This is how Germany works. Everyone is monitored, everyone is liable for everything. You would think an ISP could say: why don't you sue our customer directly? But not in Germany. There you are liable for things you do, things your customers do, things your customers' customers do, things your customers' customers' customers do, and so on. This is really the country where regulation stifles innovation.
And you cannot have any type of internet connection without linking it to your passport and home address.
No other industry gets all these benefits - only the copyright industry. I wouldn't be surprised to learn there is some deep corruption there.
Suppose I have a fantastic idea for a company: I start importing BAIC Beijing BJ90s to Germany, then I glue a new star-in-a-circle badge onto them and sell them.
Mercedes-Benz decides that I shouldn't do this, and gets a court injunction to stop me. Volkswagen thinks my company is hilarious, and decides to continue importing cars on my behalf. They don't actually do the badge-gluing -- I have to do that in a third location -- but they are more than willing to perform the actual import.
Should the court prevent VW from participating in the scheme? If they should, why is that different from the Cloudflare case?
I would like the rule of law to applies to all industries equally. I am mostly unconvinced by the special pleading of the technology industry. I am willing to be convinced, however!
A few years ago before they changed the liability laws you wouldn't find free wifi anywhere because they would be liable for anything. So this means places you would normally get free wifi didn't. It's been quite nice having free wifi in public places since the law has changed.
There is actually a Chinese solution to this which you wouldn't prefer at all. Legally every place who provide free wifi will need you to do sms verification with your smartphone, and record your ip with your smartphone number (which in China is connected to your identity). Then they need not worry about liability, because if anything goes wrong, they can tell the police exactly who you are.
If you want both privacy and liability, it seems indeed only you can do is to be harsh on larger entities like cafe shops who provide free wifi.
> In this case, the Court established that CDN services can be liable but drew the line at DNS resolvers.
Imho this a misunderstanding of paragraph 9.1 of the Telemediengesetz. The paragraph only forces caching providers to remove or block content once the original content has been blocked or removed.
If the web server sets an Expires-At header with a date far in the future, none of the rechecking headers like etag, and the CDN endpoint isn't pressed for storage (or the site is requested enough to not be evicted), why would the CDN stop serving it?
Cloudflare makes this a feature, to continue serving your website even if your server is down.
I live in the EU. I don't think you can get a SIM card or a home-internet-connection without of ID or Passport (if you are a foreigner). Unless you got a cafe/hotel/restaurant/neighbor and you steal their wifi you are correct - I don't think you can have an internet connection what cannot be traced back to you.
Not continental Europe, but 3 weeks ago I bought a sandwitch, drink and a Vodaphone sim card at Dublin international, right outside Terminal 2. I paid cash for it. Came with 20GB of data. I never tried it, but apparently you can buy topup vouchers at retailers also for cash.
I converted my number to a bill-pay last week, and I had to submit proof of residence for that. I think they also asked for proof of ID (passport) and proof of residence status.
This is almost correct. Most EU countries require that you register your SIM card with your ID, before using it. This was a very controversial move from the EU, taken to the European Court of Human Rights, where it was given the green light [0].
Only a handful of EU countries didn't follow through with the ruling [1]
Landline is a bit different, as you need proof of residence to contract it anyway.
UK isn't in the EU anymore, but here you've always been able to get anonymous pay-as-you-go SIM cards at the shop and top them up with cash. We don't even have a national ID card. If you sign up for a contract, which is cheaper, you do need to provide some proof of identity though.
SIM cards are associated with a cell tower, which is located in a population, so your anonymous card is tied to your image in any of the billions of CCTV monitors which track citizens as they move
In Finland you can go to any corner store to get a 300mbps 4G SIM or even 600 mbps 5G SIM and use it as your home internet in a LTE modem (which is very common)
At least in Germany, you can, but it's still tied to an ID, so you'd need to find someone who's willing to sell it and potentially get in trouble. When you buy a prepaid SIM in the supermarkets, one of the first things you have to do when installing it in your phone is do some kind of ID verification, either with the digital functionality in your ID or via some app like Postident which will do a face and ID verification.
You can either order them preregistered from ebay or your local slightly shady phone resale store. It's also likely possible (though i havent tried) to use eSim and global providers like airalo.com to get one without enforced controlled registration (unlikely that they check, specially if you register via proxy).
And lastly, especially if you live in west german you can just take a train to the netherlands and by a sim there, no registration required.
Prepaid data sims will not activate until you either talk to a store employee and show them your ID, or use a service online to videocall with somebody and show them your ID.
