In recent months, the courts have repeatedly had to rule on copyright infringements through P2P file sharing.
With an increasing number of cases, this affects not only individuals, but also all multi-user systems of companies, associations, churches, foundations, authorities, schools and universities.
All of the decisions dealt with in the following had the particularity that it was not certain whether the connection owner himself or a third party was the user of the file sharing and downloading operations. In all cases, however, it was certain that the connection owner's internet connection was used for illegal use.
It often happens that the connection owner provides or has to provide his or her Internet access to third parties (employees, pupils, students, children, etc.) unsupervised. Even more frequently, WLAN internet connections, i.e. wireless internet access via an antenna, are used unsecured, i.e. unencrypted, so that third parties are technically able to use this access from the outside - usually unnoticed.
If copyright infringements are then committed via internet connections - regardless of the technical access - for example by using P2P file sharing networks or by downloading, the rights holders always stick to the connection owner with their claims - because only this owner can be identified first.
A clear tendency and ultimately a predictability of the expected court decision is not yet recognisable. There are partly contradictory decisions on comparable cases.
Therefore, every person, organisation or company that receives a warning letter for file sharing should immediately contact a specialised lawyer for advice in order to have the individual case reviewed.
Damages - warning costs - injunction
The owner of the connection can be sued in court for damages, for reimbursement of warning costs incurred and for injunctive relief by issuing a cease-and-desist declaration with a penalty clause. The cost burden can assume enormous proportions.
However, the plaintiff company is only entitled to damages if it can prove that the defendant is the perpetrator or at least a participant in the copyright infringement.
In principle, the plaintiff company has to present and prove all the features that justify the asserted claims. In the opinion of some courts, however, the owner of the connection who is the subject of the claim has a secondary burden of proof. This means that the opposing party to the claim must comment in detail on the allegations and events of the plaintiff companies which took place exclusively within his sphere of perception (cf. LG Mannheim, judgement of 29 September 2006, file no. 7 O 62/06).
In the case of copyright infringements on the Internet, it is usually not possible for the plaintiff company to prove who has carried out downloads and uploads via the Internet connection of the owner of the connection. If the owner did not carry out the alleged downloads and uploads himself, he would have to provide information about the persons who have access to his internet connection.
The suing companies will therefore only rarely succeed in proving that the connection owner himself was the perpetrator or participant of a copyright infringement. Therefore, numerous claims for damages due to copyright infringements through the use of P2P file-sharing programmes also fail due to this lack of proof.
In contrast, it is more difficult for the owner of the connection to defend against claims for injunctive relief and compensation for warning costs, which are regularly asserted in parallel.
The purpose of injunctive relief is to legally ward off a future impairment or threat of impairment. If a court comes to the conclusion that a claim for injunctive relief exists, the plaintiff rights holder is in principle also entitled to the asserted warning costs.
If a connection owner has not himself committed the claimed copyright infringements via his connection as a perpetrator or participant, liability may be justified within the framework of so-called "Stoererhaftung" (Breach of Duty of Care). The subject of "Stoererhaftung" (Breach of Duty of Care) is the provision of the internet connection to third parties.
However, when a claim can be made against a connection owner as a "Stoerer" (interferer) has been very controversial in case law up to now.
Some examples show the inconsistent decision-making practice:
The Regional Court of Leipzig (order of 08.02.2008, ref. 05 O 383/08) ruled that the owner of an internet connection is also liable as a co-disturber if illegal acts are committed via this access, for example by using a P2P file sharing platform. A claim for damages was not asserted against the owner of the connection in this case.
The court ruled that since the owner of the connection had willingly created access to the internet, he was liable as a "Stoerer" (interferer) for copyright infringements committed via his internet connection. This was also the case if the connection was objectively usable by third parties, be they children or friends.
- it provides a connection to the Internet and
- a copyright infringement is committed via this connection and
- he has not secured his internet connection by "reasonable security measures against copyright infringements" .
The court describes what is meant by reasonable security measures very nebulously as "at least the security measures that standard software allows".
The decision is particularly far-reaching with regard to the legal term "risk of repetition". In principle, a claim for injunctive relief only exists if there is a risk that further copyright infringements will or may occur in the future via this connection.
The Regional Court of Leipzig considers the risk of repetition to be given by the first use of a P2P file sharing platform for the download of a single music, video or image file.
