Guy Reveals Airtel Secretly Inserting JavaScript, Gets Threatened With Jail For Criminal Copyright Infringement

from the copyright-law-at-work dept

Last week, an Indian blogger, Thejesh GN, discovered that mobile operator Airtel was injecting javascript into subscribers’ browsing sessions, which is both incredibly sketchy and a huge security concern (not to mention raising net neutrality issues on the side). He posted the proof to GitHub and tweeted about it:

He posted the evidence showing that javascript was being quietly inserted, and that it apparently tried to insert some sort of toolbar:

That’s all super sketchy. But that’s just the very beginning of this story. Because days later, Thejesh received the most ridiculous legal threat letter, coming from a lawyer named Ameet Mehta from the law firm Solicis Lex. It claims to be representing an Israeli company, Flash Network, which is apparently responsible for the code injection software… and it claims that by merely revealing to the public that Airtel was doing these injections, he had engaged in criminal copyright infringement under the Information Technology Act, 2000.
If that sounds familiar, that’s because we wrote about that ridiculous law last year, noting that it would technically allow people to be put in jail for merely thinking about infringing someone’s copyright.

And the Solicis Lex lawyers, to show they’re not messing around, cc’d the police on the letter they sent:

The crux of the “copyright” claim seems fairly ridiculous:

The said code is closed source software and our client is sole proprietor of the same. Therefore, no one can use the said code without obtaining license from our client against payment of fees and/or royalties and on commercial and legal terms acceptable to our client. Your aforementioned actions constitute a blatant violation of our client’s copyrights and other proprietary rights in the said code.

Remember: all Thejesh GN did was show the code that Airtel inserted into his browser. If Flash Network thinks that showing the code that it dumps into each of your browsing sessions is criminal copyright infringement, just about anyone who does a “view source” could be guilty. That’s a plainly ridiculous reading of the law.

On top of that, the lawyers sent a DMCA notice to GitHub, which caved in and took it down:

This is despite GitHub’s recent promise not to take things down without first alerting the users in question.

Absolutely everything about this is insane and bad. The initial injections by Airtel/Flash are bad and dangerous. Both companies should be called out for such javascript injections. But, Flash’s response to not only threaten a completely bogus copyright takedown/cease and desist claim, but also to allege criminal violations that could lead to jail time just adds an insane layer on top of all that. Even arguing that merely posting screenshots of the injected code is civil copyright infringement is crazy. And then issuing a DMCA takedown to GitHub (not to mention GitHub agreeing to take the screenshots down…). All of it is ridiculous and a clear abuse of copyright law to silence someone who revealed Airtel and Flash Network were up to questionable activities.

For those who argue that copyright is never used for censorship: explain this story.

Of course, it all seems to be backfiring in a big way. Flash may have wanted to hide what they were up to, but now it’s getting much, much, much more attention. Maybe, next time, rather than threatening whistleblowers of your bad practices with claims of criminal copyright infringement, Flash and Airtel will think more about their own crappy business practices that put users at risk.

Filed Under: , , , , , , , , , ,
Companies: airtel, flash network, github, solicis lex

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Guy Reveals Airtel Secretly Inserting JavaScript, Gets Threatened With Jail For Criminal Copyright Infringement”

Subscribe: RSS Leave a comment
81 Comments
Mason Wheeler (profile) says:

Re: Re: Re: Abolish Copyright

A “really great article” that gets the history badly wrong, twisting it to fit QuestionCopyright’s agenda. They try, against all historical fact, to present the Statute of Anne as a way of extending the Stationers’ censorship scheme by using innuendo to tie it in to the Stationers’ previous (failed) attempts to restore their censorship system that had previously been rejected, but in real fact no such tie to the law that did get passed exits.

The Statute of Anne was created to fix the chaos of the power vacuum that resulted from the dissolution of the Stationers’ system. When the article states that “Authors by themselves might have no inherent desire to control copying, but publishers do,” they’re throwing history out the window. Back before the Internet, when publishing was synonymous with the printing press, which required not only a press (an expensive piece of high technology) but also a good deal of (also expensive) skilled labor to typeset and print the book, publishing one’s work was well beyond the means of most authors. But once the Stationers’ authority, which regulated the publishing system, was dissolved, publishers found themselves able to publish and sell whatever they wanted to–they were the ones who had the technology and the technical expertise to use it–without the authors having any say in it. Frequently something would get published without the author’s permission and also without paying any royalties to the author, simply because they could.

