Vigilante Justice, Online and in Ishtyle

If a lawyer had to draw up a list of the most violated laws globally, it would certainly include copyright (tax in myestimation ranking above it). We seem to be walking, talking, and writing instruments of copyright infringement. New technologies, websites and software’s have only helped. Every day we un(wittingly) proliferate copyrighted content without the owner’s consent. Seeing the destruction of traditional models of business the content industries have tried to limit the first waves of this mass piracy through threatened or actual litigation.

How it litigiously started

One can see lawsuits were first filed by record companies against Napster (A&M Records v. Napster) and then by movie companies against Grokster (MGM v Grokster). Alongside these cases the significant legal development in the field was the enactment of the Digital Millennium Copyright Act (DMCA). The DMCA was significant since it made a brightline legal rule as to the exclusion of liability for internet intermediaries for copyright violations. These internet intermediaries would include most online service providers, such as search engines (google), email providers (hotmail) and video sharing websites (youtube, vimeo). However, to avail of this legal exclusion the intermediary had to adhere to the notice and take-down regime prescribed under the DMCA. Here the onus was placed on the content owner to police content, noticing an infringing copy an then sending a takedown notice to the intermediary.  It was argued that these take down notices were often overbroad or misrepresented purported infringement and this had chilling effects.

There was also a sea-shift in terms of the technology of peer to peer sharing where it became more decentralized and legal norms became harder to enforce.  This was visible even from the time of Napster, which owned the server, handshaking signals between its subscribers to facilitate file sharing. Grokster sought to overcome liability by making its server decentralized, with the subscribers handshaking and acting as servers themselves. The bit torrent protocol exemplified the decentralized architecture of peer to peer sharing. However, the bit torrent protocol decentralized as it may be, still relied on link-files (as opposed to the actual files) contained the size, name, hash and linking information. These link-files were still hosted on websites, which sometimes indexed, sorted and provided a search feature. It was natural that these websites would be the next targets for IP enforcement. However, it was soon realized that such websites were not hosted on servers in the United States and enforcement became an issue.

Bollywood Smartens Up

Along with all the legal maneuvers which were devised by record companies, its bete noir, technology was seeming to be its savior as well. Record companies had earlier used unsophisticated ways such as mislabeling files to masquerade as songs on p2p networks. However, these measures only proved partially successful and if people were persistent they would find what they were looking for. With time the tactics have become more elaborate and sophisticated. The latest in technological tactic which has been employed by content owners is a denial of service attack (DOS). A DOS attack (to use Al Gore’s analogy) is the internet equivalent of “bursting the pipes”. It is done by flooding the server with more data requests than it can handle.

This model was implemented by engaging content watchdogs which scanned the internet for links to these torrented files. Then the watchdogs prepared and sent mass take down notices to the websites hosting links to the torrented files. If the website owner failed to respond to them, the watchdog would turn into a bloodhound launching a DOS attack against the website.  This model is not the monopoly of the MPAA and is being used extensively by Bollywood production houses who have sub-contracted it to firms such as Aiplex Software and Anti Piracy LLC. Recently DOS attacks have been used by, “Aiplex alone ‘securing’ over thirty releases, including big-ticket ones like My Name is Khan, Ishqiya and Housefull.

Vigilante Justice, making the world blind one server at a time

Now it is important to remember that several of these websites did host links which facilitated the mass piracy of copyrighted content. Let us presume that they received valid take down notices and even failed to comply. However, did it entitle content owners to launch DOS attacks on the websites knocking them off the grid? And was it even legally permissible?

The point of commencement for this discussion is the Indian system of intermediary liability which is contained under Section 79 of the Information Technology Act, 2000 (as amended in 2008). The amended section has been discussed threadbare on several posts on the Spicy IP blog  (they even have a take on the present topic which can be accessed here). However, the only point relevant to our discussion is the existence of a notice and takes down regime. Section 79, does incorporate facets of, a notice and take down regime since it expressly notes, in Section 79(3)(b) that the protections will not apply if the intermediary fails to, “on actual knowledge” “expeditiously remove the link, or disable access”. However, Section 79 misses out on the specifics, and they are missing from the statute books. This is contrary to the approach which has been followed in the DMCA, which expressly provides the appointment of a DMCA agent, a notice and take down procedure with limits as to time (comes handy when you think how much time constitutes “expeditiously”), counter-notification procedure, etc.. Zeroing on this the available legal literature on Internet Intermediary liability in India is though being incredibly diverse, agrees on one thing, the language in Section 79 is ambiguous and its effect is uncertain.

