In addition, there is a Freifunk - a non commercial initiative to provide free public WiFi.
Why would after such a long time the CDU suddenly drop the pro-Störerhaftung position? It seems much more likely that SPD and CDU have reached a compromise that eliminates the Störerhaftung only partially.
I expect the outcome will just create legal uncertainty. So that there won't be any positive effect.
That's because the Advocate General (AG) to the Court of Justice of the European Union (CJEU) has decided it to be so . According to the AG, there has to be balance between "freedom to conduct business" and "protection of IP". So, the requirement to make WiFi networks secure via passwords is an unfair balance.
The AG's counsel is not binding on the CJEU but it gives you fair direction on which side the CJEU would rule.
Why are they willing to drop this so much more quickly? Is the legal argument stronger here? Are the law and order people just that much more powerful than the intellectual property people? Is there a larger compromise at play, where the CDU compromises on this issue and the SPD on another?
EU court directives are applicable for EU member countries. CDU or SPD can't do much. There's also a ruling from the Danish SC on EU directives that applies in Germany on open WiFi. I doubt SPD or CDU could do much. It would potentially just delay the homecoming of such a law.
I don't read verdicts often enough to say how common this is (and certainly often arguments are copied without mentioning the source). However, in literature you regularly see that authors refer to cases from different EU member states. And why should arguments made by Danish judges by worth less in Germany than arguments made by German judges? The whole point of the EU is harmonization of law. If one legal source is consistently interpreted in two different ways in two different countries something definitely went wrong.
> It’s noteworthy, though Germany’s legislators probably don’t realize this yet, that the elimination of the Störerhaftung enables use of the open wireless defense in Germany, according to a ruling from the Danish Supreme Court (which does have bearing in Germany, as that court ruled on EU directives).
Most of them own tablets and smartphones by now and they don't feel like maxing out their data plan which they have to pay for themselves.
On a serious note, I'd agree that this just creates legal uncertainty. Netzpolitik.org (in German langauge) goes a bit into details 
Luckily, there's always onionpi (https://learn.adafruit.com/onion-pi/ ) should you need to run an open wifi network.
That's not true. At the end of 2015, about 31 people were found guilty.
Germany is particularly notorious when it comes to useless, ridiculous and downright detrimental laws regarding anything that has to do with the Internet, notable examples being the so-called 'Leistungsschutzrecht' (https://en.wikipedia.org/wiki/Leistungsschutzrecht ) and the 'Impressumspflicht' (legal notice requirements for websites)
There have been several attempts to sue Freifunk (basically a public mesh WiFi using tunnelled connections) participants this way too, luckily so far that hasn't resulted in a single "victory" yet.
It is quite silly, of course, and is generally a little hassle with your hotel.
Ohhhh, they have a wifi hotspot portal: "Enter your cell phone number to get an SMS with a 30 minute code". You want me to turn on my cell-phone and potentially incur roaming charges now?
I hear things have gotten better in Frankfurt and you only have to provide an email address. How did they skirt this law?
By being run by companies that claim to be ISPs. What exactly counts as an ISP is at the core of the entire issue, because ISPs are protected from this. A company which only exists to provide internet access has a better standing (and better lawyers) to argue that it is an ISP, compared to a private person or a coffee shop owner.
Most coffee shops I use Wifi in thus have access points provided by such companies. They offer AP/captive portal etc as a package and send the traffic through their systems, taking responsibility for it. (for good measure, some of them probably send the traffic out to the internet in other countries, to make it harder to harass them over it)
Typically people just disable "data roaming" when travelling internationally, at least until one reaches and can lock to a "friendly" 3G/4G network. Thus there are no charges for IP traffic including MMS, and SMS reception is always free because you cannot turn it off.
(I still agree that WLAN at German airports is abysmal and at restaurants practically non-existent. Another downside of Germany is the unavailability of Google Street View.)
Welcome to Canada...
(It's not as pricey as it used to be, but who knows how many SMSs you might have queued up)
You just need to log in via a website, where you have to press "yes, I read the ToC".
China, Russia and the US all require that.
Citizens and everyone else with a residence permit don't have to register temporary whereabouts ("for a few nights").
On the other end, the US is pretty unique in that you don't have to notify the government that you're leaving the country. I believe recent laws actually authorize an exit-tracking system, so that might be coming to an end unfortunately.