The Statute of Anne was created explicitly to put an end to the publishers’ practice of leveraging their power and expensive technology to abuse authors, by giving the authors a legal right of control over the publishers’ use of their works. It was fundamentally a good thing.

The DMCA, by contrast, was created explicitly to enable publishers to leverage their power and expensive technology to abuse everyone through DRM and the DMCA takedown system. It is an abomination that flies in the face of not only proper copyright, but of our most sacred legal traditions, such as the presumption of inncence, and it needs to be done away with.

Anonymous Coward says:

Re: Re: Re:2 Abolish Copyright

The Statute of Anne was created explicitly to put an end to the publishers’ practice of leveraging their power and expensive technology to abuse authors,

Look at the attempts that the publishers made to get copyright before coming up with the idea of assigning it to authors to get copyright accepted. Copyright has always bee about industrial regulation in industries that used batch processes to produce copies, and where one or both publishers would be left with unsold copies if two or more tried to sell the same title in the same market.
Also note that for about the first 300 years of printing, authors did not have copyrights, but could control whether or not to have a manuscript published. So long as the publisher was guaranteed a monopoly, manuscripts telling tales that would appeal to a lot of people were valuable commodities, giving them something to print, and the purchased them from authors.

Anonymous Coward says:

Re: Re: Re:2 Abolish Copyright

“Back before the Internet, when publishing was synonymous with the printing press…”

You seem to be making the mistake of believing that publishing began with the printing press or was only possible with one. This is far from the truth. Publishing and manual copying have going on for probably as long as there has been written language. Yet, before the advent of the printing press, large scale publishing was an expensive process, thus limiting it to the wealthy. The wealthy were, generally, also the ruling class. Thus the ruling class could control, or censor, what was published on larger scales and dictate “the truth”. And there were no copyright laws to “protect the poor, starving writers”. The idea that people could not make their own copies of other people’s words would have been deemed ridiculous, for the copyright kool-aid had yet to be invented.

Then came the printing press, enabling large scale publishing for the less wealthy. Now the ruling class had a problem with their natural monopoly on large scale publishing evaporating, which threatened their power to dictate their own version of the truth. So, with the loss of their natural monopoly they created a legal one of their own making, calling it copyright. Being politically astute and to distract the commoners from their true motives, they also began cynically positioning it as being about “protecting the creators”. Something they had never been worried about before. Thus was created the copyright kool-aid.

Copyright is a very recent idea in human history. And it was originated to enable censorship.

Mason Wheeler (profile) says:

Re: Re: Re:3 Abolish Copyright

It’s not a mistake. Publishing did begin with the printing press, because the printing press created a wholly new concept: mass copying. Before the advent of the printing press, large-scale copying of works of non-trivial size wasn’t “an expensive process thus limited to the wealthy”; it simply did not exist. Small-scale copying was an expensive process limited to the wealthy.

To give an example of the scope involved, Gutenberg produced over 200 Bibles over the course of about 5 years. Before the printing press, it could take a team of scribes months or even years to copy a single Bible. He managed to reduce the work of centuries into half a decade, and eliminate transcription errors in the process!

No, the printing press was something truly new and attempting to compare it to earlier methods of copying the written word, either qualitatively or quantitatively, is fallacious.

Anonymous Coward says:

Re: Re: Re:4 Abolish Copyright

“Publishing did begin with the printing press…”

Umm, no. Your twisting of history is astounding. To publish means to make generally known or to disseminate to the public. It does not even have to be in a large number of copies. Plenty of works were published before the invention of the printing press.

“large-scale copying of works of non-trivial size wasn’t an expensive process thus limited to the wealthy; it simply did not exist.”

By the standards of the time, it most certainly did. Scale is relative.

“Before the printing press, it could take a team of scribes months or even years to copy a single Bible.”

That’s what made it so expensive that only the wealthy could afford to finance it.

“No, the printing press was something truly new…”

Nice straw man there. No one said it wasn’t.