They will work but you are at risk of the provider cutting you off for "abusing roaming" and I'm not sure if they can also sue you to recover their roaming costs. The EU cellphone network isn't integrated between different countries - roaming works the same as roaming from the EU to the USA, besides also having some consumer fairness laws.
I don't think this is true anymore. Since 2017 the "at home" roaming works in the EU. It's a bit funny around prepaid SIMs, but I'm almost certain that it's just a cap on the price of data around €2/gb. That sounds like a lot, but my carrier plan is honestly not far off that price. (£25/mo for 12GB data)
It is true, I am on such a prepaid SIM plan where I pay 5€ and get like 1000 minutes and 30Gb of data with it, plus bonuses. But it doesn't include roaming. There is a subscription plan starting at 7€/mo, also without roaming, however it provides less flexibility than prepaid. When I go abroad I change my plan to one that includes roaming and costs 15€/3 weeks. Other operators have prepaid roaming plans for 11€.
£25 for 12Gb of data would be ripoff here, unless it's roaming data.
> £25 for 12Gb of data would be ripoff here, unless it's roaming data.
EE [0] are one of the bigger carriers here, and the only ones with decent coverage where I live, this is their list of plans. You can get cheaper, but it often comes with limited speeds.
Wow, that'a expensive. I checked my prepay plan and I'm actually getting 150Gb and 2000 minutes for 5€. No roaming though. But the EU will regulate that some day, like they did with bank wire fees.
> (1) Service providers are not responsible for third-party information that they transmit in a communication network or to which they provide access for use, provided that they
> 1. do not initiate the transmission,
> 2. do not select the addressee of the transmitted information and
> 3. have not selected or modified the information submitted.
However, we all know that the law doesn't matter if the state doesn't like you. You have to follow the law; they don't.
This did apply, otherwise they would have been immediately liable. They only faced liability for not complying with an injunction. The relevant law is §7 paragraph 3 and 4.
Honest question as an American who speaks English as a first language and is studying German as a second:
Section 8 paragraph 1 seems to clearly not require a service provider to block access in order to prevent copyright infringement if they meet its requirements. I understand that section 7 paragraph 3 leaves in place blocking remedies specified elsewhere in other laws. However, for the specific case of copyright infringement, this is clearly the narrowest most specific rule for blocking due to copyright infringement, and at least in American law that generally means it is the one that takes precedence for the infringement blocking case.
Also I read Section 7 paragraph 4 to just mean that public WiFi hotspots can be mandated to block infringing content if no other means is available.
Am I reading this wrong? I’m struggling because I’m not sure if my understanding of the German language or German law is wrong here.
Are terms and conditions that specifically stipulate what local laws and courts preside over any legal actions useless?
Cloudflare's terms of use call out that it is governed by the laws of California and any litigation wipp be tried there [1]. How did Germany get to enforce their laws and courts on Cloudflare?
ToS are a contracted. You can specify a legal venue as part of a contract (though that’s not always enforceable, especially in B2C relationships).
However in this case, Universal sued them without being a customer (or, if they are a customer, in a matter unrelated to their customer/vendor relationship). You can’t pick the venue where people/organizations that don’t have a contract with you sue you.
Of course, the other question is then how to enforce the court order. Since Cloudflare has a German subsidiary, that won’t be a problem.
Note also that the effect of this ruling is limited to the territory of Germany. Cloudflare doesn’t have to block this website anywhere else.
As much as we may like/hate the entities involved in this dispute, net neutrality is a serious topic and we shouldn't be encouraging actions like this.
Germany didn't sign the contract, and it hosts the court.
Universal Music didn't sign the contract, and it went to Germany's court.
In the US, the contract terms would normally bind the _parties to the contract._ Contracts are sometimes called "private law," as opposed to "public law." But in some circumstances and places, the government just declares the contract or provision legally void. Then, even the parties to the contract can't rely on it.
>Are terms and conditions that specifically stipulate what local laws and courts preside over any legal actions useless?
When they go against the law, yeah. You don't think it seems absurd for Cloudflare to do business worldwide but then insist it can only be reached in courts in California? That Cloudflare can just disavow compliance with German law because it says it likes California law?
It doesn't matter waht the terms and conditions are. This is German courts deciding what Cloudflare's legal liabilities are within Germany if they want to operate within Germany.
Cloudflare either complies or is blocked within Germany. That happens Cloudflare loses lots of customers.
Easily thousands within a day of being blocked. Lots of companies use Cloudlfare and do business in Germany and can't afford to be blocked as it would literally cost them money to be blocked.
