Swedish Man Fined For Posting Links To Online Video Feeds

hcs_$reboot writes with a snippet from TechDirt (citing TorrentFreak): "Over in Sweden, it appears that a guy has been fined for linking to an online broadcast of a hockey game. We've heard stories of people getting in trouble merely for linking to unauthorized content, but this story is even more ridiculous. The guy wasn't linking to unauthorized content. He was linking to an online video feed from the official broadcaster, Canal Plus. The issue was that Canal Plus was apparently technically incompetent in how they set up the feeds, and never intended to make the feeds public."

Re:What constitutes unauthorized access?

[Aeternitas827]

If it's unprotected, as seems to be the case here, then that would be the reasonable assumption.

The provider didn't seem to take steps to ensure that their streams couldn't be gotten at by unpaid subscribers--I'd guess that a party so inclined could probably brute-forced URL attempts if they even had a blink at the structure, and gotten in--and got bitten a little bit. Honestly, more their fault, than his.

This begs a second question...was the party who brought suit merely someone who had license to broadcast, or the rights holder for the broadcast? If the former, then I would think this just a farce, because the rights-holder could come around on the license-holder for being incompetent...if the latter, then this is a problem of their own creation; if he found a URL, without ever having been made aware of the Terms of Service or whatnot, it's innocent infringment...in my opinion.

Damn it Sweden!

[GF678]

There used to be a time when you'd be able to read a story like this, shake your head, smirk and say/think to yourself: "Only in America".

Now, unfortunately, it's no-longer the case you can make that generalization. The whole world's gone crazy...

Re:Damn it Sweden!

[mikael_j]

As a swede I'm pretty certain I'm not alone in noticing how our politicians and our legal system did a full 180 turn on the TPB issue, at first they actually concluded that it wouldn't be possible to do anything about TPB, then there were a few meetings between members of our government and representatives of the US government as well as the regular lobbyists and all of a sudden TPB was raided...

Not to mention how they've been stretching and bending the law to even make it possible to prosecute the TPB founders, clearly something or someone convinced them that whether or not there was a law broken there had to be convictions.

Re:Damn it Sweden!

You're obviously not aware of Swedish law.

The TPB behaved in the way they did: their actions were LEGAL according to Swedish law.

It's not antisocial to tell bullies to go fuck themselves, despite what you might think.

Re:Damn it Sweden!

It seems to me that treating people who are quite obviously operating within the law as criminal and issuing legal threats at them without any grounds or jurisdiction is pretty damn disrespectful.

TPB was WELL within their rights to give back what they were getting in the form of disrespect from those that were THREATENING them without any grounds to do so..

Re:Damn it Sweden!

[HonIsCool]

Yeah...Big win. The US of A says "Jump!", Sweden asks "How high?". Big win, big win...

Re:Damn it Sweden!

[Pharmboy]

There used to be a time when you'd be able to read a story like this, shake your head, smirk and say/think to yourself: "Only in America".

Stupid laws are one of our biggest exports here in the States. When it comes to generating laws that protect corporations at the expense of consumers, the US is the world leader.

Re:Damn it Sweden!

[LongearedBat]

I guess the whole Pirate Bay issue introduced them to the wonderful world of corporate bribery.

I like many aspects of US culture, but I do wish the US would stop spreading all aspects of its culture to the rest of the world.
(That's meant as a joke, not flamebait. Well, perhaps it's not entirely a joke...)

Re:What constitutes unauthorized access?

[silanea]

[...] For example, if you can only get to something by IP Address, it can be implied that it is not "intended" to be public as it was not added to a public facing DNS Server. [...]

Sorry, I have to disagree. If something does not tell me "Not for you!" or require authentication, it is open to the public. Whether that is by intent or accident is the provider's problem. Your example is even more problematic: Every machine (directly) on the internet has a publicly reachable IP address simply by virtue of being on the fucking Internet. Whether it also is reachable via a DNS entry - or even only offers certain content under specific domains - is entirely arbitrary (as far as the visitor is concerned). In essence you suggest that people ought to only use the internet through an "authorised" channel, the DNS. Sorry, that is neither realistic nor particularly desirable.

Bad legal arguments

[moderators_are_w*nke]

The only way the court could reach such a poor decision would be through bad legal arguments and a lack of understanding of how the world wide web works. Hopefully he'll get a better lawyer who can explain the culture of link sharing on the internet, how the system relies on it (pagerank etc) and how every other content provider as a matter of course will put a paywall in front of a link so that when he shares it with his friends its more revenue for them. Something about chilling effects would probably not go a miss either.

IANAL and I wasn't at this case but I guess it the arguments must have presented it as stealing from an unattended shop or something along those lines, which is why the decision would have gone the way it went.

Re:What constitutes unauthorized access?

