Guy Reveals Airtel Secretly Inserting JavaScript, Gets Threatened With Jail For Criminal Copyright Infringement
from the copyright-law-at-work dept
Last week, an Indian blogger, Thejesh GN, discovered that mobile operator Airtel was injecting javascript into subscribers’ browsing sessions, which is both incredibly sketchy and a huge security concern (not to mention raising net neutrality issues on the side). He posted the proof to GitHub and tweeted about it:
And the Solicis Lex lawyers, to show they’re not messing around, cc’d the police on the letter they sent:
The said code is closed source software and our client is sole proprietor of the same. Therefore, no one can use the said code without obtaining license from our client against payment of fees and/or royalties and on commercial and legal terms acceptable to our client. Your aforementioned actions constitute a blatant violation of our client’s copyrights and other proprietary rights in the said code.
Remember: all Thejesh GN did was show the code that Airtel inserted into his browser. If Flash Network thinks that showing the code that it dumps into each of your browsing sessions is criminal copyright infringement, just about anyone who does a “view source” could be guilty. That’s a plainly ridiculous reading of the law.
On top of that, the lawyers sent a DMCA notice to GitHub, which caved in and took it down:
Absolutely everything about this is insane and bad. The initial injections by Airtel/Flash are bad and dangerous. Both companies should be called out for such javascript injections. But, Flash’s response to not only threaten a completely bogus copyright takedown/cease and desist claim, but also to allege criminal violations that could lead to jail time just adds an insane layer on top of all that. Even arguing that merely posting screenshots of the injected code is civil copyright infringement is crazy. And then issuing a DMCA takedown to GitHub (not to mention GitHub agreeing to take the screenshots down…). All of it is ridiculous and a clear abuse of copyright law to silence someone who revealed Airtel and Flash Network were up to questionable activities.
For those who argue that copyright is never used for censorship: explain this story.
Of course, it all seems to be backfiring in a big way. Flash may have wanted to hide what they were up to, but now it’s getting much, much, much more attention. Maybe, next time, rather than threatening whistleblowers of your bad practices with claims of criminal copyright infringement, Flash and Airtel will think more about their own crappy business practices that put users at risk.
Filed Under: cease and decist, copyright, criminal copyright, dmca takedown, free speech, india, injection, israel, javascript, javascript injection, thejesh gn
Companies: airtel, flash network, github, solicis lex
Comments on “Guy Reveals Airtel Secretly Inserting JavaScript, Gets Threatened With Jail For Criminal Copyright Infringement”
Abolish Copyright
Period.
Re: Abolish Copyright
You could just as easily said Abolish Censorship.
Same thing. Copyright in the 21st century is about censorship. The endless parade of ‘anomalies’ should be convincing.
Re: Re: Abolish Copyright
Copyright has ALWAYS been about censorship. It’s not a new use for an old hammer; it’s what the hammer was originally designed to do. A really great article about the history: http://questioncopyright.org/promise
Re: Re: Re: Abolish Copyright
A “really great article” that gets the history badly wrong, twisting it to fit QuestionCopyright’s agenda. They try, against all historical fact, to present the Statute of Anne as a way of extending the Stationers’ censorship scheme by using innuendo to tie it in to the Stationers’ previous (failed) attempts to restore their censorship system that had previously been rejected, but in real fact no such tie to the law that did get passed exits.
The Statute of Anne was created to fix the chaos of the power vacuum that resulted from the dissolution of the Stationers’ system. When the article states that “Authors by themselves might have no inherent desire to control copying, but publishers do,” they’re throwing history out the window. Back before the Internet, when publishing was synonymous with the printing press, which required not only a press (an expensive piece of high technology) but also a good deal of (also expensive) skilled labor to typeset and print the book, publishing one’s work was well beyond the means of most authors. But once the Stationers’ authority, which regulated the publishing system, was dissolved, publishers found themselves able to publish and sell whatever they wanted to–they were the ones who had the technology and the technical expertise to use it–without the authors having any say in it. Frequently something would get published without the author’s permission and also without paying any royalties to the author, simply because they could.
The Statute of Anne was created explicitly to put an end to the publishers’ practice of leveraging their power and expensive technology to abuse authors, by giving the authors a legal right of control over the publishers’ use of their works. It was fundamentally a good thing.