Doesn't matter for German courts to tell ISPs to block their IPs. German courts get to decide what is and is not allowed within their country and if they decide your service is illegal and block it, there isn't much you can do but try and go to the EU courts to have it overturned but that is very unlikely. But while you go through the process with the EU courts you're still blocked.
I do believe that Germany blocking CF endpoints would knock Germany even further back into the stone age, and would hurt Germany a lot more than it would hurt CF.
A large amount of companies would drop CF like a brick. Nearly every company operating in Germany that uses CF would drop it, very few would be willing to say goodbye to money to keep CF. Any CTO affected who wouldn't drop them should be fired. A vendor should not be removing your ability to operate in markets.
It would seriously hit CF's stock price as it would be a massive sign that there is a massive risk of other countries blocking it. And some competitor would pick up all the customers fleeing. CF is not the only game in town, switching to a competitor or just dropping it completely is often rather easy.
Any CEO running CF or similar company willing to call the bluff of a country on something like this should be booted by the board. It would have a massive effect on CF long term while it would have a reasonably short term effect to Germany and German consumers. For example, every sale call would have people asking if their primary markets are at the risk of being blocked. That's a major objection to add.
Make no mistake, being blocked in the 4th largest economy in the world is extremely bad for any company.
They currently have job listings for 12 roles in Munich, Germany which suggests that have an office there.
They also have job listings for 6 remote roles in Germany, so even if they had no offices there that suggests they have employees there which would probably open them up to some German law.
Sue the government for blocking a company that doesn't obey its laws? Sure you could take them to the EU court, but during that time you're still going to be blocked. And you would almost certainly lose there too since governments are allowed to set their own laws as long as they comply with EU laws.
>According to the ruling, DDL-Music has no other purpose than to share pirated music and Cloudflare plays a central role in making the site available.
And if they switch DNS providers what will they do ? +File a lawsuit for each DNS provider? Makes no sense to "sanction" the DNS provider because of the website content.
Also one other thing that plays a "centrol role" in making pirate websites available are electricity companies which provide power for servers. Shouldn't they sue those too ?
>In addition to stopping its services to DDL-Music as a customer, Universal also wanted Cloudflare to block the site on its public DNS resolver 1.1.1.1.
> Es liegt nahe, diesen Pflichtenkatalog – entsprechend der Argumentation des BGH bei den Hostprovidern (Onlineplattformen You-Tube und uploaded) auf die täterschaftliche Haftung der Zugangsprovider zu übertragen.
> It makes sense to transfer this catalog of obligations - in accordance with the BGH's argumentation - to the host providers (online platforms You-Tube and uploaded) to the criminal liability of the access providers.
I'll admit to not being very competent in German law, but before just jumping to the conclusion that they can re-use existing national liability law, they mention that they were not bound by national but by EU law and that this particular liability "access provider liability" is not established or outlined at the EU level. Obviously that is grounds for appeal.
A CDN more easily plays the analogue of the postal service distribution centers for the classic copyright infringement of burned CDs being resold illegally. They are practically equivalent to ISPs in this regard. Hardly a central role for the infringement. Contrast with YouTube, which would look more like a third party facility burning the CDs for the criminal enterprise: certainly central, it makes sense they ought to assess whether the customer owns the copyright. Not all of CloudFlare's customers will have any need of such an assessment, so it isn't central to their business.
Obviously laws can distinguish analogues, so the analogy is mostly meaningless. But I think CloudFlare is solidly in the carrier class and shouldn't have liability. I do hope they appeal and win.
"must stop facilitating access to the (defunct) pirate music site DDL-Music. Failing to do so makes the company liable."
IANAL - If a distribution center distributes books, was told these books are illegal to distribute, and keeps distributing them, it's liable. With storing books and satisfing book requests it's not a carrier, DHL is a carrier.
If Amazon sells drugs for me by FBA, is told these are drugs and keeps selling my drugs while I'm in prison, it's liable (I could send out my books of my own publishing company on my own, but I use Amazon FBA for distribution and scaling, just like people use Cloudflare)
The opposite would not make any sense, as I could just make my friend distribute my illegal stuff "for me", and they are just "a carrier".
Most interesting is the assertion by the german court (see the linked tarnkappe notice, in german though) that Cloudflare is anonymizing the users of their CDN/Proxying Service which makes prosecution harder.
I'm suprised by that because Cloudflare must know the real IPs to forward traffic to for their services to work and I have not read anything that implies that Cloudflare might not have produced that data following a court order of any kind.
