Obsolete CMS does not lead to fault liability
The issue of disruptive liability often makes lawyers frighten enough, because it is a very German legal construct that has been extremely unpredictable for a long time. Even if the liability for interference is particularly well-known in the file-sharing sector, the legal figure exists in many variants, e.g. as a disrupter, a disturbance of the state or a co-disrupter, which regulate general regulations in property law as well as administrative law.
In the field of IT law, however, there is now another interesting decision from the Hamburg Regional Court. After that, an injured person did not want to claim the infringer, but the operator/user of the CMS, on whose portal the infringing photos were uploaded. The District Court of Hamburg rejected this request. It decided that an offenderorship of the operator or his responsibility for employees under Paragraph 99 of the UrhG, at least in the context of the summary procedure for the adoption of an injunction, could not be considered with the necessary security if the operator had to that, as a result of changes in the layout, a hacker attack from outside was probable and that only three employees of the operator with administrative rights were authorised to upload content at the time of the offence, which in turn was authorised to affidavits that they did not upload the content in question.
Similarly, the Landgericht ruled that the operation of a CMS which is not up-to-date with the update would not give rise to liability for interference if there was no dispute that third parties had access. As a reason for this, the court used the quite questionable opinion that a hacker attack by third parties could not be ruled out in general, even at a current state of the CMS.
Since I know the Chamber at the District Court of Hamburg from other proceedings, my impression of questionable technical knowledge is reinforced. As much as I support the fact that the legal institution of fault liability is not overstretched to such an extent as is regularly the case in other cases, for example, Wi-Fi liability is so fatal, I think that the message that comes from such a judgment is so fatal. If operators of, for example, WordPress sites etc. no longer threaten legal disadvantages due to the failure to use security patches and the like, the motivation of operators is even lower than is already the case. As a result, criminals are made particularly easy to take over servers, distribute viruses and Trojans, or use the servers for DDOS. Surely it is true that even a fully updated system is not safe, especially not from professionals or users of zero-day gaps. However, the consistent use of security updates makes it harder for script kiddies to take advantage of common vulnerabilities.
With this ruling, the Regional Court of Hamburg has sent out the wrong signal without need. It could have simply ruled that, in the case of a CMS that was secured, there was no liability for interference. This is also true, of course, since the judgment is in some way inconsistent with facts in which, for example, a WLAN operator has not infringed copyrights himself, but which in turn require that the most recent and safest encryption technology is used. It remains to be seen whether the applicants will use the appeal of the immediate complaint or leave it at that the portal operators have deleted the photo at issue within a few hours.
