Bengaluru: On June 3, Thejesh GN, a Bengaluru based info activist had tweeted that Airtel was injecting lines of code into users’ browsing sessions over its 3G network without their knowledge, which amounted to unauthorized spying. His research had revealed that Airtel had partnered with Ericsson, which in turn was using the services of Flash Networks, to inject the code into web pages that users were browsing.
He published the code to GitHub, a web-based code repository, and promptly received a cease-and-desist order on June 8 from Flash Networks, which is based out of Herzliya, Israel for exposing proprietary code through Mumbai-based law firm Solicis Lex. The firm contended that his action was a criminal offence under the Indian Penal Code and the information technology act.
Flash Networks, offers monetisation solutions to telecom operators around the world. Its website says “Flash Networks, the global leader of mobile Internet optimization and monetization solutions, enables operators to boost network speed, optimize video and web traffic, and generate over-the-top revenues from the mobile Internet”.
Shockingly, the Israeli Company issued a legal notice to Thejesh GN. The Bengaluru-based programmer, expressed ‘outrage and shock’ over the notice and has decided to counter it
Thejesh GN, has now sent a counter-claim to Flash Networks through his lawyer accusing it of trying ‘to intimidate and silence’ him by sending a legal notice. Thejesh has demanded an unconditional apology from the company for violating his privacy and attempting to insert a malicious code into his website.
Airtel issued a statement saying that the code is part of a tool it is working on to help users keep track of their data consumption but has now stopped using it. It also distanced itself from the legal notice saying, “we are surprised at the cease & desist notice served by Flash Networks to Thejesh”.
Thejesh’s response
Experts claimed that injecting any sort of code without the permission of the user is illegal.
Thejesh has published his lawyer Lawrence Liang’s response to Flash Network’s legal notice on his blog. In his reply, Liang has explained how Thejesh discovered the malicious code and why it is not a copyright infringement. He also claimed that Thejesh is outraged and shocked by Flash Network’s demands as he only exercised his right in accordance with the copyright law in India. Liang alleged that the legal notice has resulted in ‘misleading visitors to my client’s website and its functionality thereby substantively affecting the reputation and goodwill that Thejesh has earned through years of expertise and service’.
The reply said, in part: “In order to highlight the malicious manner in which this code had been inserted unlawfully into his website, and to educate and inform the general public about it, he proceeded to publish his findings including all the screenshots on GitHub. This is a common practice for anyone involved with scholarly research on breach of security issues on the internet, and it is generally understood that one solicits advice, further research, corroboration and refutation by publishing the research and asking for comments or amendments.” The lawyer claimed his client is “shocked and outraged by the demands made by your client”.
“The unlawful insertion of code by your client into my clients source code amounts to a violation of the rights of my client, including but not limited to a violation of his privacy, an attempt to unlawfully access and hinder the operation of his website and a violation of the right to integrity of the work of my client,” the reply, also posted on his blog, said. “Rather than accepting the legal and moral responsibility for inserting malicious code that compromises the security and privacy of consumers, your client has attempted to use a ‘cease and desist notice’ to intimidate and silence my client and prevent an open discussion on an issue of immense public interest,” said the letter, copies of which have also been sent to Commissioner of Police Bangalore and ADGP, CID, Bangalore.
