I came across this article on ZDnet a few weeks ago and the title grabbed me and made me sit up straight: “Pub fined £8000 for wifi copyright infringement”. In short the story was as follows: A pub in the UK had a fine levied against them in a civil case taken by the copyright owner of content that was accessed/downloaded illegally through a public wifi hotspot in the pub.
Now this type of case is very rare and raises several questions;
- What was the content accessed, and how did the copyright owner find out?
- Why was the civil suit taken against the pub instead of the network owner The Cloud.
- What effect will this have on future cases in regards to liability for ISP’s and the accessibility of public wifi networks?
Now there are a number of points that need definition. First there is a “public (wifi) network”; this is a network that is accessible by any member of the general public and in such not limited to any specific group or type of people (not the legal description but close enough imho). Now a wifi network that is broadcasting in a public space and which offers paid or unpaid access could under this definition be considered a public (wifi) network as also described in the legal advice sent to The Cloud by the law firm Faegre & Benson on 17 August: “Wi-Fi hotspots in public and enterprise environments providing access to the internet to members of the public, free or paid, are public communications services“. Now, operators of said public communications services are by law not liable for content downloaded through the service provided. So the owners of the pub could argued this point in court. However instead they appeared to have settled out of court. The £8000 euro awarded to the plaintiffs is also not a fine but instead a “compensation” for damages incurred. I sincerely hope that it is actually a settlement as that would also mean that the legal precedent is questionable and that we won’t see a raft of these cases shutting down public wifi access all over the UK.
A second issue to consider here is the EU wide Data Retention legislation. This legislation (in short) means that telecommunication providers, including Internet access providers, need to retain records of their clients usage (who, when, where & what). For w provider of public wifi access to comply there would have to be a once off registration process and a repeated authentication process. That way usage can be linked to the individual and comprehensive records can be produced. Some wifi providers will argue that this is not necessary or that this can only be done through a charging process. Both are wrong. While providers theoretically do not have to start retaining this data until asked to do so by the government it is best practice to do so. The “paid argument” is also faulty as it is perfectly feasible to ask a user to register the first time they use a service and hence create a user profile. They will then be assigned authentication details (username & password, token etc.) which will be used to authenticate each time they use the network. Now this requires a bit more work and a capable network backend and this is why some providers prefer to avoid this. If this registration & authentication had been in place it would have been very easy to determine the actual defendant in this case.
However it is my suspicion that while The Cloud normally uses an authentication system that in this case the pub and/or its staff might have been handing out login details to its patrons while bypassing the registration process. This means that there is no actual record of who has been accessing what data, where or when. The chain of evidence would end with the pub owner who, if they acted in this manner, created a situation whereby the tracebility ended with them. Hence it could be argued during a civil case where the standard of proof was the balance of probabilities that they are ultimately responsible. To fight this in court would possibly be a long drawn out process that would cost far in excess of a £8000 settlement payment. I really doubt that this went through the full process of a court hearing, however I do not have the actual file on this case so can’t say this with absolute certainty.
CONCLUSION: While this case looks serious it will not mean the end of public wifi access in the UK or Europe. It does however serve one purpose; if you provide or want to provide public wifi access in your venue (whether it’s a pub, hotel airport or any other location) make sure that your network uses a registration, authentication & data retention. We at Airappz have been providing this for years and alleviates all kinds of worries both for the customer & ourselves.