The DMCA, by contrast, was created explicitly to enable publishers to leverage their power and expensive technology to abuse everyone through DRM and the DMCA takedown system. It is an abomination that flies in the face of not only proper copyright, but of our most sacred legal traditions, such as the presumption of inncence, and it needs to be done away with.
Re: Re: Re:2 Abolish Copyright
Look at the attempts that the publishers made to get copyright before coming up with the idea of assigning it to authors to get copyright accepted. Copyright has always bee about industrial regulation in industries that used batch processes to produce copies, and where one or both publishers would be left with unsold copies if two or more tried to sell the same title in the same market.
Also note that for about the first 300 years of printing, authors did not have copyrights, but could control whether or not to have a manuscript published. So long as the publisher was guaranteed a monopoly, manuscripts telling tales that would appeal to a lot of people were valuable commodities, giving them something to print, and the purchased them from authors.
Re: Re: Re:2 Abolish Copyright
“Back before the Internet, when publishing was synonymous with the printing press…”
You seem to be making the mistake of believing that publishing began with the printing press or was only possible with one. This is far from the truth. Publishing and manual copying have going on for probably as long as there has been written language. Yet, before the advent of the printing press, large scale publishing was an expensive process, thus limiting it to the wealthy. The wealthy were, generally, also the ruling class. Thus the ruling class could control, or censor, what was published on larger scales and dictate “the truth”. And there were no copyright laws to “protect the poor, starving writers”. The idea that people could not make their own copies of other people’s words would have been deemed ridiculous, for the copyright kool-aid had yet to be invented.
Then came the printing press, enabling large scale publishing for the less wealthy. Now the ruling class had a problem with their natural monopoly on large scale publishing evaporating, which threatened their power to dictate their own version of the truth. So, with the loss of their natural monopoly they created a legal one of their own making, calling it copyright. Being politically astute and to distract the commoners from their true motives, they also began cynically positioning it as being about “protecting the creators”. Something they had never been worried about before. Thus was created the copyright kool-aid.
Copyright is a very recent idea in human history. And it was originated to enable censorship.
Re: Re: Re:3 Abolish Copyright
It’s not a mistake. Publishing did begin with the printing press, because the printing press created a wholly new concept: mass copying. Before the advent of the printing press, large-scale copying of works of non-trivial size wasn’t “an expensive process thus limited to the wealthy”; it simply did not exist. Small-scale copying was an expensive process limited to the wealthy.
To give an example of the scope involved, Gutenberg produced over 200 Bibles over the course of about 5 years. Before the printing press, it could take a team of scribes months or even years to copy a single Bible. He managed to reduce the work of centuries into half a decade, and eliminate transcription errors in the process!
No, the printing press was something truly new and attempting to compare it to earlier methods of copying the written word, either qualitatively or quantitatively, is fallacious.
Re: Re: Re:4 Abolish Copyright
“Publishing did begin with the printing press…”
Umm, no. Your twisting of history is astounding. To publish means to make generally known or to disseminate to the public. It does not even have to be in a large number of copies. Plenty of works were published before the invention of the printing press.
“large-scale copying of works of non-trivial size wasn’t an expensive process thus limited to the wealthy; it simply did not exist.”
By the standards of the time, it most certainly did. Scale is relative.
“Before the printing press, it could take a team of scribes months or even years to copy a single Bible.”
That’s what made it so expensive that only the wealthy could afford to finance it.
“No, the printing press was something truly new…”
Nice straw man there. No one said it wasn’t.
“… attempting to compare it to earlier methods of copying the written word, either qualitatively or quantitatively, is fallacious.”
Trying to pretend that nothing was published before the invention of the printing press is truly fallacious.
Re: Re: Re:4 Abolish Copyright
It took Gutenberg about 5 years to set and print his first issue of the bible, with printing a printer prints the desired number of the copies on each side of a sheet, which folds to form a section, before moving onto the next side. It is unlikely that he had the whole Bible set in type at the same time. Also, a lot of that time was debugging the printing process he had invented.
Copying words, eve keeping to a formal book-hand, does not take that long for a work the size of the Bible. What did consume time was making it beautiful by adding the illuminations. The hot bed of copy production prior to the printing press was the universities, as student copied, the reference books that they would need in latter life.
