Internet security

The European court of justice risks to restrain Mr. Juncker’s enthusiasm on public WiFi

Posted on Updated on


The EU Court of Justice has issued its final ruling in the well-expected McFadden case regading the liability of a provider of public WiFi. Accoding to the European judges, the operator of a shop who offers a Wi-Fi network free of charge to the public is not liable for copyright infringements committed by users of that network.

The judgment makes commons sense, otherwise it would be impossibile to provide public wifi throughout Europe, no-one would feel able to take the risk. Nevertheless, the court says that a password (in order to identify the user) may be required by way of injunction in order to secure the network and balance the interest of copyright holders. The concrete impact of the latter requirement shall be still evaluated: the court is not saying that any Wi-Fi network must be secured, however this protection may be required on a case-by-case basis by way of judicial injunction or administrative order. Thus, it will be interesting to see how this CJEU ruling will be interpreted, in light of the recent declaration of President Juncker whereby the “main centers of public lifes” of towns and villages should be covered with public WiFi by 2020 (although most of the industry believes it to be more a “boutade” rather than something serious). Fact is, the more protection and identification instruments are imposed (also considering the features of the technology used), the less public WiFi can realistically develop. Therefore, should the protection requirement become common practice or even a legislative requirement, the expansion of free public WiFi will be at risk, contrary to Juncker’s declarations.

To remind that facts of the case:

  • Mc Fadden was running in Germany a lighting and sound system shop in which he offers access to a Wi-Fi network to the general public free of charge in order to draw the attention of potential customers to his goods and services;
  • After his network was used by third-parties to commit copyright infringements, an important copyright holder (Sony Music) sued McFadden in front of a German court claiming his indirect liability for the infringement for having failed to secure his network.

According to the CJEU:

  • making a Wi-Fi network available to the general public free of charge in order to draw the attention of potential customers to the goods and services of a shop constitutes an ‘information society service’ under the E-Commerce directive (2000/31/EC);
  • where the three conditions for Article 12 of the E-Commerce directive (mere conduit exception) are satisfied, a service provider such as Mc Fadden, who providers access to a communication network, may not be held liable;
  • consequently, the copyright holder is not entitled to claim compensation on the ground that the network was used by third parties to infringe its rights.
  • However, the E-Commerce directive does not preclude the copyright holder from seeking before a national authority or court to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers.
  • In that context, an injunction ordering the internet connection to be secured by means of a password is a fair balance of rights at play.
  • Finally, as per Article 15 of the E-Commerce directive McFadden cannot be obliged to monitor all communications on his networks in search of copyright infringement, nor can termination of connections be considered a proportionate injunctive relief.


Enisa: le banche devono presumere che i PC dei loro clienti sono infetti

Posted on Updated on


Interessante presa di posizione di Enisa, l’agenzia europea per la sicurezza delle reti. Con un press release pubblicato oggi, l’agenzia ha affermato che le misure di sicurezza delle banche, in relazione a conti e pagamenti online, dovrebbero tenere conto del fatto che i PC dei clienti sono o possono essere infetti. Solo sulla base di questa presunzione gli standard di sicurezza delle banche possono quindi considerarsi adeguati.

Questa presa di posizione segue l’analisi di un recente caso di frode telematica che ha avuto luogo in Olanda, denominata “High rollers” (in merito al quale è disponibile uno studo di McAfee e Guardinan Analtytics). Enisa ha inoltre raccomandato l’adozione di devices e strumenti ad hoc (inclusi gli smartphones) per assicurare la sicurezza dei conti online, e maggiore cooperazione transfrontaliera.

La notizia è quindi interessante per i consumatori, ma darà invece qualche grattacapo alle banche, che dovranno dimostrare di aver predisposto strumenti di sicurezza sempre più sofisticati al fine di evitare corresponsabilità nel caso di frodi telematiche.

Il press release di Enisa così come il report di McAfee si trovano al seguente link: