D: German Federal Court of Justice decides on security measures for private WLAN access
Category: NachrichtenBy: O. Gönner,2B Advice – the privacy benchmark
On May 12, 2010, in its "Sommer unseres Lebens" decision, the German Federal Court of Justice determined that private persons do not have a duty of continuous inspection and security for WLAN access. Only those security measures which are customary at the time of installation must be taken.
In the underlying circumstances, at least one music title of the plaintiff was offered over the WLAN access point of the defendant. However, the defendant was able to prove that he was on vacation during the relevant period. The plaintiff demanded from the defendant the cease and desist of actions, the payment of damages and the reimbursement of warning costs. The responsible regional court ruled against the defendant in accordance with the petition, and the appeal that was filed was unsuccessful.
The First Civil Senate of the German Federal Court of Justice, which is responsible for copyright matters, nullified the appellate court judgment, to the extent that the appellate court had rejected the complaint with the request for cease and desist and with the request for the payment of warning costs (Judgment of May 12, 2010 - I ZR 121/08 - Sommer unseres Lebens). From the view of the judges, liability of the defendant as actor or participant in a copyright infringement did not come into consideration. Compared to commercial enterprises, the private owner of a connection also has the duty to examine the connection for reasonable security measures against the risk of unauthorized use and copyright infringement. However, a private operator cannot be expected to continuously maintain network security according to the newest state of the art and expend the financial resources that correspond to this. In the opinion of the judges of the Federal Court of Justice, the duty to examine for reasonable security measures within the private sector only refers to adherence to security customary in the private sector market at the point in time of the installation of the router.
In the present case, the defendant had already violated this duty when he did not replace the factory-installed standard security settings of the WLAN router, particularly by not replacing the password with a personal password that was sufficiently long and secure. The court is of the view that it is proven that such a measure was customary and reasonable as early as 2006. For this reason, according to the principles of so-called "liability for interference" (Störerhaftung), the defendant in the present case is also liable for the cease and desist of actions leading to the infringment and for the reimbursement of warning costs.
On the other hand, the Federal Court of Justice decided that the defendant was not an actor in a copyright infringement, because the defendant did not make the music title at issue accessible over the Internet. In the present case, the necessary intention of an actor is missing.
Even if the Federal Court of Justice allows outdated security measures to be sufficient for private persons, the use of updated security precautions is urgently recommended, since there is not only the threat of the damages presented above; there are also risks to one's own network and
private data.