A court in Hamburg, Germany, has granted an injunction against a user of the anonymous and encrypted file-sharing network RetroShare . RetroShare users exchange data through encrypted transfers and the network setup ensures that the true sender of the file is always obfuscated. The court, however, has now ruled that RetroShare users who act as an exit node are liable for the encrypted traffic that’s sent by others.
Anonymous file-sharing is booming. Whether it’s BitTorrent through a VPN, proxy, or other anonymizing services, people are increasingly looking to hide their identities online.
One application that gained interest earlier this year is RetroShare. Despite being actively developed for more than half a decade, its user-base suddenly increased tenfold in just a few months.
The RetroShare network allows people to create a private and encrypted file-sharing network. Users add friends by exchanging PGP certificates with people they trust. All the communication is encrypted using OpenSSL and files that are downloaded from strangers always go through a trusted friend.
In other words, it’s a true Darknet and virtually impossible to monitor by outsiders. At least, that’s the idea.
This week a Hamburg court ruled against a RetroShare user who passed on an encrypted transfer that turned out to be a copyrighted music file. The user in question was not aware of the transfer, and merely passed on the data in a way similar to how TOR works.
The court, however, ruled that the user in question, who was identified by the copyright holder, is responsible for passing on the encrypted song.
The judge ordered an injunction against the RetroShare user, who is now forbidden from transferring the song with a maximum penalty of €250,000 or a six month prison term. Since RetroShare traffic is encrypted this means that the user can no longer use the network without being at risk.
“The defendant is liable for the infringement of troublemakers,” the court explained in its ruling.
The Hamburg court’s decision goes quite far according to some legal experts. IT lawyer Thomas Stadler, for example, writes on his blog that the legal opinion is “quite risky” as it puts all users of RetroShare in danger.
“It ultimately accuses the offender of failing to secure his Internet connection by running RetroShare, and allowing other users of the RetroShare network to transfer copyright-protected works via his computer,” Stadler writes.
While the ruling is obviously a threat to RetroShare users, in part it’s also a human error by the user in question.
RetroShare derives its security from the fact that all transfers go through “trusted friends” who users themselves add. In this case, the defendant added the anti-piracy monitoring company as a friend, which allowed him to be “caught.”
More troubling is the precedent the ruling sets for people who run open wireless networks, as the same issues arise there. According to this ruling Internet subscribers are responsible for the transfers that take place on their networks, making them liable for the copyright infringements of others.