In recent months, courts have repeatedly adjudicated cases involving copyright infringements perpetrated through P2P file-sharing networks, commonly referred to as filesharing.
With a growing caseload, this issue impacts not only individuals but also all multi-user systems operated by companies, associations, churches, foundations, public authorities, schools, and universities.
All subsequent rulings shared a common characteristic: it was unclear whether the internet account holder themselves or a third party was responsible for utilizing the file-sharing platforms and download activities. Nevertheless, in every instance, it was definitively established that the account holder's internet connection had been employed for illicit purposes.
It is common for internet account holders to provide, or be compelled to provide, unsupervised internet access to third parties (e.g., employees, students, children). Even more frequently, Wi-Fi internet connections – wireless internet access via an antenna – are used unsecured, meaning unencrypted, thereby enabling third parties to technically exploit this access externally, typically without detection.
When copyright infringements are committed via internet connections – irrespective of the technical access method – such as through the use of P2P file-sharing networks or direct downloads, rights holders consistently pursue claims against the account holder, as they are the only party initially identifiable.
Currently, neither a clear trend nor a predictable outcome for anticipated judicial decisions is discernible. There are, in fact, conflicting rulings on comparable cases.
Consequently, any individual, organization, or enterprise receiving a cease-and-desist letter concerning filesharing should promptly consult a specialized attorney to have their specific case thoroughly reviewed.
Damages – Warning Notice Costs – Injunction
The account holder may be subject to legal action seeking damages, reimbursement of incurred warning notice costs, and injunctive relief through the submission of a cease-and-desist declaration subject to penalty. The financial implications can be substantial.
However, the plaintiff company is entitled to a claim for damages only if it can demonstrate that the defendant is either the perpetrator or at least an accessory to the copyright infringement.
The plaintiff company is generally required to present and substantiate all elements that establish the asserted claims. However, according to some courts, the account holder against whom the claim is brought bears a secondary burden of presentation. This implies that the defendant must provide detailed statements regarding the plaintiff company's allegations and the events presented, particularly those that transpired exclusively within their sphere of knowledge (cf. Regional Court Mannheim, Judgment of 29.09.2006, File No. 7 O 62/06).
In instances of online copyright infringement, the plaintiff company will typically find it challenging to prove who executed downloads and uploads via the account holder's internet connection. Consequently, if the account holder did not personally perform the alleged activities, they would generally be obligated to disclose information about individuals who have access to their internet connection.
Thus, plaintiff companies will seldom succeed in demonstrating that the account holder themselves was the primary infringer or an accessory to a copyright violation. As a result, many claims for damages arising from copyright infringements via P2P file-sharing programs fail due to this evidentiary deficit.
Conversely, defending against the claims for injunctive relief against copyright infringement and for reimbursement of warning notice costs, which are typically asserted concurrently, presents a greater challenge for the account holder.
The purpose of a claim for injunctive relief is to legally prevent future infringements or imminent disruptions. If a court determines that a claim for injunctive relief is valid, the plaintiff rights holder is generally also entitled to claim the asserted warning costs.
If an account holder has not personally committed the alleged copyright infringements via their connection as the perpetrator or an accomplice, liability may arise under the so-called "Störerhaftung" (liability for interference). The scope of "Störerhaftung" concerns the provision of internet access to third parties.
However, the circumstances under which an account holder can be held liable as an "Störer" (interferer) remain highly contentious in legal precedent.
Some examples illustrate the inconsistent judicial practice:
1. The Leipzig Regional Court (Decision of February 8, 2008, Ref. 05 O 383/08) ruled that the owner of an internet connection is also liable as a co-interferer if illegal activities, such as using a P2P file-sharing platform, are conducted via this access. In this specific case, no claim for damages was asserted against the account holder.
The court ruled that the account holder, by intentionally providing internet access, must be held liable as an "Störer" (interferer) for copyright infringements committed via their internet connection. This applies even if the connection was objectively accessible to third parties, such as children or friends.
- he provides an internet connection and
- a copyright infringement is committed via this connection and
- he has not secured his internet connection with "reasonable security measures against copyright infringements".
The court vaguely defines "reasonable security measures" as "at least the security measures permitted by standard software".
The decision is particularly far-reaching concerning the legal concept of "risk of repetition". A claim for injunctive relief fundamentally exists only if there is a risk that further copyright infringements will or could occur via the connection in the future.
The Leipzig Regional Court considers the risk of repetition to be established even by the initial use of a P2P file-sharing platform for downloading a single music, video, or image file.