This is as opposed to Russia and China, where foreigners are required to notify the government of every address they ever stay at.
Now it appears that you don't follow this opinion, you think we should let criminals access the internet anonymously?
Of course we should, because that is unavoidable. Making anonymity harder will make it so that only criminals have anonymity, because they are the ones who can justify extraordinary measures and are willing to break laws in order to get it. All laws against anonymity do is harm honest people who need it for anonymous speech and privacy.
And somehow all of your premises are wrong, even though only one has to be for your argument to fail:
> Internet is not really a public resource, it's rather a gigantic alliance of p2p connections, mostly organized by private entities who can make whatever contracts they want.
This is like saying transportation isn't a public resource because buses and taxis and airplanes are provided by lots of different people under privately negotiated terms. You don't have to show ID to ride in a taxi, nor should you.
> On this alliance, if one actor wreaks havoc (spam, DOS, scam, piracy), the victim can only turn back to the node which transmitted the connection
Victims of scams can follow the money or flow of goods. Spam and denial of service can be algorithmically identified and rate limited. Undetectable piracy is not a problem your proposal would solve; see also direct download sites, foreign VPN services, I2P, sneakernet, LAN parties, etc.
It is also possible for endpoints to choose to require that the opposite endpoint authenticate cryptographically before accepting any other data from it, which will always be significantly more reliable then relying on every carrier and endpoint on the internet to remain uncompromised in its ability to assert the origin of traffic it forwards.
> It's up to this node to keep logs and forward the pursuit upstream to the attacker
This isn't a premise at all, it's just an unsupportable conculsory normative assertion.
> It's the only way it can decently work, because we may lack proofs or the chain of responsibility to attack the upstream node directly
So block it until the attack stops then. Or require users to register using some collateral or proof of work.
> Legal problems will happen if we treat the Internet as a public resource, where politics have a say, where access is not authenticated, and where no-one bears responsibility for crimes.
Just because an IP address doesn't map to a person doesn't mean "no-one bears responsibility for crimes." It just means investigations are more expensive. Which is good, because it means serious crimes can still be prosecuted but mass surveillance and petty crusades are impeded.
So, having an open WIFI is like painting a huge target on your back, albeit a somewhat smaller one when media companies are removed from the list of potential trouble makers.
(See also: http://www.lawblog.de/index.php/archives/2016/05/12/dein-wla... (in German), for a defense lawyer's perspective)
It's not too dissimilar from a shop owner being forced to give up security camera footage -- the owner is not being targeted in the investigation, and there's plenty of unrelated footage, but there is a high likelihood of relevant evidence existing.
passwords are soooo annoying (is that a 1, l, or I?) & if everyone had open wifi, then it could be utilized much more, lowering everyone's wireless carrier usage. also, you wouldn't need to worry about someone using too much bandwidth -- it would happen, but i doubt more frequently than with the passwords. Well, wifi could be throttled if it were really a problem.
I've long thought that if your business is using public unlicensed spectrum then you should be required to let the public in.
A very large national phone carrier in my country is blanketing the cities with wifi reserved for their customers - using a public resource and clogging up the unlicensed spectrum for private gain. They've already bought a lot of spectrum licenses, but clearly using public spectrum is a cost-effective way to add capacity.
Yes, I was referring to cafe / resto wifi. If one opens it, then people take advantage, but if everyone opens theirs, then nobody bothers. Only some really cheapskate neighbors who most probably don't consume all that much of it anyways.
everybody has a smartphone now, most don't bother asking for the wifi password. If you ask for it, then often the next problem is the router doesn't work because nobody has used it in so long.
Anecdotes: 1: on London Underground, my phone authenticates using the SIM somehow (it still shows a captive portal screen, just with an ad, yay). 2: in the Turkish lounge in Istanbul airport, the shared password was clearly a marketing channel, InvestInTK2016 or some such. It struck me as pretty clever.
> if your business is using public unlicensed spectrum then you should be required to let the public in
"Unlicensed" isn't really "unlicensed", as much as specifically licensed for anyone to do with as they please. But to take your idea just one step further, once you've opened up all wifi for the general publics consumption (what a renaissance for wired networking!), would people using it be allowed to use it for private gain? Why is it wrong to use unlicensed spectrum for private gain, but not to use a service provided over the same spectrum for private gain? Also, as a business, under this doctrine, are you allowed to enable wifi access to a closed non-internet LAN, with only locked-down non-public servers on it?
