The First Civil Senate of the Federal Court of Justice, which is responsible among other things for copyright law, dealt with the requirements for securing an internet connection with WLAN function in connection with liability for copyright infringements.
The plaintiff is the owner of exploitation rights to the film "The Expendables 2". It is claiming compensation for warning costs from the defendant for making this film publicly available by way of "file sharing". The film was made publicly accessible at various times in November and December 2012 via the defendant's internet connection by an unknown third party who had gained unauthorised access to the defendant's WLAN. The defendant had put its internet router into operation at the beginning of 2012. The router was secured with a WPA2 key consisting of 16 digits, issued by the manufacturer and printed on the back of the router. The defendant had not changed this key when setting up the router. The district court dismissed the action. The plaintiff's appeal was unsuccessful.
The Federal Supreme Court dismissed the plaintiff's appeal. It held that the defendant was not liable as a "Stoerer" (interferer) because it had not breached any duty to check. The owner of an internet connection with WLAN function is obliged to check whether the router used has the security measures that were customary in the market for private use at the time of its purchase, i.e. a current encryption standard as well as an individual, sufficiently long and secure password. The retention of a WLAN password preset by the manufacturer can constitute a breach of the duty to examine if it is not a password used individually for each device but for a plurality of devices. In the case in dispute, the plaintiff did not provide any evidence that it was a password that had been assigned by the manufacturer for a number of devices. By naming the type of router and the password and by stating that it was a password that had only been assigned once, the defendant had satisfied its secondary burden of proof. Since the WPA2 standard is recognised as sufficiently secure and there is no evidence that at the time of purchase the preset 16-digit numerical code did not comply with customary market standards or that third parties were able to decrypt it, the defendant did not breach its duty to examine. Therefore, it is not liable as a troublemaker for the copyright infringements committed via its internet connection by an unknown third party. A security vulnerability in the type of router only became known to the public in 2014.
Judgment of the Federal Supreme Court of 24 November 2016 - I ZR 220/15 - WLAN-Schlüssel
Lower courts:
AG Hamburg - Judgment of 9 January 2015 - 36a C 40/14
Hamburg Regional Court - Judgment of 29 September 2015 - 310 S 3/15
Source: Press release of the BGH
Goldberg Attorneys at Law 2016
Attorney at Law Michael Ullrich, LL.M. (Information Law)
Specialist lawyer for information technology law
E-mail: info@goldberg.de