Re: Abolish Copyright
I’d always dreamt of having three strikes for people who break the spirit of copyright law. On the third offence, your IP goes public 😀
That ought to ensure they only suit of threathen real cases.
Just because criminals can claim "copyright", doesn't make copyright bad.
Same principle is often argued here in support of torrents, that criminals using a tool doesn’t taint ALL uses of the tool.
But logic by Techdirt writers goes only one way: ANTI-COPYRIGHT.
Re: Just because criminals can claim "copyright", doesn't make copyright bad.
So then, just because some people use copyright to advance the useful arts and sciences (as per the US constitution) should not ‘taint’ all the other uses of copyright (eg, censorship, bullying, copyright-trolling, false DMCA takedowns sabotaging competing platforms, etc).
Re: Just because criminals can claim "copyright", doesn't make copyright bad.
When my pool’s ph level equilibrium is around 7.2, and the water is measured at 2.0 all the time, I will ALWAYS be anti-acid, and in favor more base.
It’s not an extreme position, it’s a desire to resolve a caustic, acidic environment that is corrosive to all components of the system.
Re: Re:
You regularly claim cyberlockers and BitTorrent are bad, because somehow it makes your Hollywood overlords less rich.
What’s good for the goose…
Re: Just because criminals can claim "copyright", doesn't make copyright bad.
So, you agree that this is an abuse of copyright, and therefore admit that copyright is not an infallible tool that should never be questioned? Great, now maybe instead of constructing fantasy scenarios that allow you to launch impotent attacks no matter what criminal activity you end up defending, you can start to understand what people here are actually talking about.
Finally, some progress! Now, stop trying to obfuscate your identity with random dictionary words, and try to participate in the actual conversation.
Re: Re: Re:
The stupidest part of this debacle is? out_of_the_blue actually thinks masking his pseudonym is working, despite all the telltale signs of his regurgitory narrative.
It’s like a train wreck.
Re: Same principle is often argued here in support of torrents
yet – for some reasons – those supporting copyright vehemently fight torrents.
Well, that’s a good reason for me to do the same to copyright.
This capability is why everyone clams up around Stingrays
Stingrays if you recall, act like they are the legitimate cell tower and any code requested to run on a connected phone will do so. Once you have downloaded they extra legal spyware, you no longer have to connect through their Stingray and they get a real-time update of everything your phone does or collects for them.
That is why you thought they were overreacting. They didn’t want you to know they had on demand bug and trace capability for anyone carrying a phone.
Re: This capability is why everyone clams up around Stingrays
Can you elaborate further on this or provide anything in the way of documentation?
Re: Re: This capability is why everyone clams up around Stingrays
The DEA at least went out and found their own ready to go software: http://motherboard.vice.com/read/the-dea-has-been-secretly-buying-hacking-tools-from-an-italian-company
But I’m sure the things also come bundled with a basic software inject capability once it is accepted as a trusted source.
Addendum
From threat letter:
I was expecting to see an additional paragraph:
It's indeed sick
I first red it as “insane lawyer” 😀
Re: It's indeed sick
Agreed..lol
Copyright infringement
Just who is engaging in criminal copyright infringement ??
By making those unauthorized derivative works based on all those copyrighted web pages, it Airtel and Flash Networks who are engaging in criminal copyright infringement.
That’s how I take it, when I put on my web-author hat!
Re: Copyright infringement
I dont know about copyright, but yes, the real criminal seems to be these airtel people defacing the property of others.
Re: Re: Copyright infringement
They are straight up pirating others content….for PROFIT!
Re: Re: Re: Copyright infringement
agreed.
Re: Re: Copyright infringement
The can deface their copies all they want, but passing on to other people is making a derivative work, and possibly fraud if they do not tell their users that they are getting a derivative work.
Re: Re: Re: Copyright infringement
Another good point. I will be watching the indian news to see which people at Airtell get arrested for criminal copyright infringement and -hopefully, some sort of hacking laws.
Re: Copyright infringement
This is a much, much better point than I think many people have realised.