“… attempting to compare it to earlier methods of copying the written word, either qualitatively or quantitatively, is fallacious.”

Trying to pretend that nothing was published before the invention of the printing press is truly fallacious.

Anonymous Coward says:

Re: Re: Re:4 Abolish Copyright

To give an example of the scope involved, Gutenberg produced over 200 Bibles over the course of about 5 years.

It took Gutenberg about 5 years to set and print his first issue of the bible, with printing a printer prints the desired number of the copies on each side of a sheet, which folds to form a section, before moving onto the next side. It is unlikely that he had the whole Bible set in type at the same time. Also, a lot of that time was debugging the printing process he had invented.

Before the printing press, it could take a team of scribes months or even years to copy a single Bible.

Copying words, eve keeping to a formal book-hand, does not take that long for a work the size of the Bible. What did consume time was making it beautiful by adding the illuminations. The hot bed of copy production prior to the printing press was the universities, as student copied, the reference books that they would need in latter life.

DannyB (profile) says:

Re: Just because criminals can claim "copyright", doesn't make copyright bad.

So then, just because some people use copyright to advance the useful arts and sciences (as per the US constitution) should not ‘taint’ all the other uses of copyright (eg, censorship, bullying, copyright-trolling, false DMCA takedowns sabotaging competing platforms, etc).

Derek Kerton (profile) says:

Re: Just because criminals can claim "copyright", doesn't make copyright bad.

When my pool’s ph level equilibrium is around 7.2, and the water is measured at 2.0 all the time, I will ALWAYS be anti-acid, and in favor more base.

It’s not an extreme position, it’s a desire to resolve a caustic, acidic environment that is corrosive to all components of the system.

PaulT (profile) says:

Re: Just because criminals can claim "copyright", doesn't make copyright bad.

So, you agree that this is an abuse of copyright, and therefore admit that copyright is not an infallible tool that should never be questioned? Great, now maybe instead of constructing fantasy scenarios that allow you to launch impotent attacks no matter what criminal activity you end up defending, you can start to understand what people here are actually talking about.

Finally, some progress! Now, stop trying to obfuscate your identity with random dictionary words, and try to participate in the actual conversation.

Anonymous Coward says:

This capability is why everyone clams up around Stingrays

Stingrays if you recall, act like they are the legitimate cell tower and any code requested to run on a connected phone will do so. Once you have downloaded they extra legal spyware, you no longer have to connect through their Stingray and they get a real-time update of everything your phone does or collects for them.
That is why you thought they were overreacting. They didn’t want you to know they had on demand bug and trace capability for anyone carrying a phone.

Anonymous Coward says:

Re: Re: This capability is why everyone clams up around Stingrays

The DEA at least went out and found their own ready to go software: http://motherboard.vice.com/read/the-dea-has-been-secretly-buying-hacking-tools-from-an-italian-company
But I’m sure the things also come bundled with a basic software inject capability once it is accepted as a trusted source.

DannyB (profile) says:

Addendum

From threat letter:

Your act also amounts to a criminal offence under the Indian Penal Code, 1860 and the Information Technology Act, 2000. This act of you have caused great damage to our client’s business, as well as to its name and reputation, and although such looss cannot be compensated in terms of money, our client will be entitled to claim and recover from you substantial amount by way of compensation/damages.

I was expecting to see an additional paragraph:

We will forego any damage if you will help our wealthy client to move a large sum money out of the country in exchange for half the proceedes. Please to be sending us your bank account informations so we can be depositing the large sum into your account.

QW says:

Re: Copyright infringement

This is a much, much better point than I think many people have realised.

If presenting a line of code in order to technically demonstrate a man in the middle attack in progress is criminal copyright infringement, how hard would a fair legal process throw the book at someone modifying ALL copyrighted material it consumes, without permission, for profit?

Talk about being hoisted by your own petard.

The correct response is to browse to your own site on Airtel, and ask them just what in the living fuck they think they’re doing with your proprietary designs.

DannyB (profile) says:

jail for merely thinking about infringing

If that sounds familiar, that’s because we wrote about that ridiculous law last year, noting that it would technically allow people to be put in jail for merely thinking about infringing someone’s copyright.

