The First Civil Senate of the Federal Court of Justice, which is responsible, among other things, for copyright law, has addressed the requirements for securing an internet connection with WLAN functionality in connection with liability for copyright infringements.
The plaintiff is the owner of exploitation rights to the film “The Expendables 2”. She is suing the defendant for reimbursement of warning notice costs due to the public dissemination of this film work via “filesharing”. The film was made publicly accessible at various times in november and December 2012 via the defendant's internet connection by an unknown third party who had gained unauthorized access to the defendant's WLAN. The defendant had put her internet router into operation in early 2012. The router was secured with a WPA2 key assigned by the manufacturer and printed on the back of the router, consisting of 16 digits. The defendant had not changed this key when setting up the router. The local court dismissed the action. The plaintiff's appeal was unsuccessful.
The Federal Court of Justice rejected the plaintiff's appeal on points of law. It ruled that the defendant is not liable as a disturber because she did not violate any inspection obligations. The owner of an internet connection with WLAN functionality is obliged to check whether the router used has the security measures customary for private use at the time of its purchase, i.e., a current encryption standard and an individual, sufficiently long, and secure password. Retaining a manufacturer-preset WLAN password can constitute a violation of the inspection obligation if it is not a password assigned individually for each device, but rather one used for multiple devices. In the present case, the plaintiff failed to provide evidence that the password was one assigned by the manufacturer for multiple devices. The defendant had fulfilled her secondary burden of proof by naming the router type and the password, and by stating that it was a password assigned only once. Since the WPA2 standard is recognized as sufficiently secure and there is no indication that at the time of purchase the preset 16-digit numerical code did not comply with market standards or that third parties could decrypt it, the defendant did not violate her inspection obligations. Therefore, she is not liable as a disturber for the copyright infringements committed by an unknown third party via her internet connection. A security vulnerability existing in this router type only became publicly known in 2014.
Judgment of the Federal Court of Justice of november 24, 2016 – I ZR 220/15 – WLAN Key
Lower Courts:
Local Court of Hamburg – Judgment of January 9, 2015 – 36a C 40/14
Regional Court of Hamburg – Judgment of September 29, 2015 – 310 S 3/15
Source: Press Release of the Federal Court of Justice
Goldberg Attorneys at Law 2016
Attorney Michael Ullrich, LL.M. (Information Law)
Specialist Attorney for Information Technology Law
Email: info@goldberg.de