One does not need a license to operate a radio in the WiFi bands, so that spectrum is unlicensed. However, it is not unregulated. :)
> Anecdotes: 1: on London Underground, my phone authenticates using the SIM somehow...
That might be EAP-SIM .
EAP (and WPA2-EAP) is really cool. I really wish that MSFT would configure their WiFi supplicants to not care if the key of the PEAP or TTLS server they're talking to is signed by an unknown CA. This would let coffee shop owners deploy encrypted but password-less WiFi and shut down a whole class of attacks. 
 Seriously, MSFT obviously designed their WPA2-EAP GUIs only for use in an enterprise environment. There's no way for a Windows user to connect to a WPA2-EAP network that uses PEAP or TTLS with a cert from an unknown CA by just clicking on the network in the network browser and punching in some credentials. You must manually configure the network, then uncheck a checkbox buried beneath a couple of menus. What's more, the error you get if you don't do this is entirely unhelpful. :/ In contrast, Apple's GUI for this is actually useful: "This cert is unknown. You want to trust it for this WiFi network?". Say yes and off you go!
I think this requires clarification - I don't mean no business should ever use wifi. I mean businesses like telephone companies shouldn't be using to augment their networks. Obviously offices and the like need secure wireless networking that normal hardware can connect to.
> Why is it wrong to use unlicensed spectrum for private gain
Maybe with my above correction this isn't needed, but in cities the 2.4ghz channel is loaded to death and in a few years the 5ghz channel will be the same. All I'm objecting to are these closed commercial networks from people who should be paying for the spectrum bunging up the open one the rest of us use. My city is soaked with a wifi network that is closed to everyone except the customers of a telco. If your primary business is providing network connectivity, perhaps you should pay for the finite resource you use.
Also, it's hard to discuss the issue when there are no details about the specific issue available.
But two points: First, where I am, 2.4Ghz is perfectly swamped with normal residential access points. It seems unlikely that this telco in your city did much more than move up the point where the spectrum is swamped, rather than causing it directly (also, if their use is affecting everyone else, they themselves are affected, too, rendering their investment pretty pointless, which leads me to wonder just how bad the situation actually is). Second, if you do want to regulate, in a rule-of-law-compatible way, well, it's going to be hard to distinguish a Starbucks access point operated for the benefit of customers of Starbucks from a telco access point operated for the benefit of customers of that telco. (If you want to use spectrum ownership as the metric, consider that many telcos cover both spectrum-owning mobile and commercial and residential broadband (ie wifi-providing) subsidiaries). To further muddy the waters, the telco is very likely to be selling access to their wifi network to non-subscribers.
Not really. Usually there is an actual Starbucks where there is Starbucks WiFi and it doesn't extend much beyond the coffee shop. In this case and the case of Comcast in the US, the company is using other people's property for broadcasting wireless.
I don't particularly want to get out the spectrum analysis gear and argue with your points in a ground war. I think for discussing a general idea it's a distraction.
There's nothing about password protected wifi that makes it inherently non-public.
Wifi is saturated regardless of it being metro or not, relatively speaking the strongest signals by far will come from your neighbours not the telcos.
If you set a password (even if it's just "password") and therefore enable e.g. WPA2-PSK, data is properly encrypted with a per-client session key.
The terrible certificate support in e.g. Android is just icing on the top.
Those enterprise solutions are almost certainly wrapping the MSCHAPv2 exchange in TLS. e.g. PEAP-MSCHAPv2 or TTLS-MSCHAPv2. Additionally, I'm not sure, but I think that plain EAP-MSCHAPv2 can't generate the keys required for a wireless client to establish an encrypted session with an AP and -thus- would never be used by a WiFi client.
> The terrible certificate support in e.g. Android is just icing on the top.
Eh? In my experience both Android and OS X's UIs for WPA-EAP are substantially superior to the UI that Windows offers.
I am not surprised provided what I hear you say, that Bulgaria (where I live in) has the best internet connection in the world. If you think I am joking - Google it. What the title says is sheer stupidity and makes absolutely no sense - and insult to intelligence.
This the primary reason why Germany has very few open WiFi spots.
And not only that, I can buy an anonymous SIM card, if I want. What exactly are you saying, you are defending this stupidity? What else are you defending, if someone uses Facebook or Whatsapp for terrorism, you gonna shut them down.