If presenting a line of code in order to technically demonstrate a man in the middle attack in progress is criminal copyright infringement, how hard would a fair legal process throw the book at someone modifying ALL copyrighted material it consumes, without permission, for profit?
Talk about being hoisted by your own petard.
The correct response is to browse to your own site on Airtel, and ask them just what in the living fuck they think they’re doing with your proprietary designs.
MITM attacks
It is everyone’s ethical duty and responsibility to expose MITM attacks. This is one such.
For anyone to threaten a criminal prosecution and worse yet to have the legal basis to do so…
Is beneath disgusting.
E
Re: MITM attacks
Did this subvert SSL? I didn’t see that. The images in the article seemed to suggest ordinary Http traffic.
Re: Re: MITM attacks
You’re right. On further thinking, I suppose that when you manipulate web content that you should only be passing along, that is ‘man in the middle’, and when the code is for evil nefarious purposes that is ‘attack’.
Re: Re: Re: MITM attacks
Yes, exactly. That’s precisely what a “man in the middle attack” means. It doesn’t have to involve cryptography or the subversion thereof.
Why does an American company comply with Indian law? I don’t even think GitHub has an office there.
Re: Re:
The GitHub takedown had nothing to do with the Indian law. It was a DMCA takedown request which is 100% American law. However, under American law the use was purely for the purpose criticism of the author and how that code was being used. That makes this use 100% fair use.
Re: Re:
it’s the stupid DMCA law of the US not Indian Law they are complying with
Re: Re: Re:
Yes, but the alleged violation is Indian law, not US law.
Re: Re: Re: Re:
Actually, its an alleged copyright violation, which is both a US law and an Indian law. The poster is being threatened with criminal penalties under Indian law, but Github received a US-law based copyright complaint. The two actions are related, but distinct.
Re: Re:
GitHub apparently cares nothing for its users and will flinch whenever anyone yells “boo!”
Re: Re: Re:
I wonder what this project would think of such a practice… 😛
jail for merely thinking about infringing
I’d like to see them enforce not thinking about infringement.
How would you separate ‘thinking about’ infringing, vs thinking about fair use?
Maybe if you look like you are thinking about infringement, that is probable cause to detain you and obtain a confession.
A couple of things on this one...
Firstly, since the code is no longer in the original, ‘pre-injected’ format, could a claim be made that the currently displayed code is transformative and is subject to a fair use claim? Or are they claiming that they have copyright on their code in his web page?
Secondly, are they actually claiming separate copyrights on two lines of unremarkable Javascript code? Surely this can not actually be copyrightable.
Lastly, (ignoring the use of ‘couple’ above)
or maybe even anyone who merely thinks about doing a “view source”, according to paragraph above…
So just pull the source...
He has every right to post the code of his web page. And if they don’t like that script being there, they are welcome to take it out.
Anyone actually try to pull the code and see what it is? After all, it IS listed in HIS code that he posted…
“Closed source” does not mean “proprietary”; it means that the source is not made available.
Yes, there’s a difference. As a programmer I use several proprietary third-party libraries in my work, which I have the source to as part of the licensing for the library. Every company I’ve worked at has had this as a requirement; you don’t want to use a closed-source library where the source code is not available at all, because when bugs arise you want to be able to get inside the code and fix it. The thing is, though, we paid for this proprietary source code and received it under license from the developers, as part of a contractual relationship with explicit obligations on the part of both parties.
Because of the way JavaScript and web browsers work, when a script is put on a webpage, the source is sent to the end-user automatically. There is no contractual relationship, and I’m not a lawyer but I imagine it wouldn’t be difficult to establish the act of placing a script on a public-facing web server as constituting implied consent for the public to copy the code, because that’s the only way it can possibly work.
In other words, these guys don’t have a leg to stand on. There is not and can never be (at least not without radically revamping the entire infrastructure of the World Wide Web) such a thing as closed-source JavaScript that one is not permitted to copy freely.
Re: Re:
Couldn’t the same argument be used for all digital software? After all, for DRM to allow the user to actually use the software, they have to give the key to the user.
Re: Re: Re:
Are you trying to disagree with me? I’ve been saying for years that DRM has zero legitimacy and needs to be made illegal, because it’s functionally no different from malware whose purpose is to hack your computer.
Re: Re: Re: Re:
Agreed, 100%.
