, but clearly using public spectrum is a cost-effective way
to add capacity.

~~~
mseebach
Large scale public wifi generally doesn't have passwords, that clearly doesn't
scale, they have fancy enterprise auth things or captive portals. Shared
password only works for small places like coffee shops.

Anecdotes: 1: on London Underground, my phone authenticates using the SIM
somehow (it still shows a captive portal screen, just with an ad, yay). 2: in
the Turkish lounge in Istanbul airport, the shared password was clearly a
marketing channel, InvestInTK2016 or some such. It struck me as pretty clever.

> if your business is using public unlicensed spectrum then you should be
> required to let the public in

"Unlicensed" isn't really "unlicensed", as much as specifically licensed for
anyone to do with as they please. But to take your idea just one step further,
once you've opened up all wifi for the general publics consumption (what a
renaissance for wired networking!), would people using it be allowed to use it
for private gain? Why is it wrong to use unlicensed spectrum for private gain,
but not to use a service provided over the same spectrum for private gain?
Also, as a business, under this doctrine, are you allowed to enable wifi
access to a closed non-internet LAN, with only locked-down non-public servers
on it?

~~~
jackvalentine
> But to take your idea just one step further, once you've opened up all wifi
> for the general publics consumption (what a renaissance for wired
> networking!)

I think this requires clarification - I don't mean no business should ever use
wifi. I mean businesses like telephone companies shouldn't be using to augment
their networks. Obviously offices and the like need secure wireless networking
that normal hardware can connect to.

> Why is it wrong to use unlicensed spectrum for private gain

Maybe with my above correction this isn't needed, but in cities the 2.4ghz
channel is loaded to death and in a few years the 5ghz channel will be the
same. All I'm objecting to are these closed commercial networks from people
who should be paying for the spectrum bunging up the open one the rest of us
use. My city is _soaked_ with a wifi network that is closed to everyone except
the customers of a telco. If your primary business is providing network
connectivity, perhaps you should pay for the finite resource you use.

~~~
mseebach
So you're speaking of a specific problem in a specific place - this is kind of
hard to know when it was phrased as a general principle.

Also, it's hard to discuss the issue when there are no details about the
specific issue available.

But two points: First, where I am, 2.4Ghz is perfectly swamped with normal
residential access points. It seems unlikely that this telco in your city did
much more than move up the point where the spectrum is swamped, rather than
causing it directly (also, if their use is affecting everyone else, they
themselves are affected, too, rendering their investment pretty pointless,
which leads me to wonder just how bad the situation actually is). Second, if
you do want to regulate, in a rule-of-law-compatible way, well, it's going to
be hard to distinguish a Starbucks access point operated for the benefit of
customers of Starbucks from a telco access point operated for the benefit of
customers of that telco. (If you want to use spectrum ownership as the metric,
consider that many telcos cover both spectrum-owning mobile and commercial and
residential broadband (ie wifi-providing) subsidiaries). To further muddy the
waters, the telco is very likely to be selling access to their wifi network to
non-subscribers.

~~~
hueving
>it's going to be hard to distinguish a Starbucks access point operated for
the benefit of customers of Starbucks from a telco access point operated for
the benefit of customers of that telco

Not really. Usually there is an actual Starbucks where there is Starbucks WiFi
and it doesn't extend much beyond the coffee shop. In this case and the case
of Comcast in the US, the company is using other people's property for
broadcasting wireless.

------
george20
You guys surprise me, how is this news? Western societies are supposed to be
liberal, how exactly would one be responsible of what other guys do? How about
open Wifi in hotels or restaurants?

I am not surprised provided what I hear you say, that Bulgaria (where I live
in) has the best internet connection in the world. If you think I am joking -
Google it. What the title says is sheer stupidity and makes absolutely no
sense - and insult to intelligence.

~~~
denzil_correa
> How about open Wifi in hotels or restaurants?

This the primary reason why Germany has very few open WiFi spots.

~~~
george20
Well, I am glad they are moving over. Technically, it would be very hard to
find people responsible for open Wifi in, for example, a hotel. Who would be
responsible if Osama Bin Laden browsed something that is illegal? The hotel
owner, the staff, the internet provider? And how about if the hotel is owned
by a public company? The shareholders?

Just bullshit.

~~~
realityking
That's why the wifi isn't open in German hotels, instead you get a login
specific to your room.

~~~
george20
And that is why this is bullshit, because, if I want, I switch to mobile
roaming for the price of one beer. You cannot stop me with bullshit like that,
if I want to do something that they think is illegal.

And not only that, I can buy an anonymous SIM card, if I want. What exactly
are you saying, you are defending this stupidity? What else are you defending,
if someone uses Facebook or Whatsapp for terrorism, you gonna shut them down.

Please.

~~~
yoo1I
I think you will not be surprised to read that they are trying to outlaw
anonymous SIM cards ...

[http://www.spiegel.de/netzwelt/netzpolitik/prepaid-sim-
regie...](http://www.spiegel.de/netzwelt/netzpolitik/prepaid-sim-regierung-
will-anonyme-handy-karten-verbieten-a-1087295.html)

