A county court in Frankfurt Germany has continued its trend in ruling in favour of internet connection owners who receive warning letters for file sharing (14.06.2013 Az. 30 C 3078/12).
The judges also clarified its position with regard to security measures connection owners should take. Provided factory-set authentication codes are individual to each router, internet connection owners can escape liability for copyright infringements.
The claimant in the case, a large music company, had originally sent a file sharing warning letter to the father and owner of the family’s internet connection. In the letter the company demanded compensation and the reimbursement of legal fees.
When the father refused to pay, the music company brought a claim alleging that the father had illegally made a music album publicly available.
The county court in Frankfurt rejected the claim.
Family internet connection
The father disputed having committed the copyright infringement. He argued that he had never had file sharing software or the music file on his computer.
At the time the copyright infringement was committed the defendant’s wife, 16 year-old son and 20 year-old daughter each had access to the internet connection via their own computers.
The father asserted that he had no knowledge of whether the other family members had used their computers for illegal activities. But he did submit that in 2006 a family discussion had taken place at which the connection owner informed the family about the dangers of using torrent software.
The Fritz-Box wireless internet connection was protected with WEP encryption.
Presumption of guilt rebutted
Under principles developed by Germany’s Federal Court of Justice (Bundesgerichtshof, BGH), an internet connection owner is presumed guilty of legal infringements committed via that connection.
This presumption can be rebutted by sufficiently and conceivably demonstrating, on the balance of probabilities, that the infringement could have been conducted in some other way or by some other person.
In this case, the county court held that the possibility that the other family members could have committed the copyright infringement was sufficient to rebut the presumption of guilt.
The court’s position on the rebuttal of the presumption of guilt is to be welcomed.
File sharing, strict liability and due diligence
A further element to file sharing cases is that internet connection owners are generally liable for copyright infringements which are committed via their connections, even if they are committed by third parties.
Connection owners can avoid this strict liability by sufficiently demonstrating that they fulfilled their duties to monitor and inform. These duties apply to connection owners and their children. There is no duty, for example, to monitor a spouse’s use of the internet.
In the current case, the court found, without calling further evidence, that the family discussion about the use of file sharing software was sufficient to absolve the father from being held strictly liable for the copyright infringements.
WEP encryption and strict liability
The most interesting aspect of this case is the court’s position on the security measures connection owners must adopt for their WiFi connections.
The defendant informed the court that, since setting up the internet connection, he had not changed the 13 digit factory-set authentication key.
In most cases the courts would deduce from such statements that the internet connection was insufficiently secure and in applying BGH case law, would find the defendant guilty on the basis of strict liability.
The county court, however, veered from the established case law and found that the internet connection was sufficiently secure. It justified its decision as follows:
“As it is submitted to the court, this matter concerns a Fritz-Box authentication key which has been in use since 2004 and which is allocated in the factory to each device on an individual basis. In light of the fact that personal passwords are regularly less than 13 digits long, it appears that the test of a high level of protection laid down by the BGH in its decision from 12.05.2010 I ZR 121/08, which is designed to prevent third parties from gaining access to an internet connection, is achieved, despite the fact that no personal password was used in this case. It seems that the cited BGH decision had cases in mind where routers are fitted with a factory-set model or batch authentication key. In such cases a sufficient level of protection can only be achieved by personalising the password (see Mantz, Anm. zu BGH Urt. v. 12.05.2012 in MMR 2010, 569).”
Fortunately, the county court’s decision shows that there are courts which are prepared to question seemingly clear directions of the highest case law.
The view that there is no need to change a factory-set individual 13 digit authentication key in order to achieve a higher level of protection is from a technical standpoint, absolutely correct. However, due to lack of technical knowledge on the judges’ benches, fears that this position will not be adopted at county court level are well-founded.