I have however seen private trackers and other pirate site use cloudflares services. I am kinda suprised by that since I must assume that pirate site operates would be aware that cloudflare is not actually providing any court proof anonymization or is promising anything like a non-logging/zero knowledge/Anonymization layer like tor or ipfs.
You can use something called cloudflared to establish one or more tunnels into Cloudflare; Cloudflare will access the origin servers via these tunnels.
I've never used cloudflared and don't know whether you could 0wn a few DSL users and run cloudflared on their hardware, avoid having an origin server on your own IP address.
Hosting the sites on Pwned Hardware and IPs seems like a reasonable precaution (though doubtful that is what is actually done these days since at least sites like 1337x.to or thepiratebay.org seem to have uptimes and speeds that would make such a setup at least unlikely to be practical for their usecases. I suspect they are using servers in non-compliant states and use cloudflare as a global CDN where possible.
Still doesn't quite make sense to me but the court being completely retarded in that regard wouldn't suprise me when it comes to german courts and internet law. Though it seems that this cologne court has at least understood the issue, especially compared to the clowshow thats the OLG Hamburg.
FYI: The Pirate Bay is fully legal in Sweden, where it is hosted. Although it's frequently had to change internet providers and physical locations at the discretion of those providers, and its creators went to jail for 1 year due to a corrupt justice system (e.g. judges having links to copyright companies), it was never proven that any crime was actually committed by them.
That does not work for the pirate site operator though. In order for Cloudflare to cache and proxy any request the endpoint must be known beforehand and must be at least constant enough for any new request to be forwarded to that endpoint in some capacity. It might be true for users that they chose not to log that information but it cannot be true for any site they provide CDN/Proxy services to.
I think Cloudflare didn't help their case when they started blocking websites based on their content (I think it started with a neo-Nazi journal).
Many people predicted (rightfully it seems) that it will haunt them back when copyright holders will hold Cloudflare responsible for piracy. Banning such sites mean they are no more content neutral. If Cloudflare cares that their users follow whatever rules are against neo-Nazi content, they should also care that they follow copyright law, at least from the point of view of copyright holders.
I disagree both for German courts and US courts. This makes the assumption that the German courts care about Cloudflare’s previous actions in another country related to removing what’s perceived as offensive content. I don’t see why they would care about this.
Next, if you’re talking about US law, that doesn’t hold up either. The US doesn’t have to take into account previous activity regarding neutrality. I’m assuming the reasoning here lies in Section 230. Providers can still be held liable for the content that passes through their systems, especially if they don’t reasonably regulate what is done on their network. The $1bn verdict (that was upheld!) against Cox for piracy by their customers is something to consider.
Upon learning what your customer is doing, one can choose to stop doing business with them. Whether it should be a requirement of a B2B enterprise with a liability component is easily separable from that.
Any sufficiently large corporation providing services to criminal organizations is an attractive target for a certain type of lawsuit. Maybe the plaintiffs honestly felt wronged and wanted the courts to make them right, but based on the history of these types of suits I feel it is simply weaponization of the legal system which ultimately undermines public opinion that our laws (ought to or do) serve justice. The cynical view that laws are wholly divorced from justice, while perhaps a realist view, is not beneficial to a free and democratic society.
>I think Cloudflare didn't help their case when they started blocking websites based on their content (I think it started with a neo-Nazi journal).
Was this cited by the court in making its determination? I'd imagine not. In fact, I imagine this has nothing to do with Cloudflare's liability at all.
The neverending story of Germans fighting with the internet, led by copyright predators. In case you want to contribute to the good side, stay away from UG and GmbH service providers, and those with headquarters in Germany. Don't try to trivialize or underestimate their malicious attempts.
I wonder how a court in Germany can force a DNS provider that does NOT operate in Germany, but operates in e.g. China, Australia, Seychelles, Spain, USA, etc. to comply to the "block DDL-Music" (or any other website).
Perhaps Google via 8.8.8.8 and Clouflare via 1.1.1.1 are used by many, but definitely not ALL internet users.
Their longterm plan is to establish DNS liability and force the market leaders to implement blocking. Then, argue in court that DNS providers that do not conform to their blocking requests are illegal and must therefore be IP Blocked. First in Germany, then in the whole EU.
When it comes to the Content Mafia: Assume the worst, then go from there.
If only Cloudflare wouldn't treat end users the way the copyright industry treats Cloudflare. We have de-facto IP address liability for Tor and VPNs - Cloudflare likes to block them, even if you are logged into a website with an account with a good reputation.
And you cannot have any type of internet connection without linking it to your passport and home address.
No other industry gets all these benefits - only the copyright industry. I wouldn't be surprised to learn there is some deep corruption there.