coldtobi's blog

• Main
• Archives
• Albums
• Links
• Admin

• Blog and Website [88]
• DSL RAM [2]
• Electronics and Atmel AVR [10]
• fanctrl [3]
• General [8]
• German [1]
• La Fonera [28]
• Lifetype [17]
• Linux / Debian [31]
• Monetizing A Blog [8]
• my 2 cents [19]
• Netzfunde [17]
• Nice Links [1]
• solarpowerlog [1]
• Thecus N2100 [15]
• Tips and Tricks [18]

• Configure lighttp to simulate .htaccess rules (Deny From All)
• WoW Money Laundering?
• Samba: No mount as user.
• Nice Links #1 -- How hardrives works and how they do recovery
• Squirrelmail and lighttpd -- An Installation Guide --
• Link Crosscompiling
• git cheat sheet

• RSS 0.90
• RSS 1.0
• RSS 2.0
• Atom

• Privacy Policy
• Disclosure Policy

The legal situation is not so bad, with FON, says FON

Yesterday I wrote the a comment at Martin Varsavsky blog.

Unfortunatly, the comment was not published. However, it is totally ok for each blog owner to decide which comment will make it though and which one not. I also reserve the right to refuse a comment, even if it not happend up to date.. (currently, only spammy comments are rejected. You know, that way "I love your site", and then linking to some pharmacy site.. But that's off topic). So this is perfectly fine.

And usually, I won't blog about not-released comment. But this time, it is special. Suprisinlgly, I got email response about the comment. Defintly a plus point! But lets start with it:

([Edited] to maintain context.)

@Martin: There are already a sentence in Germany about an open Wifi spot. [It was in this case] No Fonera, but the one could prove that someone else did it.
However, there is the legal term "mitstörer" (best translated disturber; he made [the crime] possible to happen, but did not himself).
The case was about copyright infrigment, and the court ruled that the owner is liable because he has the dury to proctect the network (in this case) from abuse. They didn't go to jal
though, but the fine was several months of income.
Talking about laws: Can you please cite the law about the requirement in the UK, as a commenter in my blog told, that to his knowledge, there is no such law. My tries finding it failed too. 

And today, I got this response by a FON representative, Robert Lang . Robert was so kind to allow it to be posted, so here is it: 

It's great that you mention this Hamburg verdict about 'Mitstörerhaftung'.

Actually with FON, the verdict would not have happened as it did.

What happened was that someone was accused of filesharing and claimed he
could not be made responsible for it, since he has an open WiFi hotspot and
it could have been anyone - and the law requires to prove that it was the
accused person.

The issue is that the judge did not accept this excuse, and requested
logfiles proving that actually someone else was connected to the access
point at the respecitve time.

With FON, the user would have been able to prove very easily, that it was
someone else connected to his hotspot @ the respective time and it was not
him.

So in fact, with FON this verdict would not have happened the way it did.
Best,
Robert 

Disclaimer Well, I am not a lawyer. So the analysis I doing here might be not so exact. However, I will try to get as much information about the topic, and I am welcome for any comments, clearifications or suggestions.  So, you cannot claim "but coldtobi said that"!

The quoted verdict in my comment with the "Aktenzeichen" 308 O 407 / 06, was about a mother and a sun. The two claimed, that anyone used their open, unencrypted WLAN for filesharing, using the gnutella protocol. However, the the court  could not prove that the they really did the infrigments. In Germany, in criminal law, "in dubio pro re" is enforced. But the case was civil law, thererfore court did not have to drop the case. And the court declared, that this detail is not relevant. In the written statement, this sentence is important: 

Ob die Antragsgegner die Rechtsverletzungen selbst begangen haben oder ob die Rechtsverletzungen aufgrund einer Nutzung der ungeschützten WLan-Internetverbindung durch Dritte erfolgten, kann aber dahinstehen.Denn die Antragsgegner haben für diese Rechtsverletzung jedenfalls nach den Grundsätzen der Störerhaftung einzustehen.

Rough Translation: If the defendants did the infrigments by themselfes, or if was done by a third party, is not relevant. The defendants are liable for the infrigments after the principles of the disturber-liability.

Probably, the court did not believe them, that they are not the ones, but the cannot write this down. So they wrote it this way: It does not matter. The law requires some conditions to get liable because of being a disturber. In this case, the defendants would have to assume, that a unprotected WiFi could be missued, and would have to take precautions. The court rules, that this can be expected to learn what dangers exists and how to avoid them.

