By Abhishek Jha:
This has raised questions about violation of privacy of the user as the code was injected by the ISP and could apparently work through every webpage that the user visited. The description for Layer8 on Flash Network’s website says that it is “a clientless solution which appears over web pages on smartphones, tablets and PC enables users to get real-time access to carrier information, promotions, and other operator-based engagement” (sic). This is different from the data provided by other codes inserted on a webpage, like Google Analytics providing number of users visiting the particular website, to content providers on the internet. The communication between the content provider and the user remains between them, and the content provider informs the user of the amount of user’s personal information it is storing.
Thejesh had to meanwhile remove his post from GitHub as the cease-and-desist order threatened “legal proceedings, both Civil and Criminal” in case he did not comply, as his act, the order said, “amounts to criminal offence under the Indian Penal code, 1860 and the Information Technology Act, 2000”. However, as soon as he tweeted about the notice he had been served, Pranesh Prakash, Policy Director at the Centre for Internet and Society, tweeted saying that he could be defended under under Section 52(1)(ac) of the Indian Copyrights Act 1957 which allows “the observation, study or test of functioning of the computer programme in order to determine the ideas and principles which underlie any elements of the programme while performing such acts necessary for the functions for which the computer programme was supplied”. Apar Gupta, a Delhi based litigator, also posted on twitter that “injecting a script into a browser may technically be against the UASL license under which the private telecos offer ISP services” (sic). The word already spread, Airtel earned flak on the internet with twitterati questioning the statement issued by it even as it tried to distance itself from the cease-and-desist order.
Privacy on the internet, often vulnerable, is a sensitive issue for users, which is why Flash Networks says on its website that its “solutions are based on a non-intrusive approach coupled with very stringent adherence to privacy regulations”. In case it is found to be in violation of privacy regulations, it could spell trouble for Flash Networks and the mobile operators (Idea, MTS, and Vodafone are in a non-exhaustive list of customers published on its website) it provides the “Monetization solutions” to.