Today, the Federal Court of Justice in Karlsruhe (BGH) has published a press release (BGH 114/2012) concerning its not yet published decision in the lawsuit between Atari Europe, Inc. and the RapidShare AG (Urteil des I. Zivilsenats vom 12.7.2012 – I ZR 18/11).
Atari has been suing RapidShare for providing disk space for distributing illegal copies of its video game “Alone in the Dark”. As with a number of previous lawsuits, the BGH has pointed out that there is no general obligation for RapidShare to unconditionally filter files uploaded by its users for potentially being illegal. However, RapidShare is obligated to do its best to prevent reoccurring of illegal uploads of the same file has it once been notified by the aggrieved person. This findings are in line with other recent decisions (eg LG Hamburg, Az. 310 O 461/10 GEMA vs YouTube). The court also acknowledged that RapidShare does no indexing of the uploaded files and doesn’t allow browsing or searching them. However, it generally deemed it feasible for RapidShare to regularly check “a limited number of [third party] hyperlink collections for specific contents” (translated by myself), presumably meaning that the RapidShare employees should type “rapidshare download alone in the dark” in some popular search engines and see if it lists any links to their service and, if so, investigate those.
The BGH digresses from the aforementioned YouTube decision of the LG Hamburg in explicitly mentioning that RapidShare had not used a “word filter for the consecutive words ‘alone in the dark’ to scan the file names” (translated by myself). The LG Hamburg had only suggested YouTube may compare the MD5-sum to find duplicates of illegal uploads.
The difference between these two filters is significant. MD5 is a so-called secure hash function that attempts to map an arbitrary sequence of bytes to a string of 128 bit (16 characters) size, called digest or hash. The design goal of any secure hash function is to make it as difficult as possible to find two distinct files that map to identical hashes. This makes MD5 a convenient way to check data integrity. For example, suppose that Alice sends Bob a big file. She might be concerned that during transmission the file got damaged and Bob received something different from what she has sent. She might therefore compute the MD5 hash of the file and send it to Bob too. Bob can now compute the hash of the file he has just received and compare it to the hash Alice told him. If they match, Alice and Bob can be pretty sure that the file was transmitted correctly and Bob will be safe using it. Similarly, if a copyright holder tells YouTube that a video with a certain MD5 hash is illegal, YouTube can delete all videos with identical hashes and be pretty sure that it won’t delete legitimate videos too. On the other hand, an uploader can easily circumvent this restriction by making minor edits to the file, for example by adding some text at the beginning of the video. Filtering for file names is quite the contrary. It is arbitrarily likely that a file with a suspicious file name exists that is not a duplicate of the reported illegal file. The judges at the LG Hamburg have clearly valued the danger of accidentally deleting legitimate files (false positives) more than the danger of not deleting an illegal file (false negatives). I’m not so certain how the BGH sees this in the current suit.
As a demonstration how silly word filtering is, I have created an Account on RapidShare and uploaded a copy of this text and named it
what now?”. On a UNIX shell, do
gpg --decrypt rapidshare_illegal_copies_of_alone_in_the_dark.gpg
to get the decrypted HTML document, entering the password when prompted for it. RapidShare can’t feasibly tell whether this file is illegal because they would have to search all through the web until they finally find this blog post with the password. If somebody can tell me the file size of an ISO image of “Alone in the Dark” I will construct and upload a file that matches it as close as possible to also make decisions based on the file size impossible.
I will closely watch both, the status of my file and the further turns in this lawsuit. I’d be thankful to anybody who downloads and spreads my file and ask you not to buy video games from Atari.—They should be lost in the dark!