I’d like to see them enforce not thinking about infringement.

How would you separate ‘thinking about’ infringing, vs thinking about fair use?

Maybe if you look like you are thinking about infringement, that is probable cause to detain you and obtain a confession.

Oblate (profile) says:

A couple of things on this one...

Firstly, since the code is no longer in the original, ‘pre-injected’ format, could a claim be made that the currently displayed code is transformative and is subject to a fair use claim? Or are they claiming that they have copyright on their code in his web page?

Secondly, are they actually claiming separate copyrights on two lines of unremarkable Javascript code? Surely this can not actually be copyrightable.

Lastly, (ignoring the use of ‘couple’ above)

just about anyone who does a “view source” could be guilty.

or maybe even anyone who merely thinks about doing a “view source”, according to paragraph above…

Mason Wheeler (profile) says:

The said code is closed source software and our client is sole proprietor of the same.

“Closed source” does not mean “proprietary”; it means that the source is not made available.

Yes, there’s a difference. As a programmer I use several proprietary third-party libraries in my work, which I have the source to as part of the licensing for the library. Every company I’ve worked at has had this as a requirement; you don’t want to use a closed-source library where the source code is not available at all, because when bugs arise you want to be able to get inside the code and fix it. The thing is, though, we paid for this proprietary source code and received it under license from the developers, as part of a contractual relationship with explicit obligations on the part of both parties.

Because of the way JavaScript and web browsers work, when a script is put on a webpage, the source is sent to the end-user automatically. There is no contractual relationship, and I’m not a lawyer but I imagine it wouldn’t be difficult to establish the act of placing a script on a public-facing web server as constituting implied consent for the public to copy the code, because that’s the only way it can possibly work.

In other words, these guys don’t have a leg to stand on. There is not and can never be (at least not without radically revamping the entire infrastructure of the World Wide Web) such a thing as closed-source JavaScript that one is not permitted to copy freely.

Rekrul says:

Re: Re:

Because of the way JavaScript and web browsers work, when a script is put on a webpage, the source is sent to the end-user automatically. There is no contractual relationship, and I’m not a lawyer but I imagine it wouldn’t be difficult to establish the act of placing a script on a public-facing web server as constituting implied consent for the public to copy the code, because that’s the only way it can possibly work.

Couldn’t it also be argued that since the JavaScript code had nothing to do with the proper functioning of the web page and was secretly sent to the user’s browser without their knowledge or consent, it was an unauthorized access of their system?

Anonymous Coward says:

Re: Re:

“As a programmer…”

Which, I would like to point out, is somewhat different from being a lawyer.

“Because of the way JavaScript and web browsers work, when a script is put on a webpage, the source is sent to the end-user automatically.”

That applies to just about everything on the web. If you’re trying to argue that once something is put on the web, copyright no longer applies, I think you might find that the courts have a little disagreement with you there.

Joe says:

Re: Re:

Remember: This is India we’re talking about. Sensible IT laws are even rarer than in the USA, UK, and PRC combined. It’s actually quite possible judges and legislators there will side with the blackhat hackers. They’ve been flipping the bird to the Internet at large for over a decade.

I find it ‘curious’ that they involve several countries. That is done for strategic reasons.

Anonymous Coward says:

and where did this sort of behavior start? yep! the good ‘ol US of A! funny how things turn out, isn’t it? the USA spies on everyone and thinks it’s ok. some other country does it, and is condemned by the USA. USA companies do the dirty on customers when those customers discover what the companies are up to, but rather than having some marbles, the companies threaten the customers (or whoever)for what amounts to protecting themselves. this is what has happened in the USA several times and now the rest of the world is doing the same! what a shame some serious breach doesn’t happen and make the companies look so bloody ridiculous, they have to eat their words because sooner or later, when the attitude is like this, people are gonna leave the companies to their own devices and hopefully court cases for infringement of privacy rights!

Joe says:

Re: Re:

Wouldn’t it be funny if antimalware companies got sued alongside virus researchers for copyright infringement? Oh, and ‘network intrusion/DoS’ for disabling said malware on infected computers? Imagine patents on malware. Lawsuits for people making tools to disable it as yes, the patents would obviously cover that, too… Maybe if someone does this, we can dub them the Spam^H^H^H^HHijac-King, hehe.

