Ravi Shankar PrasadRavi Shankar Prasad, the minister for communications and information technology, has said that Airtel had been injecting Javascript into users’ browser sessions via Flash Networks “solely with the object of improving customer experience and empowering customers to manage their data usage through suitable timely prompts in terms of volume of data used.”

The minister made the statement in a written reply to a query on Internet privacy raised in the Rajya Sabha by MP Rajeev Chandrasekhar. Prasad added that “such solutions are already deployed and continue to be deployed by operators globally to enhance information, customer service and experience.”

It seems that the minister has taken the telco’s word on why it was injecting code in browser sessions and has put the onus of consent to privacy on the users. The minister added that telecom operators, as part of their licensing conditions, have to safeguard user privacy and can divulge information about a specific party with written consent and the information that is divulged will be in accordance with the terms of that consent.

To that effect, Airtel’s claim that the code was used to monitor user bandwidth consumption could be about deeper tracking of Internet usage.

What about code inserted to push ads?

However, it needs to be pointed out that it is not only Airtel which has been injecting Javascript in user sessions. Earlier in June, MediaNama had reported that state-run telco MTNL had been inserting code in browsers to push advertisements on Internet connections.  Ads inserted by MTNL have typically been for their own services and they popped up on both the desktop and mobile browsersMTNL’s ads were pushed via a third-party service called Adphonso. More on that here.

naukri-Screen Shot 2014-10-28 at 7.44.12 am

indian-express-Screen Shot 2014-08-13 at 7.55.03 am

 

 

 

 

 

 

Unlike the case of ad networks, where consent for inserting the ad is typically via the website terms and conditions, we’re not sure if consent is taken from Internet users by the telecom operator/Internet service provider to serve ads.

It’s also worth noting that Airtel has a deal with mobile ad firm Vserv where it leverages telecom operator data to provide better targeting to advertisers. Vserv does provide consumers an opt out from the service with Airtel on its site, but the larger point here is that most Internet users would not give consent to telecom operators to serve ads and should such deals be allowed going by the minister’s remarks on safeguarding privacy?

For publishers

The question of operators injecting code into browsers to serve ads also has implications for publications. Publishers could feel that the ISP is hijacking the website while it is being delivered to a user by running an overlay ad on it. It could also lead to a situation where their means of monetization might get affected as a competing channel is created by the ISP.

How it began

Earlier in June, infoactivist and programmer Thejesh GN had noticed that Airtel was injecting Java script into its users browsing session without seeking user consent. Apparently, the code had been trying to insert a toolbar into the user’s browsing session. He later received a cease & desist notice from the Israel-based Flash Networks, that had written the piece of Javascript code. Interestingly, the notice sent to Thejesh had alleged that Thejesh’s actions were an act of copyright infringement as per the IT ACT, 2000 and the Indian Penal Code.