[Dunbal]

"invitation of theft" and is a crime in itself.

      That's kind of stupid. What is the difference then between "invitation of theft" which you say is a crime, and "invitation of rape" if a young girl wears provocative clothing while drunk in a bar?

      Leaving your car running and unattended does not justify someone stealing it, and any legislation to that effect is seriously fucked up.

Re:What constitutes unauthorized access?

[dnaumov]

If it's unprotected, as seems to be the case here, then that would be the reasonable assumption.

To play devil's advocate: the fact that I didn't lock my front door is not a reasonable assumption that I am inviting you to enter my apartment.

Re:What constitutes unauthorized access?

[JustOK]

no, but it's a reason why your insurance claim won't be paid.

Re:What constitutes unauthorized access?

[PRMan]

A commenter in the original article has it right.

It's like a paid swimming pool having a back door that's completely open where you could walk in and have a free swim.

The guy who is being sued in this case is not the guy who had a free swim, but the guy who said, "Hey, the back door is open at that swimming pool."

Re:What constitutes unauthorized access?

[kainosnous]

I miss the day when computers were for people who could think. I fondly remember that very brief period where businesses hadn't learned how to exploit the web. For the most part, it was a novelty to them and the left it to the nerds. Sure, at that point the web was a lot of top 10 lists and novelty polls, and most pages had a guest book to sign and a view counter, but that's how we liked it. I'm sure it's all through rose colored glasses, but at least I don't believe we had lawsuits like this.

Re:What constitutes unauthorized access?

[Klinky]

Client/Server works this way. Client requests data, server can grant or not grant access to said data. It's like having a stranger coming up to you and nicely asking(without malice or threats) if you'd like to give them something(money, cellphone, newspaper, the time, etc..) you can say "yes or no". The server granted these people access without them breaking the law. The server could almost be viewed as an extension of the company or under license from the company to make these decisions to stream or not stream. If they had a password on the stream and people cracked it or multiple people were sharing an account authorized for only one stream, then yes that would be against the rules. If it is a public stream going out to anyone who asks, it's pretty much fair game.

BUT, if you leave your garden hose

[SmallFurryCreature]

BUT if you leave your garden hose running and pooring out into the street, you can't expect the police to arrest the walker by who lets his dog drink from it.

This guy did NOT break in or walk in to your house.

If you have the windows open, then you can't expect people walking by not to look in.

Re:If it is on the internet it is public

[Xugumad]

# zgrep -i phpmyadmin access_log-20101101.bz2
62.8.65.3 - - [24/Aug/2010:09:47:41 +0100] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:43 +0100] "GET //PHPMYADMIN/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:44 +0100] "GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:45 +0100] "GET //phpmyadmin2/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:45 +0100] "GET //phpMyAdmin2/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:48 +0100] "GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:48 +0100] "GET //phpmyadmin2/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:49 +0100] "GET //phpMyAdmin2/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:49 +0100] "GET //phpMyAdmin-2/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:57 +0100] "GET //phpMyAdmins/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:58 +0100] "GET //phpMyAdmin2/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:58 +0100] "GET //phpMyAdmin-2.2.3/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:59 +0100] "GET //phpMyAdmin-2.2.6/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:59 +0100] "GET //phpMyAdmin-2.5.1/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:47:59 +0100] "GET //phpMyAdmin-2.5.4/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:48:00 +0100] "GET //PHPMYADMIN/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:48:05 +0100] "GET //phpMyAdmin-2.2.3/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:48:06 +0100] "GET //phpMyAdmin-2.2.6/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:48:06 +0100] "GET //phpMyAdmin-2.5.1/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:48:06 +0100] "GET //phpMyAdmin-2.5.4/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:09:48:07 +0100] "GET //phpMyAdmin-2.5.5-pl1/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 1063 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.8.65.3 - - [24/Aug/2010:0

Not a good analogy

If your front door is wide open, you might not get insurance money, but legally speaking anbody entering that door is "breaking" the law if they did not get explicitely your consent (anybody) or implicitely (EM worker, fireman, plice etc...).

Re:What constitutes unauthorized access?

[WrongSizeGlass]

If it's unprotected, as seems to be the case here, then that would be the reasonable assumption.

To play devil's advocate: the fact that I didn't lock my front door is not a reasonable assumption that I am inviting you to enter my apartment.

If you left your curtains open and someone saw a video playing on your TV, should he be fined for letting his friends know they could see it through your window?

Re:What constitutes unauthorized access?

And that, while true, is irrelevant to the case at hand: after all, nothing was stolen or otherwise removed. (Copyright infringement isn't theft, remember?)

The question is whether the lack of effective access controls is in itself enough to derive a presumption of intent on the part of the plaintiff to invite access from the general public. And the "unlocked door" analogy shows, quite convincingly, that the answer is "no".