One problem of this verdict is, that it is not direct applicable to the FON enviroment. I'll try to find out, what aspects are applicable and what not. 

On the one side, FON maintains logfiles for every hotspot, but the informations in this hotspots are sparse: Knowing how the OpenWRT-based firmware works, FON can only log, when, which user has logged in, and how long. Howerver, the MAC can only be logged if explicitly transfered by e.g the browser: By Ethernet-Standards, it is required that two MACs communicating has to be on the same local network. On leaving the LAN, which happens one time in the La Fonera and the second time in the DSL-router, the MAC is replaced with the routers one. At last, at the server serving content to the user logged in at the fonera cannot technically log the MAC. But this makes it undistinguishable, who explicitly used the service. And it would have helped the defendants, if they could backup the "it was'nt me". Latest if more than one person is online with the same hotspot, the hotspot owner is in the same position as in the case above, at least in the argument "it wasn't me".

The service is also only available to subscribers, paying and not-paying ones. For registration, email is required but no other form of id. A user can pay using several methods. The payment is the only way to track the customer, as the email addresses and other entered contact informations can be easily faked. If on the Linus plan, it is easier to stay anonymous: Routers capable of running FON-Software are readily available. Also it is relativly easy to obtain an anonymous Linus account. Ok, there are also traces involved by this, but this traces can be blurred and not so strong backuped like the payment traces. (Several possibilites are coming in my mind. Probably not all feasible, but). Neverless to say, If no payment is required, there are also no traces. 

Well, why I am develop all this? In the freifunk.de FAQ: one question is

Wer haftet in Freifunk-Netzen bei möglichen Rechtsverletzungen?
Antwort: Ein öffentlicher Provider haftet nicht für die Rechtsverletzungen seiner Nutzer, muss aber nachweisen können, die Rechtsverletzungen nicht selbst begangen zu haben.

Translated: Who is liable if laws are violated using freifunk-networks?

Answer: A ISP (more literal: public provider) is not liable for violation performed by it users, but the provider has to prove that the violatior is indeed someone else.

In this context a article is reference which originally was released in the well known magazine "ct" of heise.de. The article is only available if you pay for it at heise's page. However, the author, the lawyer Joerg Heidrich also published the article for free. This article really is worth to read, and some aspects ideas used in this article originated at his article. 

This argument, however, contains two main aspects:

1. You have to be an ISP. TThis is regulated in Germany: To claim this benefits, at minimum you have to register your hotspot at the appropitate authority. (Bundesnetzagentur). Note, that is could be, that you are required to do this anyway, but I suggest to do some own research on this.
2. To be not liable, you have to prove it.

If commercially operated, the rights as hotspots owner also opens some responsibities. This article describes them, as this would be too much off topic. One important point is, that one claiming to be ISP has to ensure the protection of secrecy of telecommunications (encryption!) and have provide measures against misuse of the service by unauthorized people. Probably claiming to be an ISP opens more duties than benefits.

But the second point could really be tough. If you do not any logging of your own, you probably have not enough data to really prove that oneother did it. If technically possbile, it is also not easy, as the TKD (the telecommunications law ) and TDDS (pricacy policy law) limits the amount of data which is allowed to log. In my opinon, one can only prove doubtlessit, if an alternate account/provider is exclusivly used for the hotspot, or if other measures are taken, like VPN-routing. 

So as an conclusion, it is not clear, if the logfiles by fon will be really helpful, if the "good will" showed is enough in front of court. At the moment no Fonero did face such problems, so there is no reference how judgs would decide. However, there are technical possibilities to make the FON community are more safe place, and FON has already started to think about it. So lets finish this thoughts and make the best out of it, because law are defintly some barriers. 

So, this should be enough for the time being, as I now wrote serveral hours on this articles. I will update/extendit as soon as I get new informations....

 
[Disclaimer: I am not a lawyer, therfore is the above text reflects only my very own opinon. For an more precise analysis, you'll have to see a offical laywer, as this is NOT to be seen as an legal advice. I must not and also will not give any advices in legal things.]

References used for this article, further readings (sorry, mostly German)

http://de.wikipedia.org/wiki/MAC-Adresse

http://www.heise.de/newsticker/meldung/78289

 http://www.heise.de/ct/06/20/052/

 http://www.law-blog.de/323/wlan-ungesichert-stoererhaftung/

 http://wiki.freifunk.net/FAQ_Rechtliches