Rekrul says:

Re: CFAA

Time to put the CFAA to good use. Since he did not license this software, nor did he want the software. They did not have authorization to put on his system. Get a DA that wants to make a name for him/herself. Obviously these companies are bad hacker groups that need to be prosecuted.

Re-read the article a little more closely and I think you’ll see why that would never work. In particular, look closely at the last image. ๐Ÿ˜‰

Anonymous Coward says:

“Therefore, no one can use the said code without obtaining license from our client against payment of fees and/or royalties and on commercial and legal terms acceptable to our client. “

But every browser page they inject their code into is “using the said code”. Where do they ask the browser user to accept/purchase a license before displaying the page?

TKnarr (profile) says:

I’d’ve gotten a lawyer and seen about having him write a letter back including a copy of their letter plus screen and source captures of my Web site and what they presented showing that theirs is a modified version of mine, and asking essentially “Are you really admitting, publicly and in writing, to modifying and distributing a copyrighted work (my web site) for commercial gain without the permission of the copyright holder (me)?”. I’d also send a counternotice to Github citing that I am the copyright holder of the Web page in question and that the code posted was a copy of the code for my page served to me from my server through complainant’s network which I had not granted permission to modify my work and distribute the modified version.

DannyB (profile) says:

Inducement to commit Copyright Infringement

Since

(1) AirTel is modifying someone else’s page in transit to you so that it will load the JavaScript into your browser, and

(2) AirTel’s JavaScript code is copyrighted, and

(3) viewing it is a copyright infringement

Then didn’t AirTel just induce you to commit said copyright infringement?

Shouldn’t AirTel be suing themselves for ‘enabling and facilitating’ copyright infringement?

Isn’t merely linking to infringing content an infringement? Thus AirTel is also guilty of inserting an infringing link into someone else’s web page in transit to your browser — and thus AirTel is doubly guilty of copyright infringement!

Wow, AirTel really sounds like a huge copyright infringer — er, I mean thief — who is stealing their own JavaScript code by making your browser load it! Each thieving download into someone’s browser depletes the supply of originals of that JavaScript, so I can see why AirTel would be upset.

DannyB (profile) says:

Re: Inducement to commit Copyright Infringement

Oh yes, and AirTel is hosting the JavaScript code that they are inducing you to infringe.

Of course, as we have learned, hosting copyright infringing content is perfectly okay. The source of the infringement is never sought out. Rather the real crime is in linking to infringing material, or innocently indexing the web pages that contain the infringing material. Or thinking about infringement (as per the article).

Rekrul says:

I know this isn’t a solution for everyone (since most people today couldn’t do this even with detailed instructions), but you can cripple this by adding the IP addresses to your Hosts file and redirecting them to 0.0.0.0.

A few years ago, I started to see really annoying JavaScript ads on web sites that would fade out the page and replace it with an ad that you couldn’t skip for 5-10 seconds. It was using code from a company called AdBright and they were the first set of IP addresses I ever added to the Hosts file.

Now I use the MVP Hosts file, with a few of my own IPs added in and I never see most of this crap.

Anonymous Coward says:

If someone was actually using the code in their own pages, then that use would be a copyright violation. This, however, is fair use.

The use is transformative – the original purpose is to insert unwanted code into people’s pages; the purpose of the copy is to show what is being done to people’s machines. The nature of the copyrighted work is JavaScript code, which is functional rather than creative. Showing the entire code is necessary to show what the code is doing (and the parts of the code that actually inject this script into people’s pages are not shown.) And the only negative impact on the market for the original is from people’s objections to what they are doing, which is not a valid concern as far as copyright law is concerned. For crying out loud, they’re blasting this code to people who don’t even want it… it’s not like anyone who wanted a copy to use the code without paying for it would have trouble getting it.

And it’s illegal to threaten criminal charges to get a favorable result in a civil matter. You can go to the police, or you can not go to the police. You can’t say you’ll go to the police unless you do what we say (unless it’s something where the action would mean there was never a crime, like covering an accidentally bounced check or something.) That’s called “blackmail” or “extortion”.

Of course, that’s all from US law. Maybe the guy needs to move, quick.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...