Re:What constitutes unauthorized access?

[dogmatixpsych]

And that's why the example dnaumov posted about leaving your house door unlocked is wrong. This is like you said. It's like this example: the door was unlocked but this man asked if he could enter and someone with power of attorney for the owner said "Yes." Then he asked, "Hey, can I let other people in too?" The response again was, "Yes." You hit the nail on the head, the client does ask for permission. If the owner wants things private, they need to make sure the response to entering is "No". That's their problem to solve.

Re:What constitutes unauthorized access?

[dnahelicase]

No.

If they linked it from their front page, and said "View the game here", that's implicitly authorising access. If it was hidden behind a badly done pay wall, I think it fairly clearly implies you should be paying first, even if the technical side is a debacle.

Leaving something unprotected is no more implying access than leaving your front door open. It's bloody stupid, but that's another matter entirely...

It's not really another matter entirely, but one of crucial importance to the case. Did the guy that posted the link pay for access to it? What was he allowed to do with that information? Did they explicitly state in their terms somewhere that he can't post the link, which is open to the internet, once he paid to get access to it? There has to be some rational burden put on the content owners to protect their content from unauthorized access.

This guy didn't subvert the system by "hacking" or "stealing". All this guy did was violate some executives idea of "security through obscurity". I can't post things online that I own and then sue you if you find them without my consent. I can protect them and then sue if you subvert that system.

Re:What constitutes unauthorized access?

[phyrexianshaw.ca]

there is no "locked door" version of this. that doesn't apply as:
1) the door isint there in the first place, you are allowing people to come to your site freely, if anything it would be allowing people onto your walkway so they could come ring your doorbell, but can freely look around your yard as they approach. 2) even if the person were to stand in your front yard and videotape an earthworm coming out of the ground: you can only ask him to leave. they committed NO crime.

Re:What constitutes unauthorized access?

[hedwards]

Yes it does. Only an idiot would assume that because he used beg and question in the same clause that it's begging the question. It's been established that somebody has filed suit, consequently the fallacy that is begging the question doesn't apply.

Re:If it is on the internet it is public

If any of those had found an unprotected copy of PhpMyAdmin running on the server, should it be considered legal for them to start meddling with the server? I'd argue no, it's fairly clear you shouldn't be meddling with this unless you've been told you can.

Illegal how? Unauthorized access? By not putting any restrictions you have granted access to everyone. If you are worried about modification or destructrion of data (what I assume you mean by'meddling'), then sure, but that's irrespective of the legality of accesing the page. I believe having a web server accept a request of a broswer *is* the equivalent of telling someone it's okay to access the page.

Re:What constitutes unauthorized access?

It's like this. A web server is like an (android) shopkeeper at your door. People can ask it for all kinds of things, and the keepr will give it to them or not. It can answer things like:

"404, sorry, I don't have that sir"

"403, sorry, that's not for sale"

"30X, try the store down the road!"

or even

"200 OK, here you go sir!"

If I ask the shopkeeper to give me something, and the shopkeeper says "200 OK, here you go" and actually gives me that thing, how the heck am I supposed to know any better?

Re:I hope there's a sign on your front door

[hairyfeet]

Bad analogy is bad because the server invited them in. A better analogy would be you standing on a corner with a table covered in cookies. No sign with a price, just a table of cookies. Someone walking by asks "Can I have a cookie?" and you say "Sure, here you go" and he walks down the street and tells his friends "Hey, that dude gave me a cookie!" and they ask for a cookie and get the same treatment as the first guy from you.

Now is there ANY court that is gonna allow you to bust the first guy when you did NOT 1.-tell him he couldn't have a cookie. 2.-Tell him not to tell anyone you gave him a cookie. 3.-treat those coming afterward as any different and gave them cookies too? Of course not. There is a reason why we have passwords and server/client security models people, because it is not the job of the guy walking down the street to figure out you want money for the cookie it is up to you to set the price and restrict the giving away of cookies. So I'd say the ONLY person that should have gotten in trouble is the dumbass who "designed" their site and he should have gotten a good firing. What's next, we gonna allow websites to sue anyone who accesses them unless they hunt down a TOS and see if they qualify to access it?

Re:What constitutes unauthorized access?

[jhigh]

Actually, your analogy is a pretty good one, but let's use a real-world example. If you walk around in front of your window naked with the blinds and curtains open, I can't get in trouble for looking in. That's basically what happened here.

sweden

[theolein]

Ah, Sweden, that bastion of freedom that has the US's dick so far up its collective ass that they trump up a charge on Julian Assange to make him become a fugitive while discrediting him (regardless of Assange's reportedly crappy personality), where the media is now tripping over its collective feet to be even more draconian than the US with regard to IP laws. It's a shame, used to be a nice country before it became a little banana republic police state that will do anything the US tells it to.