This ambiguity, the absence of definitions and procedures in part promotes a DOS attack. It is unreasonable equally on content and link hosting websites who do not have a brightline rule as well as content owners who are to wait on their enforcement till rules are enacted for a notice and take down procedure. It promotes conflict and it promotes private enforcement through extra-judicial processes.  Why file a court action based on ambiguous statute when you can handle such matters more “efficiently”. Sample what Mr. Girish Kumar, MD, AIplex Software has to say about the next step to a copyright infringement notice, How can we put the site down? The only means that we can put the site down is [by launching a] denial-of-service [attack]. Basically we have to flood [the site] with millions and millions of requests and put the site down.

This launch of a Denial of Service attack on a moral plane is certainly not proportional, as it goes beyond disabling the infringing link to the entire website. Even if one reasons that this is the only possible technical solution, it is clearly illegal. The violation of the copyright provides a content owner a remedy under law and a DOS attack is not one of them. Of course an anton pillar order cannot be enforced against a website hosted in Sweden by Russian nationals and the remedy is a paper tiger, the failure of the remedy should not birth the right to a wrong. DOS as a cyberwrong is clearly provided under Indian statute with Section 43(f) clearly prohibiting it by stating that, any person who, “denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;” shall be liable.

Society often does not the see the immediate effects of vigilante justice and it even often tacitly approves them. Vigilante justice is seen as a quick and dirty way of taking care of business. However, it does have serious effects as to promoting lawlessness itself. These are not philosophical pronouncements but the analysis of the current controversy itself. Due to the actions of Aiplex, a group of persons who usually congregate around message boards such as 4Chan and go by the meme of “Anonymous” have started launching coordinated DOS attacks on media watchdogs themselves. “Operation Payback” as it is called, seems planned and well coordinated. Its ideology and rationale appear compelling and it can be gathered from its propaganda poster. This all looks like a destructive cycle which will be stuck on repeat. At the end of the day it will invite more attention to the open architecture of the internet and there will be a general crackdown on the protocols and technology which allows anonymity.

Evaluating the present situation if one if to allocate blame, one would easily allocate more to the content owners than website owners. Content If you set the instance in Bhagalpur the content owners would be the acid pouring policemen and the website owners would be the lawless criminals. It is important to consider that content owners who have organized these DOS attacks, though may be suffering a legal injury are large corporations claim to be model citizens. It does not befit their stature, reputation and legal obligations to engage in DOS attacks. Finally, in a day an age where copyright has become a more of a topic for debate than a provision of law, when it is generally suffixed by reformer and enforcer and it is the subject of constant demands for revision by any interest group the use of a DOS attack is not only legally but also morally indefensible.


I hope ILTB is not flooded over this post, my hosting company would be very angry/irritated with me.

  • if ddos is illegal, why there is no legal action taken against Aiplex ?

    • Two reasons, (a) complaint; and (b) enforcement. There is no provision for authorities to take suo-motu congnisance in such cases. In effect the law cannot kick in by itself. Since it is a civil provision relying on a remedy of awarding damages it needs the complaint of an aggrieved party. This aggrieved party in most cases (as highlighted in the post) is already in the wrong (arguably facilitated copyright infringement), and will not be willing to reveal its identity and fear prosecution for copyright infringement. Another reason is online parties (especially in India) appear to be less litigious. There are only a handful of decisions on the IT Act till date even though a read through Indian papers, blogs and posts on social networking websites, contain detailed accounts of illegal activities online.

  • Zarles Krieger

    DDoS my arse. The world is corrupt and you expect ’em to stop one form of corruption just because some rich prep’s, (who is as corrupt as the world is) pockets aren’t filling enough. Mofos!!!!