2. Higher Regional Court (OLG) Frankfurt a.M. (Decision of December 20, 2007, Ref. 11 W 58/07): Fundamentally, a claim for injunctive relief exists against the account holder as an "Störer" (interferer) if copyright infringements are committed via their internet connection.
The account holder is liable as an "Störer" (interferer) for injunctive relief if they have breached their "duties of examination". The aim here is to prevent an expansion of "Störerhaftung" to third parties who did not personally commit the unlawful infringement.
However, the Higher Regional Court Frankfurt a.M. did not clearly specify the scope of the duty of examination or its individual components.
The following principles of the judgment regarding the duty of examination:
- A duty to monitor third-party users to whom access is granted, provided there is a reasonable expectation that the user might commit a copyright infringement.
- A duty to instruct users not to commit copyright infringements via the connection.
- A duty of monitoring exists if "the account holder has concrete indications that the user will misuse the connection for legal infringements." This is only deemed to be the case if copyright infringements have been repeatedly committed via the connection.
- HOWEVER: Actual knowledge of committed copyright infringements is not required. It is sufficient if the account holder could or should have had such knowledge.
3. Mannheim Regional Court (Judgment of September 29, 2006, Ref. 7 O 62/06)
A comprehensive duty of examination exists for the account holder regarding internet usage, particularly when users have familial ties, including guests in the household. The account holder must monitor activities originating from the internet connection; otherwise, they would be in breach of their duty of examination.
It is "easy for the account holder to monitor and, if necessary, prevent such actions that" occur within their own household.
For WLAN internet connections, the legal tendency is more distinctly to the detriment of the account holder.
4. The Mannheim Regional Court (Decision of January 25, 2007, Ref. 7 O 65/06) found an account holder liable as an "Störer" (interferer).
- The internet connection was established using a WLAN router.
- With the – in this instance unencrypted – WLAN, network access is open to everyone.
- Unencrypted WLAN results in the full liability of the account holder.
5. Even more far-reaching is the judgment of the Frankfurt am Main Regional Court of February 22, 2007, ref. 2-3 O 771/06:
The connection owner was found liable for offering music recordings in a file-sharing system as an indirect infringer, despite the PC being switched off at the time of the music download. The WLAN was insufficiently secured and active.
6. Similarly, the Higher Regional Court of Düsseldorf (Decision of the Higher Regional Court of Düsseldorf of December 27, 2007, 1-20 W 157/07):
To secure a WLAN and avoid liability, at least the following measures are required:
- at least all security measures permitted by standard software
- Creation of different user accounts for computer users, each with its own password; encryption of the WLAN network to prevent unauthorized external use
- The router's standard settings should be sufficient.
7. It remains ultimately unclear which security measures are sufficient to enable a connection owner to defend against claims for injunctive relief in cases of unauthorized third-party use of WLAN internet connections. An unencrypted network results in liability. The higher the level of security, the lower the probability of incurring liability.
Specifically, this entails:
- at least encryption using Wired Equivalent Privacy (WEP).
- HOWEVER: In our opinion, WEP is insufficient due to its bypassability; at least WPA or Advanced Encryption Standard (AES) with WPA2 is required.
- Password protection with appropriate passwords
- Deactivation and shutdown of the WLAN during periods of absence
- Prioritize the use of a classic wired network
8. It remains controversial which inspection obligations, extending beyond the technical security of the network and WLAN, are required for the connection owner.
Companies, authorities, schools, and universities, in particular, face significant challenges in this area, as internet usage is essential. Measures tailored to the specific case are required. However, labor law, administrative law, and data protection regulations must be observed in this regard!
Fundamentally, the following are required:
- Technical security of computer systems against unauthorized intrusion
- Rights and access management via passwords
- Agreements with users, which must also include the logging of access activities, to enable the identification of the actual infringer if necessary
- Regular instructions and training to raise user awareness
- Documented controls and sanctions
- Regulation and monitoring of internet usage in multi-user systems must be given top priority.
The future jurisprudence of the courts remains to be seen. Particularly in light of the legal situation amended on September 1, 2008, there is an urgent need for technical and legal action concerning almost all multi-user systems.
© Goldberg Attorneys 2008
Legal Trainee Marc Lau; Attorney Michael Ullrich, LL.M. (Information Law); Attorney Alexander Goldberg – Specialist Attorney for Information Technology Law (IT Law) – Specialist Attorney for Industrial Property Rights
E-mail: m.ullrich@goldberg.de