Re: Re:
Placing a script on a public-facing web server, and making pages link to it* should be considered outright publication of the script to the world far and wide.
* even if they are not your own pages.
Re: Re:
Couldn’t it also be argued that since the JavaScript code had nothing to do with the proper functioning of the web page and was secretly sent to the user’s browser without their knowledge or consent, it was an unauthorized access of their system?
Re: Re: Re:
Uhm, it is exactly this. Time for TLS end to end and making CA’s not a single point-of-failure, I guess.
Re: Re:
“As a programmer…”
Which, I would like to point out, is somewhat different from being a lawyer.
“Because of the way JavaScript and web browsers work, when a script is put on a webpage, the source is sent to the end-user automatically.”
That applies to just about everything on the web. If you’re trying to argue that once something is put on the web, copyright no longer applies, I think you might find that the courts have a little disagreement with you there.
Re: Re: Re:
I’m not trying to argue that “once something is put on the web, copyright no longer applies”; I’m pointing out that the specific argument he makes–that this JavaScript is not allowed to be copied around–is nonsensical as they are overtly requesting that people copy it by placing it on a webpage like that.
Re: Re:
Remember: This is India we’re talking about. Sensible IT laws are even rarer than in the USA, UK, and PRC combined. It’s actually quite possible judges and legislators there will side with the blackhat hackers. They’ve been flipping the bird to the Internet at large for over a decade.
I find it ‘curious’ that they involve several countries. That is done for strategic reasons.
anyone who does a “view source”
i looked at the words, but i didn’t inhale.
You think this is bad? Airtel have been stealing passwords and credit card info and selling the info to various crimnal scum in russia and china for YEARS and getting away with it
and where did this sort of behavior start? yep! the good ‘ol US of A! funny how things turn out, isn’t it? the USA spies on everyone and thinks it’s ok. some other country does it, and is condemned by the USA. USA companies do the dirty on customers when those customers discover what the companies are up to, but rather than having some marbles, the companies threaten the customers (or whoever)for what amounts to protecting themselves. this is what has happened in the USA several times and now the rest of the world is doing the same! what a shame some serious breach doesn’t happen and make the companies look so bloody ridiculous, they have to eat their words because sooner or later, when the attitude is like this, people are gonna leave the companies to their own devices and hopefully court cases for infringement of privacy rights!
These guys have had too much legal success and don’t seem to understand the Streisand Effect. So I suspect that a C&D and an takedown notice has already been sent to techdirt.
Re: Re:
Wouldn’t it be funny if antimalware companies got sued alongside virus researchers for copyright infringement? Oh, and ‘network intrusion/DoS’ for disabling said malware on infected computers? Imagine patents on malware. Lawsuits for people making tools to disable it as yes, the patents would obviously cover that, too… Maybe if someone does this, we can dub them the Spam^H^H^H^HHijac-King, hehe.
Re: Re: Techno/Legal Procedural Horror
That’s scary enough for Doctorow to write a novel about it.
And to start a new 21st Century Fiction genre.
CFAA
Time to put the CFAA to good use. Since he did not license this software, nor did he want the software. They did not have authorization to put on his system. Get a DA that wants to make a name for him/herself. Obviously these companies are bad hacker groups that need to be prosecuted.
Re: CFAA
If you could threaten a company with 35 years in prison for that and the government wasn’t in the pocket of the corporate machine, then the CFAA might be a viable solution. Otherwise, nice try.
Re: CFAA
Re-read the article a little more closely and I think you’ll see why that would never work. In particular, look closely at the last image. 😉
“Therefore, no one can use the said code without obtaining license from our client against payment of fees and/or royalties and on commercial and legal terms acceptable to our client. “
But every browser page they inject their code into is “using the said code”. Where do they ask the browser user to accept/purchase a license before displaying the page?
Whose copyright anyway?
As a web developer, I’d think about going after Airtel/Flash for unauthorized modification of MY code. I didn’t give them permission to put code into my site’s pages.