2nd OLG Frankfurt a.M. (decision of 20.12.2007, file no. 11 W 58/07): In principle, there is a claim for injunctive relief against the subscriber as the interferer if copyright infringements are committed via the subscriber's internet connection.
The owner of the connection is liable for injunctive relief as a "Stoerer" (interferer) if he has violated his "duty to examine". Here, an extension of the "Stoererhaftung" (Breach of Duty of Care) to third parties who have not themselves carried out the unlawful interference is to be avoided.
However, the OLG Frankfurt a.M. did not clearly comment on the scope of the duty to examine and on the individual duties to examine.
The following principles of the ruling on the duty to examine:
- The court held that there was a duty to monitor third party users to whom the user had given access to the connection if it was likely that the user could commit an infringement of copyright.
- Duty to instruct not to commit copyright infringements with the connection.
- The obligation to monitor exists if "the connection owner has concrete indications that the user will misuse the connection to infringe rights". This is only the case if copyright infringements have been repeatedly committed via the connection.
- BUT: Knowledge of actually committed copyright infringements is not required. It is sufficient if he can or should have knowledge.
3. district court Mannheim (judgement of 29.09.2006, file no. 7 O 62/06)
There is a comprehensive duty to check the internet use of the connection owner, especially in the case of a family relationship of the users, including the guests in the house of the users. He has to check the actions emanating from the internet connection, otherwise he violates the duty of inspection incumbent upon him.
It was "easy forthe owner of the connection to check and, if necessary, to stop such actions thatoccur" in his own household.
For WLAN connections to the internet, the tendency is more clearly to the detriment of the connection owner.
The Mannheim Regional Court (order of 25 January 2007, file no. 7 O 65/06) has sentenced a subscriber as a "Stoerer" (interferer).
- The internet connection was established by means of WLAN via a WLAN router.
- Through the - in this case unencrypted - WLAN, access to the network is open to everyone.
- In the case of unencrypted WLAN, the full liability of the connection owner arises.
5 The judgement of the Regional Court Frankfurt a.M. of 22.02.2007, file no. 2-3 O 771/06, goes even further:
Conviction of the owner of the connection for offering music recordings in a file-sharing system as a troublemaker, although the PC was switched off at the time of the download of the piece of music. The WLAN was not sufficiently secured and switched on.
6 Similarly OLG Düsseldorf (decision of the OLG Düsseldorf of 27.12.2007, 1-20 W 157/07):
To secure a WLAN, the minimum required to avoid liability is:
- At least all the security measures that standard software allows
- Create different user accounts for the users of the computer, each with their own password Encryption of the WLAN network to prevent unauthorised use from outside
- Default settings of the router should be sufficient.
7. which security measures are sufficient in the case of unauthorised use of WLAN internet connections by third parties in order to be able to defend claims for injunctive relief as the owner of the connection has ultimately not yet been clarified. An unencrypted network leads to liability. The higher the level of protection, the lower the probability of liability.
This means concretely:
- at least Wired Equivalent Privacy (WEP) encryption.
- BUT: WEP is not sufficient because of the bypassability - in our opinion - at least WPA or Advanced Encryption Standard (AES) for WPA2.
- Password security with suitable passwords
- Post-switching off and switching off the WLAN in case of absence
- Prefer the classic cable network
8 It remains controversial which inspection obligations for the owner of the connection are necessary beyond the technical protection of the network and the WLAN.
Especially companies, authorities, schools and universities are faced with major problems here, as the use of the internet is required. Measures tailored to the specific case are necessary. However, provisions of labour law, administrative law and data protection law must be observed!
Basically required are:
- Technical protection of the computer systems against unauthorised intrusion
- Rights and access management through passwords
- Agreements with the users, which must also include the storage of accesses in order to be able to determine the actual interferer if necessary.
- Regular instruction and training to raise user awareness
- Documented controls and sanctions
- The regulation and monitoring of the use of the Internet in multi-user systems must be given top priority
The further decision practice of the courts remains to be seen. Especially against the background of the changed legal situation as of 01.09.2008, there is an urgent need for technical and legal action in almost all multi-user systems.
© Goldberg Attorneys at Law 2008
Trainee lawyer Marc Lau; lawyer Michael Ullrich, LL.M. (information law); lawyer Alexander Goldberg - specialist lawyer for information technology law (IT law)- specialist lawyer for intellectual property law
E-mail: m.ullrich@goldberg.de