I’d’ve gotten a lawyer and seen about having him write a letter back including a copy of their letter plus screen and source captures of my Web site and what they presented showing that theirs is a modified version of mine, and asking essentially “Are you really admitting, publicly and in writing, to modifying and distributing a copyrighted work (my web site) for commercial gain without the permission of the copyright holder (me)?”. I’d also send a counternotice to Github citing that I am the copyright holder of the Web page in question and that the code posted was a copy of the code for my page served to me from my server through complainant’s network which I had not granted permission to modify my work and distribute the modified version.
What if
What if you had some html that you licensed to anyone provided that it was not modified while in transit. Then when someone injected their javascript, both they and anyone providing them tools for doing so would be in violation of the DMCA.
Inducement to commit Copyright Infringement
Since
(1) AirTel is modifying someone else’s page in transit to you so that it will load the JavaScript into your browser, and
(2) AirTel’s JavaScript code is copyrighted, and
(3) viewing it is a copyright infringement
Then didn’t AirTel just induce you to commit said copyright infringement?
Shouldn’t AirTel be suing themselves for ‘enabling and facilitating’ copyright infringement?
Isn’t merely linking to infringing content an infringement? Thus AirTel is also guilty of inserting an infringing link into someone else’s web page in transit to your browser — and thus AirTel is doubly guilty of copyright infringement!
Wow, AirTel really sounds like a huge copyright infringer — er, I mean thief — who is stealing their own JavaScript code by making your browser load it! Each thieving download into someone’s browser depletes the supply of originals of that JavaScript, so I can see why AirTel would be upset.
Re: Inducement to commit Copyright Infringement
Oh yes, and AirTel is hosting the JavaScript code that they are inducing you to infringe.
Of course, as we have learned, hosting copyright infringing content is perfectly okay. The source of the infringement is never sought out. Rather the real crime is in linking to infringing material, or innocently indexing the web pages that contain the infringing material. Or thinking about infringement (as per the article).
Re: Inducement to commit Copyright Infringement
This argument makes more sense than the arguments made by the lawyers in the story.
Its funny, cuz he didn’t even copy their code. Just pointed to the location. Man, airtel and Solicis Lex are in for a little but hurt
I know this isn’t a solution for everyone (since most people today couldn’t do this even with detailed instructions), but you can cripple this by adding the IP addresses to your Hosts file and redirecting them to 0.0.0.0.
A few years ago, I started to see really annoying JavaScript ads on web sites that would fade out the page and replace it with an ad that you couldn’t skip for 5-10 seconds. It was using code from a company called AdBright and they were the first set of IP addresses I ever added to the Hosts file.
Now I use the MVP Hosts file, with a few of my own IPs added in and I never see most of this crap.
If someone was actually using the code in their own pages, then that use would be a copyright violation. This, however, is fair use.
The use is transformative – the original purpose is to insert unwanted code into people’s pages; the purpose of the copy is to show what is being done to people’s machines. The nature of the copyrighted work is JavaScript code, which is functional rather than creative. Showing the entire code is necessary to show what the code is doing (and the parts of the code that actually inject this script into people’s pages are not shown.) And the only negative impact on the market for the original is from people’s objections to what they are doing, which is not a valid concern as far as copyright law is concerned. For crying out loud, they’re blasting this code to people who don’t even want it… it’s not like anyone who wanted a copy to use the code without paying for it would have trouble getting it.
And it’s illegal to threaten criminal charges to get a favorable result in a civil matter. You can go to the police, or you can not go to the police. You can’t say you’ll go to the police unless you do what we say (unless it’s something where the action would mean there was never a crime, like covering an accidentally bounced check or something.) That’s called “blackmail” or “extortion”.
Of course, that’s all from US law. Maybe the guy needs to move, quick.
What good has Copyright done in 2015? 2014?
Specifically?
Anything?
Re: What good has Copyright done in 2015? 2014?
… racked up plenty of billing hours for lawyers?
Wait, you said ‘good’, never mind.
Copyright must be abolished.
copyright = censorship = copyright , just saying what it is.
>Israel
here we go again…
If its not an Israely company, then its a holywood person with Israely nationality.
JEW! Answers everything, but these Jews are of the synagogue of satan. reaperishere.weebly.com
Boycott Israel
It’s stories like this, that have caused me to become paranoid of javascript and to permanently disable it in my browser.
Well, stores like this, plus personally falling victim to iframe malvertising watering hole attacks.